Migrated enterprise createUser and changeUserPassword procs to Delega…

…tingUserManager

community/security/src/main/java/org/neo4j/server/security/auth/AuthProcedures.java

@@ -78,7 +78,7 @@ public void changePasswordDeprecated( @Name( "password" ) String password ) thro
     @Procedure( name = "dbms.security.changePassword", mode = DBMS )
     public void changePassword( @Name( "password" ) String password ) throws InvalidArgumentsException, IOException
     {
-        authSubject.setPassword( password, false );
+        userManager.setUserPassword( authSubject.username(), password, false );
     }
 
     @Description( "Show the current user." )

community/security/src/main/java/org/neo4j/server/security/auth/CommunitySecurityModule.java

@@ -26,7 +26,6 @@
 import org.neo4j.helpers.Service;
 import org.neo4j.io.fs.FileSystemAbstraction;
 import org.neo4j.kernel.api.exceptions.KernelException;
-import org.neo4j.kernel.api.security.AuthManager;
 import org.neo4j.kernel.api.security.SecurityModule;
 import org.neo4j.kernel.configuration.Config;
 import org.neo4j.kernel.impl.factory.CommunityEditionModule;
@@ -59,7 +58,7 @@ public void setup( PlatformModule platformModule, Procedures procedures ) throws
 
         platformModule.life.add( platformModule.dependencies.satisfyDependency( authManager ) );
 
-        procedures.registerComponent( UserManager.class, ctx -> authManager.getUserManager() );
+        procedures.registerComponent( UserManager.class, ctx -> authManager );
         procedures.registerProcedure( AuthProcedures.class );
     }
 

community/server/src/main/java/org/neo4j/server/AbstractNeoServer.java

@@ -79,6 +79,7 @@
 import org.neo4j.server.rest.transactional.TransactionRegistry;
 import org.neo4j.server.rest.transactional.TransitionalPeriodTransactionMessContainer;
 import org.neo4j.server.rest.web.DatabaseActions;
+import org.neo4j.server.security.auth.UserManagerSupplier;
 import org.neo4j.server.web.AsyncRequestLog;
 import org.neo4j.server.web.SimpleUriBuilder;
 import org.neo4j.server.web.WebServer;
@@ -95,6 +96,7 @@
 import static org.neo4j.server.configuration.ServerSettings.http_logging_rotation_keep_number;
 import static org.neo4j.server.configuration.ServerSettings.http_logging_rotation_size;
 import static org.neo4j.server.database.InjectableProvider.providerForSingleton;
+import static org.neo4j.server.database.InjectableProvider.providerFromSupplier;
 import static org.neo4j.server.exception.ServerStartupErrors.translateToServerStartupError;
 
 public abstract class AbstractNeoServer implements NeoServer
@@ -130,6 +132,7 @@ public abstract class AbstractNeoServer implements NeoServer
     protected CypherExecutor cypherExecutor;
     protected WebServer webServer;
     protected Supplier<AuthManager> authManagerSupplier;
+    protected Supplier<UserManagerSupplier> userManagerSupplier;
     protected Optional<KeyStoreInformation> keyStoreInfo;
     private DatabaseActions databaseActions;
     private TransactionFacade transactionFacade;
@@ -173,6 +176,8 @@ public void init()
         this.database = life.add( dependencyResolver.satisfyDependency(dbFactory.newDatabase( config, dependencies)) );
 
         this.authManagerSupplier = dependencyResolver.provideDependency( AuthManager.class );
+        this.userManagerSupplier = dependencyResolver.provideDependency( UserManagerSupplier.class );
+
         this.webServer = createWebServer();
 
         this.keyStoreInfo = createKeyStore();
@@ -495,7 +500,8 @@ protected Collection<InjectableProvider<?>> createDefaultInjectables()
         singletons.add( new CypherExecutorProvider( cypherExecutor ) );
 
         singletons.add( providerForSingleton( transactionFacade, TransactionFacade.class ) );
-        singletons.add( new AuthManagerProvider( authManagerSupplier ) );
+        singletons.add( providerFromSupplier( authManagerSupplier, AuthManager.class ) );
+        singletons.add( providerFromSupplier( userManagerSupplier, UserManagerSupplier.class ) );
         singletons.add( new TransactionFilter( database ) );
         singletons.add( new LoggingProvider( logProvider ) );
         singletons.add( providerForSingleton( logProvider.getLog( NeoServer.class ), Log.class ) );
@@ -505,22 +511,6 @@ protected Collection<InjectableProvider<?>> createDefaultInjectables()
         return singletons;
     }
 
