add user-api test (#1456)

* add user test
* open auth properties
* fix auth startup of memory backend bug

hugegraph-api/src/main/java/com/baidu/hugegraph/auth/ConfigAuthenticator.java

@@ -22,6 +22,7 @@
 import java.net.InetAddress;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.Objects;
 
 import org.apache.commons.lang.NotImplementedException;
 import org.apache.tinkerpop.gremlin.groovy.jsr223.dsl.credential.CredentialGraphTokens;
@@ -81,11 +82,21 @@ public RolePermission authenticate(final String username,
 
     @Override
     public AuthManager authManager() {
-        throw new NotImplementedException("AuthManager is unsupported");
+        throw new NotImplementedException(
+                  "AuthManager is unsupported by ConfigAuthenticator");
+    }
+
+    @Override
+    public void initAdminUser(String password) throws Exception {
+        String adminToken = this.tokens.get(USER_ADMIN);
+        E.checkArgument(Objects.equals(adminToken, password),
+                        "The password can't be changed for " +
+                        "ConfigAuthenticator");
     }
 
     @Override
     public SaslNegotiator newSaslNegotiator(InetAddress remoteAddress) {
-        throw new NotImplementedException("SaslNegotiator is unsupported");
+        throw new NotImplementedException(
+                  "SaslNegotiator is unsupported by ConfigAuthenticator");
     }
 }

hugegraph-api/src/main/java/com/baidu/hugegraph/auth/HugeAuthenticator.java

@@ -121,6 +121,8 @@ public default boolean verifyRole(RolePermission role) {
         }
     }
 
+    public void initAdminUser(String password) throws Exception;
+
     public static HugeAuthenticator loadAuthenticator(HugeConfig conf) {
         String authClass = conf.get(ServerOptions.AUTHENTICATOR);
         if (authClass.isEmpty()) {

hugegraph-api/src/main/java/com/baidu/hugegraph/auth/StandardAuthenticator.java

@@ -47,6 +47,12 @@ private HugeGraph graph() {
     }
 
     private void initAdminUser() throws Exception {
+        this.initAdminUser(this.inputPassword());
+
+        this.graph.close();
+    }
+
+    public void initAdminUser(String password) throws Exception {
         // Not allowed to call by non main thread
         String caller = Thread.currentThread().getName();
         E.checkState(caller.equals("main"), "Invalid caller '%s'", caller);
@@ -56,12 +62,10 @@ private void initAdminUser() throws Exception {
         if (StandardAuthManager.isLocal(authManager) &&
             authManager.findUser(HugeAuthenticator.USER_ADMIN) == null) {
             HugeUser admin = new HugeUser(HugeAuthenticator.USER_ADMIN);
-            admin.password(StringEncoding.hashPassword(this.inputPassword()));
+            admin.password(StringEncoding.hashPassword(password));
             admin.creator(HugeAuthenticator.USER_SYSTEM);
             authManager.createUser(admin);
         }
-
-        this.graph.close();
     }
 
     private String inputPassword() {
@@ -141,15 +145,17 @@ public SaslNegotiator newSaslNegotiator(InetAddress remoteAddress) {
         throw new NotImplementedException("SaslNegotiator is unsupported");
     }
 
-    public static void initAdminUser(String restConfFile) throws Exception {
+    public static void initAdminUserIfNeeded(String confFile) throws Exception {
         StandardAuthenticator auth = new StandardAuthenticator();
-        HugeConfig config = new HugeConfig(restConfFile);
+        HugeConfig config = new HugeConfig(confFile);
         String authClass = config.get(ServerOptions.AUTHENTICATOR);
         if (authClass.isEmpty()) {
             return;
         }
         config.addProperty(INITING_STORE, true);
         auth.setup(config);
-        auth.initAdminUser();
+        if (auth.graph().backendStoreFeatures().supportsPersistence()) {
+            auth.initAdminUser();
+        }
     }
 }

hugegraph-api/src/main/java/com/baidu/hugegraph/core/GraphManager.java

@@ -82,7 +82,7 @@ public GraphManager(HugeConfig conf) {
         // this.installLicense(conf, "");
         // Raft will load snapshot firstly then launch election and replay log
         this.waitGraphsStarted();
-        this.checkBackendVersionOrExit();
+        this.checkBackendVersionOrExit(conf);
         this.startRpcServer();
         this.serverStarted(conf);
         this.addMetrics(conf);
@@ -256,12 +256,22 @@ private void loadGraph(String name, String path) {
         }
     }
 
-    private void checkBackendVersionOrExit() {
+    private void checkBackendVersionOrExit(HugeConfig config) {
         for (String graph : this.graphs()) {
             // TODO: close tx from main thread
             HugeGraph hugegraph = this.graph(graph);
             if (!hugegraph.backendStoreFeatures().supportsPersistence()) {
                 hugegraph.initBackend();
+                if (this.requireAuthentication()) {
+                    String token = config.get(ServerOptions.AUTH_ADMIN_TOKEN);
+                    try {
+                        this.authenticator.initAdminUser(token);
+                    } catch (Exception e) {
+                        throw new BackendException(
+                                  "The backend store of '%s' can't " +
+                                  "initialize admin user", hugegraph.name());
+                    }
+                }
             }
             BackendStoreSystemInfo info = hugegraph.backendStoreSystemInfo();
             if (!info.exists()) {

