Class: Neo4j::Server::CypherAuthentication
- Inherits:
-
Object
- Object
- Neo4j::Server::CypherAuthentication
- Defined in:
- lib/neo4j-server/cypher_authentication.rb
Overview
Neo4j 2.2 has an authentication layer. This class provides methods for interacting with it.
Defined Under Namespace
Classes: InvalidPasswordError, MissingCredentialsError, PasswordChangeRequiredError
Instance Attribute Summary collapse
-
#connection ⇒ Object
readonly
Returns the value of attribute connection.
-
#params ⇒ Object
readonly
Returns the value of attribute params.
-
#token ⇒ Object
readonly
Returns the value of attribute token.
-
#url ⇒ Object
readonly
Returns the value of attribute url.
Instance Method Summary collapse
-
#add_auth_headers(token) ⇒ Object
Stores an authentication token in the properly-formatted header.
-
#auth_attempt ⇒ Faraday::Response
Requests a token from the authentication endpoint using the given username and password.
-
#authenticate ⇒ String
Uses the given username and password to obtain a token, then adds the token to the connection’s parameters.
-
#basic_auth(username, password) ⇒ Object
Set the username and password used to communicate with the server.
-
#change_password(old_password, new_password) ⇒ Hash
POSTs to the password change endpoint of the API.
-
#initialize(url_string, session_connection = new_connection, params_hash = {}) ⇒ CypherAuthentication
constructor
same object used by the server for data, or a new one created specifically for auth tasks.
-
#invalidate_token(current_password) ⇒ Object
Invalidates tokens as described at neo4j.com/docs/snapshot/rest-api-security.html#rest-api-invalidating-the-authorization-token.
-
#reauthenticate(password) ⇒ Object
Invalidates the existing token, which will invalidate all conncetions using this token, applies for a new token, adds this into the connection headers.
-
#token_or_error(auth_response) ⇒ String
Takes a response object from the server and returns a token or fails with an error.
Constructor Details
#initialize(url_string, session_connection = new_connection, params_hash = {}) ⇒ CypherAuthentication
same object used by the server for data, or a new one created specifically for auth tasks.
15 16 17 18 19 |
# File 'lib/neo4j-server/cypher_authentication.rb', line 15 def initialize(url_string, session_connection = new_connection, params_hash = {}) @url = url_string @connection = session_connection @params = params_hash end |
Instance Attribute Details
#connection ⇒ Object (readonly)
Returns the value of attribute connection.
9 10 11 |
# File 'lib/neo4j-server/cypher_authentication.rb', line 9 def connection @connection end |
#params ⇒ Object (readonly)
Returns the value of attribute params.
9 10 11 |
# File 'lib/neo4j-server/cypher_authentication.rb', line 9 def params @params end |
#token ⇒ Object (readonly)
Returns the value of attribute token.
9 10 11 |
# File 'lib/neo4j-server/cypher_authentication.rb', line 9 def token @token end |
#url ⇒ Object (readonly)
Returns the value of attribute url.
9 10 11 |
# File 'lib/neo4j-server/cypher_authentication.rb', line 9 def url @url end |
Instance Method Details
#add_auth_headers(token) ⇒ Object
Stores an authentication token in the properly-formatted header. This does not do any checking that what it has been given is a token. Whatever param is given will be base64 encoded and used as the header.
94 95 96 97 |
# File 'lib/neo4j-server/cypher_authentication.rb', line 94 def add_auth_headers(token) @token = token connection.headers['Authorization'] = "Basic realm=\"Neo4j\" #{token_hash(token)}" end |
#auth_attempt ⇒ Faraday::Response
Requests a token from the authentication endpoint using the given username and password.
61 62 63 64 65 66 67 68 69 |
# File 'lib/neo4j-server/cypher_authentication.rb', line 61 def auth_attempt begin user = params[:basic_auth][:username] pass = params[:basic_auth][:password] rescue NoMethodError raise MissingCredentialsError, 'Neo4j authentication is enabled, username/password are required but missing' end connection.post("#{url}/authentication", 'username' => user, 'password' => pass) end |
#authenticate ⇒ String
Uses the given username and password to obtain a token, then adds the token to the connection’s parameters.
38 39 40 41 42 43 44 45 46 47 48 49 |
# File 'lib/neo4j-server/cypher_authentication.rb', line 38 def authenticate auth_response = auth_connection("#{url}/authentication") auth_hash = if auth_response.body.empty? nil elsif auth_response.body.is_a?(String) JSON.parse(auth_response.body)['errors'][0]['code'] == 'Neo.ClientError.Security.AuthorizationFailed' ? auth_attempt : nil else auth_response end return nil if auth_hash.nil? add_auth_headers(token_or_error(auth_hash)) end |
#basic_auth(username, password) ⇒ Object
Set the username and password used to communicate with the server.
22 23 24 25 26 |
# File 'lib/neo4j-server/cypher_authentication.rb', line 22 def basic_auth(username, password) params[:basic_auth] ||= {} params[:basic_auth][:username] = username params[:basic_auth][:password] = password end |
#change_password(old_password, new_password) ⇒ Hash
POSTs to the password change endpoint of the API. Does not invalidate tokens.
32 33 34 |
# File 'lib/neo4j-server/cypher_authentication.rb', line 32 def change_password(old_password, new_password) connection.post("#{url}/user/neo4j/password", 'password' => old_password, 'new_password' => new_password).body end |
#invalidate_token(current_password) ⇒ Object
Invalidates tokens as described at neo4j.com/docs/snapshot/rest-api-security.html#rest-api-invalidating-the-authorization-token
87 88 89 |
# File 'lib/neo4j-server/cypher_authentication.rb', line 87 def invalidate_token(current_password) connection.post("#{url}/user/neo4j/authorization_token", 'password' => current_password).body end |
#reauthenticate(password) ⇒ Object
Invalidates the existing token, which will invalidate all conncetions using this token, applies for a new token, adds this into the connection headers.
54 55 56 57 |
# File 'lib/neo4j-server/cypher_authentication.rb', line 54 def reauthenticate(password) invalidate_token(password) add_auth_headers(token_or_error(auth_attempt)) end |
#token_or_error(auth_response) ⇒ String
Takes a response object from the server and returns a token or fails with an error. TODO: more error states!
75 76 77 78 79 80 81 82 83 |
# File 'lib/neo4j-server/cypher_authentication.rb', line 75 def token_or_error(auth_response) begin fail PasswordChangeRequiredError, "Server requires a password change, please visit #{url}" if auth_response.body['password_change_required'] fail InvalidPasswordError, "Neo4j server responded with: #{auth_response.body['errors'][0]['message']}" if auth_response.status.to_i == 422 rescue NoMethodError raise 'Unexpected auth response, please open an issue at https://github.com/neo4jrb/neo4j-core/issues' end auth_response.body['authorization_token'] end |