-    private static class AuthManagerProvider extends InjectableProvider<AuthManager>
-    {
-        private final Supplier<AuthManager> authManagerSupplier;
-        private AuthManagerProvider( Supplier<AuthManager> authManagerSupplier )
-        {
-            super(AuthManager.class);
-            this.authManagerSupplier = authManagerSupplier;
-        }
-
-        @Override
-        public AuthManager getValue( HttpContext httpContext )
-        {
-            return authManagerSupplier.get();
-        }
-    }
-
     private boolean hasModule( Class<? extends ServerModule> clazz )
     {
         for ( ServerModule sm : serverModules )

community/server/src/main/java/org/neo4j/server/database/InjectableProvider.java

@@ -25,23 +25,42 @@
 import com.sun.jersey.server.impl.inject.AbstractHttpContextInjectable;
 import com.sun.jersey.spi.inject.Injectable;
 
+import java.util.function.Supplier;
 import javax.ws.rs.core.Context;
 
-public abstract class InjectableProvider<E> extends AbstractHttpContextInjectable<E> implements
-        com.sun.jersey.spi.inject.InjectableProvider<Context, Class<E>>
+public abstract class InjectableProvider<E> extends AbstractHttpContextInjectable<E>
+        implements com.sun.jersey.spi.inject.InjectableProvider<Context,Class<E>>
 {
     public final Class<E> t;
 
-    public static <E> InjectableProvider<? extends E> providerForSingleton(final E component, final Class<E> componentClass)
-    {
-        return new InjectableProvider<E>(componentClass) {
+    public static <E> InjectableProvider<? extends E> providerForSingleton(
+            final E component,
+            final Class<E> componentClass
+    ) {
+        return new InjectableProvider<E>( componentClass )
+        {
             @Override
-            public E getValue(HttpContext httpContext) {
+            public E getValue( HttpContext httpContext )
+            {
                 return component;
             }
         };
     }
 
+    public static <E> InjectableProvider<? extends E> providerFromSupplier(
+            final Supplier<E> supplier,
+            final Class<E> componentClass
+    ) {
+        return new InjectableProvider<E>( componentClass )
+        {
+            @Override
+            public E getValue( HttpContext httpContext )
+            {
+                return supplier.get();
+            }
+        };
+    }
+
     public InjectableProvider( Class<E> t )
     {
         this.t = t;

community/server/src/main/java/org/neo4j/server/rest/dbms/UserService.java

@@ -30,10 +30,9 @@
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.Response;
 
-import org.neo4j.kernel.api.security.AccessMode;
-import org.neo4j.kernel.api.security.AuthManager;
-import org.neo4j.kernel.api.exceptions.Status;
 import org.neo4j.kernel.api.exceptions.InvalidArgumentsException;
+import org.neo4j.kernel.api.exceptions.Status;
+import org.neo4j.kernel.api.security.AccessMode;
 import org.neo4j.kernel.api.security.AuthSubject;
 import org.neo4j.server.rest.repr.AuthorizationRepresentation;
 import org.neo4j.server.rest.repr.BadInputException;
@@ -53,17 +52,14 @@ public class UserService
 {
     public static final String PASSWORD = "password";
 
-    private final UserManager userManager;
+    private final UserManagerSupplier userManagerSupplier;
     private final InputFormat input;
     private final OutputFormat output;
 
