/** * Authenticate to access the server * * <p>Authenticate by sending a username and a password to Neo4j using HTTP Basic Auth. Requests * should include an +Authorization+ header, with a value of +Basic realm="Neo4j" <payload>+, * where "payload" is a base64 encoded string of "username:password". */ @Test @Documented public void successful_authentication() throws PropertyValueException, IOException { // Given startServerWithConfiguredUser(); // Document RESTDocsGenerator.ResponseEntity response = gen.get() .noGraph() .expectedStatus(200) .withHeader(HttpHeaders.AUTHORIZATION, challengeResponse("neo4j", "secret")) .get(userURL("neo4j")); // Then JsonNode data = JsonHelper.jsonNode(response.entity()); assertThat(data.get("username").asText(), equalTo("neo4j")); assertThat(data.get("password_change_required").asBoolean(), equalTo(false)); assertThat(data.get("password_change").asText(), equalTo(passwordURL("neo4j"))); }
/** * Missing authorization * * <p>If an +Authorization+ header is not supplied, the server will reply with an error. */ @Test @Documented public void missing_authorization() throws PropertyValueException, IOException { // Given startServerWithConfiguredUser(); // Document RESTDocsGenerator.ResponseEntity response = gen.get() .noGraph() .expectedStatus(401) .expectedHeader("WWW-Authenticate", "None") .get(dataURL()); // Then JsonNode data = JsonHelper.jsonNode(response.entity()); JsonNode firstError = data.get("errors").get(0); assertThat( firstError.get("code").asText(), equalTo("Neo.ClientError.Security.AuthorizationFailed")); assertThat(firstError.get("message").asText(), equalTo("No authorization header supplied.")); }
/** * Incorrect authentication * * <p>If an incorrect username or password is provided, the server replies with an error. */ @Test @Documented public void incorrect_authentication() throws PropertyValueException, IOException { // Given startServerWithConfiguredUser(); // Document RESTDocsGenerator.ResponseEntity response = gen.get() .noGraph() .expectedStatus(401) .withHeader(HttpHeaders.AUTHORIZATION, challengeResponse("neo4j", "incorrect")) .expectedHeader("WWW-Authenticate", "None") .post(dataURL()); // Then JsonNode data = JsonHelper.jsonNode(response.entity()); JsonNode firstError = data.get("errors").get(0); assertThat( firstError.get("code").asText(), equalTo("Neo.ClientError.Security.AuthorizationFailed")); assertThat(firstError.get("message").asText(), equalTo("Invalid username or password.")); }
/** * Required password changes * * <p>In some cases, like the very first time Neo4j is accessed, the user will be required to * choose a new password. The database will signal that a new password is required and deny * access. * * <p>See <<rest-api-security-user-status-and-password-changing>> for how to set a new password. */ @Test @Documented public void password_change_required() throws PropertyValueException, IOException { // Given startServer(true); // Document RESTDocsGenerator.ResponseEntity response = gen.get() .noGraph() .expectedStatus(403) .withHeader(HttpHeaders.AUTHORIZATION, challengeResponse("neo4j", "neo4j")) .get(dataURL()); // Then JsonNode data = JsonHelper.jsonNode(response.entity()); JsonNode firstError = data.get("errors").get(0); assertThat( firstError.get("code").asText(), equalTo("Neo.ClientError.Security.AuthorizationFailed")); assertThat( firstError.get("message").asText(), equalTo("User is required to change their password.")); assertThat(data.get("password_change").asText(), equalTo(passwordURL("neo4j"))); }