Don't check in lib

Author: technige

lib/browser/neo4j-web.js

@@ -230,11 +230,10 @@ var USER_AGENT = "neo4j-javascript/" + _version.VERSION;
  * options are as follows:
  *
  *     {
- *       // Encryption level: one of ENCRYPTION_ON, ENCRYPTION_OFF or ENCRYPTION_NON_LOCAL.
- *       // ENCRYPTION_NON_LOCAL is on by default in modern NodeJS installs,
+ *       // Enable TLS encryption. This is on by default in modern NodeJS installs,
  *       // but off by default in the Web Bundle and old (<=1.0.0) NodeJS installs
  *       // due to technical limitations on those platforms.
- *       encrypted: ENCRYPTION_ON|ENCRYPTION_OFF|ENCRYPTION_NON_LOCAL
+ *       encrypted: true|false,
  *
  *       // Trust strategy to use if encryption is enabled. There is no mode to disable
  *       // trust other than disabling encryption altogether. The reason for

lib/browser/neo4j-web.min.js

@@ -44,11 +44,6 @@ var DummyChannel = (function () {
   }
 
   _createClass(DummyChannel, [{
-    key: "isEncrypted",
-    value: function isEncrypted() {
-      return false;
-    }
-  }, {
     key: "write",
     value: function write(buf) {
       this.written.push(buf);

lib/browser/neo4j-web.test.js

@@ -49,8 +49,6 @@ var _os = require('os');
 
 var _buf = require('./buf');
 
-var _util = require('./util');
-
 var _error = require('./../error');
 
 var _CONNECTION_IDGEN = 0;
@@ -85,17 +83,13 @@ function loadFingerprint(serverId, knownHostsPath, cb) {
 }
 
 function storeFingerprint(serverId, knownHostsPath, fingerprint) {
-  _fs2['default'].appendFile(knownHostsPath, serverId + " " + fingerprint + _os.EOL, "utf8", function (err) {
-    if (err) {
-      console.log(err);
-    }
-  });
+  _fs2['default'].appendFile(knownHostsPath, serverId + " " + fingerprint + _os.EOL, "utf8");
 }
 
 var TrustStrategy = {
   TRUST_SIGNED_CERTIFICATES: function TRUST_SIGNED_CERTIFICATES(opts, onSuccess, onFailure) {
     if (!opts.trustedCertificates || opts.trustedCertificates.length == 0) {
-      onFailure((0, _error.newError)("You are using TRUST_SIGNED_CERTIFICATES as the method " + "to verify trust for encrypted  connections, but have not configured any " + "trustedCertificates. You  must specify the path to at least one trusted " + "X.509 certificate for this to work. Two other alternatives is to use " + "TRUST_ON_FIRST_USE or to disable encryption by setting encrypted=\"" + _util.ENCRYPTION_OFF + "\"" + "in your driver configuration."));
+      onFailure((0, _error.newError)("You are using TRUST_SIGNED_CERTIFICATES as the method " + "to verify trust for encrypted  connections, but have not configured any " + "trustedCertificates. You  must specify the path to at least one trusted " + "X.509 certificate for this to work. Two other alternatives is to use " + "TRUST_ON_FIRST_USE or to disable encryption by setting encrypted=false " + "in your driver configuration."));
       return;
     }
 
@@ -108,7 +102,7 @@ var TrustStrategy = {
 
     var socket = _tls2['default'].connect(opts.port, opts.host, tlsOpts, function () {
       if (!socket.authorized) {
-        onFailure((0, _error.newError)("Server certificate is not trusted. If you trust the database you are connecting to, add" + " the signing certificate, or the server certificate, to the list of certificates trusted by this driver" + " using `neo4j.v1.driver(.., { trustedCertificates:['path/to/certificate.crt']}). This " + " is a security measure to protect against man-in-the-middle attacks. If you are just trying " + " Neo4j out and are not concerned about encryption, simply disable it using `encrypted=\"" + _util.ENCRYPTION_OFF + "\"` in the driver" + " options."));
+        onFailure((0, _error.newError)("Server certificate is not trusted. If you trust the database you are connecting to, add" + " the signing certificate, or the server certificate, to the list of certificates trusted by this driver" + " using `neo4j.v1.driver(.., { trustedCertificates:['path/to/certificate.crt']}). This " + " is a security measure to protect against man-in-the-middle attacks. If you are just trying " + " Neo4j out and are not concerned about encryption, simply disable it using `encrypted=false` in the driver" + " options."));
       } else {
         onSuccess();
       }
@@ -130,7 +124,7 @@ var TrustStrategy = {
         // the raw cert cannot be accessed (or, at least I couldn't find a way to)
         // therefore, we can't generate a SHA512 fingerprint, meaning we can't
         // do TOFU, and the safe approach is to fail.
-        onFailure((0, _error.newError)("You are using a version of NodeJS that does not " + "support trust-on-first use encryption. You can either upgrade NodeJS to " + "a newer version, use `trust:TRUST_SIGNED_CERTIFICATES` in your driver " + "config instead, or disable encryption using `encrypted:\"" + _util.ENCRYPTION_OFF + "\"`."));
+        onFailure((0, _error.newError)("You are using a version of NodeJS that does not " + "support trust-on-first use encryption. You can either upgrade NodeJS to " + "a newer version, use `trust:TRUST_SIGNED_CERTIFICATES` in your driver " + "config instead, or disable encryption using `encrypted:false`."));
         return;
       }
 
