Пример #1
0
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @Test public void shouldNotAuthorizeWhenPasswordChangeRequired() throws Exception
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
        public virtual void ShouldNotAuthorizeWhenPasswordChangeRequired()
        {
            // Given
//JAVA TO C# CONVERTER WARNING: The original Java variable was marked 'final':
//ORIGINAL LINE: final AuthorizationEnabledFilter filter = new AuthorizationEnabledFilter(() -> authManager, logProvider);
            AuthorizationEnabledFilter filter = new AuthorizationEnabledFilter(() => _authManager, _logProvider);
            string            credentials     = Base64.encodeBase64String("foo:bar".GetBytes(Encoding.UTF8));
            BasicLoginContext loginContext    = mock(typeof(BasicLoginContext));
            AuthSubject       authSubject     = mock(typeof(AuthSubject));

            when(_servletRequest.Method).thenReturn("GET");
            when(_servletRequest.ContextPath).thenReturn("/db/data");
            when(_servletRequest.RequestURL).thenReturn(new StringBuilder("http://bar.baz:7474/db/data/"));
            when(_servletRequest.RequestURI).thenReturn("/db/data/");
            when(_servletRequest.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("BASIC " + credentials);
            when(_authManager.login(authTokenArgumentMatcher(authToken("foo", "bar")))).thenReturn(loginContext);
            when(loginContext.Subject()).thenReturn(authSubject);
            when(authSubject.AuthenticationResult).thenReturn(AuthenticationResult.PASSWORD_CHANGE_REQUIRED);

            // When
            filter.DoFilter(_servletRequest, _servletResponse, _filterChain);

            // Then
            verifyNoMoreInteractions(_filterChain);
            verify(_servletResponse).Status = 403;
            verify(_servletResponse).addHeader(HttpHeaders.CONTENT_TYPE, "application/json; charset=UTF-8");
            assertThat(_outputStream.ToString(StandardCharsets.UTF_8.name()), containsString("\"password_change\" : \"http://bar.baz:7474/user/foo/password\""));
            assertThat(_outputStream.ToString(StandardCharsets.UTF_8.name()), containsString("\"code\" : \"Neo.ClientError.Security.Forbidden\""));
            assertThat(_outputStream.ToString(StandardCharsets.UTF_8.name()), containsString("\"message\" : \"User is required to change their password.\""));
        }
Пример #2
0
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @Test public void shouldNotAuthorizeWhenTooManyAttemptsMade() throws Exception
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
        public virtual void ShouldNotAuthorizeWhenTooManyAttemptsMade()
        {
            // Given
//JAVA TO C# CONVERTER WARNING: The original Java variable was marked 'final':
//ORIGINAL LINE: final AuthorizationEnabledFilter filter = new AuthorizationEnabledFilter(() -> authManager, logProvider);
            AuthorizationEnabledFilter filter = new AuthorizationEnabledFilter(() => _authManager, _logProvider);
            string            credentials     = Base64.encodeBase64String("foo:bar".GetBytes(Encoding.UTF8));
            BasicLoginContext loginContext    = mock(typeof(BasicLoginContext));
            AuthSubject       authSubject     = mock(typeof(AuthSubject));

            when(_servletRequest.Method).thenReturn("GET");
            when(_servletRequest.ContextPath).thenReturn("/db/data");
            when(_servletRequest.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("BASIC " + credentials);
            when(_authManager.login(authTokenArgumentMatcher(authToken("foo", "bar")))).thenReturn(loginContext);
            when(loginContext.Subject()).thenReturn(authSubject);
            when(authSubject.AuthenticationResult).thenReturn(AuthenticationResult.TOO_MANY_ATTEMPTS);

            // When
            filter.DoFilter(_servletRequest, _servletResponse, _filterChain);

