diff --git a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/ShiroAuthManager.java b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/ShiroAuthManager.java index c3546e5328010..a53f62f01ac7e 100644 --- a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/ShiroAuthManager.java +++ b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/ShiroAuthManager.java @@ -153,7 +153,7 @@ public RoleRecord newRole( String roleName, String... users ) throws IOException } @Override - public AuthSubject login( Map authToken ) throws InvalidAuthTokenException + public ShiroAuthSubject login( Map authToken ) throws InvalidAuthTokenException { assertAuthEnabled(); diff --git a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProcedureTestBase.java b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProcedureTestBase.java index f6fdbd7800e2f..fb4cd6e6fff4f 100644 --- a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProcedureTestBase.java +++ b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProcedureTestBase.java @@ -59,14 +59,15 @@ public class AuthProcedureTestBase { - protected AuthSubject adminSubject; - protected AuthSubject schemaSubject; - protected AuthSubject writeSubject; - protected AuthSubject readSubject; - protected AuthSubject noneSubject; + protected ShiroAuthSubject adminSubject; + protected ShiroAuthSubject schemaSubject; + protected ShiroAuthSubject writeSubject; + protected ShiroAuthSubject readSubject; + protected ShiroAuthSubject pwdSubject; + protected ShiroAuthSubject noneSubject; protected String[] initialUsers = { "adminSubject", "readSubject", "schemaSubject", - "readWriteSubject", "noneSubject", "neo4j" }; + "readWriteSubject", "pwdSubject", "noneSubject", "neo4j" }; protected String[] initialRoles = { "admin", "architect", "publisher", "reader", "empty" }; protected GraphDatabaseAPI db; @@ -81,6 +82,7 @@ public void setUp() throws Throwable manager.init(); manager.start(); manager.newUser( "noneSubject", "abc", false ); + manager.newUser( "pwdSubject", "abc", true ); manager.newUser( "adminSubject", "abc", false ); manager.newUser( "schemaSubject", "abc", false ); manager.newUser( "readWriteSubject", "abc", false ); @@ -92,6 +94,7 @@ public void setUp() throws Throwable manager.newRole( READER, "readSubject" ); manager.newRole( "empty" ); noneSubject = manager.login( authToken( "noneSubject", "abc" ) ); + pwdSubject = manager.login( authToken( "pwdSubject", "abc" ) ); readSubject = manager.login( authToken( "readSubject", "123" ) ); writeSubject = manager.login( authToken( "readWriteSubject", "abc" ) ); schemaSubject = manager.login( authToken( "schemaSubject", "abc" ) ); @@ -119,12 +122,12 @@ protected List listOf( String... values ) //------------- Helper functions--------------- - protected void testSuccessfulReadAction( AuthSubject subject, int count ) + protected void testSuccessfulRead( AuthSubject subject, int count ) { testCallCount( subject, "MATCH (n) RETURN n", null, count ); } - protected void testFailReadAction( AuthSubject subject, int count ) + protected void testFailRead( AuthSubject subject, int count ) { // TODO: this should be permission denied instead testCallFail( subject, @@ -132,12 +135,12 @@ protected void testFailReadAction( AuthSubject subject, int count ) AuthorizationViolationException.class, "Read operations are not allowed" ); } - protected void testSuccessfulWriteAction( AuthSubject subject ) + protected void testSuccessfulWrite( AuthSubject subject ) { testCallEmpty( subject, "CREATE (:Node)" ); } - protected void testFailWriteAction( AuthSubject subject ) + protected void testFailWrite( AuthSubject subject ) { // TODO: this should be permission denied instead testCallFail( subject, @@ -145,7 +148,7 @@ protected void testFailWriteAction( AuthSubject subject ) AuthorizationViolationException.class, "Write operations are not allowed" ); } - protected void testSuccessfulSchemaAction( AuthSubject subject ) + protected void testSuccessfulSchema( AuthSubject subject ) { testCallEmpty( subject, "CREATE INDEX ON :Node(number)" ); } @@ -162,15 +165,19 @@ protected void testFailCreateUser( AuthSubject subject ) { testCallFail( subject, "CALL dbms.createUser('Craig', 'foo', false)", QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + testCallFail( subject, "CALL dbms.createUser('Craig', '', false)", QueryExecutionException.class, + AuthProcedures.PERMISSION_DENIED ); + testCallFail( subject, "CALL dbms.createUser('', 'foo', false)", QueryExecutionException.class, + AuthProcedures.PERMISSION_DENIED ); } - protected void testFailAddUserToRoleAction( AuthSubject subject ) + protected void testFailAddUserToRole( AuthSubject subject ) { testCallFail( subject, "CALL dbms.addUserToRole('Craig', '" + PUBLISHER + "')", QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); } - protected void testFailRemoveUserFromRoleAction( AuthSubject subject ) + protected void testFailRemoveUserFromRole( AuthSubject subject ) { testCallFail( subject, "CALL dbms.removeUserFromRole('Craig', '" + PUBLISHER + "')", QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); @@ -180,9 +187,11 @@ protected void testFailDeleteUser( AuthSubject subject ) { testCallFail( subject, "CALL dbms.deleteUser('Craig')", QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + testCallFail( subject, "CALL dbms.deleteUser('')", QueryExecutionException.class, + AuthProcedures.PERMISSION_DENIED ); } - protected void testSuccessfulListUsersAction( AuthSubject subject, String[] users ) + protected void testSuccessfulListUsers( AuthSubject subject, String[] users ) { testResult( subject, "CALL dbms.listUsers() YIELD username AS users RETURN users", r -> resultKeyIsArray( r, "users", users ) ); @@ -195,7 +204,7 @@ protected void testFailListUsers( AuthSubject subject, int count ) QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); } - protected void testSuccessfulListRolesAction( AuthSubject subject, String[] roles ) + protected void testSuccessfulListRoles( AuthSubject subject, String[] roles ) { testResult( subject, "CALL dbms.listRoles() YIELD role AS roles RETURN roles", r -> resultKeyIsArray( r, "roles", roles ) ); @@ -288,8 +297,22 @@ protected void testCallFail( AuthSubject subject, String call, protected void testUnAunthenticated( ShiroAuthSubject subject ) { - //TODO: inprove me to be less gullible! - assert( subject.getSubject().isAuthenticated() ); + //TODO: improve me to be less gullible! + assertFalse( subject.getSubject().isAuthenticated() ); + } + + protected void testUnAunthenticated( ShiroAuthSubject subject, String call ) + { + //TODO: OMG improve thrown exception + try + { + testCallEmpty( subject, call, null ); + fail( "Allowed un-authenticated query!" ); + } + catch ( Exception e ) + { + assertEquals( NullPointerException.class, e.getClass() ); + } } protected void testCallEmpty( AuthSubject subject, String call ) diff --git a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProceduresTest.java b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProceduresTest.java index 3bc2521057f52..b4d5652c3aba5 100644 --- a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProceduresTest.java +++ b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProceduresTest.java @@ -24,7 +24,6 @@ import java.util.Map; import org.neo4j.graphdb.QueryExecutionException; -import org.neo4j.kernel.api.security.AuthSubject; import org.neo4j.kernel.api.security.AuthenticationResult; import static org.junit.Assert.assertEquals; @@ -40,6 +39,7 @@ import static org.neo4j.server.security.enterprise.auth.PredefinedRolesBuilder.PUBLISHER; import static org.neo4j.server.security.enterprise.auth.PredefinedRolesBuilder.READER; +// TODO: homogenize "'' does not exist" type error messages. In short, add quotes in the right places public class AuthProceduresTest extends AuthProcedureTestBase { @@ -51,11 +51,25 @@ public class AuthProceduresTest extends AuthProcedureTestBase public void shouldChangeOwnPassword() throws Exception { testCallEmpty( readSubject, "CALL dbms.changePassword( '321' )" ); - AuthSubject subject = manager.login( authToken( "readSubject", "321" ) ); + testUnAunthenticated( readSubject ); + + ShiroAuthSubject subject = manager.login( authToken( "readSubject", "321" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); } - //---------- Change user password ----------- + /* + TODO: uncomment and fix + @Test + public void shouldNotChangeOwnPasswordIfNewPasswordInvalid() throws Exception + { + testCallFail( readSubject, "CALL dbms.changePassword( '' )", QueryExecutionException.class, + "Password cannot be empty" ); + testCallFail( readSubject, "CALL dbms.changePassword( '321' )", QueryExecutionException.class, + "Old password and new password cannot be the same" ); + } + */ + + //---------- change user password ----------- // Should change password for admin subject and valid user @Test @@ -132,7 +146,7 @@ public void shouldNotChangeUserPasswordIfSamePassword() throws Exception QueryExecutionException.class, "Old password and new password cannot be the same" ); } - //---------- User creation ----------- + //---------- create user ----------- @Test public void shouldCreateUser() throws Exception @@ -141,7 +155,10 @@ public void shouldCreateUser() throws Exception assertNotNull( "User craig should exist", manager.getUser( "craig" ) ); } + /* + TODO: uncomment and fix @Test +<<<<<<< 061656f5c3e1c3445f51c0387f2876d6c19e437d public void shouldNotCreateUserWithEmptyPassword() throws Exception { testCallFail( db, adminSubject, "CALL dbms.createUser('craig', '', true)", QueryExecutionException.class, @@ -150,173 +167,324 @@ public void shouldNotCreateUserWithEmptyPassword() throws Exception @Test public void shouldNotCreateExistingUser() throws Exception +======= + public void shouldNotCreateUserIfInvalidUsername() throws Exception +>>>>>>> Vastly increased AuthProcedures unit test coverage. { + testCallFail( adminSubject, "CALL dbms.createUser('', '1234', true)", QueryExecutionException.class, + "Username cannot be empty" ); + testCallFail( adminSubject, "CALL dbms.createUser('&%ss!', '1234', true)", QueryExecutionException.class, + "Username cannot be empty" ); + testCallFail( adminSubject, "CALL dbms.createUser('&%ss!', '', true)", QueryExecutionException.class, + "Username cannot be empty" ); + } + */ - testCallEmpty( adminSubject, "CALL dbms.createUser('craig', '1234', true)" ); - assertNotNull( "User craig should exist", manager.getUser( "craig" ) ); - testCallFail( adminSubject, "CALL dbms.createUser('craig', '1234', true)", QueryExecutionException.class, - "The specified user already exists" ); + /* + TODO: uncomment and fix + @Test + public void shouldNotCreateUserIfInvalidPassword() throws Exception + { + testCallFail( adminSubject, "CALL dbms.createUser('craig', '', true)", QueryExecutionException.class, + "Password cannot be empty" ); + } + */ + + @Test + public void shouldNotCreateExistingUser() throws Exception + { + testCallFail( adminSubject, "CALL dbms.createUser('readSubject', '1234', true)", + QueryExecutionException.class, "The specified user already exists" ); + testCallFail( adminSubject, "CALL dbms.createUser('readSubject', '', true)", + QueryExecutionException.class, "The specified user already exists" ); } @Test public void shouldNotAllowNonAdminCreateUser() throws Exception { - testFailCreateUser( noneSubject ); + testFailCreateUser( pwdSubject ); testFailCreateUser( readSubject ); testFailCreateUser( writeSubject ); testFailCreateUser( schemaSubject ); } - //----------User and role management----------- + //---------- delete user ----------- + @Test - public void shouldAllowAddingAndRemovingUserFromRole() throws Exception + public void shouldDeleteUser() throws Exception { - assertFalse( "Should not have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); - testCallEmpty( adminSubject, "CALL dbms.addUserToRole('readSubject', '" + PUBLISHER + "')" ); - assertTrue( "Should have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); - testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('readSubject', '" + PUBLISHER + "')" ); - assertFalse( "Should not have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); + testCallEmpty( adminSubject, "CALL dbms.deleteUser('readSubject')" ); + assertNull( "User readSubject should not exist", manager.getUser( "readSubject" ) ); } @Test - public void shouldAllowAddingUserToRoleMultipleTimes() throws Exception + public void shouldNotDeleteUserIfNotAdmin() throws Exception { - assertFalse( "Should not have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); - testCallEmpty( adminSubject, "CALL dbms.addUserToRole('readSubject', '" + PUBLISHER + "')" ); - testCallEmpty( adminSubject, "CALL dbms.addUserToRole('readSubject', '" + PUBLISHER + "')" ); - assertTrue( "Should have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); + testFailDeleteUser( pwdSubject ); + testFailDeleteUser( readSubject ); + testFailDeleteUser( writeSubject ); + testFailDeleteUser( schemaSubject ); } @Test - public void shouldAllowRemovingUserFromRoleMultipleTimes() throws Exception + public void shouldNotAllowDeletingNonExistingUser() throws Exception { - assertFalse( "Should not have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); - testCallEmpty( adminSubject, "CALL dbms.addUserToRole('readSubject', '" + PUBLISHER + "')" ); - assertTrue( "Should have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); - testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('readSubject', '" + PUBLISHER + "')" ); - testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('readSubject', '" + PUBLISHER + "')" ); - assertFalse( "Should not have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); + testCallFail( adminSubject, "CALL dbms.deleteUser('Craig')", + QueryExecutionException.class, "The user 'Craig' does not exist" ); } + /* + TODO: uncomment and fix @Test - public void shouldAllowAddingAndRemovingUserFromMultipleRoles() throws Exception + public void shouldNotAllowDeletingYourself() throws Exception { - assertFalse( "Should not have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); - assertFalse( "Should not have role architect", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( ARCHITECT ) ); - testCallEmpty( adminSubject, "CALL dbms.addUserToRole('readSubject', '" + PUBLISHER + "')" ); - testCallEmpty( adminSubject, "CALL dbms.addUserToRole('readSubject', '" + ARCHITECT + "')" ); - assertTrue( "Should have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); - assertTrue( "Should have role architect", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( ARCHITECT ) ); - - testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('readSubject', '" + PUBLISHER + "')" ); - testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('readSubject', '" + ARCHITECT + "')" ); - assertFalse( "Should not have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); - assertFalse( "Should not have role architect", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( ARCHITECT ) ); + testCallFail( adminSubject, "CALL dbms.deleteUser('" + adminSubject.name() + "')", + QueryExecutionException.class, "Deleting yourself is not allowed" ); } + */ + + //---------- suspend user ----------- @Test - public void shouldNotAllowNonAdminAddingUserToRole() throws Exception + public void shouldSuspendUser() throws Exception { - testFailAddUserToRoleAction( noneSubject ); - testFailAddUserToRoleAction( readSubject ); - testFailAddUserToRoleAction( writeSubject ); - testFailAddUserToRoleAction( schemaSubject ); + testCallEmpty( adminSubject, "CALL dbms.suspendUser('readSubject')" ); + assertTrue( manager.getUser( "readSubject" ).hasFlag( FileUserRealm.IS_SUSPENDED ) ); } @Test - public void shouldNotAllowNonAdminRemovingUserFromRole() throws Exception + public void shouldSuspendSuspendedUser() throws Exception { - testFailRemoveUserFromRoleAction( noneSubject ); - testFailRemoveUserFromRoleAction( readSubject ); - testFailRemoveUserFromRoleAction( writeSubject ); - testFailRemoveUserFromRoleAction( schemaSubject ); + testCallEmpty( adminSubject, "CALL dbms.suspendUser('readSubject')" ); + testCallEmpty( adminSubject, "CALL dbms.suspendUser('readSubject')" ); + assertTrue( manager.getUser( "readSubject" ).hasFlag( FileUserRealm.IS_SUSPENDED ) ); } - //----------User deletion ----------- - @Test - public void shouldDeleteUser() throws Exception + public void shouldFailToSuspendNonExistingUser() throws Exception { - testCallEmpty( adminSubject, "CALL dbms.createUser('Craig', '1234', true)" ); - assertNotNull( "User Craig should exist", manager.getUser( "Craig" ) ); - testCallEmpty( adminSubject, "CALL dbms.deleteUser('Craig')" ); - assertNull( "User Craig should not exist", manager.getUser( "Craig" ) ); + testCallFail( adminSubject, "CALL dbms.suspendUser('Craig')", + QueryExecutionException.class, "User Craig does not exist" ); } @Test - public void shouldNotAllowNonAdminDeleteUser() throws Exception + public void shouldFailToSuspendIfNotAdmin() throws