Merge pull request #818 from oskarhane/allow-non-reader

Enable users with non reader roles to connect

Author: pe4cey

e2e_tests/integration/bolt.spec.js

@@ -18,7 +18,7 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-/* global cy, test, expect */
+/* global Cypress, cy, test, expect */
 
 describe('Bolt connections', () => {
   it('show "no connection" error when not using web workers', () => {
@@ -34,13 +34,50 @@ describe('Bolt connections', () => {
     cy.resultContains('No connection found, did you connect to Neo4j')
   })
   it('does not show the "Reconnect" banner when trying to connect', () => {
-    cy.connect('neo4j', 'x', 'bolt://localhost:7685', false) // Non open port
+    cy.connect(
+      'neo4j',
+      'x',
+      'bolt://localhost:7685',
+      false
+    ) // Non open port
     cy.wait(10000)
     cy.get('[data-test-id="reconnectBanner"]').should('not.be.visible')
     cy.get('[data-test-id="disconnectedBanner"]').should('be.visible')
-    cy
-      .get('[data-test-id="main"]', { timeout: 1000 })
+    cy.get('[data-test-id="main"]', { timeout: 1000 })
       .and('contain', 'Database access not available')
       .should('not.contain', 'Connection lost')
   })
+  it('users with no role can connect', () => {
+    cy.executeCommand(':clear')
+    const password = Cypress.env('browser-password') || 'newpassword'
+    cy.connect(
+      'neo4j',
+      password
+    )
+    cy.executeCommand('CALL dbms.security.deleteUser("no-roles")')
+    cy.executeCommand(':clear')
+    cy.executeCommand('CALL dbms.security.createUser("no-roles", "pw", true)')
+    cy.executeCommand(':server disconnect')
+    cy.executeCommand(':clear')
+    cy.executeCommand(':server connect')
+
+    // Make sure initial pw set works
+    cy.setInitialPassword('.', 'pw', 'no-roles', true)
+
+    // Try regular connect
+    cy.executeCommand(':server disconnect')
+    cy.connect(
+      'no-roles',
+      '.'
+    )
+
+    // We need to reset the local storage value to
+    // default so other tests can pass
+    cy.executeCommand(':server disconnect')
+    cy.connect(
+      'neo4j',
+      password
+    )
+    cy.executeCommand(':server disconnect')
+  })
 })

e2e_tests/support/commands.js

@@ -4,43 +4,50 @@ const Editor = '.ReactCodeMirror textarea'
 
 /* global Cypress, cy */
 
-Cypress.Commands.add('setInitialPassword', newPassword => {
-  if (Cypress.env('E2E_TEST_ENV') === 'local') {
-    // We assume pw already set on local
-    return
-  }
-  cy.title().should('include', 'Neo4j Browser')
-
-  cy
-    .get('input[data-test-id="boltaddress"]')
-    .clear()
-    .type('bolt://localhost:7687')
-
-  cy.get('input[data-test-id="username"]').should('have.value', 'neo4j')
-  cy.get('input[data-test-id="password"]').should('have.value', '')
+Cypress.Commands.add(
+  'setInitialPassword',
+  (
+    newPassword,
+    initialPassword = 'neo4j',
+    username = 'neo4j',
+    force = false
+  ) => {
+    if (Cypress.env('E2E_TEST_ENV') === 'local' && !force) {
+      // We assume pw already set on local
+      return
+    }
+    cy.title().should('include', 'Neo4j Browser')
 
-  cy.get('input[data-test-id="password"]').type('neo4j')
+    cy.get('input[data-test-id="boltaddress"]')
+      .clear()
+      .type('bolt://localhost:7687')
 
-  cy.get('input[data-test-id="username"]').should('have.value', 'neo4j')
+    cy.get('input[data-test-id="username"]')
+      .clear()
+      .type(username)
+    cy.get('input[data-test-id="password"]').type(initialPassword)
 
-  cy.get('button[data-test-id="connect"]').click()
+    cy.get('button[data-test-id="connect"]').click()
 
-  // update password
-  cy.get('input[data-test-id="newPassword"]')
-  cy.get('input[data-test-id="newPassword"]').should('have.value', '')
-  cy
-    .get('input[data-test-id="newPasswordConfirmation"]')
-    .should('have.value', '')
+    // update password
+    cy.get('input[data-test-id="newPassword"]')
+    cy.get('input[data-test-id="newPassword"]').should('have.value', '')
+    cy.get('input[data-test-id="newPasswordConfirmation"]').should(
+      'have.value',
+      ''
+    )
 
-  cy.get('input[data-test-id="newPassword"]').type(newPassword)
-  cy.get('input[data-test-id="newPasswordConfirmation"]').type(newPassword)
-  cy.get('button[data-test-id="changePassword"]').click()
+    cy.get('input[data-test-id="newPassword"]').type(newPassword)
+    cy.get('input[data-test-id="newPasswordConfirmation"]').type(newPassword)
+    cy.get('button[data-test-id="changePassword"]').click()
 
