Search in sources :

Example 1 with AuthSubject

use of org.neo4j.internal.kernel.api.security.AuthSubject in project neo4j by neo4j.

the class AuthorizationFilterTest method shouldAuthorizeWhenValidCredentialsSupplied.

@Test
void shouldAuthorizeWhenValidCredentialsSupplied() throws Exception {
    // Given
    final AuthorizationEnabledFilter filter = newFilter();
    String credentials = Base64.encodeBase64String("foo:bar".getBytes(UTF_8));
    BasicLoginContext loginContext = mock(BasicLoginContext.class);
    AuthSubject authSubject = mock(AuthSubject.class);
    when(servletRequest.getRemoteAddr()).thenReturn("client");
    when(servletRequest.getRemotePort()).thenReturn(1337);
    when(servletRequest.getServerName()).thenReturn("server");
    when(servletRequest.getServerPort()).thenReturn(42);
    when(servletRequest.getMethod()).thenReturn("GET");
    when(servletRequest.getContextPath()).thenReturn("/db/data");
    when(servletRequest.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("BASIC " + credentials);
    when(authManager.login(argThat(new AuthTokenMatcher(authToken("foo", "bar"))), any())).thenReturn(loginContext);
    when(loginContext.subject()).thenReturn(authSubject);
    when(authSubject.getAuthenticationResult()).thenReturn(AuthenticationResult.SUCCESS);
    // When
    filter.doFilter(servletRequest, servletResponse, filterChain);
    // Then
    verify(filterChain).doFilter(eq(new AuthorizedRequestWrapper(BASIC_AUTH, "foo", servletRequest, AUTH_DISABLED)), same(servletResponse));
}
Also used : AuthSubject(org.neo4j.internal.kernel.api.security.AuthSubject) BasicLoginContext(org.neo4j.server.security.auth.BasicLoginContext) Test(org.junit.jupiter.api.Test)

Example 2 with AuthSubject

use of org.neo4j.internal.kernel.api.security.AuthSubject in project neo4j by neo4j.

the class TxStateTransactionDataViewTest method shouldAccessUsernameFromAuthSubject.

@Test
void shouldAccessUsernameFromAuthSubject() {
    AuthSubject authSubject = mock(AuthSubject.class);
    when(authSubject.username()).thenReturn("Christof");
    when(transaction.securityContext()).thenReturn(new SecurityContext(authSubject, AccessMode.Static.FULL, EMBEDDED_CONNECTION, null));
    TxStateTransactionDataSnapshot transactionDataSnapshot = snapshot();
    assertEquals("Christof", transactionDataSnapshot.username());
}
Also used : AuthSubject(org.neo4j.internal.kernel.api.security.AuthSubject) SecurityContext(org.neo4j.internal.kernel.api.security.SecurityContext) Test(org.junit.jupiter.api.Test)

Example 3 with AuthSubject

use of org.neo4j.internal.kernel.api.security.AuthSubject in project neo4j by neo4j.

the class TransactionEventsIT method shouldGetSpecifiedUsernameAndMetaDataInTXData.

@Test
void shouldGetSpecifiedUsernameAndMetaDataInTXData() {
    final AtomicReference<String> usernameRef = new AtomicReference<>();
    final AtomicReference<Map<String, Object>> metaDataRef = new AtomicReference<>();
    dbms.registerTransactionEventListener(DEFAULT_DATABASE_NAME, getBeforeCommitListener(txData -> {
        usernameRef.set(txData.username());
        metaDataRef.set(txData.metaData());
    }));
    AuthSubject subject = mock(AuthSubject.class);
    when(subject.username()).thenReturn("Christof");
    LoginContext loginContext = new LoginContext(subject, EMBEDDED_CONNECTION) {

