From fb18ae2465f3d6aa86ff4aee6a844b46124ed570 Mon Sep 17 00:00:00 2001 From: fickludd Date: Mon, 20 Jun 2016 17:12:15 +0200 Subject: [PATCH] Vastly increased AuthProcedures unit test coverage. Included all current test conditions in the security unit test overview. Some of these do not pass, but are included in commented form (marked with TODO) so we do not forget to fix them later. Minor refactoring on the TestBase too. --- .../enterprise/auth/ShiroAuthManager.java | 2 +- .../auth/AuthProcedureTestBase.java | 57 +- .../enterprise/auth/AuthProceduresTest.java | 533 ++++++++++++++---- .../enterprise/auth/AuthScenariosIT.java | 82 +-- 4 files changed, 498 insertions(+), 176 deletions(-) diff --git a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/ShiroAuthManager.java b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/ShiroAuthManager.java index c3546e532801..a53f62f01ac7 100644 --- a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/ShiroAuthManager.java +++ b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/ShiroAuthManager.java @@ -153,7 +153,7 @@ public RoleRecord newRole( String roleName, String... users ) throws IOException } @Override - public AuthSubject login( Map authToken ) throws InvalidAuthTokenException + public ShiroAuthSubject login( Map authToken ) throws InvalidAuthTokenException { assertAuthEnabled(); diff --git a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProcedureTestBase.java b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProcedureTestBase.java index f6fdbd7800e2..fb4cd6e6fff4 100644 --- a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProcedureTestBase.java +++ b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProcedureTestBase.java @@ -59,14 +59,15 @@ public class AuthProcedureTestBase { - protected AuthSubject adminSubject; - protected AuthSubject schemaSubject; - protected AuthSubject writeSubject; - protected AuthSubject readSubject; - protected AuthSubject noneSubject; + protected ShiroAuthSubject adminSubject; + protected ShiroAuthSubject schemaSubject; + protected ShiroAuthSubject writeSubject; + protected ShiroAuthSubject readSubject; + protected ShiroAuthSubject pwdSubject; + protected ShiroAuthSubject noneSubject; protected String[] initialUsers = { "adminSubject", "readSubject", "schemaSubject", - "readWriteSubject", "noneSubject", "neo4j" }; + "readWriteSubject", "pwdSubject", "noneSubject", "neo4j" }; protected String[] initialRoles = { "admin", "architect", "publisher", "reader", "empty" }; protected GraphDatabaseAPI db; @@ -81,6 +82,7 @@ public void setUp() throws Throwable manager.init(); manager.start(); manager.newUser( "noneSubject", "abc", false ); + manager.newUser( "pwdSubject", "abc", true ); manager.newUser( "adminSubject", "abc", false ); manager.newUser( "schemaSubject", "abc", false ); manager.newUser( "readWriteSubject", "abc", false ); @@ -92,6 +94,7 @@ public void setUp() throws Throwable manager.newRole( READER, "readSubject" ); manager.newRole( "empty" ); noneSubject = manager.login( authToken( "noneSubject", "abc" ) ); + pwdSubject = manager.login( authToken( "pwdSubject", "abc" ) ); readSubject = manager.login( authToken( "readSubject", "123" ) ); writeSubject = manager.login( authToken( "readWriteSubject", "abc" ) ); schemaSubject = manager.login( authToken( "schemaSubject", "abc" ) ); @@ -119,12 +122,12 @@ protected List listOf( String... values ) //------------- Helper functions--------------- - protected void testSuccessfulReadAction( AuthSubject subject, int count ) + protected void testSuccessfulRead( AuthSubject subject, int count ) { testCallCount( subject, "MATCH (n) RETURN n", null, count ); } - protected void testFailReadAction( AuthSubject subject, int count ) + protected void testFailRead( AuthSubject subject, int count ) { // TODO: this should be permission denied instead testCallFail( subject, @@ -132,12 +135,12 @@ protected void testFailReadAction( AuthSubject subject, int count ) AuthorizationViolationException.class, "Read operations are not allowed" ); } - protected void testSuccessfulWriteAction( AuthSubject subject ) + protected void testSuccessfulWrite( AuthSubject subject ) { testCallEmpty( subject, "CREATE (:Node)" ); } - protected void testFailWriteAction( AuthSubject subject ) + protected void testFailWrite( AuthSubject subject ) { // TODO: this should be permission denied instead testCallFail( subject, @@ -145,7 +148,7 @@ protected void testFailWriteAction( AuthSubject subject ) AuthorizationViolationException.class, "Write operations are not allowed" ); } - protected void testSuccessfulSchemaAction( AuthSubject subject ) + protected void testSuccessfulSchema( AuthSubject subject ) { testCallEmpty( subject, "CREATE INDEX ON :Node(number)" ); } @@ -162,15 +165,19 @@ protected void testFailCreateUser( AuthSubject subject ) { testCallFail( subject, "CALL dbms.createUser('Craig', 'foo', false)", QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + testCallFail( subject, "CALL dbms.createUser('Craig', '', false)", QueryExecutionException.class, + AuthProcedures.PERMISSION_DENIED ); + testCallFail( subject, "CALL dbms.createUser('', 'foo', false)", QueryExecutionException.class, + AuthProcedures.PERMISSION_DENIED ); } - protected void testFailAddUserToRoleAction( AuthSubject subject ) + protected void testFailAddUserToRole( AuthSubject subject ) { testCallFail( subject, "CALL dbms.addUserToRole('Craig', '" + PUBLISHER + "')", QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); } - protected void testFailRemoveUserFromRoleAction( AuthSubject subject ) + protected void testFailRemoveUserFromRole( AuthSubject subject ) { testCallFail( subject, "CALL dbms.removeUserFromRole('Craig', '" + PUBLISHER + "')", QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); @@ -180,9 +187,11 @@ protected void testFailDeleteUser( AuthSubject subject ) { testCallFail( subject, "CALL dbms.deleteUser('Craig')", QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + testCallFail( subject, "CALL dbms.deleteUser('')", QueryExecutionException.class, + AuthProcedures.PERMISSION_DENIED ); } - protected void testSuccessfulListUsersAction( AuthSubject subject, String[] users ) + protected void testSuccessfulListUsers( AuthSubject subject, String[] users ) { testResult( subject, "CALL dbms.listUsers() YIELD username AS users RETURN users", r -> resultKeyIsArray( r, "users", users ) ); @@ -195,7 +204,7 @@ protected void testFailListUsers( AuthSubject subject, int count ) QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); } - protected void testSuccessfulListRolesAction( AuthSubject subject, String[] roles ) + protected void testSuccessfulListRoles( AuthSubject subject, String[] roles ) { testResult( subject, "CALL dbms.listRoles() YIELD role AS roles RETURN roles", r -> resultKeyIsArray( r, "roles", roles ) ); @@ -288,8 +297,22 @@ protected void testCallFail( AuthSubject subject, String call, protected void testUnAunthenticated( ShiroAuthSubject subject ) { - //TODO: inprove me to be less gullible! - assert( subject.getSubject().isAuthenticated() ); + //TODO: improve me to be less gullible! + assertFalse( subject.getSubject().isAuthenticated() ); + } + + protected void testUnAunthenticated( ShiroAuthSubject subject, String call ) + { + //TODO: OMG improve thrown exception + try + { + testCallEmpty( subject, call, null ); + fail( "Allowed un-authenticated query!" ); + } + catch ( Exception e ) + { + assertEquals( NullPointerException.class, e.getClass() ); + } } protected void testCallEmpty( AuthSubject subject, String call ) diff --git a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProceduresTest.java b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProceduresTest.java index 3bc2521057f5..b4d5652c3aba 100644 --- a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProceduresTest.java +++ b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProceduresTest.java @@ -24,7 +24,6 @@ import java.util.Map; import org.neo4j.graphdb.QueryExecutionException; -import org.neo4j.kernel.api.security.AuthSubject; import org.neo4j.kernel.api.security.AuthenticationResult; import static org.junit.Assert.assertEquals; @@ -40,6 +39,7 @@ import static org.neo4j.server.security.enterprise.auth.PredefinedRolesBuilder.PUBLISHER; import static org.neo4j.server.security.enterprise.auth.PredefinedRolesBuilder.READER; +// TODO: homogenize "'' does not exist" type error messages. In short, add quotes in the right places public class AuthProceduresTest extends AuthProcedureTestBase { @@ -51,11 +51,25 @@ public class AuthProceduresTest extends AuthProcedureTestBase public void shouldChangeOwnPassword() throws Exception { testCallEmpty( readSubject, "CALL dbms.changePassword( '321' )" ); - AuthSubject subject = manager.login( authToken( "readSubject", "321" ) ); + testUnAunthenticated( readSubject ); + + ShiroAuthSubject subject = manager.login( authToken( "readSubject", "321" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); } - //---------- Change user password ----------- + /* + TODO: uncomment and fix + @Test + public void shouldNotChangeOwnPasswordIfNewPasswordInvalid() throws Exception + { + testCallFail( readSubject, "CALL dbms.changePassword( '' )", QueryExecutionException.class, + "Password cannot be empty" ); + testCallFail( readSubject, "CALL dbms.changePassword( '321' )", QueryExecutionException.class, + "Old password and new password cannot be the same" ); + } + */ + + //---------- change user password ----------- // Should change password for admin subject and valid user @Test @@ -132,7 +146,7 @@ public void shouldNotChangeUserPasswordIfSamePassword() throws Exception QueryExecutionException.class, "Old password and new password cannot be the same" ); } - //---------- User creation ----------- + //---------- create user ----------- @Test public void shouldCreateUser() throws Exception @@ -141,7 +155,10 @@ public void shouldCreateUser() throws Exception assertNotNull( "User craig should exist", manager.getUser( "craig" ) ); } + /* + TODO: uncomment and fix @Test +<<<<<<< 061656f5c3e1c3445f51c0387f2876d6c19e437d public void shouldNotCreateUserWithEmptyPassword() throws Exception { testCallFail( db, adminSubject, "CALL dbms.createUser('craig', '', true)", QueryExecutionException.class, @@ -150,173 +167,324 @@ public void shouldNotCreateUserWithEmptyPassword() throws Exception @Test public void shouldNotCreateExistingUser() throws Exception +======= + public void shouldNotCreateUserIfInvalidUsername() throws Exception +>>>>>>> Vastly increased AuthProcedures unit test coverage. { + testCallFail( adminSubject, "CALL dbms.createUser('', '1234', true)", QueryExecutionException.class, + "Username cannot be empty" ); + testCallFail( adminSubject, "CALL dbms.createUser('&%ss!', '1234', true)", QueryExecutionException.class, + "Username cannot be empty" ); + testCallFail( adminSubject, "CALL dbms.createUser('&%ss!', '', true)", QueryExecutionException.class, + "Username cannot be empty" ); + } + */ - testCallEmpty( adminSubject, "CALL dbms.createUser('craig', '1234', true)" ); - assertNotNull( "User craig should exist", manager.getUser( "craig" ) ); - testCallFail( adminSubject, "CALL dbms.createUser('craig', '1234', true)", QueryExecutionException.class, - "The specified user already exists" ); + /* + TODO: uncomment and fix + @Test + public void shouldNotCreateUserIfInvalidPassword() throws Exception + { + testCallFail( adminSubject, "CALL dbms.createUser('craig', '', true)", QueryExecutionException.class, + "Password