Example 1 with UserManager
use of org.neo4j.kernel.api.security.UserManager in project neo4j by neo4j.
the class UserServiceTest method shouldReturn404WhenChangingPasswordIfDifferentUser.
@Test
public void shouldReturn404WhenChangingPasswordIfDifferentUser() throws Exception {
// Given
HttpServletRequest req = mock(HttpServletRequest.class);
when(req.getUserPrincipal()).thenReturn(neo4jPrinciple);
UserManager userManager = mock(UserManager.class);
OutputFormat outputFormat = new EntityOutputFormat(new JsonFormat(), new URI("http://www.example.com"), null);
UserService userService = new UserService(userManagerSupplier, new JsonFormat(), outputFormat);
// When
Response response = userService.setPassword("fred", req, "{ \"password\" : \"test\" }");
// Then
assertThat(response.getStatus(), equalTo(404));
verifyZeroInteractions(userManager);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Response(javax.ws.rs.core.Response)
JsonFormat(org.neo4j.server.rest.repr.formats.JsonFormat)
UserManager(org.neo4j.kernel.api.security.UserManager)
EntityOutputFormat(org.neo4j.test.server.EntityOutputFormat)
OutputFormat(org.neo4j.server.rest.repr.OutputFormat)
URI(java.net.URI)
EntityOutputFormat(org.neo4j.test.server.EntityOutputFormat)
Test(org.junit.Test)
Example 2 with UserManager
use of org.neo4j.kernel.api.security.UserManager in project neo4j by neo4j.
the class UserService method getUser.
@GET
@Path("/{username}")
public Response getUser(@PathParam("username") String username, @Context HttpServletRequest req) {
Principal principal = req.getUserPrincipal();
if (principal == null || !principal.getName().equals(username)) {
return output.notFound();
}
SecurityContext securityContext = getSecurityContextFromUserPrincipal(principal);
UserManager userManager = userManagerSupplier.getUserManager(securityContext);
try {
User user = userManager.getUser(username);
return output.ok(new AuthorizationRepresentation(user));
} catch (InvalidArgumentsException e) {
return output.notFound();
}
}
Also used :
User(org.neo4j.kernel.impl.security.User)
UserManager(org.neo4j.kernel.api.security.UserManager)
SecurityContext(org.neo4j.kernel.api.security.SecurityContext)
AuthorizationRepresentation(org.neo4j.server.rest.repr.AuthorizationRepresentation)
InvalidArgumentsException(org.neo4j.kernel.api.exceptions.InvalidArgumentsException)
AuthorizedRequestWrapper.getSecurityContextFromUserPrincipal(org.neo4j.server.rest.dbms.AuthorizedRequestWrapper.getSecurityContextFromUserPrincipal)
Principal(java.security.Principal)
Path(javax.ws.rs.Path)
GET(javax.ws.rs.GET)
Example 3 with UserManager
use of org.neo4j.kernel.api.security.UserManager in project neo4j by neo4j.
the class UserService method setPassword.
@POST
@Path("/{username}/password")
public Response setPassword(@PathParam("username") String username, @Context HttpServletRequest req, String payload) {
Principal principal = req.getUserPrincipal();
if (principal == null || !principal.getName().equals(username)) {
return output.notFound();
}
final Map<String, Object> deserialized;
try {
deserialized = input.readMap(payload);
} catch (BadInputException e) {
return output.response(BAD_REQUEST, new ExceptionRepresentation(new Neo4jError(Status.Request.InvalidFormat, e.getMessage())));
}
Object o = deserialized.get(PASSWORD);
if (o == null) {
return output.response(UNPROCESSABLE, new ExceptionRepresentation(new Neo4jError(Status.Request.InvalidFormat, String.format("Required parameter '%s' is missing.", PASSWORD))));
}
if (!(o instanceof String)) {
return output.response(UNPROCESSABLE, new ExceptionRepresentation(new Neo4jError(Status.Request.InvalidFormat, String.format("Expected '%s' to be a string.", PASSWORD))));
}
String newPassword = (String) o;
try {
SecurityContext securityContext = getSecurityContextFromUserPrincipal(principal);
if (securityContext == null) {
return output.notFound();
} else {
UserManager userManager = userManagerSupplier.getUserManager(securityContext);
userManager.setUserPassword(username, newPassword, false);
}
} catch (IOException e) {
return output.serverErrorWithoutLegacyStacktrace(e);
} catch (InvalidArgumentsException e) {
return output.response(UNPROCESSABLE, new ExceptionRepresentation(new Neo4jError(e.status(), e.getMessage())));
}
return output.ok();
}
Also used :
Neo4jError(org.neo4j.server.rest.transactional.error.Neo4jError)
ExceptionRepresentation(org.neo4j.server.rest.repr.ExceptionRepresentation)
BadInputException(org.neo4j.server.rest.repr.BadInputException)
UserManager(org.neo4j.kernel.api.security.UserManager)
SecurityContext(org.neo4j.kernel.api.security.SecurityContext)
IOException(java.io.IOException)
InvalidArgumentsException(org.neo4j.kernel.api.exceptions.InvalidArgumentsException)
AuthorizedRequestWrapper.getSecurityContextFromUserPrincipal(org.neo4j.server.rest.dbms.AuthorizedRequestWrapper.getSecurityContextFromUserPrincipal)
Principal(java.security.Principal)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Aggregations
UserManager (org.neo4j.kernel.api.security.UserManager)3
Principal (java.security.Principal)2
Path (javax.ws.rs.Path)2
InvalidArgumentsException (org.neo4j.kernel.api.exceptions.InvalidArgumentsException)2
SecurityContext (org.neo4j.kernel.api.security.SecurityContext)2
AuthorizedRequestWrapper.getSecurityContextFromUserPrincipal (org.neo4j.server.rest.dbms.AuthorizedRequestWrapper.getSecurityContextFromUserPrincipal)2
IOException (java.io.IOException)1
URI (java.net.URI)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
GET (javax.ws.rs.GET)1
POST (javax.ws.rs.POST)1
Response (javax.ws.rs.core.Response)1
Test (org.junit.Test)1
User (org.neo4j.kernel.impl.security.User)1
AuthorizationRepresentation (org.neo4j.server.rest.repr.AuthorizationRepresentation)1
BadInputException (org.neo4j.server.rest.repr.BadInputException)1
ExceptionRepresentation (org.neo4j.server.rest.repr.ExceptionRepresentation)1
OutputFormat (org.neo4j.server.rest.repr.OutputFormat)1
JsonFormat (org.neo4j.server.rest.repr.formats.JsonFormat)1
Neo4jError (org.neo4j.server.rest.transactional.error.Neo4jError)1
