From f295355a6a5ba4aff3d2f1647fbe8422a77d1a41 Mon Sep 17 00:00:00 2001 From: Olivia Ytterbrink Date: Thu, 9 Jun 2016 16:39:19 +0200 Subject: [PATCH] Refactor tests --- .../enterprise/auth/AuthProceduresTest.java | 494 ++++++------------ 1 file changed, 171 insertions(+), 323 deletions(-) diff --git a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProceduresTest.java b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProceduresTest.java index d61a59f1081f5..1fd53ca747643 100644 --- a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProceduresTest.java +++ b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProceduresTest.java @@ -25,6 +25,7 @@ import org.junit.Before; import org.junit.Test; +import java.util.Arrays; import java.util.Collections; import java.util.List; import java.util.Map; @@ -36,10 +37,8 @@ import org.neo4j.graphdb.Transaction; import org.neo4j.graphdb.security.AuthorizationViolationException; import org.neo4j.kernel.api.KernelTransaction; -import org.neo4j.kernel.api.exceptions.KernelException; import org.neo4j.kernel.api.security.AuthSubject; import org.neo4j.kernel.api.security.AuthenticationResult; -import org.neo4j.kernel.impl.proc.Procedures; import org.neo4j.kernel.internal.GraphDatabaseAPI; import org.neo4j.server.security.auth.BasicPasswordPolicy; import org.neo4j.server.security.auth.InMemoryUserRepository; @@ -54,6 +53,10 @@ import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; import static org.neo4j.server.security.auth.SecurityTestUtils.authToken; +import static org.neo4j.server.security.enterprise.auth.PredefinedRolesBuilder.ADMIN; +import static org.neo4j.server.security.enterprise.auth.PredefinedRolesBuilder.ARCHITECT; +import static org.neo4j.server.security.enterprise.auth.PredefinedRolesBuilder.PUBLISHER; +import static org.neo4j.server.security.enterprise.auth.PredefinedRolesBuilder.READER; public class AuthProceduresTest { @@ -80,10 +83,10 @@ public void setUp() throws Throwable manager.newUser( "readWriteSubject", "abc", false ); manager.newUser( "readSubject", "123", false ); // Currently admin role is created by default - manager.addUserToRole( "adminSubject", PredefinedRolesBuilder.ADMIN ); - manager.newRole( PredefinedRolesBuilder.ARCHITECT, "schemaSubject" ); - manager.newRole( PredefinedRolesBuilder.PUBLISHER, "readWriteSubject" ); - manager.newRole( PredefinedRolesBuilder.READER, "readSubject" ); + manager.addUserToRole( "adminSubject", ADMIN ); + manager.newRole( ARCHITECT, "schemaSubject" ); + manager.newRole( PUBLISHER, "readWriteSubject" ); + manager.newRole( READER, "readSubject" ); manager.newRole( "empty" ); noneSubject = manager.login( authToken( "noneSubject", "abc" ) ); readSubject = manager.login( authToken( "readSubject", "123" ) ); @@ -104,7 +107,7 @@ public void tearDown() throws Throwable @Test public void shouldAllowUserChangePassword() throws Exception { - testCallEmpty( db, readSubject, "CALL dbms.changePassword( '321' )", null ); + testCallEmpty( db, readSubject, "CALL dbms.changePassword( '321' )" ); AuthSubject subject = manager.login( authToken( "readSubject", "321" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); } @@ -114,7 +117,7 @@ public void shouldAllowUserChangePassword() throws Exception @Test public void shouldCreateUser() throws Exception { - testCallEmpty( db, adminSubject, "CALL dbms.createUser('craig', '1234', true)"); + testCallEmpty( db, adminSubject, "CALL dbms.createUser('craig', '1234', true)" ); assertNotNull( "User craig should exist", manager.getUser( "craig" ) ); } @@ -122,18 +125,10 @@ public void shouldCreateUser() throws Exception public void shouldNotCreateExistingUser() throws Exception { - testCallEmpty( db, adminSubject, "CALL dbms.createUser('craig', '1234', true)"); + testCallEmpty( db, adminSubject, "CALL dbms.createUser('craig', '1234', true)" ); assertNotNull( "User craig should exist", manager.getUser( "craig" ) ); - try - { - testCallEmpty( db, adminSubject, "CALL dbms.createUser('craig', '1234', true)"); - fail( "Expected exception to be thrown" ); - } - catch ( QueryExecutionException e ) - { - assertTrue( "Exception should contain 'The specified user already exists''", - e.getMessage().contains( "The specified user already exists" ) ); - } + testCallFail( db, adminSubject, "CALL dbms.createUser('craig', '1234', true)", QueryExecutionException.class, + "The specified user already exists" ); } @Test @@ -161,19 +156,18 @@ public void shouldNotAllowNonAdminCreateUser() throws Exception @Test public void userCreation1() throws Exception { - testCallEmpty( db, adminSubject, "CALL dbms.createUser('Henrik', 'bar', true)"); - testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('Henrik', '" + PredefinedRolesBuilder.READER + "')", - null ); + testCallEmpty( db, adminSubject, "CALL dbms.createUser('Henrik', 'bar', true)" ); + testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('Henrik', '" + READER + "')" ); AuthSubject subject = manager.login( authToken( "Henrik", "foo" ) ); assertEquals( AuthenticationResult.FAILURE, subject.getAuthenticationResult() ); subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.PASSWORD_CHANGE_REQUIRED, subject.getAuthenticationResult() ); - testFailReadAction( subject, 3L ); - testCallEmpty( db, subject, "CALL dbms.changePassword( 'foo' )"); + testFailReadAction( subject, 3 ); + testCallEmpty( db, subject, "CALL dbms.changePassword( 'foo' )" ); subject = manager.login( authToken( "Henrik", "foo" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); testFailWriteAction( subject ); - testSuccessfulReadAction( subject, 3L ); + testSuccessfulReadAction( subject, 3 ); } /* @@ -194,11 +188,10 @@ public void userCreation2() throws Exception testCallEmpty( db, subject, "CALL dbms.changePassword( 'foo' )" ); subject = manager.login( authToken( "Henrik", "foo" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testFailReadAction( subject, 3L ); - testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('Henrik', '" + PredefinedRolesBuilder.READER + "')", - null ); + testFailReadAction( subject, 3 ); + testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('Henrik', '" + READER + "')" ); testFailWriteAction( subject ); - testSuccessfulReadAction( subject, 3L ); + testSuccessfulReadAction( subject, 3 ); } /* @@ -217,11 +210,10 @@ public void userCreation3() throws Exception testCallEmpty( db, adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)" ); AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testFailReadAction( subject, 3L ); - testCallEmpty( db, adminSubject, - "CALL dbms.addUserToRole('Henrik', '" + PredefinedRolesBuilder.PUBLISHER + "')"); + testFailReadAction( subject, 3 ); + testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('Henrik', '" + PUBLISHER + "')" ); testSuccessfulWriteAction( subject ); - testSuccessfulReadAction( subject, 4L ); + testSuccessfulReadAction( subject, 4 ); testFailSchema( subject ); } @@ -242,17 +234,16 @@ public void userCreation3() throws Exception @Test public void userCreation4() throws Exception { - testCallEmpty( db, adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)"); + testCallEmpty( db, adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)" ); AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testFailReadAction( subject, 3L ); + testFailReadAction( subject, 3 ); testFailWriteAction( subject ); testFailSchema( subject ); testFailCreateUser( subject ); - testCallEmpty( db, adminSubject, - "CALL dbms.addUserToRole('Henrik', '" + PredefinedRolesBuilder.ARCHITECT + "')"); + testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('Henrik', '" + ARCHITECT + "')" ); testSuccessfulWriteAction( subject ); - testSuccessfulReadAction( subject, 4L ); + testSuccessfulReadAction( subject, 4 ); testSuccessfulSchemaAction( subject ); testFailCreateUser( subject ); } @@ -262,71 +253,60 @@ public void userCreation4() throws Exception public void shouldAllowAddingAndRemovingUserFromRole() throws Exception { assertFalse( "Should not have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PredefinedRolesBuilder.PUBLISHER ) ); - testCallEmpty( db, adminSubject, - "CALL dbms.addUserToRole('readSubject', '" + PredefinedRolesBuilder.PUBLISHER + "')"); + ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); + testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('readSubject', '" + PUBLISHER + "')" ); assertTrue( "Should have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PredefinedRolesBuilder.PUBLISHER ) ); - testCallEmpty( db, adminSubject, - "CALL dbms.removeUserFromRole('readSubject', '" + PredefinedRolesBuilder.PUBLISHER + "')"); + ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); + testCallEmpty( db, adminSubject, "CALL dbms.removeUserFromRole('readSubject', '" + PUBLISHER + "')" ); assertFalse( "Should not have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PredefinedRolesBuilder.PUBLISHER ) ); + ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); } @Test public void shouldAllowAddingUserToRoleMultipleTimes() throws Exception { assertFalse( "Should not have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PredefinedRolesBuilder.PUBLISHER ) ); - testCallEmpty( db, adminSubject, - "CALL dbms.addUserToRole('readSubject', '" + PredefinedRolesBuilder.PUBLISHER + "')"); - testCallEmpty( db, adminSubject, - "CALL dbms.addUserToRole('readSubject', '" + PredefinedRolesBuilder.PUBLISHER + "')"); + ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); + testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('readSubject', '" + PUBLISHER + "')" ); + testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('readSubject', '" + PUBLISHER + "')" ); assertTrue( "Should have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PredefinedRolesBuilder.PUBLISHER ) ); + ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); } @Test public void shouldAllowRemovingUserFromRoleMultipleTimes() throws Exception { assertFalse( "Should not have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PredefinedRolesBuilder.PUBLISHER ) ); - testCallEmpty( db, adminSubject, - "CALL