cannot be empty" ); + } + */ + + @Test + public void shouldNotCreateExistingUser() throws Exception + { + testCallFail( adminSubject, "CALL dbms.createUser('readSubject', '1234', true)", + QueryExecutionException.class, "The specified user already exists" ); + testCallFail( adminSubject, "CALL dbms.createUser('readSubject', '', true)", + QueryExecutionException.class, "The specified user already exists" ); } @Test public void shouldNotAllowNonAdminCreateUser() throws Exception { - testFailCreateUser( noneSubject ); + testFailCreateUser( pwdSubject ); testFailCreateUser( readSubject ); testFailCreateUser( writeSubject ); testFailCreateUser( schemaSubject ); } - //----------User and role management----------- + //---------- delete user ----------- + @Test - public void shouldAllowAddingAndRemovingUserFromRole() throws Exception + public void shouldDeleteUser() throws Exception { - assertFalse( "Should not have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); - testCallEmpty( adminSubject, "CALL dbms.addUserToRole('readSubject', '" + PUBLISHER + "')" ); - assertTrue( "Should have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); - testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('readSubject', '" + PUBLISHER + "')" ); - assertFalse( "Should not have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); + testCallEmpty( adminSubject, "CALL dbms.deleteUser('readSubject')" ); + assertNull( "User readSubject should not exist", manager.getUser( "readSubject" ) ); } @Test - public void shouldAllowAddingUserToRoleMultipleTimes() throws Exception + public void shouldNotDeleteUserIfNotAdmin() throws Exception { - assertFalse( "Should not have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); - testCallEmpty( adminSubject, "CALL dbms.addUserToRole('readSubject', '" + PUBLISHER + "')" ); - testCallEmpty( adminSubject, "CALL dbms.addUserToRole('readSubject', '" + PUBLISHER + "')" ); - assertTrue( "Should have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); + testFailDeleteUser( pwdSubject ); + testFailDeleteUser( readSubject ); + testFailDeleteUser( writeSubject ); + testFailDeleteUser( schemaSubject ); } @Test - public void shouldAllowRemovingUserFromRoleMultipleTimes() throws Exception + public void shouldNotAllowDeletingNonExistingUser() throws Exception { - assertFalse( "Should not have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); - testCallEmpty( adminSubject, "CALL dbms.addUserToRole('readSubject', '" + PUBLISHER + "')" ); - assertTrue( "Should have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); - testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('readSubject', '" + PUBLISHER + "')" ); - testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('readSubject', '" + PUBLISHER + "')" ); - assertFalse( "Should not have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); + testCallFail( adminSubject, "CALL dbms.deleteUser('Craig')", + QueryExecutionException.class, "The user 'Craig' does not exist" ); } + /* + TODO: uncomment and fix @Test - public void shouldAllowAddingAndRemovingUserFromMultipleRoles() throws Exception + public void shouldNotAllowDeletingYourself() throws Exception { - assertFalse( "Should not have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); - assertFalse( "Should not have role architect", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( ARCHITECT ) ); - testCallEmpty( adminSubject, "CALL dbms.addUserToRole('readSubject', '" + PUBLISHER + "')" ); - testCallEmpty( adminSubject, "CALL dbms.addUserToRole('readSubject', '" + ARCHITECT + "')" ); - assertTrue( "Should have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); - assertTrue( "Should have role architect", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( ARCHITECT ) ); - - testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('readSubject', '" + PUBLISHER + "')" ); - testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('readSubject', '" + ARCHITECT + "')" ); - assertFalse( "Should not have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); - assertFalse( "Should not have role architect", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( ARCHITECT ) ); + testCallFail( adminSubject, "CALL dbms.deleteUser('" + adminSubject.name() + "')", + QueryExecutionException.class, "Deleting yourself is not allowed" ); } + */ + + //---------- suspend user ----------- @Test - public void shouldNotAllowNonAdminAddingUserToRole() throws Exception + public void shouldSuspendUser() throws Exception { - testFailAddUserToRoleAction( noneSubject ); - testFailAddUserToRoleAction( readSubject ); - testFailAddUserToRoleAction( writeSubject ); - testFailAddUserToRoleAction( schemaSubject ); + testCallEmpty( adminSubject, "CALL dbms.suspendUser('readSubject')" ); + assertTrue( manager.getUser( "readSubject" ).hasFlag( FileUserRealm.IS_SUSPENDED ) ); } @Test - public void shouldNotAllowNonAdminRemovingUserFromRole() throws Exception + public void shouldSuspendSuspendedUser() throws Exception { - testFailRemoveUserFromRoleAction( noneSubject ); - testFailRemoveUserFromRoleAction( readSubject ); - testFailRemoveUserFromRoleAction( writeSubject ); - testFailRemoveUserFromRoleAction( schemaSubject ); + testCallEmpty( adminSubject, "CALL dbms.suspendUser('readSubject')" ); + testCallEmpty( adminSubject, "CALL dbms.suspendUser('readSubject')" ); + assertTrue( manager.getUser( "readSubject" ).hasFlag( FileUserRealm.IS_SUSPENDED ) ); } - //----------User deletion ----------- - @Test - public void shouldDeleteUser() throws Exception + public void shouldFailToSuspendNonExistingUser() throws Exception { - testCallEmpty( adminSubject, "CALL dbms.createUser('Craig', '1234', true)" ); - assertNotNull( "User Craig should