        @Override
        public SecurityContext authorize(IdLookup idLookup, String dbName, AbstractSecurityLog securityLog) {
            return new SecurityContext(subject, AccessMode.Static.WRITE, EMBEDDED_CONNECTION, dbName);
        }
    };
    Map<String, Object> metadata = genericMap("username", "joe");
    runTransaction(loginContext, metadata);
    assertThat(usernameRef.get()).as("Should have specified username").isEqualTo("Christof");
    assertThat(metaDataRef.get()).as("Should have metadata with specified username").isEqualTo(metadata);
}
Also used : Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) Label(org.neo4j.graphdb.Label) AnonymousContext(org.neo4j.kernel.api.security.AnonymousContext) RandomExtension(org.neo4j.test.extension.RandomExtension) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) LoginContext(org.neo4j.internal.kernel.api.security.LoginContext) TransactionFailureException(org.neo4j.graphdb.TransactionFailureException) TransactionData(org.neo4j.graphdb.event.TransactionData) AuthSubject(org.neo4j.internal.kernel.api.security.AuthSubject) Iterators.count(org.neo4j.internal.helpers.collection.Iterators.count) AtomicReference(java.util.concurrent.atomic.AtomicReference) Node(org.neo4j.graphdb.Node) ArrayList(java.util.ArrayList) ImpermanentDbmsExtension(org.neo4j.test.extension.ImpermanentDbmsExtension) DEFAULT_DATABASE_NAME(org.neo4j.configuration.GraphDatabaseSettings.DEFAULT_DATABASE_NAME) Future(java.util.concurrent.Future) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) GraphDatabaseService(org.neo4j.graphdb.GraphDatabaseService) Inject(org.neo4j.test.extension.Inject) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) RandomRule(org.neo4j.test.rule.RandomRule) Map(java.util.Map) ThreadLocalRandom(java.util.concurrent.ThreadLocalRandom) TransactionEventListenerAdapter(org.neo4j.graphdb.event.TransactionEventListenerAdapter) SecurityContext(org.neo4j.internal.kernel.api.security.SecurityContext) MapUtil.genericMap(org.neo4j.internal.helpers.collection.MapUtil.genericMap) Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals) Transaction(org.neo4j.graphdb.Transaction) BinaryLatch(org.neo4j.util.concurrent.BinaryLatch) ExecutorService(java.util.concurrent.ExecutorService) EMBEDDED_CONNECTION(org.neo4j.internal.kernel.api.connectioninfo.ClientConnectionInfo.EMBEDDED_CONNECTION) AbstractSecurityLog(org.neo4j.internal.kernel.api.security.AbstractSecurityLog) ExceptionUtils.getRootCause(org.apache.commons.lang3.exception.ExceptionUtils.getRootCause) Mockito.when(org.mockito.Mockito.when) Executors(java.util.concurrent.Executors) GraphDatabaseAPI(org.neo4j.kernel.internal.GraphDatabaseAPI) Test(org.junit.jupiter.api.Test) Consumer(java.util.function.Consumer) TransactionEventListener(org.neo4j.graphdb.event.TransactionEventListener) AccessMode(org.neo4j.internal.kernel.api.security.AccessMode) List(java.util.List) Relationship(org.neo4j.graphdb.Relationship) KernelTransaction(org.neo4j.kernel.api.KernelTransaction) Assertions.assertTrue(org.junit.jupiter.api.Assertions.assertTrue) RelationshipType(org.neo4j.graphdb.RelationshipType) DatabaseManagementService(org.neo4j.dbms.api.DatabaseManagementService) Collections(java.util.Collections) Mockito.mock(org.mockito.Mockito.mock) AuthSubject(org.neo4j.internal.kernel.api.security.AuthSubject) AtomicReference(java.util.concurrent.atomic.AtomicReference) LoginContext(org.neo4j.internal.kernel.api.security.LoginContext) SecurityContext(org.neo4j.internal.kernel.api.security.SecurityContext) AbstractSecurityLog(org.neo4j.internal.kernel.api.security.AbstractSecurityLog) Map(java.util.Map) MapUtil.genericMap(org.neo4j.internal.helpers.collection.MapUtil.genericMap) Test(org.junit.jupiter.api.Test)

Example 4 with AuthSubject

use of org.neo4j.internal.kernel.api.security.AuthSubject in project neo4j by neo4j.

the class AuthorizationFilterTest method shouldNotAuthorizeWhenTooManyAttemptsMade.

@Test
void shouldNotAuthorizeWhenTooManyAttemptsMade() throws Exception {
    // Given
    final AuthorizationEnabledFilter filter = newFilter();
    String credentials = Base64.encodeBase64String("foo:bar".getBytes(UTF_8));
    BasicLoginContext loginContext = mock(BasicLoginContext.class);
    AuthSubject authSubject = mock(AuthSubject.class);
    when(servletRequest.getRemoteAddr()).thenReturn("client");
    when(servletRequest.getRemotePort()).thenReturn(1337);
    when(servletRequest.getServerName()).thenReturn("server");
    when(servletRequest.getServerPort()).thenReturn(42);
    when(servletRequest.getMethod()).thenReturn("GET");
    when(servletRequest.getContextPath()).thenReturn("/db/data");
    when(servletRequest.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("BASIC " + credentials);
    when(authManager.login(argThat(new AuthTokenMatcher(authToken("foo", "bar"))), any())).thenReturn(loginContext);
    when(loginContext.subject()).thenReturn(authSubject);
    when(authSubject.getAuthenticationResult()).thenReturn(AuthenticationResult.TOO_MANY_ATTEMPTS);
    // When
    filter.doFilter(servletRequest, servletResponse, filterChain);
    // Then
    verifyNoMoreInteractions(filterChain);
    verify(servletResponse).setStatus(429);
    verify(servletResponse).addHeader(HttpHeaders.CONTENT_TYPE, "application/json; charset=UTF-8");
    assertThat(outputStream.toString(UTF_8.name())).contains("\"code\" : \"Neo.ClientError.Security.AuthenticationRateLimit\"");
    assertThat(outputStream.toString(UTF_8.name())).contains("\"message\" : \"Too many failed authentication requests. " + "Please wait 5 seconds and try again.\"");
}
Also used : AuthSubject(org.neo4j.internal.kernel.api.security.AuthSubject) BasicLoginContext(org.neo4j.server.security.auth.BasicLoginContext) Test(org.junit.jupiter.api.Test)

