Search in sources :

Example 1 with AuthSubject

use of org.neo4j.kernel.api.security.AuthSubject in project neo4j by neo4j.

the class TxStateTransactionDataViewTest method shouldAccessUsernameFromAuthSubject.

@Test
public void shouldAccessUsernameFromAuthSubject() {
    AuthSubject authSubject = mock(AuthSubject.class);
    when(authSubject.username()).thenReturn("Christof");
    when(transaction.securityContext()).thenReturn(new SecurityContext.Frozen(authSubject, AccessMode.Static.FULL));
    TxStateTransactionDataSnapshot transactionDataSnapshot = snapshot();
    assertEquals("Christof", transactionDataSnapshot.username());
}
Also used : AuthSubject(org.neo4j.kernel.api.security.AuthSubject) SecurityContext(org.neo4j.kernel.api.security.SecurityContext) Test(org.junit.Test)

Example 2 with AuthSubject

use of org.neo4j.kernel.api.security.AuthSubject in project neo4j by neo4j.

the class SecurityProceduresTest method setup.

@Before
public void setup() {
    AuthSubject subject = mock(AuthSubject.class);
    when(subject.username()).thenReturn("pearl");
    EnterpriseSecurityContext ctx = mock(EnterpriseSecurityContext.class);
    when(ctx.subject()).thenReturn(subject);
    when(ctx.roles()).thenReturn(Collections.singleton("jammer"));
    procedures = new SecurityProcedures();
    procedures.securityContext = ctx;
    procedures.userManager = mock(EnterpriseUserManager.class);
}
Also used : EnterpriseSecurityContext(org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext) AuthSubject(org.neo4j.kernel.api.security.AuthSubject) Before(org.junit.Before)

Example 3 with AuthSubject

use of org.neo4j.kernel.api.security.AuthSubject in project neo4j by neo4j.

the class AuthorizationFilterTest method shouldAuthorizeWhenValidCredentialsSupplied.

@Test
public void shouldAuthorizeWhenValidCredentialsSupplied() throws Exception {
    // Given
    final AuthorizationEnabledFilter filter = new AuthorizationEnabledFilter(() -> authManager, logProvider);
    String credentials = Base64.encodeBase64String("foo:bar".getBytes(StandardCharsets.UTF_8));
    BasicSecurityContext securityContext = mock(BasicSecurityContext.class);
    AuthSubject authSubject = mock(AuthSubject.class);
    when(servletRequest.getMethod()).thenReturn("GET");
    when(servletRequest.getContextPath()).thenReturn("/db/data");
    when(servletRequest.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("BASIC " + credentials);
    when(authManager.login(authToken("foo", "bar"))).thenReturn(securityContext);
    when(securityContext.subject()).thenReturn(authSubject);
    when(authSubject.getAuthenticationResult()).thenReturn(AuthenticationResult.SUCCESS);
    // When
    filter.doFilter(servletRequest, servletResponse, filterChain);
    // Then
    verify(filterChain).doFilter(eq(new AuthorizedRequestWrapper(BASIC_AUTH, "foo", servletRequest, AUTH_DISABLED)), same(servletResponse));
}
Also used : AuthSubject(org.neo4j.kernel.api.security.AuthSubject) Matchers.containsString(org.hamcrest.Matchers.containsString) BasicSecurityContext(org.neo4j.server.security.auth.BasicSecurityContext) Test(org.junit.Test)

Example 4 with AuthSubject

use of org.neo4j.kernel.api.security.AuthSubject in project neo4j by neo4j.

the class AuthorizationFilterTest method shouldNotAuthorizeWhenPasswordChangeRequired.

