Skip to content

Commit

Permalink
Re added some tests that got accidentally removed
Browse files Browse the repository at this point in the history
  • Loading branch information
@OliviaYtterbrink
OliviaYtterbrink committed Oct 30, 2018
1 parent 346538e commit 79c95c0
Show file tree
Hide file tree
Showing 3 changed files with 82 additions and 13 deletions.
25 changes: 19 additions & 6 deletions ...rity/src/test/java/org/neo4j/server/security/enterprise/auth/integration/bolt/AuthIT.java
View file
Expand Up @@ -100,6 +100,7 @@ public static Collection<Object[]> configurations()
Arrays.asList(
SecuritySettings.auth_provider, SecuritySettings.LDAP_REALM_NAME,
SecuritySettings.ldap_server, "ldap://0.0.0.0:10389",
SecuritySettings.ldap_use_starttls, "false",
SecuritySettings.native_authentication_enabled, "false",
SecuritySettings.native_authorization_enabled, "false",
SecuritySettings.ldap_authentication_enabled, "true",
Expand All @@ -111,6 +112,7 @@ public static Collection<Object[]> configurations()
Arrays.asList(
SecuritySettings.auth_provider, SecuritySettings.LDAP_REALM_NAME,
SecuritySettings.ldap_server, "ldaps://localhost:10636",
SecuritySettings.ldap_use_starttls, "false",
SecuritySettings.native_authentication_enabled, "false",
SecuritySettings.native_authorization_enabled, "false",
SecuritySettings.ldap_authentication_enabled, "true",
Expand All @@ -122,18 +124,19 @@ public static Collection<Object[]> configurations()
Arrays.asList(
SecuritySettings.auth_provider, SecuritySettings.LDAP_REALM_NAME,
SecuritySettings.ldap_server, "ldap://localhost:10389",
SecuritySettings.ldap_use_starttls, "true",
SecuritySettings.native_authentication_enabled, "false",
SecuritySettings.native_authorization_enabled, "false",
SecuritySettings.ldap_authentication_enabled, "true",
SecuritySettings.ldap_authorization_enabled, "true",
SecuritySettings.ldap_authorization_use_system_account, "false",
SecuritySettings.ldap_use_starttls, "true"
SecuritySettings.ldap_authorization_use_system_account, "false"
)
},
{"LdapSystemAccount", "abc123", false,
Arrays.asList(
SecuritySettings.auth_provider, SecuritySettings.LDAP_REALM_NAME,
SecuritySettings.ldap_server, "ldap://0.0.0.0:10389",
SecuritySettings.ldap_use_starttls, "false",
SecuritySettings.native_authentication_enabled, "false",
SecuritySettings.native_authorization_enabled, "false",
SecuritySettings.ldap_authentication_enabled, "true",
Expand All @@ -147,6 +150,7 @@ public static Collection<Object[]> configurations()
Arrays.asList(
SecuritySettings.auth_provider, SecuritySettings.LDAP_REALM_NAME,
SecuritySettings.ldap_server, "ldaps://localhost:10636",
SecuritySettings.ldap_use_starttls, "false",
SecuritySettings.native_authentication_enabled, "false",
SecuritySettings.native_authorization_enabled, "false",
SecuritySettings.ldap_authentication_enabled, "true",
Expand All @@ -160,20 +164,21 @@ public static Collection<Object[]> configurations()
Arrays.asList(
SecuritySettings.auth_provider, SecuritySettings.LDAP_REALM_NAME,
SecuritySettings.ldap_server, "ldap://localhost:10389",
SecuritySettings.ldap_use_starttls, "true",
SecuritySettings.native_authentication_enabled, "false",
SecuritySettings.native_authorization_enabled, "false",
SecuritySettings.ldap_authentication_enabled, "true",
SecuritySettings.ldap_authorization_enabled, "true",
SecuritySettings.ldap_authorization_use_system_account, "true",
SecuritySettings.ldap_authorization_system_password, "secret",
SecuritySettings.ldap_authorization_system_username, "uid=admin,ou=system",
SecuritySettings.ldap_use_starttls, "true"
SecuritySettings.ldap_authorization_system_username, "uid=admin,ou=system"
)
},
{"Ldap authn cache disabled", "abc123", false,
Arrays.asList(
SecuritySettings.auth_provider, SecuritySettings.LDAP_REALM_NAME,
SecuritySettings.ldap_server, "ldap://0.0.0.0:10389",
SecuritySettings.ldap_use_starttls, "false",
SecuritySettings.native_authentication_enabled, "false",
SecuritySettings.native_authorization_enabled, "false",
SecuritySettings.ldap_authentication_enabled, "true",
Expand All @@ -186,6 +191,7 @@ public static Collection<Object[]> configurations()
Arrays.asList(
SecuritySettings.auth_provider, SecuritySettings.LDAP_REALM_NAME,
