Add test for failed login attempts due to bad auth token

neo4j · Sep 12, 2016 · 018172b · 018172b
1 parent 8010ec5
commit 018172b
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 7 deletions.
diff --git a/...curity/src/main/java/org/neo4j/server/security/enterprise/auth/MultiRealmAuthManager.java b/...curity/src/main/java/org/neo4j/server/security/enterprise/auth/MultiRealmAuthManager.java
@@ -41,6 +41,8 @@
 import org.neo4j.kernel.impl.enterprise.SecurityLog;
 import org.neo4j.server.security.auth.UserManagerSupplier;
 
+import static org.neo4j.helpers.Strings.escape;
+
 class MultiRealmAuthManager implements EnterpriseAuthManager, UserManagerSupplier
 {
     private final EnterpriseUserManager userManager;
@@ -95,22 +97,23 @@ public EnterpriseAuthSubject login( Map<String,Object> authToken ) throws Invali
         }
         catch ( UnsupportedTokenException e )
         {
-            // TODO: add test for this case
             securityLog.error( "Unknown user failed to log in: %s", e.getMessage() );
-            throw new InvalidAuthTokenException( e.getCause().getMessage() );
+            throw new InvalidAuthTokenException( e.getMessage() );
         }
         catch ( ExcessiveAttemptsException e )
         {
             // NOTE: We only get this with single (internal) realm authentication
             subject = new StandardEnterpriseAuthSubject( this,
                     new ShiroSubject( securityManager, AuthenticationResult.TOO_MANY_ATTEMPTS ) );
-            securityLog.error( "[%s]: failed to log in: too many failed attempts", token.getPrincipal().toString() );
+            securityLog.error( "[%s]: failed to log in: too many failed attempts",
+                    escape( token.getPrincipal().toString() ) );
         }
         catch ( AuthenticationException e )
         {
             subject = new StandardEnterpriseAuthSubject( this,
                     new ShiroSubject( securityManager, AuthenticationResult.FAILURE ) );
-            securityLog.error( "[%s]: failed to log in: invalid principal or credentials", token.getPrincipal().toString() );
+            securityLog.error( "[%s]: failed to log in: invalid principal or credentials",
+                    escape( token.getPrincipal().toString() ) );
         }
 
         return subject;

diff --git a/...ty/src/test/java/org/neo4j/server/security/enterprise/auth/MultiRealmAuthManagerTest.java b/...ty/src/test/java/org/neo4j/server/security/enterprise/auth/MultiRealmAuthManagerTest.java
@@ -27,10 +27,12 @@
 import java.util.Collections;
 
 import org.neo4j.kernel.api.security.AuthSubject;
+import org.neo4j.kernel.api.security.AuthToken;
 import org.neo4j.kernel.api.security.AuthenticationResult;
 import org.neo4j.kernel.api.security.exception.InvalidArgumentsException;
-import org.neo4j.kernel.impl.util.JobScheduler;
+import org.neo4j.kernel.api.security.exception.InvalidAuthTokenException;
 import org.neo4j.kernel.impl.enterprise.SecurityLog;
+import org.neo4j.kernel.impl.util.JobScheduler;
 import org.neo4j.logging.AssertableLogProvider;
 import org.neo4j.logging.Log;
 import org.neo4j.server.security.auth.AuthenticationStrategy;
@@ -49,8 +51,10 @@
 import static org.junit.Assert.fail;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
+import static org.neo4j.helpers.collection.MapUtil.map;
 import static org.neo4j.logging.AssertableLogProvider.inLog;
 import static org.neo4j.server.security.auth.SecurityTestUtils.authToken;
+import static org.neo4j.test.assertion.Assert.assertException;
 
 public class MultiRealmAuthManagerTest
 {
@@ -70,7 +74,7 @@ public void setUp() throws Throwable
 
         InternalFlatFileRealm internalFlatFileRealm =
                 new InternalFlatFileRealm( users, new InMemoryRoleRepository(), mock( PasswordPolicy.class ),
-                        authStrategy, mock( JobScheduler.class ), log );
+                        authStrategy, mock( JobScheduler.class ) );
 
         manager = new MultiRealmAuthManager( internalFlatFileRealm, Collections.singleton( internalFlatFileRealm ),
                 new MemoryConstrainedCacheManager(), new SecurityLog( log ) );
@@ -118,7 +122,7 @@ public void shouldFindAndAuthenticateUserSuccessfully() throws Throwable
     }
 
     @Test
-    public void shouldReturnTooManyAttemptsWhenThatIsAppropiate() throws Throwable
+    public void shouldReturnTooManyAttemptsWhenThatIsAppropriate() throws Throwable
     {
         // Given
         users.create( newUser( "jake", "abc123" , true ) );
@@ -151,6 +155,19 @@ public void shouldFindAndAuthenticateUserAndReturnPasswordChangeIfRequired() thr
         logProvider.assertExactly( info( "[jake]: logged in" ) );
     }
 
+    @Test
+    public void shouldFailWhenAuthTokenIsInvalid() throws Throwable
+    {
+        manager.start();
+
+        assertException( () -> manager.login( map( AuthToken.SCHEME_KEY, "supercool", AuthToken.PRINCIPAL, "neo4j" ) ),
+                InvalidAuthTokenException.class, "does not support authentication token" );
+        assertException( () -> manager.login( map( "key", "value" ) ),
+                InvalidAuthTokenException.class, "does not support authentication token" );
+        assertException( () -> manager.login( map( AuthToken.SCHEME_KEY, "basic", AuthToken.PRINCIPAL, "neo4j" ) ),
+                InvalidAuthTokenException.class, "The value associated with the key `credentials` must be a String but was: null" );
+    }
+
     @Test
     public void shouldFailAuthenticationIfUserIsNotFound() throws Throwable
     {