Exception { - testFailDeleteUser( noneSubject ); - testFailDeleteUser( readSubject ); - testFailDeleteUser( writeSubject ); - testFailDeleteUser( schemaSubject ); + testCallFail( schemaSubject, "CALL dbms.suspendUser('readSubject')", + QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + testCallFail( schemaSubject, "CALL dbms.suspendUser('Craig')", + QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + testCallFail( schemaSubject, "CALL dbms.suspendUser('')", + QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); } + /* + TODO: uncomment and fix @Test - public void shouldNotAllowDeletingNonExistingUser() throws Exception + public void shouldFailToSuspendYourself() throws Exception { - testCallEmpty( adminSubject, "CALL dbms.createUser('Craig', '1234', true)" ); - assertNotNull( "User Craig should exist", manager.getUser( "Craig" ) ); - testCallEmpty( adminSubject, "CALL dbms.deleteUser('Craig')" ); - assertNull( "User Craig should not exist", manager.getUser( "Craig" ) ); - testCallFail( adminSubject, "CALL dbms.deleteUser('Craig')", QueryExecutionException.class, - "The user 'Craig' does not exist" ); + testCallFail( adminSubject, "CALL dbms.suspendUser('" + adminSubject.name() + "')", + QueryExecutionException.class, "Suspending yourself is not allowed" ); } + */ - //----------User suspension scenarios----------- + //---------- activate user ----------- @Test - public void shouldSuspendUser() throws Exception + public void shouldActivateUser() throws Exception { - testCallEmpty( adminSubject, "CALL dbms.suspendUser('readSubject')" ); - assertTrue( manager.getUser( "readSubject" ).hasFlag( FileUserRealm.IS_SUSPENDED ) ); + manager.suspendUser( "readSubject" ); + testCallEmpty( adminSubject, "CALL dbms.activateUser('readSubject')" ); + assertFalse( manager.getUser( "readSubject" ).hasFlag( FileUserRealm.IS_SUSPENDED ) ); } @Test - public void shouldActivateUser() throws Exception + public void shouldActivateActiveUser() throws Exception { manager.suspendUser( "readSubject" ); testCallEmpty( adminSubject, "CALL dbms.activateUser('readSubject')" ); + testCallEmpty( adminSubject, "CALL dbms.activateUser('readSubject')" ); assertFalse( manager.getUser( "readSubject" ).hasFlag( FileUserRealm.IS_SUSPENDED ) ); } + /* + TODO: uncomment and fix @Test - public void shouldFailOnNonAdminSuspend() throws Exception + public void shouldFailToActivateNonExistingUser() throws Exception { - testCallFail( schemaSubject, "CALL dbms.suspendUser('readSubject')", - QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + testCallFail( adminSubject, "CALL dbms.activateUser('Craig')", + QueryExecutionException.class, "User 'Craig' does not exist" ); } + */ @Test - public void shouldFailOnNonAdminActivate() throws Exception + public void shouldFailToActivateIfNotAdmin() throws Exception { manager.suspendUser( "readSubject" ); testCallFail( schemaSubject, "CALL dbms.activateUser('readSubject')", QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + testCallFail( schemaSubject, "CALL dbms.activateUser('Craig')", + QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + testCallFail( schemaSubject, "CALL dbms.activateUser('')", + QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + } + + /* + TODO: uncomment and fix + @Test + public void shouldFailToActivateYourself() throws Exception + { + testCallFail( adminSubject, "CALL dbms.activateUser('" + adminSubject.name() + "')", + QueryExecutionException.class, "Activating yourself is not allowed" ); + } + */ + + //---------- add user to role ----------- + + @Test + public void shouldAddUserToRole() throws Exception + { + assertFalse( "Should not have role publisher", readSubject.getSubject().hasRole( PUBLISHER ) ); + testCallEmpty( adminSubject, "CALL dbms.addUserToRole('readSubject', '" + PUBLISHER + "')" ); + assertTrue( "Should have role publisher", readSubject.getSubject().hasRole( PUBLISHER ) ); + } + + @Test + public void shouldAddRetainUserInRole() throws Exception + { + assertTrue( "Should have role reader", readSubject.getSubject().hasRole( READER ) ); + testCallEmpty( adminSubject, "CALL dbms.addUserToRole('readSubject', '" + READER + "')" ); + assertTrue( "Should have still have role reader", readSubject.getSubject().hasRole( READER ) ); + } + + @Test + public void shouldFailToAddNonExistingUserToRole() throws Exception + { + testCallFail( adminSubject, "CALL dbms.addUserToRole('Olivia', '" + PUBLISHER + "')", + QueryExecutionException.class, "User Olivia does not exist" ); + testCallFail( adminSubject, "CALL dbms.addUserToRole('Olivia', 'thisRoleDoesNotExist')", + QueryExecutionException.class, "User Olivia does not exist" ); + testCallFail( adminSubject, "CALL dbms.addUserToRole('Olivia', '')", + QueryExecutionException.class, "User Olivia does not exist" ); + } + + @Test + public void shouldFailToAddUserToNonExistingRole() throws Exception + { + testCallFail( adminSubject, "CALL dbms.addUserToRole('readSubject', 'thisRoleDoesNotExist')", + QueryExecutionException.class, "Role thisRoleDoesNotExist does not exist" ); + testCallFail( adminSubject, "CALL dbms.addUserToRole('readSubject', '')", + QueryExecutionException.class, "Role does not exist" ); + } + + @Test + public void shouldFailToAddUserToRoleIfNotAdmin() throws Exception + { + testFailAddUserToRole( pwdSubject ); + testFailAddUserToRole( readSubject ); + testFailAddUserToRole( writeSubject ); + + testCallFail( schemaSubject, "CALL dbms.addUserToRole('readSubject', '" + PUBLISHER + "')", + QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + testCallFail( schemaSubject, "CALL dbms.addUserToRole('Olivia', '" + PUBLISHER + "')", + QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + testCallFail( schemaSubject, "CALL dbms.addUserToRole('Olivia', 'thisRoleDoesNotExist')", + QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + } + + //---------- remove user from role ----------- + + @Test + public void shouldRemoveUserFromRole() throws Exception + { + testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('readSubject', '" + READER + "')" ); + assertFalse( "Should not have role reader", readSubject.getSubject().hasRole( READER ) ); + } + + @Test + public void shouldKeepUserOutOfRole() throws Exception + { + assertFalse( "Should not have role publisher", readSubject.getSubject().hasRole( PUBLISHER ) ); + testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('readSubject', '" + PUBLISHER + "')" ); + assertFalse( "Should not have role publisher", readSubject.getSubject().hasRole( PUBLISHER ) ); } - //----------List users/roles----------- + @Test + public void shouldFailToRemoveNonExistingUserFromRole() throws Exception + { + testCallFail( adminSubject, "CALL dbms.removeUserFromRole('Olivia', '" + PUBLISHER + "')", + QueryExecutionException.class, "User Olivia does not exist" ); + testCallFail( adminSubject, "CALL dbms.removeUserFromRole('Olivia', 'thisRoleDoesNotExist')", + QueryExecutionException.class, "User Olivia does not exist" ); + testCallFail( adminSubject, "CALL dbms.removeUserFromRole('Olivia', '')", + QueryExecutionException.class, "User Olivia does not exist" ); + } @Test - public void shouldReturnUsers() throws Exception + public void shouldFailToRemoveUserFromNonExistingRole() throws Exception + { + testCallFail( adminSubject, "CALL dbms.removeUserFromRole('readSubject', 'thisRoleDoesNotExist')", + QueryExecutionException.class, "Role thisRoleDoesNotExist does not exist" ); + testCallFail( adminSubject, "CALL dbms.removeUserFromRole('readSubject', '')", + QueryExecutionException.class, "Role does not exist" ); + } + + @Test + public void shouldFailToRemoveUserFromRoleIfNotAdmin() throws Exception + { + testFailRemoveUserFromRole( pwdSubject ); + testFailRemoveUserFromRole( readSubject ); + testFailRemoveUserFromRole( writeSubject ); + + testCallFail( schemaSubject, "CALL dbms.removeUserFromRole('readSubject', '" + READER + "')", + QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + testCallFail( schemaSubject, "CALL dbms.removeUserFromRole('Olivia', '" + READER + "')", + QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + testCallFail( schemaSubject, "CALL dbms.removeUserFromRole('Olivia', 'thisRoleDoesNotExist')", + QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + } + + /* + TODO: uncomment and fix + @Test + public void shouldFailToRemoveYourselfFromAdminRole() throws Exception + { + testCallFail( adminSubject, "CALL dbms.removeUserFromRole('" + adminSubject.name() + "', '" + ADMIN + "')", + QueryExecutionException.class, "Remove yourself from admin role is not allowed" ); + } + */ + + //---------- manage multiple roles ----------- + + @Test + public void shouldAllowAddingAndRemovingUserFromMultipleRoles() throws Exception + { + assertFalse( "Should not have role publisher", + ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); + assertFalse( "Should not have role architect", + ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( ARCHITECT ) ); + testCallEmpty( adminSubject, "CALL dbms.addUserToRole('readSubject', '" + PUBLISHER + "')" ); + testCallEmpty( adminSubject, "CALL dbms.addUserToRole('readSubject', '" + ARCHITECT + "')" ); + assertTrue( "Should have role publisher", + ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); + assertTrue( "Should have role architect", + ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( ARCHITECT ) ); + + testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('readSubject', '" + PUBLISHER + "')" ); + testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('readSubject', '" + ARCHITECT + "')" ); + assertFalse( "Should not have role publisher", + ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); + assertFalse( "Should not have role architect", + ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( ARCHITECT ) ); + } + + //---------- list users ----------- + + @Test + public void shouldListUsers() throws Exception { testResult( adminSubject, "CALL dbms.listUsers() YIELD username", - r -> resultKeyIs( r, "username", "adminSubject", "readSubject", "schemaSubject", - "readWriteSubject", "noneSubject", "neo4j" ) ); + r -> resultKeyIs( r, "username", initialUsers ) ); } @Test @@ -355,17 +523,19 @@ public void shouldShowCurrentUser() throws Exception @Test public void shouldNotAllowNonAdminListUsers() throws Exception { - testFailListUsers( noneSubject, 5 ); + testFailListUsers( pwdSubject, 5 ); testFailListUsers( readSubject, 5 ); testFailListUsers( writeSubject, 5 ); testFailListUsers( schemaSubject, 5 ); } + //---------- list roles ----------- + @Test - public void shouldReturnRoles() throws Exception + public void shouldListRoles() throws Exception { testResult( adminSubject, "CALL dbms.listRoles() YIELD role AS roles RETURN roles", - r -> resultKeyIs( r, "roles", ADMIN, ARCHITECT, PUBLISHER, READER, "empty" ) ); + r -> resultKeyIs( r, "roles", initialRoles ) ); } @Test @@ -385,68 +555,197 @@ PUBLISHER, listOf( "readWriteSubject" ), @Test public void shouldNotAllowNonAdminListRoles() throws Exception { - testFailListRoles( noneSubject ); + testFailListRoles( pwdSubject ); testFailListRoles( readSubject ); testFailListRoles( writeSubject ); testFailListRoles( schemaSubject ); } + //---------- list roles for user ----------- + @Test public void shouldListRolesForUser() throws Exception { testResult( adminSubject, "CALL