            // Then
            verifyNoMoreInteractions(_filterChain);
            verify(_servletResponse).Status = 429;
            verify(_servletResponse).addHeader(HttpHeaders.CONTENT_TYPE, "application/json; charset=UTF-8");
            assertThat(_outputStream.ToString(StandardCharsets.UTF_8.name()), containsString("\"code\" : \"Neo.ClientError.Security.AuthenticationRateLimit\""));
            assertThat(_outputStream.ToString(StandardCharsets.UTF_8.name()), containsString("\"message\" : \"Too many failed authentication requests. " + "Please wait 5 seconds and try again.\""));
        }
Пример #3
0
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @Test public void shouldNotAuthorizeInvalidCredentials() throws Exception
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
        public virtual void ShouldNotAuthorizeInvalidCredentials()
        {
            // Given
//JAVA TO C# CONVERTER WARNING: The original Java variable was marked 'final':
//ORIGINAL LINE: final AuthorizationEnabledFilter filter = new AuthorizationEnabledFilter(() -> authManager, logProvider);
            AuthorizationEnabledFilter filter = new AuthorizationEnabledFilter(() => _authManager, _logProvider);
            string            credentials     = Base64.encodeBase64String("foo:bar".GetBytes(Encoding.UTF8));
            BasicLoginContext loginContext    = mock(typeof(BasicLoginContext));
            AuthSubject       authSubject     = mock(typeof(AuthSubject));

            when(_servletRequest.Method).thenReturn("GET");
            when(_servletRequest.ContextPath).thenReturn("/db/data");
            when(_servletRequest.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("BASIC " + credentials);
            when(_servletRequest.RemoteAddr).thenReturn("remote_ip_address");
            when(_authManager.login(authTokenArgumentMatcher(authToken("foo", "bar")))).thenReturn(loginContext);
            when(loginContext.Subject()).thenReturn(authSubject);
            when(authSubject.AuthenticationResult).thenReturn(AuthenticationResult.FAILURE);

            // When
            filter.DoFilter(_servletRequest, _servletResponse, _filterChain);

            // Then
            verifyNoMoreInteractions(_filterChain);
            _logProvider.assertExactly(inLog(typeof(AuthorizationEnabledFilter)).warn("Failed authentication attempt for '%s' from %s", "foo", "remote_ip_address"));
            verify(_servletResponse).Status = 401;
            verify(_servletResponse).addHeader(HttpHeaders.CONTENT_TYPE, "application/json; charset=UTF-8");
            assertThat(_outputStream.ToString(StandardCharsets.UTF_8.name()), containsString("\"code\" : \"Neo.ClientError.Security.Unauthorized\""));
            assertThat(_outputStream.ToString(StandardCharsets.UTF_8.name()), containsString("\"message\" : \"Invalid username or password.\""));
        }
Пример #4
0
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @Test public void shouldAllowOptionsRequests() throws Exception
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
        public virtual void ShouldAllowOptionsRequests()
        {
            // Given
//JAVA TO C# CONVERTER WARNING: The original Java variable was marked 'final':
//ORIGINAL LINE: final AuthorizationEnabledFilter filter = new AuthorizationEnabledFilter(() -> authManager, logProvider);
            AuthorizationEnabledFilter filter = new AuthorizationEnabledFilter(() => _authManager, _logProvider);

            when(_servletRequest.Method).thenReturn("OPTIONS");

            // When
            filter.DoFilter(_servletRequest, _servletResponse, _filterChain);

            // Then
            verify(_filterChain).doFilter(same(_servletRequest), same(_servletResponse));
        }
Пример #5
0
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @Test public void shouldWhitelistMatchingUris() throws Exception
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
        public virtual void ShouldWhitelistMatchingUris()
        {
            // Given
//JAVA TO C# CONVERTER WARNING: The original Java variable was marked 'final':
//ORIGINAL LINE: final AuthorizationEnabledFilter filter = new AuthorizationEnabledFilter(() -> authManager, logProvider, java.util.regex.Pattern.compile("/"), java.util.regex.Pattern.compile("/browser.*"));
            AuthorizationEnabledFilter filter = new AuthorizationEnabledFilter(() => _authManager, _logProvider, Pattern.compile("/"), Pattern.compile("/browser.*"));

            when(_servletRequest.Method).thenReturn("GET");
            when(_servletRequest.ContextPath).thenReturn("/", "/browser/index.html");

            // When
            filter.DoFilter(_servletRequest, _servletResponse, _filterChain);
            filter.DoFilter(_servletRequest, _servletResponse, _filterChain);