-    public UserService( @Context AuthManager authManager, @Context InputFormat input, @Context OutputFormat output )
+    public UserService( @Context UserManagerSupplier userManagerSupplier, @Context InputFormat input, @Context OutputFormat
+            output )
     {
-        if ( !(authManager instanceof UserManagerSupplier) )
-        {
-            throw new IllegalArgumentException( "The provided auth manager is not capable of user management" );
-        }
-        this.userManager = ((UserManagerSupplier) authManager).getUserManager();
+        this.userManagerSupplier = userManagerSupplier;
         this.input = input;
         this.output = output;
     }
@@ -78,6 +74,9 @@ public Response getUser( @PathParam("username") String username, @Context HttpSe
             return output.notFound();
         }
 
+        AuthSubject authSubject = getSubjectFromPrincipal( principal );
+        UserManager userManager = userManagerSupplier.getUserManager( authSubject );
+
         try
         {
             User user = userManager.getUser( username );
@@ -131,7 +130,8 @@ public Response setPassword( @PathParam("username") String username, @Context Ht
             }
             else
             {
-                subject.setPassword( newPassword, false );
+                UserManager userManager = userManagerSupplier.getUserManager( subject );
+                userManager.setUserPassword( username, newPassword, false );
             }
         }
         catch ( IOException e )

community/server/src/test/java/org/neo4j/server/rest/dbms/UserServiceTest.java

@@ -30,7 +30,6 @@
 import javax.ws.rs.core.Response;
 
 import org.neo4j.kernel.api.exceptions.InvalidArgumentsException;
-import org.neo4j.kernel.api.security.AuthManager;
 import org.neo4j.kernel.api.security.AuthSubject;
 import org.neo4j.kernel.api.security.AuthenticationResult;
 import org.neo4j.server.rest.repr.OutputFormat;
@@ -44,6 +43,7 @@
 import org.neo4j.server.security.auth.PasswordPolicy;
 import org.neo4j.server.security.auth.User;
 import org.neo4j.server.security.auth.UserManager;
+import org.neo4j.server.security.auth.UserManagerSupplier;
 import org.neo4j.server.security.auth.UserRepository;
 import org.neo4j.test.server.EntityOutputFormat;
 
@@ -54,7 +54,6 @@
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verifyZeroInteractions;
 import static org.mockito.Mockito.when;
-import static org.neo4j.test.assertion.Assert.assertException;
 
 public class UserServiceTest
 {
@@ -64,17 +63,16 @@ public class UserServiceTest
     protected final PasswordPolicy passwordPolicy = new BasicPasswordPolicy();
     protected final UserRepository userRepository = new InMemoryUserRepository();
 
-    protected AuthManager authManager;
-    protected UserManager userManager;
+    protected UserManagerSupplier userManagerSupplier;
     protected AuthSubject neo4jSubject;
     protected Principal neo4jPrinciple;
 
     protected void setupAuthManagerAndSubject()
     {
         BasicAuthManager basicAuthManager = new BasicAuthManager( userRepository, passwordPolicy,
                 mock( AuthenticationStrategy.class), new InMemoryUserRepository() );
-        authManager = basicAuthManager;
-        userManager = basicAuthManager.getUserManager();
+
+        userManagerSupplier = basicAuthManager;
         neo4jSubject = new BasicAuthSubject( basicAuthManager, NEO4J_USER, AuthenticationResult.SUCCESS );
     }
 
@@ -100,7 +98,7 @@ public void shouldReturnValidUserRepresentation() throws Exception
         when( req.getUserPrincipal() ).thenReturn( neo4jPrinciple );
 
         OutputFormat outputFormat = new EntityOutputFormat( new JsonFormat(), new URI( "http://www.example.com" ), null );
-        UserService userService = new UserService( authManager, new JsonFormat(), outputFormat );
+        UserService userService = new UserService( userManagerSupplier, new JsonFormat(), outputFormat );
 
         // When
         Response response = userService.getUser( "neo4j", req );
@@ -122,7 +120,7 @@ public void shouldReturn404WhenRequestingUserIfNotAuthenticated() throws Excepti
         when( req.getUserPrincipal() ).thenReturn( null );
 
         OutputFormat outputFormat = new EntityOutputFormat( new JsonFormat(), new URI( "http://www.example.com" ), null );
-        UserService userService = new UserService( authManager, new JsonFormat(), outputFormat );
+        UserService userService = new UserService( userManagerSupplier, new JsonFormat(), outputFormat );
 