-  cy.get('input[data-test-id="changePassword"]').should('not.be.visible')
-  cy
-    .get('[data-test-id="frameCommand"]', { timeout: 10000 })
-    .should('contain', ':play start')
-})
+    cy.get('input[data-test-id="changePassword"]').should('not.be.visible')
+    cy.get('[data-test-id="frameCommand"]', { timeout: 10000 }).should(
+      'contain',
+      ':play start'
+    )
+  }
+)
 Cypress.Commands.add(
   'connect',
   (
@@ -53,31 +60,25 @@ Cypress.Commands.add(
     cy.executeCommand(':clear')
     cy.executeCommand(':server connect')
 
-    cy
-      .get('input[data-test-id="boltaddress"]')
+    cy.get('input[data-test-id="boltaddress"]')
       .clear()
       .type(host)
 
-    cy.get('input[data-test-id="username"]').should('have.value', 'neo4j')
-    cy.get('input[data-test-id="password"]').should('have.value', '')
-
-    cy
-      .get('input[data-test-id="username"]')
+    cy.get('input[data-test-id="username"]')
       .clear()
       .type(username)
-    cy
-      .get('input[data-test-id="password"]')
+    cy.get('input[data-test-id="password"]')
       .clear()
       .type(password)
 
     cy.get('button[data-test-id="connect"]').click()
     if (makeAssertions) {
-      cy
-        .get('[data-test-id="frame"]', { timeout: 10000 })
-        .should('have.length', 2)
+      cy.get('[data-test-id="frame"]', { timeout: 10000 }).should(
+        'have.length',
+        2
+      )
       cy.wait(500)
-      cy
-        .get('[data-test-id="frameCommand"]')
+      cy.get('[data-test-id="frameCommand"]')
         .first()
         .should('contain', ':play start')
       cy.executeCommand(':clear')
@@ -94,12 +95,13 @@ Cypress.Commands.add('executeCommand', query => {
   cy.get(SubmitQueryButton).click()
 })
 Cypress.Commands.add('waitForCommandResult', () => {
-  cy
-    .get('[data-test-id="frame-loaded-contents"]', { timeout: 40000 })
-    .should('be.visible')
+  cy.get('[data-test-id="frame-loaded-contents"]', { timeout: 40000 }).should(
+    'be.visible'
+  )
 })
 Cypress.Commands.add('resultContains', str => {
-  cy
-    .get('[data-test-id="frameContents"]', { timeout: 40000 })
-    .should('contain', str)
+  cy.get('[data-test-id="frameContents"]', { timeout: 40000 }).should(
+    'contain',
+    str
+  )
 })

src/browser/modules/User/RolesSelector.jsx

@@ -20,19 +20,22 @@
 import React from 'react'
 import { StyledSelect } from './styled'
 
-const RolesSelector = ({
-  roles = [],
-  onChange = null,
-  selectedValue = undefined
-}) => {
+const RolesSelector = ({ roles = [], onChange = null, selectedValue = 0 }) => {
+  let options = [
+    <option key={'-1'} value={0}>
+      {' '}
+    </option>
+  ]
   if (roles.length > 0) {
-    const options = roles.map((role, i) => {
-      return (
-        <option key={i} value={role}>
-          {role}
-        </option>
-      )
-    })
+    options = options.concat(
+      roles.map((role, i) => {
+        return (
+          <option key={i} value={role}>
+            {role}
+          </option>
+        )
+      })
+    )
     return (
       <StyledSelect
         className='roles-selector'

src/browser/modules/User/UserInformation.jsx

@@ -131,6 +131,8 @@ export class UserInformation extends Component {
             roles={this.availableRoles()}
             onChange={this.onRoleSelect.bind(this)}
           />
+        </StyledUserTd>
+        <StyledUserTd className='current-roles'>
           <span>{this.listRoles()}</span>
         </StyledUserTd>
         <StyledUserTd className='status'>

src/browser/modules/User/UserList.jsx

@@ -94,7 +94,8 @@ export class UserList extends Component {
     })
     const tableHeaders = [
       'Username',
-      'Roles(s)',
+      'Add Role',
+      'Current Roles(s)',
       'Status',
       'Password Change',
       'Delete'

src/shared/services/bolt/boltConnection.js

@@ -52,7 +52,19 @@ const validateConnection = (driver, res, rej) => {
       res(driver)
     })
     .catch(e => {
-      rej(e)
+      // Only invalidate the connection if not available
+      // or not authed
+      // or credentials have expired
+      const invalidStates = [
+        'ServiceUnavailable',
+        'Neo.ClientError.Security.Unauthorized',
+        'Neo.ClientError.Security.CredentialsExpired'
+      ]
+      if (!e.code || invalidStates.includes(e.code)) {
+        rej(e)
+      } else {
+        res(driver)
+      }
     })
 }