@Test
public void shouldNotAuthorizeWhenPasswordChangeRequired() throws Exception {
    // Given
    final AuthorizationEnabledFilter filter = new AuthorizationEnabledFilter(() -> authManager, logProvider);
    String credentials = Base64.encodeBase64String("foo:bar".getBytes(StandardCharsets.UTF_8));
    BasicSecurityContext securityContext = mock(BasicSecurityContext.class);
    AuthSubject authSubject = mock(AuthSubject.class);
    when(servletRequest.getMethod()).thenReturn("GET");
    when(servletRequest.getContextPath()).thenReturn("/db/data");
    when(servletRequest.getRequestURL()).thenReturn(new StringBuffer("http://bar.baz:7474/db/data/"));
    when(servletRequest.getRequestURI()).thenReturn("/db/data/");
    when(servletRequest.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("BASIC " + credentials);
    when(authManager.login(authToken("foo", "bar"))).thenReturn(securityContext);
    when(securityContext.subject()).thenReturn(authSubject);
    when(authSubject.getAuthenticationResult()).thenReturn(AuthenticationResult.PASSWORD_CHANGE_REQUIRED);
    // When
    filter.doFilter(servletRequest, servletResponse, filterChain);
    // Then
    verifyNoMoreInteractions(filterChain);
    verify(servletResponse).setStatus(403);
    verify(servletResponse).addHeader(HttpHeaders.CONTENT_TYPE, "application/json; charset=UTF-8");
    assertThat(outputStream.toString(StandardCharsets.UTF_8.name()), containsString("\"password_change\" : \"http://bar.baz:7474/user/foo/password\""));
    assertThat(outputStream.toString(StandardCharsets.UTF_8.name()), containsString("\"code\" : \"Neo.ClientError.Security.Forbidden\""));
    assertThat(outputStream.toString(StandardCharsets.UTF_8.name()), containsString("\"message\" : \"User is required to change their password.\""));
}
Also used : AuthSubject(org.neo4j.kernel.api.security.AuthSubject) Matchers.containsString(org.hamcrest.Matchers.containsString) BasicSecurityContext(org.neo4j.server.security.auth.BasicSecurityContext) Test(org.junit.Test)

Example 5 with AuthSubject

use of org.neo4j.kernel.api.security.AuthSubject in project neo4j by neo4j.

the class MultiRealmAuthManagerTest method shouldReturnTooManyAttemptsWhenThatIsAppropriate.

@Test
public void shouldReturnTooManyAttemptsWhenThatIsAppropriate() throws Throwable {
    // Given
    users.create(newUser("jake", "abc123", true));
    manager.start();
    setMockAuthenticationStrategyResult("jake", "wrong password", AuthenticationResult.TOO_MANY_ATTEMPTS);
    // When
    AuthSubject authSubject = manager.login(authToken("jake", "wrong password")).subject();
    AuthenticationResult result = authSubject.getAuthenticationResult();
    // Then
    assertThat(result, equalTo(AuthenticationResult.TOO_MANY_ATTEMPTS));
    logProvider.assertExactly(error("[%s]: failed to log in: too many failed attempts", "jake"));
}
Also used : AuthSubject(org.neo4j.kernel.api.security.AuthSubject) AuthenticationResult(org.neo4j.kernel.api.security.AuthenticationResult) Test(org.junit.Test)

Aggregations

AuthSubject (org.neo4j.kernel.api.security.AuthSubject)11 Test (org.junit.Test)10 Matchers.containsString (org.hamcrest.Matchers.containsString)5 BasicSecurityContext (org.neo4j.server.security.auth.BasicSecurityContext)5 AuthenticationResult (org.neo4j.kernel.api.security.AuthenticationResult)3 SecurityContext (org.neo4j.kernel.api.security.SecurityContext)2 ArrayList (java.util.ArrayList)1 Collections (java.util.Collections)1 List (java.util.List)1 Map (java.util.Map)1 AtomicReference (java.util.concurrent.atomic.AtomicReference)1 Consumer (java.util.function.Consumer)1 MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)1 Matchers.equalTo (org.hamcrest.Matchers.equalTo)1 Assert.assertTrue (org.junit.Assert.assertTrue)1 Before (org.junit.Before)1 Rule (org.junit.Rule)1 ExpectedException (org.junit.rules.ExpectedException)1 RuleChain (org.junit.rules.RuleChain)1 Mockito.mock (org.mockito.Mockito.mock)1