         // When
         Response response = userService.getUser( "neo4j", req );
@@ -155,10 +153,10 @@ public void shouldReturn404WhenRequestingUserIfUnknownUser() throws Exception
         HttpServletRequest req = mock( HttpServletRequest.class );
         when( req.getUserPrincipal() ).thenReturn( neo4jPrinciple );
 
-        userManager.deleteUser( "neo4j" );
+        userManagerSupplier.getUserManager().deleteUser( "neo4j" );
 
         OutputFormat outputFormat = new EntityOutputFormat( new JsonFormat(), new URI( "http://www.example.com" ), null );
-        UserService userService = new UserService( authManager, new JsonFormat(), outputFormat );
+        UserService userService = new UserService( userManagerSupplier, new JsonFormat(), outputFormat );
 
         // When
         Response response = userService.getUser( "neo4j", req );
@@ -175,14 +173,14 @@ public void shouldChangePasswordAndReturnSuccess() throws Exception
         when( req.getUserPrincipal() ).thenReturn( neo4jPrinciple );
 
         OutputFormat outputFormat = new EntityOutputFormat( new JsonFormat(), new URI( "http://www.example.com" ), null );
-        UserService userService = new UserService( authManager, new JsonFormat(), outputFormat );
+        UserService userService = new UserService( userManagerSupplier, new JsonFormat(), outputFormat );
 
         // When
         Response response = userService.setPassword( "neo4j", req, "{ \"password\" : \"test\" }" );
 
         // Then
         assertThat( response.getStatus(), equalTo( 200 ) );
-        userManager.getUser( "neo4j" ).credentials().matchesPassword( "test" );
+        userManagerSupplier.getUserManager().getUser( "neo4j" ).credentials().matchesPassword( "test" );
     }
 
     @Test
@@ -209,12 +207,10 @@ public void shouldReturn404WhenChangingPasswordIfDifferentUser() throws Exceptio
         HttpServletRequest req = mock( HttpServletRequest.class );
         when( req.getUserPrincipal() ).thenReturn( neo4jPrinciple );
 
-        BasicAuthManager authManager = mock( BasicAuthManager.class );
         UserManager userManager = mock( UserManager.class );
-        when( authManager.getUserManager() ).thenReturn( userManager );
 
         OutputFormat outputFormat = new EntityOutputFormat( new JsonFormat(), new URI( "http://www.example.com" ), null );
-        UserService userService = new UserService( authManager, new JsonFormat(), outputFormat );
+        UserService userService = new UserService( userManagerSupplier, new JsonFormat(), outputFormat );
 
         // When
         Response response = userService.setPassword( "fred", req, "{ \"password\" : \"test\" }" );
@@ -232,7 +228,7 @@ public void shouldReturn422WhenChangingPasswordIfUnknownUser() throws Exception
         when( req.getUserPrincipal() ).thenReturn( neo4jPrinciple );
 
         OutputFormat outputFormat = new EntityOutputFormat( new JsonFormat(), new URI( "http://www.example.com" ), null );
-        UserService userService = new UserService( authManager, new JsonFormat(), outputFormat );
+        UserService userService = new UserService( userManagerSupplier, new JsonFormat(), outputFormat );
 
         userRepository.delete( NEO4J_USER );
 
@@ -313,7 +309,7 @@ public void shouldReturn422IfEmptyPassword() throws Exception
         when( req.getUserPrincipal() ).thenReturn( neo4jPrinciple );
 
         OutputFormat outputFormat = new EntityOutputFormat( new JsonFormat(), new URI( "http://www.example.com" ), null );
-        UserService userService = new UserService( authManager, new JsonFormat(), outputFormat );
+        UserService userService = new UserService( userManagerSupplier, new JsonFormat(), outputFormat );
 
         // When
         Response response = userService.setPassword( "neo4j", req, "{ \"password\" : \"\" }" );
@@ -334,7 +330,7 @@ public void shouldReturn422IfPasswordIdentical() throws Exception
         when( req.getUserPrincipal() ).thenReturn( neo4jPrinciple );
 