Example 5 with AuthSubject

use of org.neo4j.internal.kernel.api.security.AuthSubject in project neo4j by neo4j.

the class AuthorizationFilterTest method shouldNotAuthorizeInvalidCredentials.

@Test
void shouldNotAuthorizeInvalidCredentials() throws Exception {
    // Given
    final AuthorizationEnabledFilter filter = newFilter();
    String credentials = Base64.encodeBase64String("foo:bar".getBytes(UTF_8));
    BasicLoginContext loginContext = mock(BasicLoginContext.class);
    AuthSubject authSubject = mock(AuthSubject.class);
    when(servletRequest.getRemoteAddr()).thenReturn("client");
    when(servletRequest.getRemotePort()).thenReturn(1337);
    when(servletRequest.getServerName()).thenReturn("server");
    when(servletRequest.getServerPort()).thenReturn(42);
    when(servletRequest.getMethod()).thenReturn("GET");
    when(servletRequest.getContextPath()).thenReturn("/db/data");
    when(servletRequest.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("BASIC " + credentials);
    when(servletRequest.getRemoteAddr()).thenReturn("remote_ip_address");
    when(authManager.login(argThat(new AuthTokenMatcher(authToken("foo", "bar"))), any())).thenReturn(loginContext);
    when(loginContext.subject()).thenReturn(authSubject);
    when(authSubject.getAuthenticationResult()).thenReturn(AuthenticationResult.FAILURE);
    // When
    filter.doFilter(servletRequest, servletResponse, filterChain);
    // Then
    verifyNoMoreInteractions(filterChain);
    assertThat(logProvider).forClass(AuthorizationEnabledFilter.class).forLevel(WARN).containsMessages("Failed authentication attempt for '%s' from %s", "foo", "remote_ip_address");
    verify(servletResponse).setStatus(401);
    verify(servletResponse).addHeader(HttpHeaders.CONTENT_TYPE, "application/json; charset=UTF-8");
    assertThat(outputStream.toString(UTF_8.name())).contains("\"code\" : \"Neo.ClientError.Security.Unauthorized\"");
    assertThat(outputStream.toString(UTF_8.name())).contains("\"message\" : \"Invalid username or password.\"");
}
Also used : AuthSubject(org.neo4j.internal.kernel.api.security.AuthSubject) BasicLoginContext(org.neo4j.server.security.auth.BasicLoginContext) Test(org.junit.jupiter.api.Test)

Aggregations

AuthSubject (org.neo4j.internal.kernel.api.security.AuthSubject)7 Test (org.junit.jupiter.api.Test)6 BasicLoginContext (org.neo4j.server.security.auth.BasicLoginContext)4 ArrayList (java.util.ArrayList)1 Collections (java.util.Collections)1 List (java.util.List)1 Map (java.util.Map)1 ExecutorService (java.util.concurrent.ExecutorService)1 Executors (java.util.concurrent.Executors)1 Future (java.util.concurrent.Future)1 ThreadLocalRandom (java.util.concurrent.ThreadLocalRandom)1 AtomicInteger (java.util.concurrent.atomic.AtomicInteger)1 AtomicReference (java.util.concurrent.atomic.AtomicReference)1 Consumer (java.util.function.Consumer)1 ExceptionUtils.getRootCause (org.apache.commons.lang3.exception.ExceptionUtils.getRootCause)1 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)1 Assertions.assertEquals (org.junit.jupiter.api.Assertions.assertEquals)1 Assertions.assertThrows (org.junit.jupiter.api.Assertions.assertThrows)1 Assertions.assertTrue (org.junit.jupiter.api.Assertions.assertTrue)1 ExtendWith (org.junit.jupiter.api.extension.ExtendWith)1