Exemplo n.º 1
0
  /**
   * Authenticate to access the server
   *
   * <p>Authenticate by sending a username and a password to Neo4j using HTTP Basic Auth. Requests
   * should include an +Authorization+ header, with a value of +Basic realm="Neo4j" <payload>+,
   * where "payload" is a base64 encoded string of "username:password".
   */
  @Test
  @Documented
  public void successful_authentication() throws PropertyValueException, IOException {
    // Given
    startServerWithConfiguredUser();

    // Document
    RESTDocsGenerator.ResponseEntity response =
        gen.get()
            .noGraph()
            .expectedStatus(200)
            .withHeader(HttpHeaders.AUTHORIZATION, challengeResponse("neo4j", "secret"))
            .get(userURL("neo4j"));

    // Then
    JsonNode data = JsonHelper.jsonNode(response.entity());
    assertThat(data.get("username").asText(), equalTo("neo4j"));
    assertThat(data.get("password_change_required").asBoolean(), equalTo(false));
    assertThat(data.get("password_change").asText(), equalTo(passwordURL("neo4j")));
  }
Exemplo n.º 2
0
  /**
   * Missing authorization
   *
   * <p>If an +Authorization+ header is not supplied, the server will reply with an error.
   */
  @Test
  @Documented
  public void missing_authorization() throws PropertyValueException, IOException {
    // Given
    startServerWithConfiguredUser();

    // Document
    RESTDocsGenerator.ResponseEntity response =
        gen.get()
            .noGraph()
            .expectedStatus(401)
            .expectedHeader("WWW-Authenticate", "None")
            .get(dataURL());

    // Then
    JsonNode data = JsonHelper.jsonNode(response.entity());
    JsonNode firstError = data.get("errors").get(0);
    assertThat(
        firstError.get("code").asText(), equalTo("Neo.ClientError.Security.AuthorizationFailed"));
    assertThat(firstError.get("message").asText(), equalTo("No authorization header supplied."));
  }
Exemplo n.º 3
0
  /**
   * Incorrect authentication
   *
   * <p>If an incorrect username or password is provided, the server replies with an error.
   */
  @Test
  @Documented
  public void incorrect_authentication() throws PropertyValueException, IOException {
    // Given
    startServerWithConfiguredUser();

    // Document
    RESTDocsGenerator.ResponseEntity response =
        gen.get()
            .noGraph()
            .expectedStatus(401)
            .withHeader(HttpHeaders.AUTHORIZATION, challengeResponse("neo4j", "incorrect"))
            .expectedHeader("WWW-Authenticate", "None")
            .post(dataURL());

    // Then
    JsonNode data = JsonHelper.jsonNode(response.entity());
    JsonNode firstError = data.get("errors").get(0);
    assertThat(
        firstError.get("code").asText(), equalTo("Neo.ClientError.Security.AuthorizationFailed"));
    assertThat(firstError.get("message").asText(), equalTo("Invalid username or password."));
  }
Exemplo n.º 4
0
  /**
   * Required password changes
   *
   * <p>In some cases, like the very first time Neo4j is accessed, the user will be required to
   * choose a new password. The database will signal that a new password is required and deny
   * access.
   *
   * <p>See <<rest-api-security-user-status-and-password-changing>> for how to set a new password.
   */
  @Test
  @Documented
  public void password_change_required() throws PropertyValueException, IOException {
    // Given
    startServer(true);

    // Document
    RESTDocsGenerator.ResponseEntity response =
        gen.get()
            .noGraph()
            .expectedStatus(403)
            .withHeader(HttpHeaders.AUTHORIZATION, challengeResponse("neo4j", "neo4j"))
            .get(dataURL());

    // Then
    JsonNode data = JsonHelper.jsonNode(response.entity());
    JsonNode firstError = data.get("errors").get(0);
    assertThat(
        firstError.get("code").asText(), equalTo("Neo.ClientError.Security.AuthorizationFailed"));
    assertThat(
        firstError.get("message").asText(), equalTo("User is required to change their password."));
    assertThat(data.get("password_change").asText(), equalTo(passwordURL("neo4j")));
  }