use of org.neo4j.internal.kernel.api.security.AuthSubject in project neo4j by neo4j.
the class AuthorizationFilterTest method shouldAuthorizeWhenValidCredentialsSupplied.
@Test
void shouldAuthorizeWhenValidCredentialsSupplied() throws Exception {
// Given
final AuthorizationEnabledFilter filter = newFilter();
String credentials = Base64.encodeBase64String("foo:bar".getBytes(UTF_8));
BasicLoginContext loginContext = mock(BasicLoginContext.class);
AuthSubject authSubject = mock(AuthSubject.class);
when(servletRequest.getRemoteAddr()).thenReturn("client");
when(servletRequest.getRemotePort()).thenReturn(1337);
when(servletRequest.getServerName()).thenReturn("server");
when(servletRequest.getServerPort()).thenReturn(42);
when(servletRequest.getMethod()).thenReturn("GET");
when(servletRequest.getContextPath()).thenReturn("/db/data");
when(servletRequest.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("BASIC " + credentials);
when(authManager.login(argThat(new AuthTokenMatcher(authToken("foo", "bar"))), any())).thenReturn(loginContext);
when(loginContext.subject()).thenReturn(authSubject);
when(authSubject.getAuthenticationResult()).thenReturn(AuthenticationResult.SUCCESS);
// When
filter.doFilter(servletRequest, servletResponse, filterChain);
// Then
verify(filterChain).doFilter(eq(new AuthorizedRequestWrapper(BASIC_AUTH, "foo", servletRequest, AUTH_DISABLED)), same(servletResponse));
}
use of org.neo4j.internal.kernel.api.security.AuthSubject in project neo4j by neo4j.
the class TxStateTransactionDataViewTest method shouldAccessUsernameFromAuthSubject.
@Test
void shouldAccessUsernameFromAuthSubject() {
AuthSubject authSubject = mock(AuthSubject.class);
when(authSubject.username()).thenReturn("Christof");
when(transaction.securityContext()).thenReturn(new SecurityContext(authSubject, AccessMode.Static.FULL, EMBEDDED_CONNECTION, null));
TxStateTransactionDataSnapshot transactionDataSnapshot = snapshot();
assertEquals("Christof", transactionDataSnapshot.username());
}
use of org.neo4j.internal.kernel.api.security.AuthSubject in project neo4j by neo4j.
the class TransactionEventsIT method shouldGetSpecifiedUsernameAndMetaDataInTXData.
@Test
void shouldGetSpecifiedUsernameAndMetaDataInTXData() {
final AtomicReference<String> usernameRef = new AtomicReference<>();
final AtomicReference<Map<String, Object>> metaDataRef = new AtomicReference<>();
dbms.registerTransactionEventListener(DEFAULT_DATABASE_NAME, getBeforeCommitListener(txData -> {
usernameRef.set(txData.username());
metaDataRef.set(txData.metaData());
}));
AuthSubject subject = mock(AuthSubject.class);
when(subject.username()).thenReturn("Christof");
LoginContext loginContext = new LoginContext(subject, EMBEDDED_CONNECTION) {
@Override
public SecurityContext authorize(IdLookup idLookup, String dbName, AbstractSecurityLog securityLog) {
return new SecurityContext(subject, AccessMode.Static.WRITE, EMBEDDED_CONNECTION, dbName);
}
};
Map<String, Object> metadata = genericMap("username", "joe");
runTransaction(loginContext, metadata);
assertThat(usernameRef.get()).as("Should have specified username").isEqualTo("Christof");
assertThat(metaDataRef.get()).as("Should have metadata with specified username").isEqualTo(metadata);
}
use of org.neo4j.internal.kernel.api.security.AuthSubject in project neo4j by neo4j.
the class AuthorizationFilterTest method shouldNotAuthorizeWhenTooManyAttemptsMade.
@Test
void shouldNotAuthorizeWhenTooManyAttemptsMade() throws Exception {
// Given
final AuthorizationEnabledFilter filter = newFilter();
String credentials = Base64.encodeBase64String("foo:bar".getBytes(UTF_8));
BasicLoginContext loginContext = mock(BasicLoginContext.class);
AuthSubject authSubject = mock(AuthSubject.class);
when(servletRequest.getRemoteAddr()).thenReturn("client");
when(servletRequest.getRemotePort()).thenReturn(1337);
when(servletRequest.getServerName()).thenReturn("server");
when(servletRequest.getServerPort()).thenReturn(42);
when(servletRequest.getMethod()).thenReturn("GET");
when(servletRequest.getContextPath()).thenReturn("/db/data");
when(servletRequest.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("BASIC " + credentials);
when(authManager.login(argThat(new AuthTokenMatcher(authToken("foo", "bar"))), any())).thenReturn(loginContext);
when(loginContext.subject()).thenReturn(authSubject);
when(authSubject.getAuthenticationResult()).thenReturn(AuthenticationResult.TOO_MANY_ATTEMPTS);
// When
filter.doFilter(servletRequest, servletResponse, filterChain);
// Then
verifyNoMoreInteractions(filterChain);
verify(servletResponse).setStatus(429);
verify(servletResponse).addHeader(HttpHeaders.CONTENT_TYPE, "application/json; charset=UTF-8");
assertThat(outputStream.toString(UTF_8.name())).contains("\"code\" : \"Neo.ClientError.Security.AuthenticationRateLimit\"");
assertThat(outputStream.toString(UTF_8.name())).contains("\"message\" : \"Too many failed authentication requests. " + "Please wait 5 seconds and try again.\"");
}
use of org.neo4j.internal.kernel.api.security.AuthSubject in project neo4j by neo4j.
the class AuthorizationFilterTest method shouldNotAuthorizeInvalidCredentials.
@Test
void shouldNotAuthorizeInvalidCredentials() throws Exception {
// Given
final AuthorizationEnabledFilter filter = newFilter();
String credentials = Base64.encodeBase64String("foo:bar".getBytes(UTF_8));
BasicLoginContext loginContext = mock(BasicLoginContext.class);
AuthSubject authSubject = mock(AuthSubject.class);
when(servletRequest.getRemoteAddr()).thenReturn("client");
when(servletRequest.getRemotePort()).thenReturn(1337);
when(servletRequest.getServerName()).thenReturn("server");
when(servletRequest.getServerPort()).thenReturn(42);
when(servletRequest.getMethod()).thenReturn("GET");
when(servletRequest.getContextPath()).thenReturn("/db/data");
when(servletRequest.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("BASIC " + credentials);
when(servletRequest.getRemoteAddr()).thenReturn("remote_ip_address");
when(authManager.login(argThat(new AuthTokenMatcher(authToken("foo", "bar"))), any())).thenReturn(loginContext);
when(loginContext.subject()).thenReturn(authSubject);
when(authSubject.getAuthenticationResult()).thenReturn(AuthenticationResult.FAILURE);
// When
filter.doFilter(servletRequest, servletResponse, filterChain);
// Then
verifyNoMoreInteractions(filterChain);
assertThat(logProvider).forClass(AuthorizationEnabledFilter.class).forLevel(WARN).containsMessages("Failed authentication attempt for '%s' from %s", "foo", "remote_ip_address");
verify(servletResponse).setStatus(401);
verify(servletResponse).addHeader(HttpHeaders.CONTENT_TYPE, "application/json; charset=UTF-8");
assertThat(outputStream.toString(UTF_8.name())).contains("\"code\" : \"Neo.ClientError.Security.Unauthorized\"");
assertThat(outputStream.toString(UTF_8.name())).contains("\"message\" : \"Invalid username or password.\"");
}
Aggregations