dbms.listRolesForUser('adminSubject') YIELD value as roles RETURN roles", r -> resultKeyIs( r, "roles", ADMIN ) ); + testResult( adminSubject, "CALL dbms.listRolesForUser('readSubject') YIELD value as roles RETURN roles", + r -> resultKeyIs( r, "roles", READER ) ); + } + + @Test + public void shouldListNoRolesForUserWithNoRoles() throws Exception + { + testCallEmpty( adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)" ); + testCallEmpty( adminSubject, "CALL dbms.listRolesForUser('Henrik') YIELD value as roles RETURN roles" ); + } + + @Test + public void shouldNotListRolesForNonExistingUser() throws Exception + { + testCallFail( adminSubject, "CALL dbms.listRolesForUser('Petra') YIELD value as roles RETURN roles", + QueryExecutionException.class, "User Petra does not exist" ); + testCallFail( adminSubject, "CALL dbms.listRolesForUser('') YIELD value as roles RETURN roles", + QueryExecutionException.class, "User does not exist" ); + } + + /* + TODO: uncommend and fix + @Test + public void shouldListOwnRolesRoles() throws Exception + { + testResult( adminSubject, "CALL dbms.listRolesForUser('adminSubject') YIELD value as roles RETURN roles", + r -> resultKeyIs( r, "roles", ADMIN ) ); + testResult( readSubject, "CALL dbms.listRolesForUser('readSubject') YIELD value as roles RETURN roles", + r -> resultKeyIs( r, "roles", READER ) ); } + */ @Test public void shouldNotAllowNonAdminListUserRoles() throws Exception { - testFailListUserRoles( noneSubject, "adminSubject" ); + testFailListUserRoles( pwdSubject, "adminSubject" ); testFailListUserRoles( readSubject, "adminSubject" ); testFailListUserRoles( writeSubject, "adminSubject" ); testFailListUserRoles( schemaSubject, "adminSubject" ); } + //---------- list users for role ----------- + @Test - public void shouldFailToListRolesForUnknownUser() throws Exception + public void shouldListUsersForRole() throws Exception { - testCallFail( adminSubject, "CALL dbms.listRolesForUser('Henrik') YIELD value as roles RETURN roles", - QueryExecutionException.class, "User Henrik does not exist." ); + testResult( adminSubject, "CALL dbms.listUsersForRole('admin') YIELD value as users RETURN users", + r -> resultKeyIs( r, "users", adminSubject.name(), "neo4j" ) ); } @Test - public void shouldListNoRolesForUserWithNoRoles() throws Exception + public void shouldListNoUsersForRoleWithNoUsers() throws Exception { - testCallEmpty( adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)" ); - testCallEmpty( adminSubject, "CALL dbms.listRolesForUser('Henrik') YIELD value as roles RETURN roles" ); + testCallEmpty( adminSubject, "CALL dbms.listUsersForRole('empty') YIELD value as users RETURN users" ); } @Test - public void shouldListUsersForRole() throws Exception + public void shouldNotListUsersForNonExistingRole() throws Exception { - testResult( adminSubject, "CALL dbms.listUsersForRole('admin') YIELD value as users RETURN users", - r -> resultKeyIs( r, "users", adminSubject.name(), "neo4j" ) ); + testCallFail( adminSubject, "CALL dbms.listUsersForRole('poodle') YIELD value as users RETURN users", + QueryExecutionException.class, "Role poodle does not exist" ); + testCallFail( adminSubject, "CALL dbms.listUsersForRole('') YIELD value as users RETURN users", + QueryExecutionException.class, "Role does not exist" ); } @Test - public void shouldNotAllowNonAdminListRoleUsers() throws Exception + public void shouldNotListUsersForRoleIfNotAdmin() throws Exception { - testFailListRoleUsers( noneSubject, ADMIN ); + testFailListRoleUsers( pwdSubject, ADMIN ); testFailListRoleUsers( readSubject, ADMIN ); testFailListRoleUsers( writeSubject, ADMIN ); testFailListRoleUsers( schemaSubject, ADMIN ); } + //---------- permissions ----------- + + /* + TODO: uncomment and fix un-authentication handling @Test - public void shouldFailToListUsersForUnknownRole() throws Exception + public void shouldSetCorrectUnAuthenticatedPermissions() throws Exception { - testCallFail( adminSubject, "CALL dbms.listUsersForRole('Foo') YIELD value as users RETURN users", - QueryExecutionException.class, "Role Foo does not exist." ); + pwdSubject.logout(); + testUnAunthenticated( pwdSubject, "MATCH (n) RETURN n" ); + testUnAunthenticated( pwdSubject, "CREATE (:Node)" ); + testUnAunthenticated( pwdSubject, "CREATE INDEX ON :Node(number)" ); + testUnAunthenticated( pwdSubject, "CALL dbms.changePassword( '321' )" ); + testUnAunthenticated( pwdSubject, "CALL dbms.createUser('Henrik', 'bar', true)" ); } + */ @Test - public void shouldListNoUsersForRoleWithNoUsers() throws Exception + public void shouldSetCorrectPasswordChangeRequiredPermissions() throws Exception { - testCallEmpty( adminSubject, "CALL dbms.listUsersForRole('empty') YIELD value as users RETURN users" ); + testFailRead( pwdSubject, 3 ); + testFailWrite( pwdSubject ); + testFailSchema( pwdSubject ); + testCallEmpty( pwdSubject, "CALL dbms.changePassword( '321' )" ); + + testCallEmpty( adminSubject, "CALL dbms.createUser('Henrik', 'bar', true)" ); + testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + ARCHITECT + "')" ); + ShiroAuthSubject henrik = manager.login( authToken( "Henrik", "bar" ) ); + assertEquals( AuthenticationResult.PASSWORD_CHANGE_REQUIRED, henrik.getAuthenticationResult() ); + testFailRead( henrik, 3 ); + testFailWrite( henrik ); + testFailSchema( henrik ); + testCallEmpty( henrik, "CALL dbms.changePassword( '321' )" ); + + testCallEmpty( adminSubject, "CALL dbms.createUser('Olivia', 'bar', true)" ); + testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Olivia', '" + ADMIN + "')" ); + ShiroAuthSubject olivia = manager.login( authToken( "Olivia", "bar" ) ); + assertEquals( AuthenticationResult.PASSWORD_CHANGE_REQUIRED, olivia.getAuthenticationResult() ); + testFailRead( olivia, 3 ); + testFailWrite( olivia ); + testFailSchema( olivia ); + testCallFail( olivia, "CALL dbms.createUser('OliviasFriend', 'bar', false)", + QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + testCallEmpty( olivia, "CALL dbms.changePassword( '321' )" ); + } + + @Test + public void shouldSetCorrectNoRolePermissions() throws Exception + { + testFailRead( noneSubject, 3 ); + testFailWrite( noneSubject ); + testFailSchema( noneSubject ); + testFailCreateUser( noneSubject ); + testCallEmpty( noneSubject, "CALL dbms.changePassword( '321' )" ); + } + + @Test + public void shouldSetCorrectReaderPermissions() throws Exception + { + testSuccessfulRead( readSubject, 3 ); + testFailWrite( readSubject ); + testFailSchema( readSubject ); + testFailCreateUser( readSubject ); + testCallEmpty( readSubject, "CALL dbms.changePassword( '321' )" ); + } + + @Test + public void shouldSetCorrectPublisherPermissions() throws Exception + { + testSuccessfulRead( writeSubject, 3 ); + testSuccessfulWrite( writeSubject ); + testFailSchema( writeSubject ); + testFailCreateUser( writeSubject ); + testCallEmpty( writeSubject, "CALL dbms.changePassword( '321' )" ); + } + + @Test + public void shouldSetCorrectSchemaPermissions() throws Exception + { + testSuccessfulRead( schemaSubject, 3 ); + testSuccessfulWrite( schemaSubject ); + testSuccessfulSchema( schemaSubject ); + testFailCreateUser( schemaSubject ); + testCallEmpty( schemaSubject, "CALL dbms.changePassword( '321' )" ); + } + + @Test + public void shouldSetCorrectAdminPermissions() throws Exception + { + testSuccessfulRead( adminSubject, 3 ); + testSuccessfulWrite( adminSubject ); + testSuccessfulSchema( adminSubject ); + testCallEmpty( adminSubject, "CALL dbms.createUser('Olivia', 'bar', true)" ); + testCallEmpty( adminSubject, "CALL dbms.changePassword( '321' )" ); + } + + @Test + public void shouldSetCorrectMultiRolePermissions() throws Exception + { + testCallEmpty( adminSubject, "CALL dbms.addUserToRole('schemaSubject', '" + READER + "')" ); + + testSuccessfulRead( schemaSubject, 3 ); + testSuccessfulWrite( schemaSubject ); + testSuccessfulSchema( schemaSubject ); + testFailCreateUser( schemaSubject ); + testCallEmpty( schemaSubject, "CALL dbms.changePassword( '321' )" ); } } diff --git a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthScenariosIT.java b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthScenariosIT.java index 7b019d2cb7bdf..675f5131e5739 100644 --- a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthScenariosIT.java +++ b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthScenariosIT.java @@ -68,12 +68,12 @@ public void userCreation1() throws Exception assertEquals( AuthenticationResult.FAILURE, subject.getAuthenticationResult() ); subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.PASSWORD_CHANGE_REQUIRED, subject.getAuthenticationResult() ); - testFailReadAction( subject, 3 ); + testFailRead( subject, 3 ); testCallEmpty( subject, "CALL dbms.changePassword( 'foo' )" ); subject = manager.login( authToken( "Henrik", "foo" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testFailWriteAction( subject ); - testSuccessfulReadAction( subject, 3 ); + testFailWrite( subject ); + testSuccessfulRead( subject, 3 ); } /* @@ -94,10 +94,10 @@ public void userCreation2() throws Exception testCallEmpty( subject, "CALL dbms.changePassword( 'foo' )" ); subject = manager.login( authToken( "Henrik", "foo" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testFailReadAction( subject, 3 ); + testFailRead( subject, 3 ); testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + READER + "')" ); - testFailWriteAction( subject ); - testSuccessfulReadAction( subject, 3 ); + testFailWrite( subject ); + testSuccessfulRead( subject, 3 ); } /* @@ -116,10 +116,10 @@ public void userCreation3() throws Exception testCallEmpty( adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)" ); AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testFailReadAction( subject, 3 ); + testFailRead( subject, 3 ); testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + PUBLISHER + "')" ); - testSuccessfulWriteAction( subject ); - testSuccessfulReadAction( subject, 4 ); + testSuccessfulWrite( subject ); + testSuccessfulRead( subject, 4 ); testFailSchema( subject ); } @@ -143,14 +143,14 @@ public void userCreation4() throws Exception testCallEmpty( adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)" ); AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testFailReadAction( subject, 3 ); - testFailWriteAction( subject ); + testFailRead( subject, 3 ); + testFailWrite( subject ); testFailSchema( subject ); testFailCreateUser( subject ); testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + ARCHITECT + "')" ); - testSuccessfulWriteAction( subject ); - testSuccessfulReadAction( subject, 4 ); - testSuccessfulSchemaAction( subject ); + testSuccessfulWrite( subject ); + testSuccessfulRead( subject, 4 ); + testSuccessfulSchema( subject ); testFailCreateUser( subject ); } @@ -255,12 +255,12 @@ public void roleManagement1() throws Exception testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + PUBLISHER + "')" ); AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testSuccessfulWriteAction( subject ); + testSuccessfulWrite( subject ); testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('Henrik', '" + PUBLISHER + "')" ); - testFailReadAction( subject, 4 ); + testFailRead( subject, 4 ); testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + READER + "')" ); - testFailWriteAction( subject ); - testSuccessfulReadAction( subject, 