//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#: //ORIGINAL LINE: public void setUserPassword(String username, byte[] password, boolean requirePasswordChange) throws java.io.IOException, org.neo4j.kernel.api.exceptions.InvalidArgumentsException public override void SetUserPassword(string username, sbyte[] password, bool requirePasswordChange) { try { User existingUser = GetUser(username); PasswordPolicy.validatePassword(password); if (existingUser.Credentials().matchesPassword(password)) { throw new InvalidArgumentsException("Old password and new password cannot be the same."); } try { User updatedUser = existingUser.Augment().withCredentials(LegacyCredential.forPassword(password)).withRequiredPasswordChange(requirePasswordChange).build(); UserRepository.update(existingUser, updatedUser); } catch (ConcurrentModificationException) { // try again SetUserPassword(username, password, requirePasswordChange); } } finally { // Clear password if (password != null) { Arrays.fill(password, ( sbyte )0); } } }
protected internal virtual string Serialize(LegacyCredential cred) { string encodedSalt = HexString.encodeHexString(cred.Salt()); string encodedPassword = HexString.encodeHexString(cred.PasswordHash()); return(string.join(CREDENTIAL_SEPARATOR, LegacyCredential.DIGEST_ALGO, encodedPassword, encodedSalt)); }
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes: //ORIGINAL LINE: @Test public void shouldReturnFailureForInvalidAttempt() public virtual void ShouldReturnFailureForInvalidAttempt() { // Given FakeClock clock = FakeClock; AuthenticationStrategy authStrategy = NewAuthStrategy(clock, 3); User user = (new User.Builder("user", LegacyCredential.ForPassword("right"))).build(); // Then assertThat(authStrategy.Authenticate(user, password("wrong")), equalTo(AuthenticationResult.FAILURE)); }
private void TestUnlimitedFailedAuthAttempts(int maxFailedAttempts) { FakeClock clock = FakeClock; AuthenticationStrategy authStrategy = NewAuthStrategy(clock, maxFailedAttempts); User user = (new User.Builder("user", LegacyCredential.ForPassword("right"))).build(); int attempts = ThreadLocalRandom.current().Next(5, 100); for (int i = 0; i < attempts; i++) { assertEquals(AuthenticationResult.FAILURE, authStrategy.Authenticate(user, password("wrong"))); } }
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes: //ORIGINAL LINE: @Test public void shouldNotSlowRequestRateOnLessThanMaxFailedAttempts() public virtual void ShouldNotSlowRequestRateOnLessThanMaxFailedAttempts() { // Given FakeClock clock = FakeClock; AuthenticationStrategy authStrategy = NewAuthStrategy(clock, 3); User user = (new User.Builder("user", LegacyCredential.ForPassword("right"))).build(); // When we've failed two times assertThat(authStrategy.Authenticate(user, password("wrong")), equalTo(AuthenticationResult.FAILURE)); assertThat(authStrategy.Authenticate(user, password("wrong")), equalTo(AuthenticationResult.FAILURE)); // Then assertThat(authStrategy.Authenticate(user, password("right")), equalTo(AuthenticationResult.SUCCESS)); }
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes: //ORIGINAL LINE: @Test public void shouldSerializeAndDeserialize() throws Exception //JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#: public virtual void ShouldSerializeAndDeserialize() { // Given UserSerialization serialization = new UserSerialization(); IList <User> users = new IList <User> { (new User.Builder("Mike", LegacyCredential.ForPassword("1234321"))).withFlag("not_as_nice").build(), (new User.Builder("Steve", LegacyCredential.ForPassword("1234321"))).build(), (new User.Builder("steve.stevesson@WINDOMAIN", LegacyCredential.ForPassword("1234321"))).build(), (new User.Builder("Bob", LegacyCredential.ForPassword("0987654"))).build() }; // When sbyte[] serialized = serialization.Serialize(users); // Then assertThat(serialization.DeserializeRecords(serialized), equalTo(users)); }
/// <summary> /// <para>Equality to always check for both salt and password hash as a safeguard against timing attack.</para> /// </summary> public override bool Equals(object o) { if (this == o) { return(true); } if (o == null || this.GetType() != o.GetType()) { return(false); } LegacyCredential that = ( LegacyCredential )o; bool saltEquals = ByteEquals(this._salt, that._salt); bool passwordEquals = ByteEquals(this._passwordHash, that._passwordHash); return(saltEquals && passwordEquals); }
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#: //ORIGINAL LINE: public org.neo4j.kernel.impl.security.User newUser(String username, byte[] initialPassword, boolean requirePasswordChange) throws java.io.IOException, org.neo4j.kernel.api.exceptions.InvalidArgumentsException public override User NewUser(string username, sbyte[] initialPassword, bool requirePasswordChange) { try { UserRepository.assertValidUsername(username); PasswordPolicy.validatePassword(initialPassword); User user = (new User.Builder()).withName(username).withCredentials(LegacyCredential.forPassword(initialPassword)).withRequiredPasswordChange(requirePasswordChange).build(); UserRepository.create(user); return(user); } finally { // Clear password if (initialPassword != null) { Arrays.fill(initialPassword, ( sbyte )0); } } }
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes: //ORIGINAL LINE: @Test public void shouldThrowIfExistingUserDoesNotMatch() throws Throwable //JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#: public virtual void ShouldThrowIfExistingUserDoesNotMatch() { // Given FileUserRepository users = new FileUserRepository(_fs, _authFile, _logProvider); User user = (new User.Builder("jake", LegacyCredential.Inaccessible)).withRequiredPasswordChange(true).build(); users.Create(user); User modifiedUser = user.Augment().withCredentials(LegacyCredential.ForPassword("foo")).build(); // When User updatedUser = user.Augment().withCredentials(LegacyCredential.ForPassword("bar")).build(); try { users.Update(modifiedUser, updatedUser); fail("expected exception not thrown"); } catch (ConcurrentModificationException) { // Then continue } }
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes: //ORIGINAL LINE: @Test public void shouldLoadInitialUserIfNoneExistEvenWithSamePassword() throws Throwable //JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#: public virtual void ShouldLoadInitialUserIfNoneExistEvenWithSamePassword() { // Given FileUserRepository initialUserRepository = CommunitySecurityModule.GetInitialUserRepository(Config, NullLogProvider.Instance, FsRule.get()); initialUserRepository.Start(); initialUserRepository.create(new User.Builder("neo4j", LegacyCredential.ForPassword("neo4j")) .withRequiredPasswordChange(false).build()); initialUserRepository.Shutdown(); // When AuthManager().start(); // Then //JAVA TO C# CONVERTER WARNING: The original Java variable was marked 'final': //ORIGINAL LINE: final org.neo4j.kernel.impl.security.User user = users.getUserByName("neo4j"); User user = Users.getUserByName("neo4j"); assertNotNull(user); assertTrue(user.Credentials().matchesPassword("neo4j")); assertFalse(user.PasswordChangeRequired()); }
private void TestSlowRequestRateOnMultipleFailedAttemptsWhereAttemptIsValid(int maxFailedAttempts, Duration lockDuration) { // Given FakeClock clock = FakeClock; AuthenticationStrategy authStrategy = NewAuthStrategy(clock, maxFailedAttempts, lockDuration); User user = (new User.Builder("user", LegacyCredential.ForPassword("right"))).build(); // When we've failed max number of times for (int i = 0; i < maxFailedAttempts; i++) { assertThat(authStrategy.Authenticate(user, password("wrong")), equalTo(AuthenticationResult.FAILURE)); } // Then assertThat(authStrategy.Authenticate(user, password("right")), equalTo(AuthenticationResult.TOO_MANY_ATTEMPTS)); // But when time heals all wounds clock.Forward(lockDuration.plus(1, SECONDS)); // Then things should be alright assertThat(authStrategy.Authenticate(user, password("right")), equalTo(AuthenticationResult.SUCCESS)); }
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes: //ORIGINAL LINE: @Test public void shouldBuildImmutableUser() public virtual void ShouldBuildImmutableUser() { LegacyCredential abc = LegacyCredential.ForPassword("123abc"); LegacyCredential fruit = LegacyCredential.ForPassword("fruit"); User u1 = (new User.Builder("Steve", abc)).build(); User u2 = (new User.Builder("Steve", fruit)).withRequiredPasswordChange(true).withFlag("nice_guy").build(); assertThat(u1, equalTo(u1)); assertThat(u1, not(equalTo(u2))); User u1AsU2 = u1.Augment().withCredentials(fruit).withRequiredPasswordChange(true).withFlag("nice_guy").build(); assertThat(u1, not(equalTo(u1AsU2))); assertThat(u2, equalTo(u1AsU2)); User u2AsU1 = u2.Augment().withCredentials(abc).withRequiredPasswordChange(false).withoutFlag("nice_guy").build(); assertThat(u2, not(equalTo(u2AsU1))); assertThat(u1, equalTo(u2AsU1)); assertThat(u1, not(equalTo(u2))); }
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes: //ORIGINAL LINE: @Test public void shouldProvideUserByUsernameEvenIfMidSetUsers() throws Throwable //JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#: public virtual void ShouldProvideUserByUsernameEvenIfMidSetUsers() { // Given FileUserRepository users = new FileUserRepository(_fs, _authFile, _logProvider); users.Create((new User.Builder("oskar", LegacyCredential.ForPassword("hidden"))).build()); DoubleLatch latch = new DoubleLatch(2); // When Future <object> setUsers = Threading.execute(o => { users.Users = new HangingListSnapshot(this, latch, 10L, java.util.Collections.emptyList()); return(null); }, null); latch.StartAndWaitForAllToStart(); // Then assertNotNull(users.GetUserByName("oskar")); latch.Finish(); setUsers.get(); }
protected internal virtual User NewUser(string userName, string password, bool pwdChange) { return((new User.Builder(userName, LegacyCredential.ForPassword(password))).withRequiredPasswordChange(pwdChange).build()); }