@Test
public void shouldNotAllowDataAccess() throws Exception {
// Given
startServerWithConfiguredUser();
// When & then
assertAuthorizationRequired(
"POST", "db/data/node", RawPayload.quotedJson("{'name':'jake'}"), 201);
assertAuthorizationRequired("GET", "db/data/node/1234", 404);
assertAuthorizationRequired(
"POST",
"db/data/transaction/commit",
RawPayload.quotedJson("{'statements':[{'statement':'MATCH (n) RETURN n'}]}"),
200);
assertEquals(200, HTTP.GET(server.baseUri().resolve("webadmin").toString()).status());
assertEquals(200, HTTP.GET(server.baseUri().resolve("browser").toString()).status());
assertEquals(200, HTTP.GET(server.baseUri().resolve("").toString()).status());
}
public void startServerWithConfiguredUser() throws IOException {
startServer(true);
// Set the password
HTTP.Response post =
HTTP.withHeaders(HttpHeaders.AUTHORIZATION, challengeResponse("neo4j", "neo4j"))
.POST(
server.baseUri().resolve("/user/neo4j/password").toString(),
RawPayload.quotedJson("{'password':'******'}"));
assertEquals(200, post.status());
}
@Test
public void shouldAllowAllAccessIfAuthenticationIsDisabled() throws Exception {
// Given
startServer(false);
// When & then
assertEquals(
201,
HTTP.POST(
server.baseUri().resolve("db/data/node").toString(),
RawPayload.quotedJson("{'name':'jake'}"))
.status());
assertEquals(404, HTTP.GET(server.baseUri().resolve("db/data/node/1234").toString()).status());
assertEquals(
200,
HTTP.POST(
server.baseUri().resolve("db/data/transaction/commit").toString(),
RawPayload.quotedJson("{'statements':[{'statement':'MATCH (n) RETURN n'}]}"))
.status());
}