SecuritySettings.ldap_server, "ldap://0.0.0.0:10389",
SecuritySettings.ldap_use_starttls, "false",
SecuritySettings.native_authentication_enabled, "false",
SecuritySettings.native_authorization_enabled, "false",
SecuritySettings.ldap_authentication_enabled, "true",
Expand All @@ -199,6 +205,7 @@ public static Collection<Object[]> configurations()
Arrays.asList(
SecuritySettings.auth_provider, SecuritySettings.LDAP_REALM_NAME,
SecuritySettings.ldap_server, "ldap://0.0.0.0:10389",
SecuritySettings.ldap_use_starttls, "false",
SecuritySettings.native_authentication_enabled, "false",
SecuritySettings.native_authorization_enabled, "false",
SecuritySettings.ldap_authentication_enabled, "true",
Expand All @@ -212,6 +219,7 @@ public static Collection<Object[]> configurations()
Arrays.asList(
SecuritySettings.auth_providers, SecuritySettings.LDAP_REALM_NAME + ", " + SecuritySettings.NATIVE_REALM_NAME,
SecuritySettings.ldap_server, "ldap://0.0.0.0:10389",
SecuritySettings.ldap_use_starttls, "false",
SecuritySettings.native_authentication_enabled, "false",
SecuritySettings.native_authorization_enabled, "true",
SecuritySettings.ldap_authentication_enabled, "true",
Expand All @@ -223,6 +231,7 @@ public static Collection<Object[]> configurations()
Arrays.asList(
SecuritySettings.auth_providers, SecuritySettings.LDAP_REALM_NAME + ", " + SecuritySettings.NATIVE_REALM_NAME,
SecuritySettings.ldap_server, "ldap://0.0.0.0:10389",
SecuritySettings.ldap_use_starttls, "false",
SecuritySettings.native_authentication_enabled, "true",
SecuritySettings.native_authorization_enabled, "false",
SecuritySettings.ldap_authentication_enabled, "false",
Expand All @@ -236,6 +245,7 @@ public static Collection<Object[]> configurations()
Arrays.asList(
SecuritySettings.auth_providers, SecuritySettings.LDAP_REALM_NAME + ", " + SecuritySettings.NATIVE_REALM_NAME,
SecuritySettings.ldap_server, "ldap://0.0.0.0:10389",
SecuritySettings.ldap_use_starttls, "false",
SecuritySettings.native_authentication_enabled, "true",
SecuritySettings.native_authorization_enabled, "false",
SecuritySettings.ldap_authentication_enabled, "true",
Expand All @@ -247,6 +257,7 @@ public static Collection<Object[]> configurations()
Arrays.asList(
SecuritySettings.auth_providers, SecuritySettings.LDAP_REALM_NAME + ", " + SecuritySettings.NATIVE_REALM_NAME,
SecuritySettings.ldap_server, "ldap://0.0.0.0:10389",
SecuritySettings.ldap_use_starttls, "false",
SecuritySettings.native_authentication_enabled, "false",
SecuritySettings.native_authorization_enabled, "true",
SecuritySettings.ldap_authentication_enabled, "true",
Expand All @@ -258,6 +269,7 @@ public static Collection<Object[]> configurations()
Arrays.asList(
SecuritySettings.auth_providers, SecuritySettings.LDAP_REALM_NAME + ", " + SecuritySettings.NATIVE_REALM_NAME,
SecuritySettings.ldap_server, "ldap://0.0.0.0:10389",
SecuritySettings.ldap_use_starttls, "false",
SecuritySettings.native_authentication_enabled, "true",
SecuritySettings.native_authorization_enabled, "true",
SecuritySettings.ldap_authentication_enabled, "true",
Expand All @@ -269,6 +281,7 @@ public static Collection<Object[]> configurations()
Arrays.asList(
SecuritySettings.auth_providers, SecuritySettings.LDAP_REALM_NAME + ", " + SecuritySettings.NATIVE_REALM_NAME,
SecuritySettings.ldap_server, "ldap://127.0.0.1:10389",
SecuritySettings.ldap_use_starttls, "false",
SecuritySettings.native_authentication_enabled, "true",
SecuritySettings.native_authorization_enabled, "true",
SecuritySettings.ldap_authentication_enabled, "true",
Expand Down Expand Up @@ -296,10 +309,10 @@ public AuthIT( String suiteName, String password, boolean confidentialityRequire
this.password = password;
this.confidentialityRequired = confidentialityRequired;
this.configMap = new HashMap<>();
for ( int i = 0; i < settings.size() - 1; i++ )
for ( int i = 0; i < settings.size() - 1; i += 2 )
{
Setting setting = (Setting) settings.get( i );
String value = (String) settings.get( ++i );
String value = (String) settings.get( i + 1 );
configMap.put( setting, value );
}
}
Expand Down
16 changes: 12 additions & 4 deletions ...rc/test/java/org/neo4j/server/security/enterprise/auth/integration/bolt/AuthTestBase.java
View file
Expand Up @@ -28,10 +28,10 @@

