-
Notifications
You must be signed in to change notification settings - Fork 70
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This PR updates the preview feature "re-auth" significantly. The changes allow for catering to a wider range of use cases including simple password rotation. As part of this PR, all auth-related namespaces have been moved to preview - previously some did not have this, although the classes therein would not have been usable. Since this is a preview feature all changes here are breaking changes. The OnTokenExpiredAsync method in the IAuthTokenManager interface was removed, and a new HandleSecurityExceptionAsync method was added in its place. The ExpirationBased method in AuthTokenManagers was renamed to Bearer, and a new Basic method was added to cater for password rotation. --------- Co-authored-by: grant lodge <6323995+thelonelyvulpes@users.noreply.github.com>
1 parent
7c93291
commit 6f36b08
Showing
46 changed files
with
542 additions
and
429 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
25 changes: 13 additions & 12 deletions
25
...Driver/Auth/IExpiringAuthTokenProvider.cs → ...anagerHandleSecurityExceptionCompleted.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,28 +1,29 @@ | ||
// Copyright (c) "Neo4j" | ||
// Neo4j Sweden AB [http://neo4j.com] | ||
// | ||
// | ||
// This file is part of Neo4j. | ||
// | ||
// | ||
// Licensed under the Apache License, Version 2.0 (the "License"). | ||
// You may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
|
||
using System.Threading.Tasks; | ||
namespace Neo4j.Driver.Tests.TestBackend; | ||
|
||
namespace Neo4j.Driver.Auth; | ||
|
||
/// <summary>Provides auth tokens that expire.</summary> | ||
public interface IExpiringAuthTokenProvider | ||
internal class AuthTokenManagerHandleSecurityExceptionCompleted : IProtocolObject | ||
{ | ||
/// <summary>Gets a new auth token and expiration time.</summary> | ||
/// <returns>A task that represents the asynchronous operation.</returns> | ||
Task<AuthTokenAndExpiration> GetTokenAsync(); | ||
public AuthTokenManagerHandleSecurityExceptionCompletedDto data { get; set; } | ||
|
||
public class AuthTokenManagerHandleSecurityExceptionCompletedDto | ||
{ | ||
public string requestId { get; set; } | ||
public bool handled { get; set; } | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
82 changes: 82 additions & 0 deletions
82
Neo4j.Driver/Neo4j.Driver.Tests.TestBackend/Protocol/Auth/NewBasicAuthTokenManager.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
// Copyright (c) "Neo4j" | ||
// Neo4j Sweden AB [http://neo4j.com] | ||
// | ||
// This file is part of Neo4j. | ||
// | ||
// Licensed under the Apache License, Version 2.0 (the "License"). | ||
// You may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
|
||
using System; | ||
using System.Collections.Generic; | ||
using System.Threading; | ||
using System.Threading.Tasks; | ||
using Neo4j.Driver.Preview.Auth; | ||
using Neo4j.Driver.Internal; | ||
using Neo4j.Driver.Internal.Auth; | ||
|
||
namespace Neo4j.Driver.Tests.TestBackend; | ||
|
||
internal abstract class TestAuthTokenManager : IProtocolObject, IAuthTokenManager | ||
{ | ||
public abstract ValueTask<IAuthToken> GetTokenAsync(CancellationToken cancellationToken = default); | ||
|
||
public abstract ValueTask<bool> HandleSecurityExceptionAsync( | ||
IAuthToken token, | ||
SecurityException exception, | ||
CancellationToken cancellationToken = default); | ||
} | ||
|
||
internal class NewNeo4jAuthTokenManager : IProtocolObject | ||
{ | ||
protected Controller _controller; | ||
public IAuthTokenManager TokenManager; | ||
} | ||
|
||
internal class NewBasicAuthTokenManager : NewNeo4jAuthTokenManager | ||
{ | ||
public object data { get; set; } | ||
|
||
public override Task Process(Controller controller) | ||
{ | ||
_controller = controller; | ||
TokenManager = AuthTokenManagers.Basic(FakeTime.Instance, GetTokenAsync); | ||
return Task.CompletedTask; | ||
} | ||
|
||
public async ValueTask<IAuthToken> GetTokenAsync() | ||
{ | ||
var requestId = Guid.NewGuid().ToString(); | ||
await _controller.SendResponse(GetAuthRequest(requestId)).ConfigureAwait(false); | ||
var result = await _controller.TryConsumeStreamObjectOfType<BasicAuthTokenProviderCompleted>() | ||
.ConfigureAwait(false); | ||
|
||
if (result.data.requestId == requestId) | ||
{ | ||
var token = new AuthToken(result.data.auth.data.ToDictionary()); | ||
return token; | ||
} | ||
|
||
throw new Exception("GetTokenAsync: request IDs did not match"); | ||
} | ||
|
||
public override string Respond() | ||
{ | ||
return new ProtocolResponse("BasicAuthTokenManager", uniqueId).Encode(); | ||
} | ||
|
||
protected string GetAuthRequest(string requestId) | ||
{ | ||
return new ProtocolResponse( | ||
"BasicAuthTokenProviderRequest", | ||
new { basicAuthTokenManagerId = uniqueId, id = requestId }).Encode(); | ||
} | ||
} |
Oops, something went wrong.