4 ); + testFailWrite( subject ); + testSuccessfulRead( subject, 4 ); } /* @@ -277,10 +277,10 @@ public void roleManagement2() throws Exception testCallEmpty( adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)" ); AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testFailWriteAction( subject ); + testFailWrite( subject ); testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + PUBLISHER + "')" ); testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + PUBLISHER + "')" ); - testSuccessfulWriteAction( subject ); + testSuccessfulWrite( subject ); } /* @@ -302,11 +302,11 @@ public void roleManagement3() throws Exception AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + READER + "')" ); - testSuccessfulWriteAction( subject ); - testSuccessfulReadAction( subject, 4 ); + testSuccessfulWrite( subject ); + testSuccessfulRead( subject, 4 ); testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('Henrik', '" + PUBLISHER + "')" ); - testFailWriteAction( subject ); - testSuccessfulReadAction( subject, 4 ); + testFailWrite( subject ); + testSuccessfulRead( subject, 4 ); } /* @@ -328,12 +328,12 @@ public void roleManagement4() throws Exception AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + READER + "')" ); - testSuccessfulWriteAction( subject ); - testSuccessfulReadAction( subject, 4 ); + testSuccessfulWrite( subject ); + testSuccessfulRead( subject, 4 ); testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('Henrik', '" + READER + "')" ); testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('Henrik', '" + PUBLISHER + "')" ); - testFailWriteAction( subject ); - testFailReadAction( subject, 4 ); + testFailWrite( subject ); + testFailRead( subject, 4 ); } //---------- User suspension ----------- @@ -373,9 +373,9 @@ public void userSuspension2() throws Exception testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + READER + "')" ); AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testSuccessfulReadAction( subject, 3 ); + testSuccessfulRead( subject, 3 ); testCallEmpty( adminSubject, "CALL dbms.suspendUser('Henrik')" ); - testFailReadAction( subject, 3 ); + testFailRead( subject, 3 ); // TODO: Check that user session is terminated instead of checking failed read subject = manager.login( authToken( "Henrik", "bar" ) ); @@ -417,14 +417,14 @@ public void userActivation1() throws Exception @Test public void userListing() throws Exception { - testSuccessfulListUsersAction( adminSubject, initialUsers ); + testSuccessfulListUsers( adminSubject, initialUsers ); testCallEmpty( adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)" ); - testSuccessfulListUsersAction( adminSubject, with( initialUsers, "Henrik" ) ); + testSuccessfulListUsers( adminSubject, with( initialUsers, "Henrik" ) ); AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); testFailListUsers( subject, 6 ); testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + ADMIN + "')" ); - testSuccessfulListUsersAction( subject, with( initialUsers, "Henrik" ) ); + testSuccessfulListUsers( subject, with( initialUsers, "Henrik" ) ); } /* @@ -442,9 +442,9 @@ public void rolesListing() throws Exception AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); testFailListRoles( subject ); - testSuccessfulListRolesAction( adminSubject, initialRoles ); + testSuccessfulListRoles( adminSubject, initialRoles ); testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + ADMIN + "')" ); - testSuccessfulListRolesAction( subject, initialRoles ); + testSuccessfulListRoles( subject, initialRoles ); } /* @@ -522,16 +522,16 @@ public void changeUserPassword1() throws Exception testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + READER + "')" ); AuthSubject subject = manager.login( authToken( "Henrik", "abc" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testSuccessfulReadAction( subject, 3 ); + testSuccessfulRead( subject, 3 ); testCallEmpty( subject, "CALL dbms.changeUserPassword('Henrik', '123')" ); //TODO: uncomment the next line and make the test pass - //testSuccessfulReadAction( subject, 3 ); + //testSuccessfulRead( subject, 3 ); subject.logout(); subject = manager.login( authToken( "Henrik", "abc" ) ); assertEquals( AuthenticationResult.FAILURE, subject.getAuthenticationResult() ); subject = manager.login( authToken( "Henrik", "123" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testSuccessfulReadAction( subject, 3 ); + testSuccessfulRead( subject, 3 ); } /* @@ -553,14 +553,14 @@ public void changeUserPassword2() throws Exception testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + READER + "')" ); AuthSubject subject = manager.login( authToken( "Henrik", "abc" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testSuccessfulReadAction( subject, 3 ); + testSuccessfulRead( subject, 3 ); testCallEmpty( adminSubject, "CALL dbms.changeUserPassword('Henrik', '123')" ); subject.logout(); subject = manager.login( authToken( "Henrik", "abc" ) ); assertEquals( AuthenticationResult.FAILURE, subject.getAuthenticationResult() ); subject = manager.login( authToken( "Henrik", "123" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testSuccessfulReadAction( subject, 3 ); + testSuccessfulRead( subject, 3 ); } /* @@ -579,7 +579,7 @@ public void changeUserPassword3() throws Exception testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + READER + "')" ); AuthSubject subject = manager.login( authToken( "Henrik", "abc" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testSuccessfulReadAction( subject, 3 ); + testSuccessfulRead( subject, 3 ); testCallFail( subject, "CALL dbms.changeUserPassword('Craig', '123')", QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); }