hugegraph-dist/src/assembly/travis/run-api-test.sh

@@ -5,9 +5,30 @@ set -ev
 TRAVIS_DIR=`dirname $0`
 VERSION=`mvn help:evaluate -Dexpression=project.version -q -DforceStdout`
 SERVER_DIR=hugegraph-$VERSION
+CONF=$SERVER_DIR/conf/hugegraph.properties
+REST_SERVER_CONF=$SERVER_DIR/conf/rest-server.properties
+GREMLIN_SERVER_CONF=$SERVER_DIR/conf/gremlin-server.yaml
 
 mvn package -DskipTests
+
+# config rest-server
+sed -i 's/#auth.authenticator=/auth.authenticator=com.baidu.hugegraph.auth.StandardAuthenticator/' $REST_SERVER_CONF
+sed -i 's/#auth.admin_token=/auth.admin_token=pa/' $REST_SERVER_CONF
+
+# config hugegraph.properties
+sed -i 's/gremlin.graph=.*/gremlin.graph=com.baidu.hugegraph.auth.HugeFactoryAuthProxy/' $CONF
+
+# config gremlin-server
+echo "
+authentication: {
+  authenticator: com.baidu.hugegraph.auth.StandardAuthenticator,
+  authenticationHandler: com.baidu.hugegraph.auth.WsAndHttpBasicAuthHandler,
+  config: {tokens: conf/rest-server.properties}
+}" >> $GREMLIN_SERVER_CONF
+
 $TRAVIS_DIR/start-server.sh $SERVER_DIR || (cat $SERVER_DIR/logs/hugegraph-server.log && exit 1)
+
+# run api-test
 mvn test -P api-test,$BACKEND || (cat $SERVER_DIR/logs/hugegraph-server.log && exit 1)
 $TRAVIS_DIR/build-report.sh
 $TRAVIS_DIR/stop-server.sh

hugegraph-dist/src/assembly/travis/start-server.sh

@@ -37,4 +37,4 @@ fi
 echo "schema.sync_deletion=true" >> $CONF
 
 AGENT_JAR=${HOME_DIR}/${TRAVIS_DIR}/jacocoagent.jar
-$BIN/init-store.sh && $BIN/start-hugegraph.sh -j "-javaagent:${AGENT_JAR}=includes=*,port=36320,destfile=jacoco-it.exec,output=tcpserver" -v
+echo -e "pa" | $BIN/init-store.sh && $BIN/start-hugegraph.sh -j "-javaagent:${AGENT_JAR}=includes=*,port=36320,destfile=jacoco-it.exec,output=tcpserver" -v

hugegraph-dist/src/main/java/com/baidu/hugegraph/cmd/InitStore.java

@@ -99,7 +99,7 @@ public static void main(String[] args) throws Exception {
             initGraph(configPath);
         }
 
-        StandardAuthenticator.initAdminUser(restConfFile);
+        StandardAuthenticator.initAdminUserIfNeeded(restConfFile);
 
         HugeFactory.shutdown(30L);
     }

hugegraph-test/src/main/java/com/baidu/hugegraph/api/ApiTestSuite.java

@@ -35,7 +35,8 @@
     EdgeApiTest.class,
     TaskApiTest.class,
     GremlinApiTest.class,
-    MetricsApiTest.class
+    MetricsApiTest.class,
+    UserApiTest.class
 })
 public class ApiTestSuite {
 

hugegraph-test/src/main/java/com/baidu/hugegraph/api/BaseApiTest.java

@@ -34,6 +34,7 @@
 import javax.ws.rs.client.WebTarget;
 import javax.ws.rs.core.Response;
 
+import org.glassfish.jersey.client.authentication.HttpAuthenticationFeature;
 import org.glassfish.jersey.client.filter.EncodingFilter;
 import org.glassfish.jersey.message.GZipEncoder;
 import org.junit.After;
@@ -52,6 +53,8 @@ public class BaseApiTest {
 
     private static String BASE_URL = "http://127.0.0.1:8080";
     private static String GRAPH = "hugegraph";
+    private static final String USERNAME = "admin";
+    private static final String PASSWORD = "pa";
 
     private static final String URL_PREFIX = "graphs/" + GRAPH;
     private static final String SCHEMA_PKS = "/schema/propertykeys";
@@ -98,6 +101,8 @@ public RestClient(String url) {
             this.client = ClientBuilder.newClient();
             this.client.register(EncodingFilter.class);
             this.client.register(GZipEncoder.class);
+            this.client.register(HttpAuthenticationFeature.basic(USERNAME,
+                                                                 PASSWORD));
             this.target = this.client.target(url);
         }
 

hugegraph-test/src/main/java/com/baidu/hugegraph/api/GremlinApiTest.java

@@ -86,14 +86,12 @@ public void testScript() {
     @Test
     public void testClearAndInit() {
         String body = "{"
-                + "\"gremlin\":\"hugegraph.clearBackend()\","
-                + "\"bindings\":{},"
-                + "\"language\":\"gremlin-groovy\","
-                + "\"aliases\":{\"g\":\"__g_hugegraph\"}}";
-        assertResponseStatus(200, client().post(path, body));
-
-        body = "{"
-                + "\"gremlin\":\"hugegraph.initBackend()\","
+                + "\"gremlin\":\""
+                + "def auth = hugegraph.hugegraph().authManager();"
+                + "def admin = auth.findUser('admin');"
+                + "hugegraph.clearBackend();"
+                + "hugegraph.initBackend();"
+                + "auth.createUser(admin);\","
                 + "\"bindings\":{},"
                 + "\"language\":\"gremlin-groovy\","
                 + "\"aliases\":{\"g\":\"__g_hugegraph\"}}";