         OutputFormat outputFormat = new EntityOutputFormat( new JsonFormat(), new URI( "http://www.example.com" ), null );
-        UserService userService = new UserService( authManager, new JsonFormat(), outputFormat );
+        UserService userService = new UserService( userManagerSupplier, new JsonFormat(), outputFormat );
 
         // When
         Response response = userService.setPassword( "neo4j", req, "{ \"password\" : \"neo4j\" }" );
@@ -346,16 +342,4 @@ public void shouldReturn422IfPasswordIdentical() throws Exception
         assertThat( json, containsString( "\"code\" : \"Neo.ClientError.General.InvalidArguments\"" ) );
         assertThat( json, containsString( "\"message\" : \"Old password and new password cannot be the same.\"" ) );
     }
-
-    @Test
-    public void shouldThrowExceptionIfGivenAuthManagerDoesNotImplementUserManager() throws Exception
-    {
-        // Given
-        OutputFormat outputFormat = new EntityOutputFormat( new JsonFormat(), new URI( "http://www.example.com" ), null );
-
-        // When
-        assertException( () ->
-                new UserService( mock( AuthManager.class ), new JsonFormat(), outputFormat ),
-                IllegalArgumentException.class, "The provided auth manager is not capable of user management" );
-    }
 }

enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseSecurityModule.java

@@ -33,11 +33,11 @@
 import org.neo4j.helpers.Service;
 import org.neo4j.io.fs.FileSystemAbstraction;
 import org.neo4j.kernel.api.exceptions.KernelException;
+import org.neo4j.kernel.api.security.AuthSubject;
 import org.neo4j.kernel.api.security.SecurityModule;
 import org.neo4j.kernel.configuration.Config;
+import org.neo4j.kernel.enterprise.api.security.EnterpriseAuthSubject;
 import org.neo4j.kernel.impl.enterprise.configuration.EnterpriseEditionSettings;
-import org.neo4j.server.security.enterprise.configuration.SecuritySettings;
-import org.neo4j.server.security.enterprise.log.SecurityLog;
 import org.neo4j.kernel.impl.factory.GraphDatabaseFacade;
 import org.neo4j.kernel.impl.factory.PlatformModule;
 import org.neo4j.kernel.impl.proc.Procedures;
@@ -51,6 +51,8 @@
 import org.neo4j.server.security.enterprise.auth.plugin.spi.AuthPlugin;
 import org.neo4j.server.security.enterprise.auth.plugin.spi.AuthenticationPlugin;
 import org.neo4j.server.security.enterprise.auth.plugin.spi.AuthorizationPlugin;
+import org.neo4j.server.security.enterprise.configuration.SecuritySettings;
+import org.neo4j.server.security.enterprise.log.SecurityLog;
 import org.neo4j.time.Clocks;
 
 import static org.neo4j.kernel.api.proc.Context.AUTH_SUBJECT;
@@ -97,6 +99,16 @@ public void setup( PlatformModule platformModule, Procedures procedures ) throws
         }
     }
 
+    private EnterpriseAuthSubject asEnterprise( AuthSubject authSubject )
+    {
+        if ( authSubject instanceof EnterpriseAuthSubject )
+        {
+            return ((EnterpriseAuthSubject) authSubject);
+        }
+        // TODO: better handling of this possible cast failure
+        throw new RuntimeException( "Expected EnterpriseAuthSubject, got " + authSubject.getClass().getName() );
+    }
+
     public EnterpriseAuthAndUserManager newAuthManager( Config config, LogProvider logProvider, SecurityLog securityLog,
             FileSystemAbstraction fileSystem, JobScheduler jobScheduler )
     {

enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/MultiRealmAuthManager.java

@@ -189,7 +189,7 @@ public void shutdown() throws Throwable
     @Override
     public EnterpriseUserManager getUserManager( AuthSubject authSubject )
     {
-        return userManager;
+        return new PersonalUserManager( userManager, authSubject, securityLog );
     }
 
     @Override