Class: Neo4j::Server::CypherAuthentication

Inherits:

Object

• Object
• Neo4j::Server::CypherAuthentication

Defined in:

lib/neo4j-server/cypher_authentication.rb

Overview

Neo4j 2.2 has an authentication layer. This class provides methods for interacting with it.

Defined Under Namespace

Classes: InvalidPasswordError, MissingCredentialsError, PasswordChangeRequiredError

Instance Attribute Summary

• #connection ⇒ Object readonly

  Returns the value of attribute connection.

• #params ⇒ Object readonly

  Returns the value of attribute params.

• #token ⇒ Object readonly

  Returns the value of attribute token.

• #url ⇒ Object readonly

  Returns the value of attribute url.

Instance Method Summary

• #add_auth_headers(token) ⇒ Object

  Stores an authentication token in the properly-formatted header.

• #auth_attempt ⇒ Faraday::Response

  Requests a token from the authentication endpoint using the given username and password.

• #authenticate ⇒ String

  Uses the given username and password to obtain a token, then adds the token to the connection’s parameters.

• #basic_auth(username, password) ⇒ Object

  Set the username and password used to communicate with the server.

• #change_password(old_password, new_password) ⇒ Hash

  POSTs to the password change endpoint of the API.

• #initialize(url_string, session_connection = new_connection, params_hash = {}) ⇒ CypherAuthentication constructor

  same object used by the server for data, or a new one created specifically for auth tasks.

• #invalidate_token(current_password) ⇒ Object

  Invalidates tokens as described at neo4j.com/docs/snapshot/rest-api-security.html#rest-api-invalidating-the-authorization-token.

• #reauthenticate(password) ⇒ Object

  Invalidates the existing token, which will invalidate all conncetions using this token, applies for a new token, adds this into the connection headers.

• #token_or_error(auth_response) ⇒ String

  Takes a response object from the server and returns a token or fails with an error.

Constructor Details

#initialize(url_string, session_connection = new_connection, params_hash = {}) ⇒ CypherAuthentication

same object used by the server for data, or a new one created specifically for auth tasks.

Parameters:

• url_string (String) —

  The server address with protocol and port.

• session_connection (Faraday::Connection) (defaults to: new_connection) —

  A Faraday::Connection object. This is either an existing object, likely the

• params_hash (Hash) (defaults to: {}) —

  Faraday connection options. In particularly, we’re looking for basic_auth creds.

# File 'lib/neo4j-server/cypher_authentication.rb', line 15

def initialize(url_string, session_connection = new_connection, params_hash = {})
  @url = url_string
  @connection = session_connection
  @params = params_hash
end

Instance Attribute Details

#connection ⇒ Object (readonly)

Returns the value of attribute connection.

# File 'lib/neo4j-server/cypher_authentication.rb', line 9

def connection
  @connection
end

#params ⇒ Object (readonly)

Returns the value of attribute params.

# File 'lib/neo4j-server/cypher_authentication.rb', line 9

def params
  @params
end

#token ⇒ Object (readonly)

Returns the value of attribute token.

# File 'lib/neo4j-server/cypher_authentication.rb', line 9

def token
  @token
end

#url ⇒ Object (readonly)

Returns the value of attribute url.

# File 'lib/neo4j-server/cypher_authentication.rb', line 9

def url
  @url
end

Instance Method Details

#add_auth_headers(token) ⇒ Object

Stores an authentication token in the properly-formatted header. This does not do any checking that what it has been given is a token. Whatever param is given will be base64 encoded and used as the header.

Parameters:

• token (String) —

  The authentication token provided by the database.

# File 'lib/neo4j-server/cypher_authentication.rb', line 94

def add_auth_headers(token)
  @token = token
  connection.headers['Authorization'] = "Basic realm=\"Neo4j\" #{token_hash(token)}"
end

#auth_attempt ⇒ Faraday::Response

Requests a token from the authentication endpoint using the given username and password.

Returns:

• (Faraday::Response) —

  The server’s response, to be interpreted.

# File 'lib/neo4j-server/cypher_authentication.rb', line 61

def auth_attempt
  begin
    user = params[:basic_auth][:username]
    pass = params[:basic_auth][:password]
  rescue NoMethodError
    raise MissingCredentialsError, 'Neo4j authentication is enabled, username/password are required but missing'
  end
  connection.post("#{url}/authentication",  'username' => user, 'password' => pass)
end

#authenticate ⇒ String

Uses the given username and password to obtain a token, then adds the token to the connection’s parameters.

Returns:

• (String) —

  An access token provided by the server.

# File 'lib/neo4j-server/cypher_authentication.rb', line 38

def authenticate
  auth_response = auth_connection("#{url}/authentication")
  auth_hash = if auth_response.body.empty?
                nil
              elsif auth_response.body.is_a?(String)
                JSON.parse(auth_response.body)['errors'][0]['code'] == 'Neo.ClientError.Security.AuthorizationFailed' ? auth_attempt : nil
              else
                auth_response
              end
  return nil if auth_hash.nil?
  add_auth_headers(token_or_error(auth_hash))
end

#basic_auth(username, password) ⇒ Object

Set the username and password used to communicate with the server.

# File 'lib/neo4j-server/cypher_authentication.rb', line 22

def basic_auth(username, password)
  params[:basic_auth] ||= {}
  params[:basic_auth][:username] = username
  params[:basic_auth][:password] = password
end

#change_password(old_password, new_password) ⇒ Hash

POSTs to the password change endpoint of the API. Does not invalidate tokens.

Parameters:

• old_password (String) —

  The current password.

• new_password (String) —

  The password you want to use.

Returns:

• (Hash) —

  The response from the server.

# File 'lib/neo4j-server/cypher_authentication.rb', line 32

def change_password(old_password, new_password)
  connection.post("#{url}/user/neo4j/password",  'password' => old_password, 'new_password' => new_password).body
end

#invalidate_token(current_password) ⇒ Object

Invalidates tokens as described at neo4j.com/docs/snapshot/rest-api-security.html#rest-api-invalidating-the-authorization-token

Parameters:

• current_password (String) —

  The current password used to connect to the database

# File 'lib/neo4j-server/cypher_authentication.rb', line 87

def invalidate_token(current_password)
  connection.post("#{url}/user/neo4j/authorization_token",  'password' => current_password).body
end

#reauthenticate(password) ⇒ Object

Invalidates the existing token, which will invalidate all conncetions using this token, applies for a new token, adds this into the connection headers.

Parameters:

• password (String) —

  The current server password.

# File 'lib/neo4j-server/cypher_authentication.rb', line 54

def reauthenticate(password)
  invalidate_token(password)
  add_auth_headers(token_or_error(auth_attempt))
end

#token_or_error(auth_response) ⇒ String

Takes a response object from the server and returns a token or fails with an error. TODO: more error states!

Parameters:

• auth_response (Farday::Response) —

  The response after attempting authentication

Returns:

• (String) —

  An authentication token.

# File 'lib/neo4j-server/cypher_authentication.rb', line 75

def token_or_error(auth_response)
  begin
    fail PasswordChangeRequiredError, "Server requires a password change, please visit #{url}" if auth_response.body['password_change_required']
    fail InvalidPasswordError, "Neo4j server responded with: #{auth_response.body['errors'][0]['message']}" if auth_response.status.to_i == 422
  rescue NoMethodError
    raise 'Unexpected auth response, please open an issue at https://github.com/neo4jrb/neo4j-core/issues'
  end
  auth_response.body['authorization_token']
end