dbms.addUserToRole('readSubject', '" + PredefinedRolesBuilder.PUBLISHER + "')"); + ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); + testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('readSubject', '" + PUBLISHER + "')" ); assertTrue( "Should have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PredefinedRolesBuilder.PUBLISHER ) ); - testCallEmpty( db, adminSubject, - "CALL dbms.removeUserFromRole('readSubject', '" + PredefinedRolesBuilder.PUBLISHER + "')"); - testCallEmpty( db, adminSubject, - "CALL dbms.removeUserFromRole('readSubject', '" + PredefinedRolesBuilder.PUBLISHER + "')"); + ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); + testCallEmpty( db, adminSubject, "CALL dbms.removeUserFromRole('readSubject', '" + PUBLISHER + "')" ); + testCallEmpty( db, adminSubject, "CALL dbms.removeUserFromRole('readSubject', '" + PUBLISHER + "')" ); assertFalse( "Should not have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PredefinedRolesBuilder.PUBLISHER ) ); + ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); } @Test public void shouldAllowAddingAndRemovingUserFromMultipleRoles() throws Exception { assertFalse( "Should not have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PredefinedRolesBuilder.PUBLISHER ) ); + ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); assertFalse( "Should not have role architect", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PredefinedRolesBuilder.ARCHITECT ) ); - testCallEmpty( db, adminSubject, - "CALL dbms.addUserToRole('readSubject', '" + PredefinedRolesBuilder.PUBLISHER + "')"); - testCallEmpty( db, adminSubject, - "CALL dbms.addUserToRole('readSubject', '" + PredefinedRolesBuilder.ARCHITECT + "')"); + ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( ARCHITECT ) ); + testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('readSubject', '" + PUBLISHER + "')" ); + testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('readSubject', '" + ARCHITECT + "')" ); assertTrue( "Should have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PredefinedRolesBuilder.PUBLISHER ) ); + ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); assertTrue( "Should have role architect", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PredefinedRolesBuilder.ARCHITECT ) ); + ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( ARCHITECT ) ); - testCallEmpty( db, adminSubject, - "CALL dbms.removeUserFromRole('readSubject', '" + PredefinedRolesBuilder.PUBLISHER + "')"); - testCallEmpty( db, adminSubject, - "CALL dbms.removeUserFromRole('readSubject', '" + PredefinedRolesBuilder.ARCHITECT + "')"); + testCallEmpty( db, adminSubject, "CALL dbms.removeUserFromRole('readSubject', '" + PUBLISHER + "')" ); + testCallEmpty( db, adminSubject, "CALL dbms.removeUserFromRole('readSubject', '" + ARCHITECT + "')" ); assertFalse( "Should not have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PredefinedRolesBuilder.PUBLISHER ) ); + ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); assertFalse( "Should not have role architect", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PredefinedRolesBuilder.ARCHITECT ) ); + ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( ARCHITECT ) ); } @Test @@ -361,19 +341,16 @@ public void shouldNotAllowNonAdminRemovingUserFromRole() throws Exception @Test public void roleManagement1() throws Exception { - testCallEmpty( db, adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)"); - testCallEmpty( db, adminSubject, - "CALL dbms.addUserToRole('Henrik', '" + PredefinedRolesBuilder.PUBLISHER + "')"); + testCallEmpty( db, adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)" ); + testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('Henrik', '" + PUBLISHER + "')" ); AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); testSuccessfulWriteAction( subject ); - testCallEmpty( db, adminSubject, - "CALL dbms.removeUserFromRole('Henrik', '" + PredefinedRolesBuilder.PUBLISHER + "')"); - testFailReadAction( subject, 4L ); - testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('Henrik', '" + PredefinedRolesBuilder.READER + "')", - null ); + testCallEmpty( db, adminSubject, "CALL dbms.removeUserFromRole('Henrik', '" + PUBLISHER + "')" ); + testFailReadAction( subject, 4 ); + testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('Henrik', '" + READER + "')" ); testFailWriteAction( subject ); - testSuccessfulReadAction( subject, 4L ); + testSuccessfulReadAction( subject, 4 ); } /* @@ -387,14 +364,12 @@ public void roleManagement1() throws Exception @Test public void roleManagement2() throws Exception { - testCallEmpty( db, adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)"); + testCallEmpty( db, adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)" ); AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); testFailWriteAction( subject ); - testCallEmpty( db, adminSubject, - "CALL dbms.addUserToRole('Henrik', '" + PredefinedRolesBuilder.PUBLISHER + "')"); - testCallEmpty( db, adminSubject, - "CALL dbms.addUserToRole('Henrik', '" + PredefinedRolesBuilder.PUBLISHER + "')"); + testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('Henrik', '" + PUBLISHER + "')" ); + testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('Henrik', '" + PUBLISHER + "')" ); testSuccessfulWriteAction( subject ); } @@ -412,19 +387,16 @@ public void roleManagement2() throws Exception @Test public void roleManagement3() throws Exception { - testCallEmpty( db, adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)"); - testCallEmpty( db, adminSubject, - "CALL dbms.addUserToRole('Henrik', '" + PredefinedRolesBuilder.PUBLISHER + "')" ); + testCallEmpty( db, adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)" ); + testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('Henrik', '" + PUBLISHER + "')" ); AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('Henrik', '" + PredefinedRolesBuilder.READER + "')", - null ); + testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('Henrik', '" + READER + "')" ); testSuccessfulWriteAction( subject ); - testSuccessfulReadAction( subject, 4L ); - testCallEmpty( db, adminSubject, - "CALL dbms.removeUserFromRole('Henrik', '" + PredefinedRolesBuilder.PUBLISHER + "')"); + testSuccessfulReadAction( subject, 4 ); + testCallEmpty( db, adminSubject, "CALL dbms.removeUserFromRole('Henrik', '" + PUBLISHER + "')" ); testFailWriteAction( subject ); - testSuccessfulReadAction( subject, 4L ); + testSuccessfulReadAction( subject, 4 ); } //----------User deletion ----------- @@ -432,9 +404,9 @@ public void roleManagement3() throws Exception @Test public void shouldDeleteUser() throws Exception { - testCallEmpty( db, adminSubject, "CALL dbms.createUser('Craig', '1234', true)", null ); + testCallEmpty( db, adminSubject, "CALL dbms.createUser('Craig', '1234', true)" ); assertNotNull( "User Craig should exist", manager.getUser( "Craig" ) ); - testCallEmpty( db, adminSubject, "CALL dbms.deleteUser('Craig')", null ); + testCallEmpty( db, adminSubject, "CALL dbms.deleteUser('Craig')" ); assertNull( "User Craig should not exist", manager.getUser( "Craig" ) ); } @@ -450,20 +422,12 @@ public void shouldNotAllowNonAdminDeleteUser() throws Exception @Test public void shouldAllowDeletingUserMultipleTimes() throws Exception { - testCallEmpty( db, adminSubject, "CALL dbms.createUser('Craig', '1234', true)", null ); + testCallEmpty( db, adminSubject, "CALL dbms.createUser('Craig', '1234', true)" ); assertNotNull( "User Craig should exist", manager.getUser( "Craig" ) ); - testCallEmpty( db, adminSubject, "CALL dbms.deleteUser('Craig')", null ); + testCallEmpty( db, adminSubject, "CALL dbms.deleteUser('Craig')" ); assertNull( "User Craig should not exist", manager.getUser( "Craig" ) ); - try - { - testCallEmpty( db, adminSubject, "CALL dbms.deleteUser('Craig')", null ); - fail( "Expected exception to be thrown" ); - } - catch ( QueryExecutionException e ) - { - assertTrue( "Exception should contain 'The user 'Craig' does not exist''", - e.getMessage().contains( "The user 'Craig' does not exist" ) ); - } + testCallFail( db, adminSubject, "CALL dbms.deleteUser('Craig')", QueryExecutionException.class, + "The user 'Craig' does not exist" ); } /* @@ -474,8 +438,8 @@ public void shouldAllowDeletingUserMultipleTimes() throws Exception @Test public void userDeletion1() throws Exception { - testCallEmpty( db, adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)", null ); - testCallEmpty( db, adminSubject, "CALL dbms.deleteUser('Henrik')", null ); + testCallEmpty( db, adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)" ); + testCallEmpty( db, adminSubject, "CALL dbms.deleteUser('Henrik')" ); AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.FAILURE, subject.getAuthenticationResult() ); } @@ -488,19 +452,10 @@ public void userDeletion1() throws Exception @Test public void userDeletion2() throws Exception { - testCallEmpty( db, adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)", null ); - testCallEmpty( db, adminSubject, "CALL dbms.deleteUser('Henrik')", null ); - try - { - testCallEmpty( db, adminSubject, - "CALL dbms.addUserToRole('Henrik', '" + PredefinedRolesBuilder.PUBLISHER + "')", null ); - fail( "Expected exception to be thrown" ); - } - catch ( QueryExecutionException e ) - { - assertTrue( "Exception should contain 'User Henrik does not exist'", - e.getMessage().contains( "User Henrik does not exist" ) ); - } + testCallEmpty( db, adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)" ); + testCallEmpty( db, adminSubject, "CALL dbms.deleteUser('Henrik')" ); + testCallFail( db, adminSubject, "CALL dbms.addUserToRole('Henrik', '" + PUBLISHER + "')", + QueryExecutionException.class, "User Henrik does not exist" ); } /* @@ -512,21 +467,11 @@ public void userDeletion2() throws Exception @Test public void userDeletion3() throws Exception { - testCallEmpty( db, adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)", null ); - testCallEmpty( db, adminSubject, - "CALL dbms.addUserToRole('Henrik', '" + PredefinedRolesBuilder.PUBLISHER + "')", null ); - testCallEmpty( db, adminSubject, "CALL dbms.deleteUser('Henrik')", null ); - try - { - testCallEmpty( db, adminSubject, - "CALL dbms.removeUserFromRole('Henrik', '" + PredefinedRolesBuilder.PUBLISHER + "')", null ); - fail( "Expected exception to be thrown" ); - } - catch ( QueryExecutionException e ) - { - assertTrue( "Exception should contain 'User Henrik does not exist'", - e.getMessage().contains( "User Henrik does not exist" ) ); - } + testCallEmpty( db, adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)" ); + testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('Henrik', '" + PUBLISHER + "')" ); + testCallEmpty( db, adminSubject, "CALL dbms.deleteUser('Henrik')" ); + testCallFail( db, adminSubject, "CALL dbms.removeUserFromRole('Henrik', '" + PUBLISHER + "')", + QueryExecutionException.class, "User Henrik does not exist" ); } /* @@ -539,15 +484,14 @@ public void userDeletion3() throws Exception @Test public void userDeletion4() throws Exception { - testCallEmpty( db, adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)", null ); - testCallEmpty( db, adminSubject, - "CALL dbms.addUserToRole('Henrik', '" + PredefinedRolesBuilder.PUBLISHER + "')", null ); + testCallEmpty( db, adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)" ); + testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('Henrik', '" + PUBLISHER + "')" ); AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testCallEmpty( db, adminSubject, "CALL dbms.deleteUser('Henrik')", null ); + testCallEmpty( db, adminSubject, "CALL dbms.deleteUser('Henrik')" ); try { - testSuccessfulReadAction( subject, 3L ); + testSuccessfulReadAction( subject, 3 ); fail( "Expected exception to be thrown" ); } catch ( AuthenticationException e ) @@ -621,12 +565,12 @@ public void userSuspension1() throws Exception public void userSuspension2() throws Exception { testCallEmpty( db, adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)" ); - testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('Henrik', '" + PredefinedRolesBuilder.READER + "')" ); + testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('Henrik', '" + READER + "')" ); AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testSuccessfulReadAction( subject, 3L ); + testSuccessfulReadAction( subject, 3 ); testCallEmpty( db, adminSubject, "CALL dbms.suspendUser('Henrik')" ); - testFailReadAction( subject, 3L ); + testFailReadAction( subject, 3 ); // TODO: Check that user session is terminated instead of checking failed read subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.FAILURE, subject.getAuthenticationResult() ); @@ -657,22 +601,18 @@ public void userActivation1() throws Exception @Test public void shouldReturnUsers() throws Exception { - testResult( db, adminSubject, "CALL dbms.listUsers() YIELD value AS users RETURN users", r -> { - List names = getObjectsAsList( r, "users" ); - Assert.assertThat( names, - containsInAnyOrder( "adminSubject", "readSubject", "schemaSubject", "readWriteSubject", - "noneSubject", "neo4j" ) ); - assertEquals( 6, names.size() ); - } ); + testResult( db, adminSubject, "CALL dbms.listUsers() YIELD value AS users RETURN users", + r -> resultContainsInAnyOrder( r, "users", "adminSubject", "readSubject", "schemaSubject", + "readWriteSubject", "noneSubject", "neo4j" ) ); } @Test public void shouldNotAllowNonAdminListUsers() throws Exception { - testFailListUsers( noneSubject, 5L ); - testFailListUsers( readSubject, 5L ); - testFailListUsers( writeSubject, 5L ); - testFailListUsers( schemaSubject, 5L ); + testFailListUsers( noneSubject, 5 ); + testFailListUsers( readSubject, 5 ); + testFailListUsers( writeSubject, 5 ); + testFailListUsers( schemaSubject, 5 ); } /* @@ -687,45 +627,27 @@ public void shouldNotAllowNonAdminListUsers() throws Exception @Test public void userListing() throws Exception { - testResult( db, adminSubject, "CALL dbms.listUsers() YIELD value AS users RETURN users", r -> { - List names = getObjectsAsList( r, "users" ); - Assert.assertThat( names, - containsInAnyOrder( "adminSubject", "readSubject", "schemaSubject", "readWriteSubject", - "noneSubject", "neo4j" ) ); - assertEquals( 6, names.size() ); - } ); - testCallEmpty( db, adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)", null ); - testResult( db, adminSubject, "CALL dbms.listUsers() YIELD value AS users RETURN users", r -> { - List names = getObjectsAsList( r, "users" ); - Assert.assertThat( names, - containsInAnyOrder( "Henrik", "adminSubject", "readSubject", "schemaSubject", "readWriteSubject", - "noneSubject", "neo4j" ) ); - assertEquals( 7, names.size() ); - } ); + testResult( db, adminSubject, "CALL dbms.listUsers() YIELD value AS users RETURN users", + r -> resultContainsInAnyOrder( r, "users", "adminSubject", "readSubject", "schemaSubject", + "readWriteSubject", "noneSubject", "neo4j" ) ); + testCallEmpty( db, adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)" ); + testResult( db, adminSubject, "CALL dbms.listUsers() YIELD value AS users RETURN users", + r -> resultContainsInAnyOrder( r, "users", "adminSubject", "readSubject", "schemaSubject", + "readWriteSubject", "noneSubject", "Henrik", "neo4j" ) ); AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testFailListUsers( subject, 6L ); - testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('Henrik', '" + PredefinedRolesBuilder.ADMIN + "')", - null ); - testResult( db, subject, "CALL dbms.listUsers() YIELD value AS users RETURN users", r -> { - List names = getObjectsAsList( r, "users" ); - Assert.assertThat( names, - containsInAnyOrder( "Henrik", "adminSubject", "readSubject", "schemaSubject", "readWriteSubject", - "noneSubject", "neo4j" ) ); - assertEquals( 7, names.size() ); - } ); + testFailListUsers( subject, 6 ); + testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('Henrik', '" + ADMIN + "')" ); + testResult( db, subject, "CALL dbms.listUsers() YIELD value AS users RETURN users", + r -> resultContainsInAnyOrder( r, "users", "adminSubject", "readSubject", "schemaSubject", + "readWriteSubject", "noneSubject", "Henrik", "neo4j" ) ); } @Test public void shouldReturnRoles() throws Exception { - testResult( db, adminSubject, "CALL dbms.listRoles() YIELD value AS roles RETURN roles", r -> { - List roles = getObjectsAsList( r, "roles" ); - Assert.assertThat( roles, - containsInAnyOrder( PredefinedRolesBuilder.ADMIN, PredefinedRolesBuilder.ARCHITECT, - PredefinedRolesBuilder.PUBLISHER, PredefinedRolesBuilder.READER, "empty" ) ); - assertEquals( 5, roles.size() ); - } ); + testResult( db, adminSubject, "CALL dbms.listRoles() YIELD value AS roles RETURN roles", + r -> resultContainsInAnyOrder( r, "roles", ADMIN, ARCHITECT, PUBLISHER, READER, "empty" ) ); } @Test @@ -748,13 +670,12 @@ public void shouldNotAllowNonAdminListRoles() throws Exception @Test public void rolesListing() throws Exception { - testCallEmpty( db, adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)", null ); + testCallEmpty( db, adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)" ); AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); testFailListRoles( subject ); testSuccessfulListRolesAction( adminSubject ); - testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('Henrik', '" + PredefinedRolesBuilder.ADMIN + "')", - null ); + testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('Henrik', '" + ADMIN + "')" ); testSuccessfulListRolesAction( subject ); } @@ -762,11 +683,7 @@ public void rolesListing() throws Exception public void shouldListRolesForUser() throws Exception { testResult( db, adminSubject, "CALL dbms.listRolesForUser('adminSubject') YIELD value as roles RETURN roles", - r -> { - List roles = getObjectsAsList( r, "roles" ); - Assert.assertThat( roles, containsInAnyOrder( PredefinedRolesBuilder.ADMIN ) ); - assertEquals( 1, roles.size() ); - } ); + r -> resultContainsInAnyOrder( r, "roles", ADMIN ) ); } @Test @@ -781,25 +698,15 @@ public void shouldNotAllowNonAdminListUserRoles() throws Exception @Test public void shouldFailToListRolesForUnknownUser() throws Exception { - try - { - testResult( db, adminSubject, "CALL dbms.listRolesForUser('Henrik') YIELD value as roles RETURN roles", - r -> assertFalse( r.hasNext() ) ); - fail( "Expected exception to be thrown" ); - } - catch ( QueryExecutionException e ) - { - assertTrue( "Exception should contain 'User Henrik does not exist.' but was " + e.getMessage(), - e.getMessage().contains( "User Henrik does not exist." ) ); - } + testCallFail( db, adminSubject, "CALL dbms.listRolesForUser('Henrik') YIELD value as roles RETURN roles", + QueryExecutionException.class, "User Henrik does not exist." ); } @Test public void shouldListNoRolesForUserWithNoRoles() throws Exception { - testCallEmpty( db, adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)", null ); - testResult( db, adminSubject, "CALL dbms.listRolesForUser('Henrik') YIELD value as roles RETURN roles", - r -> assertFalse( r.hasNext() ) ); + testCallEmpty( db, adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)" ); + testCallEmpty( db, adminSubject, "CALL dbms.listRolesForUser('Henrik') YIELD value as roles RETURN roles" ); } /* @@ -813,72 +720,53 @@ public void shouldListNoRolesForUserWithNoRoles() throws Exception @Test public void listingUserRoles() throws Exception { - testCallEmpty( db, adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)", null ); - testCallEmpty( db, adminSubject, "CALL dbms.createUser('Craig', 'foo', false)", null ); - testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('Craig', '" + PredefinedRolesBuilder.PUBLISHER + "')", - null ); + testCallEmpty( db, adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)" ); + testCallEmpty( db, adminSubject, "CALL dbms.createUser('Craig', 'foo', false)" ); + testCallEmpty( db, adminSubject, "CALL dbms.addUserToRole('Craig', '" + PUBLISHER + "')" ); AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); testFailListUserRoles( subject, "Craig" ); testResult( db, adminSubject, "CALL dbms.listRolesForUser('Craig') YIELD value as roles RETURN roles", - r -> { - List roles = getObjectsAsList( r, "roles" ); - Assert.assertThat( roles, containsInAnyOrder( PredefinedRolesBuilder.PUBLISHER ) ); - assertEquals( 1, roles.size() ); - } ); + r -> resultContainsInAnyOrder( r, "roles", PUBLISHER ) ); } @Test public void shouldListUsersForRole() throws Exception { testResult( db, adminSubject, "CALL dbms.listUsersForRole('admin') YIELD value as users RETURN users", - r -> { - List usernames = getObjectsAsList( r, "users" ); - Assert.assertThat( usernames, containsInAnyOrder( adminSubject.name(), "neo4j" ) ); - assertEquals( 2, usernames.size() ); - } ); + r -> resultContainsInAnyOrder( r, "users", adminSubject.name(), "neo4j" ) ); } @Test public void shouldNotAllowNonAdminListRoleUsers() throws Exception { - testFailListRoleUsers( noneSubject, PredefinedRolesBuilder.ADMIN ); - testFailListRoleUsers( readSubject, PredefinedRolesBuilder.ADMIN); - testFailListRoleUsers( writeSubject, PredefinedRolesBuilder.ADMIN ); - testFailListRoleUsers( schemaSubject, PredefinedRolesBuilder.ADMIN ); + testFailListRoleUsers( noneSubject, ADMIN ); + testFailListRoleUsers( readSubject, ADMIN ); + testFailListRoleUsers( writeSubject, ADMIN ); + testFailListRoleUsers( schemaSubject, ADMIN ); } @Test public void shouldFailToListUsersForUnknownRole() throws Exception { - try - { - testResult( db, adminSubject, "CALL dbms.listUsersForRole('Foo') YIELD value as users RETURN users", - r -> assertFalse( r.hasNext() ) ); - fail( "Expected exception to be thrown" ); - } - catch ( QueryExecutionException e ) - { - assertTrue( "Exception should contain 'Role Foo does not exist.' but was " + e.getMessage(), - e.getMessage().contains( "Role Foo does not exist." ) ); - } + testCallFail( db, adminSubject, "CALL dbms.listUsersForRole('Foo') YIELD value as users RETURN users", + QueryExecutionException.class, "Role Foo does not exist." ); } @Test public void shouldListNoUsersForRoleWithNoUsers() throws Exception { - testResult( db, adminSubject, "CALL dbms.listUsersForRole('empty') YIELD value as users RETURN users", - r -> assertFalse( r.hasNext() ) ); + testCallEmpty( db, adminSubject, "CALL dbms.listUsersForRole('empty') YIELD value as users RETURN users" ); } //-------------Helper functions--------------- - private void testSuccessfulReadAction( AuthSubject subject, Long count ) + private void testSuccessfulReadAction( AuthSubject subject, int count ) { - testCall( db, subject, "MATCH (n) RETURN count(n)", ( r ) -> assertEquals( r.get( "count(n)" ), count ) ); + testCallCount( db, subject, "MATCH (n) RETURN n", null, count ); } - private void testFailReadAction( AuthSubject subject, Long count ) + private void testFailReadAction( AuthSubject subject, int count ) { try { @@ -895,7 +783,7 @@ private void testFailReadAction( AuthSubject subject, Long count ) private void testSuccessfulWriteAction( AuthSubject subject ) { - testCallEmpty( db, subject, "CREATE (:Node)"); + testCallEmpty( db, subject, "CREATE (:Node)" ); } private void testFailWriteAction( AuthSubject subject ) @@ -915,7 +803,7 @@ private void testFailWriteAction( AuthSubject subject ) private void testSuccessfulSchemaAction( AuthSubject subject ) { - testCallEmpty( db, subject, "CREATE INDEX ON :Node(number)"); + testCallEmpty( db, subject, "CREATE INDEX ON :Node(number)" ); } private void testFailSchema( AuthSubject subject ) @@ -935,73 +823,39 @@ private void testFailSchema( AuthSubject subject ) private void testFailCreateUser( AuthSubject subject ) { - try - { - testCallEmpty( db, subject, "CALL dbms.createUser('Craig', 'foo', false)"); - fail( "Expected exception to be thrown" ); - } - catch ( QueryExecutionException e ) - { - assertTrue( "Exception should contain '" + AuthProcedures.PERMISSION_DENIED + "'", - e.getMessage().contains( AuthProcedures.PERMISSION_DENIED ) ); - } + testCallFail( db, subject, "CALL dbms.createUser('Craig', 'foo', false)", QueryExecutionException.class, + AuthProcedures.PERMISSION_DENIED ); } private void testFailAddUserToRoleAction( AuthSubject subject ) { - try - { - testCallEmpty( db, subject, "CALL dbms.addUserToRole('Craig', '" + PredefinedRolesBuilder.PUBLISHER + "')", - null ); - fail( "Expected exception to be thrown" ); - } - catch ( QueryExecutionException e ) - { - assertTrue( "Exception should contain '" + AuthProcedures.PERMISSION_DENIED + "'", - e.getMessage().contains( AuthProcedures.PERMISSION_DENIED ) ); - } + testCallFail( db, subject, "CALL dbms.addUserToRole('Craig', '" + PUBLISHER + "')", + QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); } private void testFailRemoveUserFromRoleAction( AuthSubject subject ) { - try - { - testCallEmpty( db, subject, - "CALL dbms.removeUserFromRole('Craig', '" + PredefinedRolesBuilder.PUBLISHER + "')"); - fail( "Expected exception to be thrown" ); - } - catch ( QueryExecutionException e ) - { - assertTrue( "Exception should contain '" + AuthProcedures.PERMISSION_DENIED + "'", - e.getMessage().contains( AuthProcedures.PERMISSION_DENIED ) ); - } + testCallFail( db, subject, "CALL dbms.removeUserFromRole('Craig', '" + PUBLISHER + "')", + QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); } private void testFailDeleteUser( AuthSubject subject ) { - try - { - testCallEmpty( db, subject, "CALL dbms.deleteUser('Craig')", null ); - fail( "Expected exception to be thrown" ); - } - catch ( QueryExecutionException e ) - { - assertTrue( "Exception should contain '" + AuthProcedures.PERMISSION_DENIED + "'", - e.getMessage().contains( AuthProcedures.PERMISSION_DENIED ) ); - } + testCallFail( db, subject, "CALL dbms.deleteUser('Craig')", QueryExecutionException.class, + AuthProcedures.PERMISSION_DENIED ); } - private void testSuccessfulListUsersAction( AuthSubject subject, Long count ) + private void testSuccessfulListUsersAction( AuthSubject subject, int count ) { - testCall( db, subject, "CALL dbms.listUsers() YIELD value AS users RETURN count(users)", - ( r ) -> assertEquals( r.get( "count(users)" ), count ) ); + testCallCount( db, subject, "CALL dbms.listUsers() YIELD value AS users RETURN users", null, count ); } - private void testFailListUsers( AuthSubject subject, Long count ) + private void testFailListUsers( AuthSubject subject, int count ) { try { testSuccessfulListUsersAction( subject, count ); + fail( "Expected exception to be thrown" ); } catch ( QueryExecutionException e ) { @@ -1012,8 +866,7 @@ private void testFailListUsers( AuthSubject subject, Long count ) private void testSuccessfulListRolesAction( AuthSubject subject ) { - testCall( db, subject, "CALL dbms.listRoles() YIELD value AS roles RETURN count(roles)", - ( r ) -> assertEquals( r.get( "count(roles)" ), 5L ) ); + testCallCount( db, subject, "CALL dbms.listRoles() YIELD value AS roles RETURN roles", null, 5 ); } private void testFailListRoles( AuthSubject subject ) @@ -1021,6 +874,7 @@ private void testFailListRoles( AuthSubject subject ) try { testSuccessfulListRolesAction( subject ); + fail( "Expected exception to be thrown" ); } catch ( QueryExecutionException e ) { @@ -1029,17 +883,14 @@ private void testFailListRoles( AuthSubject subject ) } } - private void testSuccessfulListUserRolesAction( AuthSubject subject, String username ) - { - testCall( db, subject, - "CALL dbms.listRolesForUser('" + username + "') YIELD value AS roles RETURN count(roles)", Map::clear ); - } - private void testFailListUserRoles( AuthSubject subject, String username ) { try { - testSuccessfulListUserRolesAction( subject, username ); + testCall( db, subject, + "CALL dbms.listRolesForUser('" + username + "') YIELD value AS roles RETURN count(roles)", + Map::clear ); + fail( "Expected exception to be thrown" ); } catch ( QueryExecutionException e ) { @@ -1048,18 +899,14 @@ private void testFailListUserRoles( AuthSubject subject, String username ) } } - private void testSuccessfulListRoleUsersAction( AuthSubject subject, String roleName ) - { - testCall( db, subject, - "CALL dbms.listUsersForRole('" + roleName + "') YIELD value AS users RETURN count(users)", - Map::clear ); - } - private void testFailListRoleUsers( AuthSubject subject, String roleName ) { try { - testSuccessfulListRoleUsersAction( subject, roleName ); + testCall( db, subject, + "CALL dbms.listUsersForRole('" + roleName + "') YIELD value AS users RETURN count(users)", + Map::clear ); + fail( "Expected exception to be thrown" ); } catch ( QueryExecutionException e ) { @@ -1073,6 +920,13 @@ private List getObjectsAsList( Result r, String key ) return r.stream().map( s -> s.get( key ) ).collect( Collectors.toList() ); } + private void resultContainsInAnyOrder( Result r, String key, Object... items ) + { + List results = getObjectsAsList( r, key ); + Assert.assertThat( results, containsInAnyOrder( items ) ); + assertEquals( Arrays.asList( items ).size(), results.size() ); + } + private static void testCall( GraphDatabaseAPI db, AuthSubject subject, String call, Consumer> consumer ) { @@ -1092,12 +946,12 @@ private static void testCall( GraphDatabaseAPI db, AuthSubject subject, String c } ); } - public static void testCallFail( GraphDatabaseAPI db, AuthSubject subject, String call, Class expectedExceptionClass, - String partOfErrorMsg ) + public static void testCallFail( GraphDatabaseAPI db, AuthSubject subject, String call, + Class expectedExceptionClass, String partOfErrorMsg ) { try { - testCallEmpty( db, subject, call, null); + testCallEmpty( db, subject, call, null ); fail( "Expected exception to be thrown" ); } catch ( Exception e ) @@ -1110,7 +964,7 @@ public static void testCallFail( GraphDatabaseAPI db, AuthSubject subject, Strin public static void testCallEmpty( GraphDatabaseAPI db, AuthSubject subject, String call ) { - testCallEmpty( db, subject, call, null); + testCallEmpty( db, subject, call, null ); } public static void testCallEmpty( GraphDatabaseAPI db, AuthSubject subject, String call, Map params ) @@ -1149,10 +1003,4 @@ public static void testResult( GraphDatabaseAPI db, AuthSubject subject, String tx.success(); } } - - public static void registerProcedures( GraphDatabaseAPI db ) throws KernelException - { - Procedures procedures = db.getDependencyResolver().resolveDependency( Procedures.class ); - (new ProceduresProvider()).registerProcedures( procedures ); - } }