public abstract class AuthTestBase extends EnterpriseAuthenticationTestBase
{
protected static final String NONE_USER = "smith";
protected static final String READ_USER = "neo";
protected static final String WRITE_USER = "tank";
protected static final String PROC_USER = "jane";
static final String NONE_USER = "smith";
static final String READ_USER = "neo";
static final String WRITE_USER = "tank";
static final String PROC_USER = "jane";

@Test
public void shouldLoginWithCorrectInformation()
Expand All @@ -54,6 +54,13 @@ public void shouldFailLoginWithInvalidCredentialsFollowingSuccessfulLogin()
assertAuthFail( READ_USER, "WRONG" );
}

@Test
public void shouldLoginFollowingFailedLogin()
{
assertAuthFail( READ_USER, "WRONG" );
assertAuth( READ_USER, getPassword() );
}

@Test
public void shouldGetCorrectAuthorizationNoPermission()
{
Expand Down Expand Up @@ -90,6 +97,7 @@ public void shouldGetCorrectAuthorizationAllowedProcedure()
try ( Driver driver = connectDriver( PROC_USER, getPassword() ) )
{
assertProcSucceeds( driver );
assertReadFails( driver );
assertWriteFails( driver );
}
}
Expand Down
54 changes: 51 additions & 3 deletions .../src/test/java/org/neo4j/server/security/enterprise/auth/integration/bolt/LdapAuthIT.java
View file
Expand Up @@ -151,14 +151,25 @@ public void shouldShowCurrentUser()
Record record = session.run( "CALL dbms.showCurrentUser()" ).single();

// then
// Assuming showCurrentUser has fields username, roles, flags
assertThat( record.get( 0 ).asString(), equalTo( "smith" ) );
assertThat( record.get( 1 ).asList(), equalTo( Collections.emptyList() ) );
assertThat( record.get( 2 ).asList(), equalTo( Collections.emptyList() ) );
}
}

@Test
public void shouldFailIfAuthorizationExpiredWithUserLdapContext()
public void shouldBeAbleToLoginAndAuthorizeNoPermissionUserWithLdapOnlyAndNoGroupToRoleMapping() throws IOException
{
restartServerWithOverriddenSettings( SecuritySettings.ldap_authorization_group_to_role_mapping.name(), null );
// Then
// User 'neo' has reader role by default, but since we are not passing a group-to-role mapping
// he should get no permissions
assertReadFails( "neo", "abc123" );
}

