Vastly increased AuthProcedures unit test coverage.

Included all current test conditions in the security unit test overview.
Some of these do not pass, but are included in commented form (marked
with TODO) so we do not forget to fix them later. Minor refactoring on the
TestBase too.

enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/ShiroAuthManager.java

@@ -153,7 +153,7 @@ public RoleRecord newRole( String roleName, String... users ) throws IOException
     }
 
     @Override
-    public AuthSubject login( Map<String,Object> authToken ) throws InvalidAuthTokenException
+    public ShiroAuthSubject login( Map<String,Object> authToken ) throws InvalidAuthTokenException
     {
         assertAuthEnabled();
 

enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProcedureTestBase.java

@@ -59,14 +59,15 @@
 
 public class AuthProcedureTestBase
 {
-    protected AuthSubject adminSubject;
-    protected AuthSubject schemaSubject;
-    protected AuthSubject writeSubject;
-    protected AuthSubject readSubject;
-    protected AuthSubject noneSubject;
+    protected ShiroAuthSubject adminSubject;
+    protected ShiroAuthSubject schemaSubject;
+    protected ShiroAuthSubject writeSubject;
+    protected ShiroAuthSubject readSubject;
+    protected ShiroAuthSubject pwdSubject;
+    protected ShiroAuthSubject noneSubject;
 
     protected String[] initialUsers = { "adminSubject", "readSubject", "schemaSubject",
-        "readWriteSubject", "noneSubject", "neo4j" };
+        "readWriteSubject", "pwdSubject", "noneSubject", "neo4j" };
     protected String[] initialRoles = { "admin", "architect", "publisher", "reader", "empty" };
 
     protected GraphDatabaseAPI db;
@@ -81,6 +82,7 @@ public void setUp() throws Throwable
         manager.init();
         manager.start();
         manager.newUser( "noneSubject", "abc", false );
+        manager.newUser( "pwdSubject", "abc", true );
         manager.newUser( "adminSubject", "abc", false );
         manager.newUser( "schemaSubject", "abc", false );
         manager.newUser( "readWriteSubject", "abc", false );
@@ -92,6 +94,7 @@ public void setUp() throws Throwable
         manager.newRole( READER, "readSubject" );
         manager.newRole( "empty" );
         noneSubject = manager.login( authToken( "noneSubject", "abc" ) );
+        pwdSubject = manager.login( authToken( "pwdSubject", "abc" ) );
         readSubject = manager.login( authToken( "readSubject", "123" ) );
         writeSubject = manager.login( authToken( "readWriteSubject", "abc" ) );
         schemaSubject = manager.login( authToken( "schemaSubject", "abc" ) );
@@ -119,33 +122,33 @@ protected List<String> listOf( String... values )
 
     //------------- Helper functions---------------
 
-    protected void testSuccessfulReadAction( AuthSubject subject, int count )
+    protected void testSuccessfulRead( AuthSubject subject, int count )
     {
         testCallCount( subject, "MATCH (n) RETURN n", null, count );
     }
 
-    protected void testFailReadAction( AuthSubject subject, int count )
+    protected void testFailRead( AuthSubject subject, int count )
     {
         // TODO: this should be permission denied instead
         testCallFail( subject,
                 "MATCH (n) RETURN n",
                 AuthorizationViolationException.class, "Read operations are not allowed" );
     }
 
-    protected void testSuccessfulWriteAction( AuthSubject subject )
+    protected void testSuccessfulWrite( AuthSubject subject )
     {
         testCallEmpty( subject, "CREATE (:Node)" );
     }
 
-    protected void testFailWriteAction( AuthSubject subject )
+    protected void testFailWrite( AuthSubject subject )
     {
         // TODO: this should be permission denied instead
         testCallFail( subject,
                 "CREATE (:Node)",
                 AuthorizationViolationException.class, "Write operations are not allowed" );
     }
 
-    protected void testSuccessfulSchemaAction( AuthSubject subject )
+    protected void testSuccessfulSchema( AuthSubject subject )
     {
         testCallEmpty( subject, "CREATE INDEX ON :Node(number)" );
     }
@@ -162,15 +165,19 @@ protected void testFailCreateUser( AuthSubject subject )
     {
         testCallFail( subject, "CALL dbms.createUser('Craig', 'foo', false)", QueryExecutionException.class,
                 AuthProcedures.PERMISSION_DENIED );
+        testCallFail( subject, "CALL dbms.createUser('Craig', '', false)", QueryExecutionException.class,
+                AuthProcedures.PERMISSION_DENIED );
+        testCallFail( subject, "CALL dbms.createUser('', 'foo', false)", QueryExecutionException.class,
+                AuthProcedures.PERMISSION_DENIED );
     }
 
-    protected void testFailAddUserToRoleAction( AuthSubject subject )
+    protected void testFailAddUserToRole( AuthSubject subject )
     {
         testCallFail( subject, "CALL dbms.addUserToRole('Craig', '" + PUBLISHER + "')",
                 QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED );
     }
 
-    protected void testFailRemoveUserFromRoleAction( AuthSubject subject )
+    protected void testFailRemoveUserFromRole( AuthSubject subject )
     {
         testCallFail( subject, "CALL dbms.removeUserFromRole('Craig', '" + PUBLISHER + "')",
                 QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED );
@@ -180,9 +187,11 @@ protected void testFailDeleteUser( AuthSubject subject )
     {
         testCallFail( subject, "CALL dbms.deleteUser('Craig')", QueryExecutionException.class,
                 AuthProcedures.PERMISSION_DENIED );
+        testCallFail( subject, "CALL dbms.deleteUser('')", QueryExecutionException.class,
+                AuthProcedures.PERMISSION_DENIED );
     }
 
-    protected void testSuccessfulListUsersAction( AuthSubject subject, String[] users )
+    protected void testSuccessfulListUsers( AuthSubject subject, String[] users )
     {
         testResult( subject, "CALL dbms.listUsers() YIELD username AS users RETURN users",
                 r -> resultKeyIsArray( r, "users", users ) );
@@ -195,7 +204,7 @@ protected void testFailListUsers( AuthSubject subject, int count )
                 QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED );
     }
 
-    protected void testSuccessfulListRolesAction( AuthSubject subject, String[] roles )
+    protected void testSuccessfulListRoles( AuthSubject subject, String[] roles )
     {
         testResult( subject, "CALL dbms.listRoles() YIELD role AS roles RETURN roles",
                 r -> resultKeyIsArray( r, "roles", roles ) );
@@ -288,8 +297,22 @@ protected void testCallFail( AuthSubject subject, String call,
 
     protected void testUnAunthenticated( ShiroAuthSubject subject )
     {
-        //TODO: inprove me to be less gullible!
-        assert( subject.getSubject().isAuthenticated() );
+        //TODO: improve me to be less gullible!
+        assertFalse( subject.getSubject().isAuthenticated() );
+    }
+
+    protected void testUnAunthenticated( ShiroAuthSubject subject, String call )
+    {
+        //TODO: OMG improve thrown exception
+        try
+        {
+            testCallEmpty( subject, call, null );
+            fail( "Allowed un-authenticated query!" );
+        }
+        catch ( Exception e )
+        {
+            assertEquals( NullPointerException.class, e.getClass() );
+        }
     }
 
     protected void testCallEmpty( AuthSubject subject, String call )