@Override public AuthenticationResult authenticate( User user, byte[] password ) { AuthenticationMetadata authMetadata = authMetadataFor( user.name() ); if ( !authMetadata.authenticationPermitted() ) { return AuthenticationResult.TOO_MANY_ATTEMPTS; } if ( user.credentials().matchesPassword( password ) ) { authMetadata.authSuccess(); return AuthenticationResult.SUCCESS; } else { authMetadata.authFailed(); return AuthenticationResult.FAILURE; } }
@Override public void setUserPassword( String username, String password, boolean requirePasswordChange ) throws IOException, InvalidArgumentsException { User existingUser = getUser( username ); passwordPolicy.validatePassword( password ); if ( existingUser.credentials().matchesPassword( password ) ) { throw new InvalidArgumentsException( "Old password and new password cannot be the same." ); } try { User updatedUser = existingUser.augment() .withCredentials( Credential.forPassword( password ) ) .withRequiredPasswordChange( requirePasswordChange ) .build(); synchronized ( this ) { userRepository.update( existingUser, updatedUser ); } } catch ( ConcurrentModificationException e ) { // try again setUserPassword( username, password, requirePasswordChange ); } clearCacheForUser( username ); }
@Override public User newUser( String username, String initialPassword, boolean requirePasswordChange ) throws IOException, InvalidArgumentsException { userRepository.assertValidUsername( username ); passwordPolicy.validatePassword( initialPassword ); User user = new User.Builder() .withName( username ) .withCredentials( Credential.forPassword( initialPassword ) ) .withRequiredPasswordChange( requirePasswordChange ) .build(); synchronized ( this ) { userRepository.create( user ); } return user; }
@Test public void shouldChangePasswordAndReturnSuccess() throws Exception { // Given HttpServletRequest req = mock( HttpServletRequest.class ); when( req.getUserPrincipal() ).thenReturn( neo4jPrinciple ); OutputFormat outputFormat = new EntityOutputFormat( new JsonFormat(), new URI( "http://www.example.com" ), null ); UserService userService = new UserService( userManagerSupplier, new JsonFormat(), outputFormat ); // When Response response = userService.setPassword( "neo4j", req, "{ \"password\" : \"test\" }" ); // Then assertThat( response.getStatus(), equalTo( 200 ) ); userManagerSupplier.getUserManager().getUser( "neo4j" ).credentials().matchesPassword( "test" ); }
private boolean realUsersExist( Config config ) { boolean result = false; File authFile = CommunitySecurityModule.getUserRepositoryFile( config ); if ( outsideWorld.fileSystem().fileExists( authFile ) ) { result = true; // Check if it only contains the default neo4j user FileUserRepository userRepository = new FileUserRepository( outsideWorld.fileSystem(), authFile, NullLogProvider.getInstance() ); try ( Lifespan life = new Lifespan( userRepository ) ) { ListSnapshot<User> users = userRepository.getPersistedSnapshot(); if ( users.values().size() == 1 ) { User user = users.values().get( 0 ); if ( INITIAL_USER_NAME.equals( user.name() ) && user.credentials().matchesPassword( INITIAL_PASSWORD ) ) { // We allow overwriting an unmodified default neo4j user result = false; } } } catch ( IOException e ) { // Do not allow overwriting if we had a problem reading the file } } return result; }
@Test public void shouldChangePassword() throws Throwable { // Given assertEmpty( admin, "CALL dbms.changePassword('abc')" ); assert authManager.getUser( "neo4j" ).credentials().matchesPassword( "abc" ); }
if ( existingUser.credentials().matchesPassword( password ) )
@Test public void shouldClearPasswordOnNewUser() throws Throwable { // Given manager.start(); byte[] password = password( "abc123" ); // When manager.newUser( "jake", password, true ); // Then assertThat( password, equalTo( clearedPasswordWithSameLenghtAs( "abc123" ) ) ); User user = manager.getUser( "jake" ); assertTrue( user.credentials().matchesPassword( "abc123" ) ); }
@Test public void shouldClearPasswordOnSetUserPassword() throws Throwable { // Given manager.start(); manager.newUser( "jake", password( "old" ), false ); byte[] newPassword = password( "abc123" ); // When manager.setUserPassword( "jake", newPassword, false ); // Then assertThat( newPassword, equalTo( clearedPasswordWithSameLenghtAs( "abc123" ) ) ); User user = manager.getUser( "jake" ); assertTrue( user.credentials().matchesPassword( "abc123" ) ); }
@Test public void shouldSetPassword() throws Throwable { // Given manager.start(); manager.newUser( "jake", password( "abc123" ), true ); // When manager.setUserPassword( "jake", password( "hello, world!" ), false ); // Then User user = manager.getUser( "jake" ); assertTrue( user.credentials().matchesPassword( "hello, world!" ) ); assertThat( users.getUserByName( "jake" ), equalTo( user ) ); }
@Test public void shouldCreateDefaultUserIfNoneExist() throws Throwable { // When authManager().start(); // Then final User user = users.getUserByName( "neo4j" ); assertNotNull( user ); assertTrue( user.credentials().matchesPassword( "neo4j" ) ); assertTrue( user.passwordChangeRequired() ); }
@Test public void shouldCreateUser() throws Throwable { // Given manager.start(); // When manager.newUser( "foo", password( "bar" ), true ); // Then User user = users.getUserByName( "foo" ); assertNotNull( user ); assertTrue( user.passwordChangeRequired() ); assertTrue( user.credentials().matchesPassword( "bar" ) ); }
