Example 6 with AuthSubject
use of org.neo4j.kernel.api.security.AuthSubject in project neo4j by neo4j.
the class MultiRealmAuthManagerTest method shouldFailAuthenticationAndEscapeIfUserIsNotFound.
@Test
public void shouldFailAuthenticationAndEscapeIfUserIsNotFound() throws Throwable {
// Given
manager.start();
// When
AuthSubject authSubject = manager.login(authToken("unknown\n\t\r\"haxx0r\"", "abc123")).subject();
AuthenticationResult result = authSubject.getAuthenticationResult();
// Then
assertThat(result, equalTo(AuthenticationResult.FAILURE));
logProvider.assertExactly(error("[%s]: failed to log in: invalid principal or credentials", escape("unknown\n\t\r\"haxx0r\"")));
}
Also used :
AuthSubject(org.neo4j.kernel.api.security.AuthSubject)
AuthenticationResult(org.neo4j.kernel.api.security.AuthenticationResult)
Test(org.junit.Test)
Example 7 with AuthSubject
use of org.neo4j.kernel.api.security.AuthSubject in project neo4j by neo4j.
the class MultiRealmAuthManagerTest method shouldFailAuthenticationIfUserIsNotFound.
@Test
public void shouldFailAuthenticationIfUserIsNotFound() throws Throwable {
// Given
manager.start();
// When
AuthSubject authSubject = manager.login(authToken("unknown", "abc123")).subject();
AuthenticationResult result = authSubject.getAuthenticationResult();
// Then
assertThat(result, equalTo(AuthenticationResult.FAILURE));
logProvider.assertExactly(error("[%s]: failed to log in: invalid principal or credentials", "unknown"));
}
Also used :
AuthSubject(org.neo4j.kernel.api.security.AuthSubject)
AuthenticationResult(org.neo4j.kernel.api.security.AuthenticationResult)
Test(org.junit.Test)
Example 8 with AuthSubject
use of org.neo4j.kernel.api.security.AuthSubject in project neo4j by neo4j.
the class AuthorizationFilterTest method shouldNotAuthorizeInvalidCredentials.
@Test
public void shouldNotAuthorizeInvalidCredentials() throws Exception {
// Given
final AuthorizationEnabledFilter filter = new AuthorizationEnabledFilter(() -> authManager, logProvider);
String credentials = Base64.encodeBase64String("foo:bar".getBytes(StandardCharsets.UTF_8));
BasicSecurityContext securityContext = mock(BasicSecurityContext.class);
AuthSubject authSubject = mock(AuthSubject.class);
when(servletRequest.getMethod()).thenReturn("GET");
when(servletRequest.getContextPath()).thenReturn("/db/data");
when(servletRequest.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("BASIC " + credentials);
when(servletRequest.getRemoteAddr()).thenReturn("remote_ip_address");
when(authManager.login(authToken("foo", "bar"))).thenReturn(securityContext);
when(securityContext.subject()).thenReturn(authSubject);
when(authSubject.getAuthenticationResult()).thenReturn(AuthenticationResult.FAILURE);
// When
filter.doFilter(servletRequest, servletResponse, filterChain);
// Then
verifyNoMoreInteractions(filterChain);
logProvider.assertExactly(inLog(AuthorizationEnabledFilter.class).warn("Failed authentication attempt for '%s' from %s", "foo", "remote_ip_address"));
verify(servletResponse).setStatus(401);
verify(servletResponse).addHeader(HttpHeaders.CONTENT_TYPE, "application/json; charset=UTF-8");
assertThat(outputStream.toString(StandardCharsets.UTF_8.name()), containsString("\"code\" : \"Neo.ClientError.Security.Unauthorized\""));
assertThat(outputStream.toString(StandardCharsets.UTF_8.name()), containsString("\"message\" : \"Invalid username or password.\""));
}
Also used :
AuthSubject(org.neo4j.kernel.api.security.AuthSubject)
Matchers.containsString(org.hamcrest.Matchers.containsString)
BasicSecurityContext(org.neo4j.server.security.auth.BasicSecurityContext)
Test(org.junit.Test)
Example 9 with AuthSubject
use of org.neo4j.kernel.api.security.AuthSubject in project neo4j by neo4j.
the class AuthorizationFilterTest method shouldNotAuthorizeWhenTooManyAttemptsMade.
