All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.neo4j.server.rest.dbms.UserService Maven / Gradle / Ivy

There is a newer version: 5.26.1
Show newest version
/*
 * Copyright (c) 2002-2016 "Neo Technology,"
 * Network Engine for Objects in Lund AB [http://neotechnology.com]
 *
 * This file is part of Neo4j.
 *
 * Neo4j is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see .
 */
package org.neo4j.server.rest.dbms;

import java.io.IOException;
import java.security.Principal;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;

import org.neo4j.kernel.api.security.AuthManager;
import org.neo4j.kernel.api.exceptions.Status;
import org.neo4j.kernel.api.security.exception.IllegalCredentialsException;
import org.neo4j.server.rest.repr.AuthorizationRepresentation;
import org.neo4j.server.rest.repr.BadInputException;
import org.neo4j.server.rest.repr.ExceptionRepresentation;
import org.neo4j.server.rest.repr.InputFormat;
import org.neo4j.server.rest.repr.OutputFormat;
import org.neo4j.server.rest.transactional.error.Neo4jError;
import org.neo4j.server.security.auth.User;
import org.neo4j.server.security.auth.UserManager;

import static javax.ws.rs.core.Response.Status.BAD_REQUEST;
import static org.neo4j.server.rest.web.CustomStatusType.UNPROCESSABLE;

@Path("/user")
public class UserService
{
    public static final String PASSWORD = "password";

    private final UserManager userManager;
    private final InputFormat input;
    private final OutputFormat output;

    public UserService( @Context AuthManager authManager, @Context InputFormat input, @Context OutputFormat output )
    {
        if ( !(authManager instanceof UserManager) )
        {
            throw new IllegalArgumentException( "The provided auth manager is not capable of user management" );
        }
        this.userManager = (UserManager) authManager;
        this.input = input;
        this.output = output;
    }

    @GET
    @Path("/{username}")
    public Response getUser( @PathParam("username") String username, @Context HttpServletRequest req )
    {
        Principal principal = req.getUserPrincipal();
        if ( principal == null || !principal.getName().equals( username ) )
        {
            return output.notFound();
        }

        final User currentUser = userManager.getUser( username );
        if ( currentUser == null )
        {
            return output.notFound();
        }
        return output.ok( new AuthorizationRepresentation( currentUser ) );
    }

    @POST
    @Path("/{username}/password")
    public Response setPassword( @PathParam("username") String username, @Context HttpServletRequest req, String payload )
    {
        Principal principal = req.getUserPrincipal();
        if ( principal == null || !principal.getName().equals( username ) )
        {
            return output.notFound();
        }

        final Map deserialized;
        try
        {
            deserialized = input.readMap( payload );
        } catch ( BadInputException e )
        {
            return output.response( BAD_REQUEST, new ExceptionRepresentation(
                    new Neo4jError( Status.Request.InvalidFormat, e.getMessage() ) ) );
        }

        Object o = deserialized.get( PASSWORD );
        if ( o == null )
        {
            return output.response( UNPROCESSABLE, new ExceptionRepresentation(
                    new Neo4jError( Status.Request.InvalidFormat, String.format( "Required parameter '%s' is missing.", PASSWORD ) ) ) );
        }
        if ( !( o instanceof String ) )
        {
            return output.response( UNPROCESSABLE, new ExceptionRepresentation(
                    new Neo4jError( Status.Request.InvalidFormat, String.format( "Expected '%s' to be a string.", PASSWORD ) ) ) );
        }
        String newPassword = (String) o;
        if ( newPassword.length() == 0 )
        {
            return output.response( UNPROCESSABLE, new ExceptionRepresentation(
                    new Neo4jError( Status.Request.Invalid, "Password cannot be empty." ) ) );
        }

        final User currentUser = userManager.getUser( username );
        if (currentUser == null)
        {
            return output.notFound();
        }

        if ( currentUser.credentials().matchesPassword( newPassword ) )
        {
            return output.response( UNPROCESSABLE, new ExceptionRepresentation(
                    new Neo4jError( Status.Request.Invalid, "Old password and new password cannot be the same." ) ) );
        }

        try
        {
            userManager.setUserPassword( username, newPassword );
        }
        catch ( IOException e )
        {
            return output.serverErrorWithoutLegacyStacktrace( e );
        }
        catch ( IllegalCredentialsException e )
        {
            return output.response( UNPROCESSABLE, new ExceptionRepresentation(
                    new Neo4jError( e.status(), e.getMessage() ) ) );
        }
        return output.ok();
    }

}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy