//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
//ORIGINAL LINE: public void startServerWithConfiguredUser() throws java.io.IOException
public virtual void StartServerWithConfiguredUser()
{
StartServer(true);
// Set the password
HTTP.Response post = HTTP.withBasicAuth("neo4j", "neo4j").POST(Server.baseUri().resolve("/user/neo4j/password").ToString(), HTTP.RawPayload.quotedJson("{'password':'******'}"));
assertEquals(200, post.Status());
}
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
//ORIGINAL LINE: private void assertAuthorizationRequired(String method, String path, Object payload, int expectedAuthorizedStatus) throws org.neo4j.server.rest.domain.JsonParseException
private void AssertAuthorizationRequired(string method, string path, object payload, int expectedAuthorizedStatus)
{
// When no header
HTTP.Response response = HTTP.request(method, Server.baseUri().resolve(path).ToString(), payload);
assertThat(response.Status(), equalTo(401));
assertThat(response.Get("errors").get(0).get("code").asText(), equalTo("Neo.ClientError.Security.Unauthorized"));
assertThat(response.Get("errors").get(0).get("message").asText(), equalTo("No authentication header supplied."));
assertThat(response.Header(HttpHeaders.WWW_AUTHENTICATE), equalTo("Basic realm=\"Neo4j\""));
// When malformed header
response = HTTP.withHeaders(HttpHeaders.AUTHORIZATION, "This makes no sense").request(method, Server.baseUri().resolve(path).ToString(), payload);
assertThat(response.Status(), equalTo(400));
assertThat(response.Get("errors").get(0).get("code").asText(), equalTo("Neo.ClientError.Request.InvalidFormat"));
assertThat(response.Get("errors").get(0).get("message").asText(), equalTo("Invalid authentication header."));
// When invalid credential
response = HTTP.withBasicAuth("neo4j", "incorrect").request(method, Server.baseUri().resolve(path).ToString(), payload);
assertThat(response.Status(), equalTo(401));
assertThat(response.Get("errors").get(0).get("code").asText(), equalTo("Neo.ClientError.Security.Unauthorized"));
assertThat(response.Get("errors").get(0).get("message").asText(), equalTo("Invalid username or password."));
assertThat(response.Header(HttpHeaders.WWW_AUTHENTICATE), equalTo("Basic realm=\"Neo4j\""));
// When authorized
response = HTTP.withBasicAuth("neo4j", "secret").request(method, Server.baseUri().resolve(path).ToString(), payload);
assertThat(response.Status(), equalTo(expectedAuthorizedStatus));
}
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @Test public void shouldReplyNicelyToTooManyFailedAuthAttempts() throws Exception
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
public virtual void ShouldReplyNicelyToTooManyFailedAuthAttempts()
{
// Given
StartServerWithConfiguredUser();
long timeout = DateTimeHelper.CurrentUnixTimeMillis() + 30_000;
// When
HTTP.Response response = null;
while (DateTimeHelper.CurrentUnixTimeMillis() < timeout)
{
// Done in a loop because we're racing with the clock to get enough failed requests into 5 seconds
response = HTTP.withBasicAuth("neo4j", "incorrect").POST(Server.baseUri().resolve("authentication").ToString(), HTTP.RawPayload.quotedJson("{'username':'******', 'password':'******'}"));
if (response.Status() == 429)
{
break;
}
}
// Then
assertThat(response.Status(), equalTo(429));
JsonNode firstError = response.Get("errors").get(0);
assertThat(firstError.get("code").asText(), equalTo("Neo.ClientError.Security.AuthenticationRateLimit"));
assertThat(firstError.get("message").asText(), equalTo("Too many failed authentication requests. Please wait 5 seconds and try again."));
}
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @Test public void shouldNotAllowDataAccessForUnauthorizedUser() throws Exception
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
public virtual void ShouldNotAllowDataAccessForUnauthorizedUser()
{
// Given
StartServer(true); // The user should not have read access before changing the password
// When
HTTP.Response response = HTTP.withBasicAuth("neo4j", "neo4j").POST(Server.baseUri().resolve("authentication").ToString(), HTTP.RawPayload.quotedJson("{'username':'******', 'password':'******'}"));
// When & then
assertEquals(403, HTTP.withBasicAuth("neo4j", "neo4j").POST(Server.baseUri().resolve("db/data/node").ToString(), HTTP.RawPayload.quotedJson("{'name':'jake'}")).status());
assertEquals(403, HTTP.withBasicAuth("neo4j", "neo4j").GET(Server.baseUri().resolve("db/data/node/1234").ToString()).status());
assertEquals(403, HTTP.withBasicAuth("neo4j", "neo4j").POST(Server.baseUri().resolve("db/data/transaction/commit").ToString(), HTTP.RawPayload.quotedJson("{'statements':[{'statement':'MATCH (n) RETURN n'}]}")).status());
}
private static HTTP.Builder RequestWithHeaders(string username, string password)
{
return(HTTP.withBasicAuth(username, password).withHeaders(HttpHeaders.ACCEPT, "application/json; charset=UTF-8", HttpHeaders.CONTENT_TYPE, "application/json"));
}
