@Override public String username() { return user.name(); }
public Builder withRequiredPasswordChange( boolean change ) { if ( change ) { withFlag( PASSWORD_CHANGE_REQUIRED ); } else { withoutFlag( PASSWORD_CHANGE_REQUIRED ); } return this; }
/** Use this user as a base for a new user object */ public Builder augment() { return new Builder( this ); }
@Test public void shouldStoreAndRetrieveUsersByName() throws Exception { // Given FileUserRepository users = new FileUserRepository( fs, authFile, logProvider ); User user = new User.Builder( "jake", LegacyCredential.INACCESSIBLE ).withRequiredPasswordChange( true ).build(); users.create( user ); // When User result = users.getUserByName( user.name() ); // Then assertThat( result, equalTo( user ) ); }
@Test public void shouldCreateDefaultUserIfNoneExist() throws Throwable { // When authManager().start(); // Then final User user = users.getUserByName( "neo4j" ); assertNotNull( user ); assertTrue( user.credentials().matchesPassword( "neo4j" ) ); assertTrue( user.passwordChangeRequired() ); }
@Test public void shouldChangePassword() throws Throwable { // Given assertEmpty( admin, "CALL dbms.changePassword('abc')" ); assert authManager.getUser( "neo4j" ).credentials().matchesPassword( "abc" ); }
private void assertAuthIniFile( String password ) throws Throwable { assertTrue( fileSystem.fileExists( authInitFile ) ); FileUserRepository userRepository = new FileUserRepository( fileSystem, authInitFile, NullLogProvider.getInstance() ); userRepository.start(); User neo4j = userRepository.getUserByName( UserManager.INITIAL_USER_NAME ); assertNotNull( neo4j ); assertTrue( neo4j.credentials().matchesPassword( password ) ); assertFalse( neo4j.hasFlag( User.PASSWORD_CHANGE_REQUIRED ) ); } }
@Override public AuthenticationResult authenticate( User user, byte[] password ) { AuthenticationMetadata authMetadata = authMetadataFor( user.name() ); if ( !authMetadata.authenticationPermitted() ) { return AuthenticationResult.TOO_MANY_ATTEMPTS; } if ( user.credentials().matchesPassword( password ) ) { authMetadata.authSuccess(); return AuthenticationResult.SUCCESS; } else { authMetadata.authFailed(); return AuthenticationResult.FAILURE; } }
@Override protected String serialize( User user ) { return String.join( userSeparator, user.name(), // Only used by FileRepository (InternalFlatFileRealm) so we can assume LegacyCredential here serialize( (LegacyCredential) user.credentials() ), String.join( ",", user.getFlags() ) ); }
protected User newUser( String userName, String password, boolean pwdChange ) { return new User.Builder( userName, LegacyCredential.forPassword( password ) ) .withRequiredPasswordChange( pwdChange ) .build(); } }
@Mapping( "password_change_required" ) public ValueRepresentation passwordChangeRequired() { return ValueRepresentation.bool( user.passwordChangeRequired() ); }
public User build() { return new User( name, credential, flags ); } }
@Test public void shouldNotFindUserAfterDelete() throws Throwable { // Given FileUserRepository users = new FileUserRepository( fs, authFile, logProvider ); User user = new User.Builder( "jake", LegacyCredential.INACCESSIBLE ).withRequiredPasswordChange( true ).build(); users.create( user ); // When users.delete( user ); // Then assertThat( users.getUserByName( user.name() ), nullValue() ); }
@Test public void shouldCreateUser() throws Throwable { // Given manager.start(); // When manager.newUser( "foo", password( "bar" ), true ); // Then User user = users.getUserByName( "foo" ); assertNotNull( user ); assertTrue( user.passwordChangeRequired() ); assertTrue( user.credentials().matchesPassword( "bar" ) ); }
@Test public void shouldClearPasswordOnNewUser() throws Throwable { // Given manager.start(); byte[] password = password( "abc123" ); // When manager.newUser( "jake", password, true ); // Then assertThat( password, equalTo( clearedPasswordWithSameLenghtAs( "abc123" ) ) ); User user = manager.getUser( "jake" ); assertTrue( user.credentials().matchesPassword( "abc123" ) ); }
private void assertAuthIniFile( String password ) throws Throwable { File authIniFile = getAuthFile( "auth.ini" ); assertTrue( fileSystem.fileExists( authIniFile ) ); FileUserRepository userRepository = new FileUserRepository( fileSystem, authIniFile, NullLogProvider.getInstance() ); userRepository.start(); User neo4j = userRepository.getUserByName( UserManager.INITIAL_USER_NAME ); assertNotNull( neo4j ); assertTrue( neo4j.credentials().matchesPassword( password ) ); assertFalse( neo4j.hasFlag( User.PASSWORD_CHANGE_REQUIRED ) ); }
@Mapping( "username" ) public ValueRepresentation user() { return ValueRepresentation.string( user.name() ); }
@Test public void shouldPersistUsers() throws Throwable { // Given FileUserRepository users = new FileUserRepository( fs, authFile, logProvider ); User user = new User.Builder( "jake", LegacyCredential.INACCESSIBLE ).withRequiredPasswordChange( true ).build(); users.create( user ); users = new FileUserRepository( fs, authFile, logProvider ); users.start(); // When User resultByName = users.getUserByName( user.name() ); // Then assertThat( resultByName, equalTo( user ) ); }
@Test public void shouldClearPasswordOnSetUserPassword() throws Throwable { // Given manager.start(); manager.newUser( "jake", password( "old" ), false ); byte[] newPassword = password( "abc123" ); // When manager.setUserPassword( "jake", newPassword, false ); // Then assertThat( newPassword, equalTo( clearedPasswordWithSameLenghtAs( "abc123" ) ) ); User user = manager.getUser( "jake" ); assertTrue( user.credentials().matchesPassword( "abc123" ) ); }
@Mapping( "password_change" ) public ValueRepresentation passwordChange() { return ValueRepresentation.uri( format( "/user/%s/password", user.name() ) ); } }