exist", manager.getUser( "Craig" ) ); - testCallEmpty( adminSubject, "CALL dbms.deleteUser('Craig')" ); - assertNull( "User Craig should not exist", manager.getUser( "Craig" ) ); + testCallFail( adminSubject, "CALL dbms.suspendUser('Craig')", + QueryExecutionException.class, "User Craig does not exist" ); } @Test - public void shouldNotAllowNonAdminDeleteUser() throws Exception + public void shouldFailToSuspendIfNotAdmin() throws Exception { - testFailDeleteUser( noneSubject ); - testFailDeleteUser( readSubject ); - testFailDeleteUser( writeSubject ); - testFailDeleteUser( schemaSubject ); + testCallFail( schemaSubject, "CALL dbms.suspendUser('readSubject')", + QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + testCallFail( schemaSubject, "CALL dbms.suspendUser('Craig')", + QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + testCallFail( schemaSubject, "CALL dbms.suspendUser('')", + QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); } + /* + TODO: uncomment and fix @Test - public void shouldNotAllowDeletingNonExistingUser() throws Exception + public void shouldFailToSuspendYourself() throws Exception { - testCallEmpty( adminSubject, "CALL dbms.createUser('Craig', '1234', true)" ); - assertNotNull( "User Craig should exist", manager.getUser( "Craig" ) ); - testCallEmpty( adminSubject, "CALL dbms.deleteUser('Craig')" ); - assertNull( "User Craig should not exist", manager.getUser( "Craig" ) ); - testCallFail( adminSubject, "CALL dbms.deleteUser('Craig')", QueryExecutionException.class, - "The user 'Craig' does not exist" ); + testCallFail( adminSubject, "CALL dbms.suspendUser('" + adminSubject.name() + "')", + QueryExecutionException.class, "Suspending yourself is not allowed" ); } + */ - //----------User suspension scenarios----------- + //---------- activate user ----------- @Test - public void shouldSuspendUser() throws Exception + public void shouldActivateUser() throws Exception { - testCallEmpty( adminSubject, "CALL dbms.suspendUser('readSubject')" ); - assertTrue( manager.getUser( "readSubject" ).hasFlag( FileUserRealm.IS_SUSPENDED ) ); + manager.suspendUser( "readSubject" ); + testCallEmpty( adminSubject, "CALL dbms.activateUser('readSubject')" ); + assertFalse( manager.getUser( "readSubject" ).hasFlag( FileUserRealm.IS_SUSPENDED ) ); } @Test - public void shouldActivateUser() throws Exception + public void shouldActivateActiveUser() throws Exception { manager.suspendUser( "readSubject" ); testCallEmpty( adminSubject, "CALL dbms.activateUser('readSubject')" ); + testCallEmpty( adminSubject, "CALL dbms.activateUser('readSubject')" ); assertFalse( manager.getUser( "readSubject" ).hasFlag( FileUserRealm.IS_SUSPENDED ) ); } + /* + TODO: uncomment and fix @Test - public void shouldFailOnNonAdminSuspend() throws Exception + public void shouldFailToActivateNonExistingUser() throws Exception { - testCallFail( schemaSubject, "CALL dbms.suspendUser('readSubject')", - QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + testCallFail( adminSubject, "CALL dbms.activateUser('Craig')", + QueryExecutionException.class, "User 'Craig' does not exist" ); } + */ @Test - public void shouldFailOnNonAdminActivate() throws Exception + public void shouldFailToActivateIfNotAdmin() throws Exception { manager.suspendUser( "readSubject" ); testCallFail( schemaSubject, "CALL dbms.activateUser('readSubject')", QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + testCallFail( schemaSubject, "CALL dbms.activateUser('Craig')", + QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + testCallFail( schemaSubject, "CALL dbms.activateUser('')", + QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + } + + /* + TODO: uncomment and fix + @Test + public void shouldFailToActivateYourself() throws Exception + { + testCallFail( adminSubject, "CALL dbms.activateUser('" + adminSubject.name() + "')", + QueryExecutionException.class, "Activating yourself is not allowed" ); + } + */ + + //---------- add user to role ----------- + + @Test + public void shouldAddUserToRole() throws Exception + { + assertFalse( "Should not have role publisher", readSubject.getSubject().hasRole( PUBLISHER ) ); + testCallEmpty( adminSubject, "CALL dbms.addUserToRole('readSubject', '" + PUBLISHER + "')" ); + assertTrue( "Should have role publisher", readSubject.getSubject().hasRole( PUBLISHER ) ); + } + + @Test + public void shouldAddRetainUserInRole() throws Exception + { + assertTrue( "Should have role reader", readSubject.getSubject().hasRole( READER ) ); + testCallEmpty( adminSubject, "CALL dbms.addUserToRole('readSubject', '" + READER + "')" ); + assertTrue( "Should have still have role reader", readSubject.getSubject().hasRole( READER ) ); + } + + @Test + public void shouldFailToAddNonExistingUserToRole() throws Exception + { + testCallFail( adminSubject, "CALL dbms.addUserToRole('Olivia', '" + PUBLISHER + "')", + QueryExecutionException.class, "User Olivia does not exist" ); + testCallFail( adminSubject, "CALL dbms.addUserToRole('Olivia', 'thisRoleDoesNotExist')", + QueryExecutionException.class, "User Olivia does not exist" ); + testCallFail( adminSubject, "CALL dbms.addUserToRole('Olivia', '')", + QueryExecutionException.class, "User Olivia does not exist" ); + } + + @Test + public void shouldFailToAddUserToNonExistingRole() throws Exception + { + testCallFail( adminSubject, "CALL dbms.addUserToRole('readSubject', 'thisRoleDoesNotExist')", + QueryExecutionException.class, "Role thisRoleDoesNotExist does not exist" ); + testCallFail( adminSubject, "CALL dbms.addUserToRole('readSubject', '')", + QueryExecutionException.class, "Role does not exist" ); + } + + @Test + public void shouldFailToAddUserToRoleIfNotAdmin() throws Exception + { + testFailAddUserToRole( pwdSubject ); + testFailAddUserToRole( readSubject ); + testFailAddUserToRole( writeSubject ); + + testCallFail( schemaSubject, "CALL dbms.addUserToRole('readSubject', '" + PUBLISHER + "')", + QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + testCallFail( schemaSubject, "CALL dbms.addUserToRole('Olivia', '" + PUBLISHER + "')", + QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + testCallFail( schemaSubject, "CALL dbms.addUserToRole('Olivia', 'thisRoleDoesNotExist')", + QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + } + + //---------- remove user from role ----------- + + @Test + public void shouldRemoveUserFromRole() throws Exception + { + testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('readSubject', '" + READER + "')" ); + assertFalse( "Should not have role reader", readSubject.getSubject().hasRole( READER ) ); + } + + @Test + public void shouldKeepUserOutOfRole() throws Exception + { + assertFalse( "Should not have role publisher", readSubject.getSubject().hasRole( PUBLISHER ) ); + testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('readSubject', '" + PUBLISHER + "')" ); + assertFalse( "Should not have role publisher", readSubject.getSubject().hasRole( PUBLISHER ) ); } - //----------List users/roles----------- + @Test + public void shouldFailToRemoveNonExistingUserFromRole() throws Exception + { + testCallFail( adminSubject, "CALL dbms.removeUserFromRole('Olivia', '" + PUBLISHER + "')", + QueryExecutionException.class, "User Olivia does not exist" ); + testCallFail( adminSubject, "CALL dbms.removeUserFromRole('Olivia', 'thisRoleDoesNotExist')", + QueryExecutionException.class, "User Olivia does not exist" ); + testCallFail( adminSubject, "CALL dbms.removeUserFromRole('Olivia', '')", + QueryExecutionException.class, "User Olivia does not exist" ); + } @Test - public void shouldReturnUsers() throws Exception + public void shouldFailToRemoveUserFromNonExistingRole() throws Exception + { + testCallFail( adminSubject, "CALL dbms.removeUserFromRole('readSubject', 'thisRoleDoesNotExist')", + QueryExecutionException.class, "Role thisRoleDoesNotExist does not exist" ); + testCallFail( adminSubject, "CALL dbms.removeUserFromRole('readSubject', '')", + QueryExecutionException.class, "Role does not exist" ); + } + + @Test + public void shouldFailToRemoveUserFromRoleIfNotAdmin() throws Exception + { + testFailRemoveUserFromRole( pwdSubject ); + testFailRemoveUserFromRole( readSubject ); + testFailRemoveUserFromRole( writeSubject ); + + testCallFail( schemaSubject, "CALL dbms.removeUserFromRole('readSubject', '" + READER + "')", + QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + testCallFail( schemaSubject, "CALL dbms.removeUserFromRole('Olivia', '" + READER + "')", + QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + testCallFail( schemaSubject, "CALL dbms.removeUserFromRole('Olivia', 'thisRoleDoesNotExist')", + QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + } + + /* + TODO: uncomment and fix + @Test + public void shouldFailToRemoveYourselfFromAdminRole() throws Exception + { + testCallFail( adminSubject, "CALL dbms.removeUserFromRole('" + adminSubject.name() + "', '" + ADMIN + "')", + QueryExecutionException.class, "Remove yourself from admin role is not allowed" ); + } + */ + + //---------- manage multiple roles ----------- + + @Test + public void shouldAllowAddingAndRemovingUserFromMultipleRoles() throws Exception + { + assertFalse( "Should not have role publisher", + ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); + assertFalse( "Should not have role architect", + ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( ARCHITECT ) ); + testCallEmpty( adminSubject, "CALL dbms.addUserToRole('readSubject', '" + PUBLISHER + "')" ); + testCallEmpty( adminSubject, "CALL dbms.addUserToRole('readSubject', '" + ARCHITECT + "')" ); + assertTrue( "Should have role publisher", + ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); + assertTrue( "Should have role architect", + ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( ARCHITECT ) ); + + testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('readSubject', '" + PUBLISHER + "')" ); + testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('readSubject', '" + ARCHITECT + "')" ); + assertFalse( "Should not have role publisher", + ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); + assertFalse( "Should not have role architect", + ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( ARCHITECT ) ); + } + + //---------- list users ----------- + + @Test + public void shouldListUsers() throws Exception { testResult( adminSubject, "CALL dbms.listUsers() YIELD username", - r -> resultKeyIs( r, "username", "adminSubject", "readSubject", "schemaSubject", - "readWriteSubject", "noneSubject", "neo4j" ) ); + r -> resultKeyIs( r, "username", initialUsers ) ); } @Test @@ -355,17 +523,19 @@ public void shouldShowCurrentUser() throws Exception @Test public void shouldNotAllowNonAdminListUsers() throws Exception { - testFailListUsers( noneSubject, 5 ); + testFailListUsers( pwdSubject, 5 ); testFailListUsers( readSubject, 5 ); testFailListUsers( writeSubject, 5 ); testFailListUsers( schemaSubject, 5 ); } + //---------- list roles ----------- + @Test - public void shouldReturnRoles() throws Exception + public void shouldListRoles() throws Exception { testResult( adminSubject, "CALL dbms.listRoles() YIELD role AS roles RETURN roles", - r -> resultKeyIs( r, "roles", ADMIN, ARCHITECT, PUBLISHER, READER, "empty" ) ); + r -> resultKeyIs( r, "roles", initialRoles ) ); } @Test @@ -385,68 +555,197 @@ PUBLISHER, listOf( "readWriteSubject" ), @Test public void shouldNotAllowNonAdminListRoles() throws Exception { - testFailListRoles( noneSubject ); + testFailListRoles( pwdSubject ); testFailListRoles( readSubject ); testFailListRoles( writeSubject ); testFailListRoles( schemaSubject ); } + //---------- list roles for user ----------- + @Test public void shouldListRolesForUser() throws Exception { testResult( adminSubject, "CALL dbms.listRolesForUser('adminSubject') YIELD value as roles RETURN roles", r -> resultKeyIs( r, "roles", ADMIN ) ); + testResult( adminSubject, "CALL dbms.listRolesForUser('readSubject') YIELD value as roles RETURN roles", + r -> resultKeyIs( r, "roles", READER ) ); + } + + @Test + public void shouldListNoRolesForUserWithNoRoles() throws Exception + { + testCallEmpty( adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)" ); + testCallEmpty( adminSubject, "CALL dbms.listRolesForUser('Henrik') YIELD value as roles RETURN roles" ); + } + + @Test + public void shouldNotListRolesForNonExistingUser() throws Exception + { + testCallFail( adminSubject, "CALL dbms.listRolesForUser('Petra') YIELD value as roles RETURN roles", + QueryExecutionException.class, "User Petra does not exist" ); + testCallFail( adminSubject, "CALL dbms.listRolesForUser('') YIELD value as roles RETURN roles", + QueryExecutionException.class, "User does not exist" ); + } + + /* + TODO: uncommend and fix + @Test + public void shouldListOwnRolesRoles() throws Exception + { + testResult( adminSubject, "CALL dbms.listRolesForUser('adminSubject') YIELD value as roles RETURN roles", + r -> resultKeyIs( r, "roles", ADMIN ) ); + testResult( readSubject, "CALL dbms.listRolesForUser('readSubject') YIELD value as roles RETURN roles", + r -> resultKeyIs( r, "roles", READER ) ); } + */ @Test public void shouldNotAllowNonAdminListUserRoles() throws Exception { - testFailListUserRoles( noneSubject, "adminSubject" ); + testFailListUserRoles( pwdSubject, "adminSubject" ); testFailListUserRoles( readSubject, "adminSubject" ); testFailListUserRoles( writeSubject, "adminSubject" ); testFailListUserRoles( schemaSubject, "adminSubject" ); } + //---------- list users for role ----------- + @Test - public void shouldFailToListRolesForUnknownUser() throws Exception + public void shouldListUsersForRole() throws Exception { - testCallFail( adminSubject, "CALL dbms.listRolesForUser('Henrik') YIELD value as roles RETURN roles", - QueryExecutionException.class, "User Henrik does not exist." ); + testResult( adminSubject, "CALL dbms.listUsersForRole('admin') YIELD value as users RETURN users", + r -> resultKeyIs( r, "users", adminSubject.name(), "neo4j" ) ); } @Test - public void shouldListNoRolesForUserWithNoRoles() throws Exception + public void shouldListNoUsersForRoleWithNoUsers() throws Exception { - testCallEmpty( adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)" ); - testCallEmpty( adminSubject, "CALL dbms.listRolesForUser('Henrik') YIELD value as roles RETURN roles" ); + testCallEmpty( adminSubject, "CALL dbms.listUsersForRole('empty') YIELD value as users RETURN users" ); } @Test - public void shouldListUsersForRole() throws Exception + public void shouldNotListUsersForNonExistingRole() throws Exception { - testResult( adminSubject, "CALL dbms.listUsersForRole('admin') YIELD value as users RETURN users", - r -> resultKeyIs( r, "users", adminSubject.name(), "neo4j" ) ); + testCallFail( adminSubject, "CALL dbms.listUsersForRole('poodle') YIELD value as users RETURN users", + QueryExecutionException.class, "Role poodle does not exist" ); + testCallFail( adminSubject, "CALL dbms.listUsersForRole('') YIELD value as users RETURN users", + QueryExecutionException.class, "Role does not exist" ); } @Test - public void shouldNotAllowNonAdminListRoleUsers() throws Exception + public void shouldNotListUsersForRoleIfNotAdmin() throws Exception { - testFailListRoleUsers( noneSubject, ADMIN ); + testFailListRoleUsers( pwdSubject, ADMIN ); testFailListRoleUsers( readSubject, ADMIN ); testFailListRoleUsers( writeSubject, ADMIN ); testFailListRoleUsers( schemaSubject, ADMIN ); } + //---------- permissions ----------- + + /* + TODO: uncomment and fix un-authentication handling @Test - public void shouldFailToListUsersForUnknownRole() throws Exception + public void shouldSetCorrectUnAuthenticatedPermissions() throws Exception { - testCallFail( adminSubject, "CALL dbms.listUsersForRole('Foo') YIELD value as users RETURN users", - QueryExecutionException.class, "Role Foo does not exist." ); + pwdSubject.logout(); + testUnAunthenticated( pwdSubject, "MATCH (n) RETURN n" ); + testUnAunthenticated( pwdSubject, "CREATE (:Node)" ); + testUnAunthenticated( pwdSubject, "CREATE INDEX ON :Node(number)" ); + testUnAunthenticated( pwdSubject, "CALL dbms.changePassword( '321' )" ); + testUnAunthenticated( pwdSubject, "CALL dbms.createUser('Henrik', 'bar', true)" ); } + */ @Test - public void shouldListNoUsersForRoleWithNoUsers() throws Exception + public void shouldSetCorrectPasswordChangeRequiredPermissions() throws Exception { - testCallEmpty( adminSubject, "CALL dbms.listUsersForRole('empty') YIELD value as users RETURN users" ); + testFailRead( pwdSubject, 3 ); + testFailWrite( pwdSubject ); + testFailSchema( pwdSubject ); + testCallEmpty( pwdSubject, "CALL dbms.changePassword( '321' )" ); + + testCallEmpty( adminSubject, "CALL dbms.createUser('Henrik', 'bar', true)" ); + testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + ARCHITECT + "')" ); + ShiroAuthSubject henrik = manager.login( authToken( "Henrik", "bar" ) ); + assertEquals( AuthenticationResult.PASSWORD_CHANGE_REQUIRED, henrik.getAuthenticationResult() ); + testFailRead( henrik, 3 ); + testFailWrite( henrik ); + testFailSchema( henrik ); + testCallEmpty( henrik, "CALL dbms.changePassword( '321' )" ); + + testCallEmpty( adminSubject, "CALL dbms.createUser('Olivia', 'bar', true)" ); + testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Olivia', '" + ADMIN + "')" ); + ShiroAuthSubject olivia = manager.login( authToken( "Olivia", "bar" ) ); + assertEquals( AuthenticationResult.PASSWORD_CHANGE_REQUIRED, olivia.getAuthenticationResult() ); + testFailRead( olivia, 3 ); + testFailWrite( olivia ); + testFailSchema( olivia ); + testCallFail( olivia, "CALL dbms.createUser('OliviasFriend', 'bar', false)", + QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); + testCallEmpty( olivia, "CALL dbms.changePassword( '321' )" ); + } + + @Test + public void shouldSetCorrectNoRolePermissions() throws Exception + { + testFailRead( noneSubject, 3 ); + testFailWrite( noneSubject ); + testFailSchema( noneSubject ); + testFailCreateUser( noneSubject ); + testCallEmpty( noneSubject, "CALL dbms.changePassword( '321' )" ); + } + + @Test + public void shouldSetCorrectReaderPermissions() throws Exception + { + testSuccessfulRead( readSubject, 3 ); + testFailWrite( readSubject ); + testFailSchema( readSubject ); + testFailCreateUser( readSubject ); + testCallEmpty( readSubject, "CALL dbms.changePassword( '321' )" ); + } + + @Test + public void shouldSetCorrectPublisherPermissions() throws Exception + { + testSuccessfulRead( writeSubject, 3 ); + testSuccessfulWrite( writeSubject ); + testFailSchema( writeSubject ); + testFailCreateUser( writeSubject ); + testCallEmpty( writeSubject, "CALL dbms.changePassword( '321' )" ); + } + + @Test + public void shouldSetCorrectSchemaPermissions() throws Exception + { + testSuccessfulRead( schemaSubject, 3 ); + testSuccessfulWrite( schemaSubject ); + testSuccessfulSchema( schemaSubject ); + testFailCreateUser( schemaSubject ); + testCallEmpty( schemaSubject, "CALL dbms.changePassword( '321' )" ); + } + + @Test + public void shouldSetCorrectAdminPermissions() throws Exception + { + testSuccessfulRead( adminSubject, 3 ); + testSuccessfulWrite( adminSubject ); + testSuccessfulSchema( adminSubject ); + testCallEmpty( adminSubject, "CALL dbms.createUser('Olivia', 'bar', true)" ); + testCallEmpty( adminSubject, "CALL dbms.changePassword( '321' )" ); + } + + @Test + public void shouldSetCorrectMultiRolePermissions() throws Exception + { + testCallEmpty( adminSubject, "CALL dbms.addUserToRole('schemaSubject', '" + READER + "')" ); + + testSuccessfulRead( schemaSubject, 3 ); + testSuccessfulWrite( schemaSubject ); + testSuccessfulSchema( schemaSubject ); + testFailCreateUser( schemaSubject ); + testCallEmpty( schemaSubject, "CALL dbms.changePassword( '321' )" ); } } diff --git a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthScenariosIT.java b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthScenariosIT.java index 7b019d2cb7bd..675f5131e573 100644 --- a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthScenariosIT.java +++ b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthScenariosIT.java @@ -68,12 +68,12 @@ public void userCreation1() throws Exception assertEquals( AuthenticationResult.FAILURE, subject.getAuthenticationResult() ); subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.PASSWORD_CHANGE_REQUIRED, subject.getAuthenticationResult() ); - testFailReadAction( subject, 3 ); + testFailRead( subject, 3 ); testCallEmpty( subject, "CALL dbms.changePassword( 'foo' )" ); subject = manager.login( authToken( "Henrik", "foo" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testFailWriteAction( subject ); - testSuccessfulReadAction( subject, 3 ); + testFailWrite( subject ); + testSuccessfulRead( subject, 3 ); } /* @@ -94,10 +94,10 @@ public void userCreation2() throws Exception testCallEmpty( subject, "CALL dbms.changePassword( 'foo' )" ); subject = manager.login( authToken( "Henrik", "foo" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testFailReadAction( subject, 3 ); + testFailRead( subject, 3 ); testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + READER + "')" ); - testFailWriteAction( subject ); - testSuccessfulReadAction( subject, 3 ); + testFailWrite( subject ); + testSuccessfulRead( subject, 3 ); } /* @@ -116,10 +116,10 @@ public void userCreation3() throws Exception testCallEmpty( adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)" ); AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testFailReadAction( subject, 3 ); + testFailRead( subject, 3 ); testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + PUBLISHER + "')" ); - testSuccessfulWriteAction( subject ); - testSuccessfulReadAction( subject, 4 ); + testSuccessfulWrite( subject ); + testSuccessfulRead( subject, 4 ); testFailSchema( subject ); } @@ -143,14 +143,14 @@ public void userCreation4() throws Exception testCallEmpty( adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)" ); AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testFailReadAction( subject, 3 ); - testFailWriteAction( subject ); + testFailRead( subject, 3 ); + testFailWrite( subject ); testFailSchema( subject ); testFailCreateUser( subject ); testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + ARCHITECT + "')" ); - testSuccessfulWriteAction( subject ); - testSuccessfulReadAction( subject, 4 ); - testSuccessfulSchemaAction( subject ); + testSuccessfulWrite( subject ); + testSuccessfulRead( subject, 4 ); + testSuccessfulSchema( subject ); testFailCreateUser( subject ); } @@ -255,12 +255,12 @@ public void roleManagement1() throws Exception testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + PUBLISHER + "')" ); AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testSuccessfulWriteAction( subject ); + testSuccessfulWrite( subject ); testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('Henrik', '" + PUBLISHER + "')" ); - testFailReadAction( subject, 4 ); + testFailRead( subject, 4 ); testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + READER + "')" ); - testFailWriteAction( subject ); - testSuccessfulReadAction( subject, 4 ); + testFailWrite( subject ); + testSuccessfulRead( subject, 4 ); } /* @@ -277,10 +277,10 @@ public void roleManagement2() throws Exception testCallEmpty( adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)" ); AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testFailWriteAction( subject ); + testFailWrite( subject ); testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + PUBLISHER + "')" ); testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + PUBLISHER + "')" ); - testSuccessfulWriteAction( subject ); + testSuccessfulWrite( subject ); } /* @@ -302,11 +302,11 @@ public void roleManagement3() throws Exception AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + READER + "')" ); - testSuccessfulWriteAction( subject ); - testSuccessfulReadAction( subject, 4 ); + testSuccessfulWrite( subject ); + testSuccessfulRead( subject, 4 ); testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('Henrik', '" + PUBLISHER + "')" ); - testFailWriteAction( subject ); - testSuccessfulReadAction( subject, 4 ); + testFailWrite( subject ); + testSuccessfulRead( subject, 4 ); } /* @@ -328,12 +328,12 @@ public void roleManagement4() throws Exception AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + READER + "')" ); - testSuccessfulWriteAction( subject ); - testSuccessfulReadAction( subject, 4 ); + testSuccessfulWrite( subject ); + testSuccessfulRead( subject, 4 ); testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('Henrik', '" + READER + "')" ); testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('Henrik', '" + PUBLISHER + "')" ); - testFailWriteAction( subject ); - testFailReadAction( subject, 4 ); + testFailWrite( subject ); + testFailRead( subject, 4 ); } //---------- User suspension ----------- @@ -373,9 +373,9 @@ public void userSuspension2() throws Exception testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + READER + "')" ); AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testSuccessfulReadAction( subject, 3 ); + testSuccessfulRead( subject, 3 ); testCallEmpty( adminSubject, "CALL dbms.suspendUser('Henrik')" ); - testFailReadAction( subject, 3 ); + testFailRead( subject, 3 ); // TODO: Check that user session is terminated instead of checking failed read subject = manager.login( authToken( "Henrik", "bar" ) ); @@ -417,14 +417,14 @@ public void userActivation1() throws Exception @Test public void userListing() throws Exception { - testSuccessfulListUsersAction( adminSubject, initialUsers ); + testSuccessfulListUsers( adminSubject, initialUsers ); testCallEmpty( adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)" ); - testSuccessfulListUsersAction( adminSubject, with( initialUsers, "Henrik" ) ); + testSuccessfulListUsers( adminSubject, with( initialUsers, "Henrik" ) ); AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); testFailListUsers( subject, 6 ); testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + ADMIN + "')" ); - testSuccessfulListUsersAction( subject, with( initialUsers, "Henrik" ) ); + testSuccessfulListUsers( subject, with( initialUsers, "Henrik" ) ); } /* @@ -442,9 +442,9 @@ public void rolesListing() throws Exception AuthSubject subject = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); testFailListRoles( subject ); - testSuccessfulListRolesAction( adminSubject, initialRoles ); + testSuccessfulListRoles( adminSubject, initialRoles ); testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + ADMIN + "')" ); - testSuccessfulListRolesAction( subject, initialRoles ); + testSuccessfulListRoles( subject, initialRoles ); } /* @@ -522,16 +522,16 @@ public void changeUserPassword1() throws Exception testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + READER + "')" ); AuthSubject subject = manager.login( authToken( "Henrik", "abc" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testSuccessfulReadAction( subject, 3 ); + testSuccessfulRead( subject, 3 ); testCallEmpty( subject, "CALL dbms.changeUserPassword('Henrik', '123')" ); //TODO: uncomment the next line and make the test pass - //testSuccessfulReadAction( subject, 3 ); + //testSuccessfulRead( subject, 3 ); subject.logout(); subject = manager.login( authToken( "Henrik", "abc" ) ); assertEquals( AuthenticationResult.FAILURE, subject.getAuthenticationResult() ); subject = manager.login( authToken( "Henrik", "123" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testSuccessfulReadAction( subject, 3 ); + testSuccessfulRead( subject, 3 ); } /* @@ -553,14 +553,14 @@ public void changeUserPassword2() throws Exception testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + READER + "')" ); AuthSubject subject = manager.login( authToken( "Henrik", "abc" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testSuccessfulReadAction( subject, 3 ); + testSuccessfulRead( subject, 3 ); testCallEmpty( adminSubject, "CALL dbms.changeUserPassword('Henrik', '123')" ); subject.logout(); subject = manager.login( authToken( "Henrik", "abc" ) ); assertEquals( AuthenticationResult.FAILURE, subject.getAuthenticationResult() ); subject = manager.login( authToken( "Henrik", "123" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testSuccessfulReadAction( subject, 3 ); + testSuccessfulRead( subject, 3 ); } /* @@ -579,7 +579,7 @@ public void changeUserPassword3() throws Exception testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + READER + "')" ); AuthSubject subject = manager.login( authToken( "Henrik", "abc" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); - testSuccessfulReadAction( subject, 3 ); + testSuccessfulRead( subject, 3 ); testCallFail( subject, "CALL dbms.changeUserPassword('Craig', '123')", QueryExecutionException.class, AuthProcedures.PERMISSION_DENIED ); }