@Mapping( "password_change_required" ) public ValueRepresentation passwordChangeRequired() { return ValueRepresentation.bool( user.passwordChangeRequired() ); }
@Test public void shouldCreateUser() { assertEmpty( admin, "CALL dbms.security.createUser('andres', '123', true)" ); try { assertThat( authManager.getUser( "andres" ).passwordChangeRequired(), equalTo( true ) ); } catch ( Throwable t ) { fail( "Expected no exception!" ); } }
@Test public void shouldCreateUserWithNoPasswordChange() { assertEmpty( admin, "CALL dbms.security.createUser('andres', '123', false)" ); try { assertThat( authManager.getUser( "andres" ).passwordChangeRequired(), equalTo( false ) ); } catch ( Throwable t ) { fail( "Expected no exception!" ); } }
@Test public void shouldCreateUserWithDefault() { assertEmpty( admin, "CALL dbms.security.createUser('andres', '123')" ); try { assertThat( authManager.getUser( "andres" ).passwordChangeRequired(), equalTo( true ) ); } catch ( Throwable t ) { fail( "Expected no exception!" ); } }
@Override public LoginContext login( Map<String,Object> authToken ) throws InvalidAuthTokenException { try { assertValidScheme( authToken ); String username = AuthToken.safeCast( AuthToken.PRINCIPAL, authToken ); byte[] password = AuthToken.safeCastCredentials( AuthToken.CREDENTIALS, authToken ); User user = userRepository.getUserByName( username ); AuthenticationResult result = AuthenticationResult.FAILURE; if ( user != null ) { result = authStrategy.authenticate( user, password ); if ( result == AuthenticationResult.SUCCESS && user.passwordChangeRequired() ) { result = AuthenticationResult.PASSWORD_CHANGE_REQUIRED; } } return new BasicLoginContext( user, result ); } finally { AuthToken.clearCredentials( authToken ); } }
@Test public void shouldCreateDefaultUserIfNoneExist() throws Throwable { // When authManager().start(); // Then final User user = users.getUserByName( "neo4j" ); assertNotNull( user ); assertTrue( user.credentials().matchesPassword( "neo4j" ) ); assertTrue( user.passwordChangeRequired() ); }
@Test public void shouldCreateUser() throws Throwable { // Given manager.start(); // When manager.newUser( "foo", password( "bar" ), true ); // Then User user = users.getUserByName( "foo" ); assertNotNull( user ); assertTrue( user.passwordChangeRequired() ); assertTrue( user.credentials().matchesPassword( "bar" ) ); }
@Test public void shouldLoadInitialUserIfNoneExist() throws Throwable { // Given FileUserRepository initialUserRepository = CommunitySecurityModule.getInitialUserRepository( config, NullLogProvider.getInstance(), fsRule.get() ); initialUserRepository.start(); initialUserRepository.create( new User.Builder( "neo4j", LegacyCredential.forPassword( "123" ) ) .withRequiredPasswordChange( false ) .build() ); initialUserRepository.shutdown(); // When authManager().start(); // Then final User user = users.getUserByName( "neo4j" ); assertNotNull( user ); assertTrue( user.credentials().matchesPassword( "123" ) ); assertFalse( user.passwordChangeRequired() ); }
@Test public void shouldLoadInitialUserIfNoneExistEvenWithSamePassword() throws Throwable { // Given FileUserRepository initialUserRepository = CommunitySecurityModule.getInitialUserRepository( config, NullLogProvider.getInstance(), fsRule.get() ); initialUserRepository.start(); initialUserRepository.create( new User.Builder( "neo4j", LegacyCredential.forPassword( "neo4j" ) ) .withRequiredPasswordChange( false ) .build() ); initialUserRepository.shutdown(); // When authManager().start(); // Then final User user = users.getUserByName( "neo4j" ); assertNotNull( user ); assertTrue( user.credentials().matchesPassword( "neo4j" ) ); assertFalse( user.passwordChangeRequired() ); }
@Test public void shouldNotUpdateUserIfInitialUserExist() throws Throwable { // Given FileUserRepository initialUserRepository = CommunitySecurityModule.getInitialUserRepository( config, NullLogProvider.getInstance(), fsRule.get() ); initialUserRepository.start(); initialUserRepository.create( newUser( "oldUser", "newPassword", false ) ); initialUserRepository.shutdown(); users.start(); users.create( newUser( "oldUser", "oldPassword", true ) ); users.shutdown(); // When authManager().start(); // Then final User oldUser = users.getUserByName( "oldUser" ); assertNotNull( oldUser ); assertTrue( oldUser.credentials().matchesPassword( "oldPassword" ) ); assertTrue( oldUser.passwordChangeRequired() ); }
@Test public void shouldNotAddInitialUserIfUsersExist() throws Throwable { // Given FileUserRepository initialUserRepository = CommunitySecurityModule.getInitialUserRepository( config, NullLogProvider.getInstance(), fsRule.get() ); initialUserRepository.start(); initialUserRepository.create( newUser( "initUser", "123", false ) ); initialUserRepository.shutdown(); users.start(); users.create( newUser( "oldUser", "321", false ) ); users.shutdown(); // When authManager().start(); // Then final User initUser = users.getUserByName( "initUser" ); assertNull( initUser ); final User oldUser = users.getUserByName( "oldUser" ); assertNotNull( oldUser ); assertTrue( oldUser.credentials().matchesPassword( "321" ) ); assertFalse( oldUser.passwordChangeRequired() ); }
@Mapping( "password_change_required" ) public ValueRepresentation passwordChangeRequired() { return ValueRepresentation.bool( user.passwordChangeRequired() ); }
@Override public LoginContext login( Map<String,Object> authToken ) throws InvalidAuthTokenException { try { assertValidScheme( authToken ); String username = AuthToken.safeCast( AuthToken.PRINCIPAL, authToken ); byte[] password = AuthToken.safeCastCredentials( AuthToken.CREDENTIALS, authToken ); User user = userRepository.getUserByName( username ); AuthenticationResult result = AuthenticationResult.FAILURE; if ( user != null ) { result = authStrategy.authenticate( user, password ); if ( result == AuthenticationResult.SUCCESS && user.passwordChangeRequired() ) { result = AuthenticationResult.PASSWORD_CHANGE_REQUIRED; } } return new BasicLoginContext( user, result ); } finally { AuthToken.clearCredentials( authToken ); } }
@Override protected AuthorizationInfo doGetAuthorizationInfo( PrincipalCollection principals ) { if ( !authorizationEnabled ) { return null; } String username = (String) getAvailablePrincipal( principals ); if ( username == null ) { return null; } User user = userRepository.getUserByName( username ); if ( user == null ) { return null; } if ( user.passwordChangeRequired() || user.hasFlag( IS_SUSPENDED ) ) { return new SimpleAuthorizationInfo(); } else { Set<String> roles = roleRepository.getRoleNamesByUsername( user.name() ); return new SimpleAuthorizationInfo( roles ); } }