use of org.neo4j.server.security.auth.BasicSecurityContext in project neo4j by neo4j.
the class AuthorizationFilterTest method shouldNotAuthorizeWhenPasswordChangeRequired.
@Test
public void shouldNotAuthorizeWhenPasswordChangeRequired() throws Exception {
// Given
final AuthorizationEnabledFilter filter = new AuthorizationEnabledFilter(() -> authManager, logProvider);
String credentials = Base64.encodeBase64String("foo:bar".getBytes(StandardCharsets.UTF_8));
BasicSecurityContext securityContext = mock(BasicSecurityContext.class);
AuthSubject authSubject = mock(AuthSubject.class);
when(servletRequest.getMethod()).thenReturn("GET");
when(servletRequest.getContextPath()).thenReturn("/db/data");
when(servletRequest.getRequestURL()).thenReturn(new StringBuffer("http://bar.baz:7474/db/data/"));
when(servletRequest.getRequestURI()).thenReturn("/db/data/");
when(servletRequest.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("BASIC " + credentials);
when(authManager.login(authToken("foo", "bar"))).thenReturn(securityContext);
when(securityContext.subject()).thenReturn(authSubject);
when(authSubject.getAuthenticationResult()).thenReturn(AuthenticationResult.PASSWORD_CHANGE_REQUIRED);
// When
filter.doFilter(servletRequest, servletResponse, filterChain);
// Then
verifyNoMoreInteractions(filterChain);
verify(servletResponse).setStatus(403);
verify(servletResponse).addHeader(HttpHeaders.CONTENT_TYPE, "application/json; charset=UTF-8");
assertThat(outputStream.toString(StandardCharsets.UTF_8.name()), containsString("\"password_change\" : \"http://bar.baz:7474/user/foo/password\""));
assertThat(outputStream.toString(StandardCharsets.UTF_8.name()), containsString("\"code\" : \"Neo.ClientError.Security.Forbidden\""));
assertThat(outputStream.toString(StandardCharsets.UTF_8.name()), containsString("\"message\" : \"User is required to change their password.\""));
}
use of org.neo4j.server.security.auth.BasicSecurityContext in project neo4j by neo4j.
the class AuthorizationFilterTest method shouldAuthorizeWhenPasswordChangeRequiredForWhitelistedPath.
@Test
public void shouldAuthorizeWhenPasswordChangeRequiredForWhitelistedPath() throws Exception {
// Given
final AuthorizationEnabledFilter filter = new AuthorizationEnabledFilter(() -> authManager, logProvider);
String credentials = Base64.encodeBase64String("foo:bar".getBytes(StandardCharsets.UTF_8));
BasicSecurityContext securityContext = mock(BasicSecurityContext.class);
AuthSubject authSubject = mock(AuthSubject.class);
when(servletRequest.getMethod()).thenReturn("GET");
when(servletRequest.getContextPath()).thenReturn("/user/foo");
when(servletRequest.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("BASIC " + credentials);
when(authManager.login(authToken("foo", "bar"))).thenReturn(securityContext);
when(securityContext.subject()).thenReturn(authSubject);
when(authSubject.getAuthenticationResult()).thenReturn(AuthenticationResult.PASSWORD_CHANGE_REQUIRED);
// When
filter.doFilter(servletRequest, servletResponse, filterChain);
// Then
verify(filterChain).doFilter(eq(new AuthorizedRequestWrapper(BASIC_AUTH, "foo", servletRequest, AUTH_DISABLED)), same(servletResponse));
}
use of org.neo4j.server.security.auth.BasicSecurityContext in project neo4j by neo4j.
the class UserServiceTest method setupAuthManagerAndSubject.
protected void setupAuthManagerAndSubject() {
BasicAuthManager basicAuthManager = new BasicAuthManager(userRepository, passwordPolicy, mock(AuthenticationStrategy.class), new InMemoryUserRepository());
userManagerSupplier = basicAuthManager;
neo4jContext = new BasicSecurityContext(basicAuthManager, NEO4J_USER, AuthenticationResult.SUCCESS);
}
Aggregations