@Test
public void shouldFailIfAuthorizationExpiredWithserLdapContext()
{
// Given
try ( Driver driver = connectDriver( "neo4j", "abc123" ) )
Expand Down Expand Up @@ -204,6 +215,18 @@ public void shouldSucceedIfAuthorizationExpiredWithinTransactionWithUserLdapCont

@Test
public void shouldKeepAuthorizationForLifetimeOfTransaction() throws Throwable
{
assertKeepAuthorizationForLifetimeOfTransaction( "neo" );
}

@Test
public void shouldKeepAuthorizationForLifetimeOfTransactionWithProcedureAllowed() throws Throwable
{
restartServerWithOverriddenSettings( SecuritySettings.ldap_authorization_group_to_role_mapping.name(), "503=admin;504=role1" );
assertKeepAuthorizationForLifetimeOfTransaction( "smith" );
}

private void assertKeepAuthorizationForLifetimeOfTransaction( String username ) throws Throwable
{
DoubleLatch latch = new DoubleLatch( 2 );
final Throwable[] threadFail = {null};
Expand All @@ -212,7 +235,7 @@ public void shouldKeepAuthorizationForLifetimeOfTransaction() throws Throwable
{
try
{
try ( Driver driver = connectDriver( "neo", "abc123" );
try ( Driver driver = connectDriver( username, "abc123" );
Session session = driver.session();
Transaction tx = session.beginTransaction() )
{
Expand Down Expand Up @@ -270,6 +293,7 @@ public void shouldTimeoutIfLdapServerDoesNotRespond() throws IOException
{
restartServerWithOverriddenSettings(
SecuritySettings.ldap_read_timeout.name(), "1s",
SecuritySettings.ldap_authorization_connection_pooling.name(), "true",
SecuritySettings.ldap_authorization_use_system_account.name(), "true"
);

Expand Down Expand Up @@ -364,7 +388,7 @@ public void shouldGetCombinedAuthorization() throws Throwable
// ===== Logging tests =====

@Test
public void shouldNotLogErrorsFromLdapRealmWhenLoginSuccessfulInNativeRealm() throws IOException, InvalidArgumentsException
public void shouldNotLogErrorsFromLdapRealmWhenLoginSuccessfulInNativeRealmNativeFirst() throws IOException, InvalidArgumentsException
{
restartServerWithOverriddenSettings(
SecuritySettings.auth_providers.name(), SecuritySettings.NATIVE_REALM_NAME + "," + SecuritySettings.LDAP_REALM_NAME,
Expand All @@ -387,6 +411,30 @@ public void shouldNotLogErrorsFromLdapRealmWhenLoginSuccessfulInNativeRealm() th
assertSecurityLogDoesNotContain( "ERROR" );
}

@Test
public void shouldNotLogErrorsFromLdapRealmWhenLoginSuccessfulInNativeRealmLdapFirst() throws IOException, InvalidArgumentsException
{
restartServerWithOverriddenSettings(
SecuritySettings.auth_providers.name(), SecuritySettings.LDAP_REALM_NAME + "," + SecuritySettings.NATIVE_REALM_NAME,
SecuritySettings.native_authentication_enabled.name(), "true",
SecuritySettings.native_authorization_enabled.name(), "true",
SecuritySettings.ldap_authentication_enabled.name(), "true",
SecuritySettings.ldap_authorization_enabled.name(), "true",
SecuritySettings.ldap_authorization_use_system_account.name(), "true"
);

// Given
// we have a native 'foo' that does not exist in ldap
createNativeUser( "foo", "bar" );

// Then
// the created "foo" can log in
assertAuth( "foo", "bar" );

// We should not get errors spammed in the security log
assertSecurityLogDoesNotContain( "ERROR" );
}

@Test
public void shouldLogInvalidCredentialErrorFromLdapRealm() throws Throwable
{
Expand Down

0 comments on commit 79c95c0

Please sign in to comment.