Exemple #1
0
        public virtual void ChangePassword()
        {
            // Given
            StartServer(true);

            // Document
            RESTRequestGenerator.ResponseEntity response = Gen.get().expectedStatus(200).withHeader(HttpHeaders.AUTHORIZATION, HTTP.basicAuthHeader("neo4j", "neo4j")).payload(QuotedJson("{'password':'******'}")).post(_server.baseUri().resolve("/user/neo4j/password").ToString());

            // Then the new password should work
            assertEquals(200, HTTP.withBasicAuth("neo4j", "secret").GET(DataURL()).status());

            // Then the old password should not be invalid
            assertEquals(401, HTTP.withBasicAuth("neo4j", "neo4j").POST(DataURL()).status());
        }
Exemple #2
0
        public virtual void IncorrectAuthentication()
        {
            // Given
            StartServerWithConfiguredUser();

            // Document
            RESTRequestGenerator.ResponseEntity response = Gen.get().expectedStatus(401).withHeader(HttpHeaders.AUTHORIZATION, HTTP.basicAuthHeader("neo4j", "incorrect")).expectedHeader("WWW-Authenticate", "Basic realm=\"Neo4j\"").post(DataURL());

            // Then
            JsonNode data       = JsonHelper.jsonNode(response.Entity());
            JsonNode firstError = data.get("errors").get(0);

            assertThat(firstError.get("code").asText(), equalTo("Neo.ClientError.Security.Unauthorized"));
            assertThat(firstError.get("message").asText(), equalTo("Invalid username or password."));
        }
Exemple #3
0
        public virtual void SuccessfulAuthentication()
        {
            // Given
            StartServerWithConfiguredUser();

            // Document
            RESTRequestGenerator.ResponseEntity response = Gen.get().expectedStatus(200).withHeader(HttpHeaders.AUTHORIZATION, HTTP.basicAuthHeader("neo4j", "secret")).get(UserURL("neo4j"));

            // Then
            JsonNode data = JsonHelper.jsonNode(response.Entity());

            assertThat(data.get("username").asText(), equalTo("neo4j"));
            assertThat(data.get("password_change_required").asBoolean(), equalTo(false));
            assertThat(data.get("password_change").asText(), equalTo(PasswordURL("neo4j")));
        }
Exemple #4
0
        public virtual void MissingAuthorization()
        {
            // Given
            StartServerWithConfiguredUser();

            // Document
            RESTRequestGenerator.ResponseEntity response = Gen.get().expectedStatus(401).expectedHeader("WWW-Authenticate", "Basic realm=\"Neo4j\"").get(DataURL());

            // Then
            JsonNode data       = JsonHelper.jsonNode(response.Entity());
            JsonNode firstError = data.get("errors").get(0);

            assertThat(firstError.get("code").asText(), equalTo("Neo.ClientError.Security.Unauthorized"));
            assertThat(firstError.get("message").asText(), equalTo("No authentication header supplied."));
        }
Exemple #5
0
        public virtual void PasswordChangeRequired()
        {
            // Given
            StartServer(true);

            // Document
            RESTRequestGenerator.ResponseEntity response = Gen.get().expectedStatus(403).withHeader(HttpHeaders.AUTHORIZATION, HTTP.basicAuthHeader("neo4j", "neo4j")).get(DataURL());

            // Then
            JsonNode data       = JsonHelper.jsonNode(response.Entity());
            JsonNode firstError = data.get("errors").get(0);

            assertThat(firstError.get("code").asText(), equalTo("Neo.ClientError.Security.Forbidden"));
            assertThat(firstError.get("message").asText(), equalTo("User is required to change their password."));
            assertThat(data.get("password_change").asText(), equalTo(PasswordURL("neo4j")));
        }