@Test
public void shouldNotAuthorizeWhenTooManyAttemptsMade() throws Exception {
// Given
final AuthorizationEnabledFilter filter = new AuthorizationEnabledFilter(() -> authManager, logProvider);
String credentials = Base64.encodeBase64String("foo:bar".getBytes(StandardCharsets.UTF_8));
BasicSecurityContext securityContext = mock(BasicSecurityContext.class);
AuthSubject authSubject = mock(AuthSubject.class);
when(servletRequest.getMethod()).thenReturn("GET");
when(servletRequest.getContextPath()).thenReturn("/db/data");
when(servletRequest.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("BASIC " + credentials);
when(authManager.login(authToken("foo", "bar"))).thenReturn(securityContext);
when(securityContext.subject()).thenReturn(authSubject);
when(authSubject.getAuthenticationResult()).thenReturn(AuthenticationResult.TOO_MANY_ATTEMPTS);
// When
filter.doFilter(servletRequest, servletResponse, filterChain);
// Then
verifyNoMoreInteractions(filterChain);
verify(servletResponse).setStatus(429);
verify(servletResponse).addHeader(HttpHeaders.CONTENT_TYPE, "application/json; charset=UTF-8");
assertThat(outputStream.toString(StandardCharsets.UTF_8.name()), containsString("\"code\" : \"Neo.ClientError.Security.AuthenticationRateLimit\""));
assertThat(outputStream.toString(StandardCharsets.UTF_8.name()), containsString("\"message\" : \"Too many failed authentication requests. Please wait 5 seconds and try again.\""));
}
Also used :
AuthSubject(org.neo4j.kernel.api.security.AuthSubject)
Matchers.containsString(org.hamcrest.Matchers.containsString)
BasicSecurityContext(org.neo4j.server.security.auth.BasicSecurityContext)
Test(org.junit.Test)
Example 10 with AuthSubject
use of org.neo4j.kernel.api.security.AuthSubject in project neo4j by neo4j.
the class AuthorizationFilterTest method shouldAuthorizeWhenPasswordChangeRequiredForWhitelistedPath.
@Test
public void shouldAuthorizeWhenPasswordChangeRequiredForWhitelistedPath() throws Exception {
// Given
final AuthorizationEnabledFilter filter = new AuthorizationEnabledFilter(() -> authManager, logProvider);
String credentials = Base64.encodeBase64String("foo:bar".getBytes(StandardCharsets.UTF_8));
BasicSecurityContext securityContext = mock(BasicSecurityContext.class);
AuthSubject authSubject = mock(AuthSubject.class);
when(servletRequest.getMethod()).thenReturn("GET");
when(servletRequest.getContextPath()).thenReturn("/user/foo");
when(servletRequest.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("BASIC " + credentials);
when(authManager.login(authToken("foo", "bar"))).thenReturn(securityContext);
when(securityContext.subject()).thenReturn(authSubject);
when(authSubject.getAuthenticationResult()).thenReturn(AuthenticationResult.PASSWORD_CHANGE_REQUIRED);
// When
filter.doFilter(servletRequest, servletResponse, filterChain);
// Then
verify(filterChain).doFilter(eq(new AuthorizedRequestWrapper(BASIC_AUTH, "foo", servletRequest, AUTH_DISABLED)), same(servletResponse));
}
Also used :
AuthSubject(org.neo4j.kernel.api.security.AuthSubject)
Matchers.containsString(org.hamcrest.Matchers.containsString)
BasicSecurityContext(org.neo4j.server.security.auth.BasicSecurityContext)
Test(org.junit.Test)
Aggregations
AuthSubject (org.neo4j.kernel.api.security.AuthSubject)11
Test (org.junit.Test)10
Matchers.containsString (org.hamcrest.Matchers.containsString)5
BasicSecurityContext (org.neo4j.server.security.auth.BasicSecurityContext)5
AuthenticationResult (org.neo4j.kernel.api.security.AuthenticationResult)3
SecurityContext (org.neo4j.kernel.api.security.SecurityContext)2
ArrayList (java.util.ArrayList)1
Collections (java.util.Collections)1
List (java.util.List)1
Map (java.util.Map)1
AtomicReference (java.util.concurrent.atomic.AtomicReference)1
Consumer (java.util.function.Consumer)1
MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)1
Matchers.equalTo (org.hamcrest.Matchers.equalTo)1
Assert.assertTrue (org.junit.Assert.assertTrue)1
Before (org.junit.Before)1
Rule (org.junit.Rule)1
ExpectedException (org.junit.rules.ExpectedException)1
RuleChain (org.junit.rules.RuleChain)1
Mockito.mock (org.mockito.Mockito.mock)1