private void assertAuthIniFile( String password ) throws Throwable { assertTrue( fileSystem.fileExists( authInitFile ) ); FileUserRepository userRepository = new FileUserRepository( fileSystem, authInitFile, NullLogProvider.getInstance() ); userRepository.start(); User neo4j = userRepository.getUserByName( UserManager.INITIAL_USER_NAME ); assertNotNull( neo4j ); assertTrue( neo4j.credentials().matchesPassword( password ) ); assertFalse( neo4j.hasFlag( User.PASSWORD_CHANGE_REQUIRED ) ); } }
private void assertAuthIniFile( String password ) throws Throwable { File authIniFile = getAuthFile( "auth.ini" ); assertTrue( fileSystem.fileExists( authIniFile ) ); FileUserRepository userRepository = new FileUserRepository( fileSystem, authIniFile, NullLogProvider.getInstance() ); userRepository.start(); User neo4j = userRepository.getUserByName( UserManager.INITIAL_USER_NAME ); assertNotNull( neo4j ); assertTrue( neo4j.credentials().matchesPassword( password ) ); assertFalse( neo4j.hasFlag( User.PASSWORD_CHANGE_REQUIRED ) ); }
@Test public void shouldLoadInitialUserIfNoneExist() throws Throwable { // Given FileUserRepository initialUserRepository = CommunitySecurityModule.getInitialUserRepository( config, NullLogProvider.getInstance(), fsRule.get() ); initialUserRepository.start(); initialUserRepository.create( new User.Builder( "neo4j", LegacyCredential.forPassword( "123" ) ) .withRequiredPasswordChange( false ) .build() ); initialUserRepository.shutdown(); // When authManager().start(); // Then final User user = users.getUserByName( "neo4j" ); assertNotNull( user ); assertTrue( user.credentials().matchesPassword( "123" ) ); assertFalse( user.passwordChangeRequired() ); }
@Test public void shouldLoadInitialUserIfNoneExistEvenWithSamePassword() throws Throwable { // Given FileUserRepository initialUserRepository = CommunitySecurityModule.getInitialUserRepository( config, NullLogProvider.getInstance(), fsRule.get() ); initialUserRepository.start(); initialUserRepository.create( new User.Builder( "neo4j", LegacyCredential.forPassword( "neo4j" ) ) .withRequiredPasswordChange( false ) .build() ); initialUserRepository.shutdown(); // When authManager().start(); // Then final User user = users.getUserByName( "neo4j" ); assertNotNull( user ); assertTrue( user.credentials().matchesPassword( "neo4j" ) ); assertFalse( user.passwordChangeRequired() ); }
@Test public void shouldNotUpdateUserIfInitialUserExist() throws Throwable { // Given FileUserRepository initialUserRepository = CommunitySecurityModule.getInitialUserRepository( config, NullLogProvider.getInstance(), fsRule.get() ); initialUserRepository.start(); initialUserRepository.create( newUser( "oldUser", "newPassword", false ) ); initialUserRepository.shutdown(); users.start(); users.create( newUser( "oldUser", "oldPassword", true ) ); users.shutdown(); // When authManager().start(); // Then final User oldUser = users.getUserByName( "oldUser" ); assertNotNull( oldUser ); assertTrue( oldUser.credentials().matchesPassword( "oldPassword" ) ); assertTrue( oldUser.passwordChangeRequired() ); }
@Test public void shouldNotAddInitialUserIfUsersExist() throws Throwable { // Given FileUserRepository initialUserRepository = CommunitySecurityModule.getInitialUserRepository( config, NullLogProvider.getInstance(), fsRule.get() ); initialUserRepository.start(); initialUserRepository.create( newUser( "initUser", "123", false ) ); initialUserRepository.shutdown(); users.start(); users.create( newUser( "oldUser", "321", false ) ); users.shutdown(); // When authManager().start(); // Then final User initUser = users.getUserByName( "initUser" ); assertNull( initUser ); final User oldUser = users.getUserByName( "oldUser" ); assertNotNull( oldUser ); assertTrue( oldUser.credentials().matchesPassword( "321" ) ); assertFalse( oldUser.passwordChangeRequired() ); }
@Override public AuthenticationResult authenticate( User user, byte[] password ) { AuthenticationMetadata authMetadata = authMetadataFor( user.name() ); if ( !authMetadata.authenticationPermitted() ) { return AuthenticationResult.TOO_MANY_ATTEMPTS; } if ( user.credentials().matchesPassword( password ) ) { authMetadata.authSuccess(); return AuthenticationResult.SUCCESS; } else { authMetadata.authFailed(); return AuthenticationResult.FAILURE; } }
private boolean realUsersExist( Config config ) { boolean result = false; File authFile = CommunitySecurityModule.getUserRepositoryFile( config ); if ( outsideWorld.fileSystem().fileExists( authFile ) ) { result = true; // Check if it only contains the default neo4j user FileUserRepository userRepository = new FileUserRepository( outsideWorld.fileSystem(), authFile, NullLogProvider.getInstance() ); try ( Lifespan life = new Lifespan( userRepository ) ) { ListSnapshot<User> users = userRepository.getPersistedSnapshot(); if ( users.values().size() == 1 ) { User user = users.values().get( 0 ); if ( INITIAL_USER_NAME.equals( user.name() ) && user.credentials().matchesPassword( INITIAL_PASSWORD ) ) { // We allow overwriting an unmodified default neo4j user result = false; } } } catch ( IOException e ) { // Do not allow overwriting if we had a problem reading the file } } return result; }