            // Then
            verify(_filterChain, times(2)).doFilter(same(_servletRequest), same(_servletResponse));
        }
Пример #6
0
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @Test public void shouldRequireValidAuthorizationHeader() throws Exception
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
        public virtual void ShouldRequireValidAuthorizationHeader()
        {
            // Given
//JAVA TO C# CONVERTER WARNING: The original Java variable was marked 'final':
//ORIGINAL LINE: final AuthorizationEnabledFilter filter = new AuthorizationEnabledFilter(() -> authManager, logProvider);
            AuthorizationEnabledFilter filter = new AuthorizationEnabledFilter(() => _authManager, _logProvider);

            when(_servletRequest.Method).thenReturn("GET");
            when(_servletRequest.ContextPath).thenReturn("/db/data");
            when(_servletRequest.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("NOT A VALID VALUE");

            // When
            filter.DoFilter(_servletRequest, _servletResponse, _filterChain);

            // Then
            verifyNoMoreInteractions(_filterChain);
            verify(_servletResponse).Status = 400;
            verify(_servletResponse).addHeader(HttpHeaders.CONTENT_TYPE, "application/json; charset=UTF-8");
            assertThat(_outputStream.ToString(StandardCharsets.UTF_8.name()), containsString("\"code\" : \"Neo.ClientError.Request.InvalidFormat\""));
            assertThat(_outputStream.ToString(StandardCharsets.UTF_8.name()), containsString("\"message\" : \"Invalid authentication header.\""));
        }
Пример #7
0
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @Test public void shouldRequireAuthorizationForNonWhitelistedUris() throws Exception
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
        public virtual void ShouldRequireAuthorizationForNonWhitelistedUris()
        {
            // Given
//JAVA TO C# CONVERTER WARNING: The original Java variable was marked 'final':
//ORIGINAL LINE: final AuthorizationEnabledFilter filter = new AuthorizationEnabledFilter(() -> authManager, logProvider, java.util.regex.Pattern.compile("/"), java.util.regex.Pattern.compile("/browser.*"));
            AuthorizationEnabledFilter filter = new AuthorizationEnabledFilter(() => _authManager, _logProvider, Pattern.compile("/"), Pattern.compile("/browser.*"));

            when(_servletRequest.Method).thenReturn("GET");
            when(_servletRequest.ContextPath).thenReturn("/db/data");

            // When
            filter.DoFilter(_servletRequest, _servletResponse, _filterChain);

            // Then
            verifyNoMoreInteractions(_filterChain);
            verify(_servletResponse).Status = 401;
            verify(_servletResponse).addHeader(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Neo4j\"");
            verify(_servletResponse).addHeader(HttpHeaders.CONTENT_TYPE, "application/json; charset=UTF-8");
            assertThat(_outputStream.ToString(StandardCharsets.UTF_8.name()), containsString("\"code\" : \"Neo" + ".ClientError.Security.Unauthorized\""));
            assertThat(_outputStream.ToString(StandardCharsets.UTF_8.name()), containsString("\"message\" : \"No authentication header supplied.\""));
        }
Пример #8
0
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @Test public void shouldAuthorizeWhenValidCredentialsSupplied() throws Exception
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
        public virtual void ShouldAuthorizeWhenValidCredentialsSupplied()
        {
            // Given
//JAVA TO C# CONVERTER WARNING: The original Java variable was marked 'final':
//ORIGINAL LINE: final AuthorizationEnabledFilter filter = new AuthorizationEnabledFilter(() -> authManager, logProvider);
            AuthorizationEnabledFilter filter = new AuthorizationEnabledFilter(() => _authManager, _logProvider);
            string            credentials     = Base64.encodeBase64String("foo:bar".GetBytes(Encoding.UTF8));
            BasicLoginContext loginContext    = mock(typeof(BasicLoginContext));
            AuthSubject       authSubject     = mock(typeof(AuthSubject));

            when(_servletRequest.Method).thenReturn("GET");
            when(_servletRequest.ContextPath).thenReturn("/db/data");
            when(_servletRequest.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("BASIC " + credentials);
            when(_authManager.login(authTokenArgumentMatcher(authToken("foo", "bar")))).thenReturn(loginContext);
            when(loginContext.Subject()).thenReturn(authSubject);
            when(authSubject.AuthenticationResult).thenReturn(AuthenticationResult.SUCCESS);

            // When
            filter.DoFilter(_servletRequest, _servletResponse, _filterChain);

            // Then
            verify(_filterChain).doFilter(eq(new AuthorizedRequestWrapper(BASIC_AUTH, "foo", _servletRequest, AUTH_DISABLED)), same(_servletResponse));
        }