use of org.neo4j.kernel.enterprise.api.security.EnterpriseAuthManager in project neo4j by neo4j.
the class QueryLoggerIT method shouldNotLogPassword.
@Test
public void shouldNotLogPassword() throws Exception {
GraphDatabaseFacade database = (GraphDatabaseFacade) databaseBuilder.setConfig(GraphDatabaseSettings.log_queries, Settings.TRUE).setConfig(GraphDatabaseSettings.logs_directory, logsDirectory.getPath()).setConfig(GraphDatabaseSettings.auth_enabled, Settings.TRUE).newGraphDatabase();
EnterpriseAuthManager authManager = database.getDependencyResolver().resolveDependency(EnterpriseAuthManager.class);
EnterpriseSecurityContext neo = authManager.login(AuthToken.newBasicAuthToken("neo4j", "neo4j"));
String query = "CALL dbms.security.changePassword('abc123')";
try (InternalTransaction tx = database.beginTransaction(KernelTransaction.Type.explicit, neo)) {
Result res = database.execute(tx, query, Collections.emptyMap());
res.close();
tx.success();
} finally {
database.shutdown();
}
List<String> logLines = readAllLines(logFilename);
assertEquals(1, logLines.size());
assertThat(logLines.get(0), containsString("CALL dbms.security.changePassword(******)"));
assertThat(logLines.get(0), not(containsString("abc123")));
assertThat(logLines.get(0), containsString(neo.subject().username()));
}
Aggregations