Search in sources :

Example 6 with InvalidArgumentsException

use of org.neo4j.kernel.api.exceptions.InvalidArgumentsException in project neo4j by neo4j.

the class InternalFlatFileRealmTest method shouldAssignAdminRoleAfterBadSetting.

@Test
public void shouldAssignAdminRoleAfterBadSetting() throws Throwable {
    UserRepository userRepository = new InMemoryUserRepository();
    UserRepository initialUserRepository = new InMemoryUserRepository();
    UserRepository adminUserRepository = new InMemoryUserRepository();
    RoleRepository roleRepository = new InMemoryRoleRepository();
    userRepository.create(newUser("morpheus", "123", false));
    userRepository.create(newUser("trinity", "123", false));
    InternalFlatFileRealm realm = new InternalFlatFileRealm(userRepository, roleRepository, new BasicPasswordPolicy(), new RateLimitedAuthenticationStrategy(Clocks.systemClock(), 3), new InternalFlatFileRealmIT.TestJobScheduler(), initialUserRepository, adminUserRepository);
    try {
        realm.initialize();
        realm.start();
        fail("Multiple users, no default admin provided");
    } catch (InvalidArgumentsException e) {
        realm.stop();
        realm.shutdown();
    }
    adminUserRepository.create(new User.Builder("trinity", Credential.INACCESSIBLE).build());
    realm.initialize();
    realm.start();
    assertThat(realm.getUsernamesForRole(PredefinedRoles.ADMIN).size(), equalTo(1));
    assertThat(realm.getUsernamesForRole(PredefinedRoles.ADMIN), contains("trinity"));
}
Also used : RateLimitedAuthenticationStrategy(org.neo4j.server.security.auth.RateLimitedAuthenticationStrategy) UserRepository(org.neo4j.server.security.auth.UserRepository) InMemoryUserRepository(org.neo4j.server.security.auth.InMemoryUserRepository) InMemoryUserRepository(org.neo4j.server.security.auth.InMemoryUserRepository) BasicPasswordPolicy(org.neo4j.server.security.auth.BasicPasswordPolicy) InvalidArgumentsException(org.neo4j.kernel.api.exceptions.InvalidArgumentsException) Test(org.junit.Test)

Example 7 with InvalidArgumentsException

use of org.neo4j.kernel.api.exceptions.InvalidArgumentsException in project neo4j by neo4j.

the class UserService method setPassword.

@POST
@Path("/{username}/password")
public Response setPassword(@PathParam("username") String username, @Context HttpServletRequest req, String payload) {
    Principal principal = req.getUserPrincipal();
    if (principal == null || !principal.getName().equals(username)) {
        return output.notFound();
    }
    final Map<String, Object> deserialized;
    try {
        deserialized = input.readMap(payload);
    } catch (BadInputException e) {
        return output.response(BAD_REQUEST, new ExceptionRepresentation(new Neo4jError(Status.Request.InvalidFormat, e.getMessage())));
    }
    Object o = deserialized.get(PASSWORD);
    if (o == null) {
        return output.response(UNPROCESSABLE, new ExceptionRepresentation(new Neo4jError(Status.Request.InvalidFormat, String.format("Required parameter '%s' is missing.", PASSWORD))));
    }
    if (!(o instanceof String)) {
        return output.response(UNPROCESSABLE, new ExceptionRepresentation(new Neo4jError(Status.Request.InvalidFormat, String.format("Expected '%s' to be a string.", PASSWORD))));
    }
    String newPassword = (String) o;
    try {
        SecurityContext securityContext = getSecurityContextFromUserPrincipal(principal);
        if (securityContext == null) {
            return output.notFound();
        } else {
            UserManager userManager = userManagerSupplier.getUserManager(securityContext);
            userManager.setUserPassword(username, newPassword, false);
        }
    } catch (IOException e) {
        return output.serverErrorWithoutLegacyStacktrace(e);
    } catch (InvalidArgumentsException e) {
        return output.response(UNPROCESSABLE, new ExceptionRepresentation(new Neo4jError(e.status(), e.getMessage())));
    }
    return output.ok();
}
Also used : Neo4jError(org.neo4j.server.rest.transactional.error.Neo4jError) ExceptionRepresentation(org.neo4j.server.rest.repr.ExceptionRepresentation) BadInputException(org.neo4j.server.rest.repr.BadInputException) UserManager(org.neo4j.kernel.api.security.UserManager) SecurityContext(org.neo4j.kernel.api.security.SecurityContext) IOException(java.io.IOException) InvalidArgumentsException(org.neo4j.kernel.api.exceptions.InvalidArgumentsException) AuthorizedRequestWrapper.getSecurityContextFromUserPrincipal(org.neo4j.server.rest.dbms.AuthorizedRequestWrapper.getSecurityContextFromUserPrincipal) Principal(java.security.Principal) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST)

Example 8 with InvalidArgumentsException

use of org.neo4j.kernel.api.exceptions.InvalidArgumentsException in project neo4j by neo4j.

the class AbstractUserRepository method create.

@Override
public void create(User user) throws InvalidArgumentsException, IOException {
    assertValidUsername(user.name());
    synchronized (this) {
        // Check for existing user
        for (User other : users) {
            if (other.name().equals(user.name())) {
                throw new InvalidArgumentsException("The specified user '" + user.name() + "' already exists.");
            }
        }
        users.add(user);
        usersByName.put(user.name(), user);
        persistUsers();
    }
}
Also used : User(org.neo4j.kernel.impl.security.User) InvalidArgumentsException(org.neo4j.kernel.api.exceptions.InvalidArgumentsException)

Aggregations

InvalidArgumentsException (org.neo4j.kernel.api.exceptions.InvalidArgumentsException)8 User (org.neo4j.kernel.impl.security.User)5 IOException (java.io.IOException)3 SecurityContext (org.neo4j.kernel.api.security.SecurityContext)3 Principal (java.security.Principal)2 Path (javax.ws.rs.Path)2 AuthorizationViolationException (org.neo4j.graphdb.security.AuthorizationViolationException)2 UserManager (org.neo4j.kernel.api.security.UserManager)2 AuthorizedRequestWrapper.getSecurityContextFromUserPrincipal (org.neo4j.server.rest.dbms.AuthorizedRequestWrapper.getSecurityContextFromUserPrincipal)2 ConcurrentModificationException (org.neo4j.server.security.auth.exception.ConcurrentModificationException)2 GET (javax.ws.rs.GET)1 POST (javax.ws.rs.POST)1 Test (org.junit.Test)1 InvalidAuthTokenException (org.neo4j.kernel.api.security.exception.InvalidAuthTokenException)1 AuthorizationRepresentation (org.neo4j.server.rest.repr.AuthorizationRepresentation)1 BadInputException (org.neo4j.server.rest.repr.BadInputException)1 ExceptionRepresentation (org.neo4j.server.rest.repr.ExceptionRepresentation)1 Neo4jError (org.neo4j.server.rest.transactional.error.Neo4jError)1 BasicPasswordPolicy (org.neo4j.server.security.auth.BasicPasswordPolicy)1 InMemoryUserRepository (org.neo4j.server.security.auth.InMemoryUserRepository)1