@@ -145,7 +139,7 @@ var TrustStrategy = {
           storeFingerprint(serverId, knownHostsPath, serverFingerprint);
           onSuccess();
         } else {
-          onFailure((0, _error.newError)("Database encryption certificate has changed, and no longer " + "matches the certificate stored for " + serverId + " in `" + knownHostsPath + "`. As a security precaution, this driver will not automatically trust the new " + "certificate, because doing so would allow an attacker to pretend to be the Neo4j " + "instance we want to connect to. The certificate provided by the server looks like: " + serverCert + ". If you trust that this certificate is valid, simply remove the line " + "starting with " + serverId + " in `" + knownHostsPath + "`, and the driver will " + "update the file with the new certificate. You can configure which file the driver " + "should use to store this information by setting `knownHosts` to another path in " + "your driver configuration - and you can disable encryption there as well using " + "`encrypted:\"" + _util.ENCRYPTION_OFF + "\"`."));
+          onFailure((0, _error.newError)("Database encryption certificate has changed, and no longer " + "matches the certificate stored for " + serverId + " in `" + knownHostsPath + "`. As a security precaution, this driver will not automatically trust the new " + "certificate, because doing so would allow an attacker to pretend to be the Neo4j " + "instance we want to connect to. The certificate provided by the server looks like: " + serverCert + ". If you trust that this certificate is valid, simply remove the line " + "starting with " + serverId + " in `" + knownHostsPath + "`, and the driver will " + "update the file with the new certificate. You can configure which file the driver " + "should use to store this information by setting `knownHosts` to another path in " + "your driver configuration - and you can disable encryption there as well using " + "`encrypted:false`."));
         }
       });
     });
@@ -159,15 +153,14 @@ function connect(opts, onSuccess) {
     return null;
   } : arguments[2];
 
-  //still allow boolean for backwards compatibility
-  if (opts.encrypted === false || opts.encrypted === _util.ENCRYPTION_OFF || opts.encrypted === _util.ENCRYPTION_NON_LOCAL && (0, _util.isLocalHost)(opts.host)) {
+  if (opts.encrypted === false) {
     var conn = _net2['default'].connect(opts.port, opts.host, onSuccess);
     conn.on('error', onFailure);
     return conn;
   } else if (TrustStrategy[opts.trust]) {
     return TrustStrategy[opts.trust](opts, onSuccess, onFailure);
   } else {
-    onFailure((0, _error.newError)("Unknown trust strategy: " + opts.trust + ". Please use either " + "trust:'TRUST_SIGNED_CERTIFICATES' or trust:'TRUST_ON_FIRST_USE' in your driver " + "configuration. Alternatively, you can disable encryption by setting " + "`encrypted:\"" + _util.ENCRYPTION_OFF + "\"`. There is no mechanism to use encryption without trust verification, " + "because this incurs the overhead of encryption without improving security. If " + "the driver does not verify that the peer it is connected to is really Neo4j, it " + "is very easy for an attacker to bypass the encryption by pretending to be Neo4j."));
+    onFailure((0, _error.newError)("Unknown trust strategy: " + opts.trust + ". Please use either " + "trust:'TRUST_SIGNED_CERTIFICATES' or trust:'TRUST_ON_FIRST_USE' in your driver " + "configuration. Alternatively, you can disable encryption by setting " + "`encrypted:false`. There is no mechanism to use encryption without trust verification, " + "because this incurs the overhead of encryption without improving security. If " + "the driver does not verify that the peer it is connected to is really Neo4j, it " + "is very easy for an attacker to bypass the encryption by pretending to be Neo4j."));
   }
 }
 
@@ -198,7 +191,6 @@ var NodeChannel = (function () {
     this._error = null;
     this._handleConnectionError = this._handleConnectionError.bind(this);
 
-    this._encrypted = opts.encrypted;
     this._conn = connect(opts, function () {
       if (!self._open) {
         return;
@@ -229,11 +221,6 @@ var NodeChannel = (function () {
         this.onerror(err);
       }
     }
-  }, {
-    key: 'isEncrypted',
-    value: function isEncrypted() {
-      return this._encrypted;
-    }
 
     /**
      * Write the passed in buffer to connection

lib/v1/driver.js

@@ -33,8 +33,6 @@ var _buf = require("./buf");
 
 var _error = require('./../error');
 
-var _util = require('./util');
-
 /**
  * Create a new WebSocketChannel to be used in web browsers.
  * @access private
@@ -57,15 +55,12 @@ var WebSocketChannel = (function () {
     this._error = null;
     this._handleConnectionError = this._handleConnectionError.bind(this);
 
-    this._encrypted = opts.encrypted;
-
     var scheme = "ws";
-    //Allow boolean for backwards compatibility
-    if (opts.encrypted === true || opts.encrypted === _util.ENCRYPTION_ON || opts.encrypted === _util.ENCRYPTION_NON_LOCAL && !(0, _util.isLocalHost)(opts.host)) {
+    if (opts.encrypted) {
       if (!opts.trust || opts.trust === "TRUST_SIGNED_CERTIFICATES") {
         scheme = "wss";
       } else {
-        this._error = (0, _error.newError)("The browser version of this driver only supports one trust " + "strategy, 'TRUST_SIGNED_CERTIFICATES'. " + opts.trust + " is not supported. Please " + "either use TRUST_SIGNED_CERTIFICATES or disable encryption by setting " + "`encrypted:\"" + _util.ENCRYPTION_OFF + "\"` in the driver configuration.");
+        this._error = (0, _error.newError)("The browser version of this driver only supports one trust " + "strategy, 'TRUST_SIGNED_CERTIFICATES'. " + opts.trust + " is not supported. Please " + "either use TRUST_SIGNED_CERTIFICATES or disable encryption by setting " + "`encrypted:false` in the driver configuration.");
         return;
       }
     }
@@ -111,11 +106,6 @@ var WebSocketChannel = (function () {
         }
       }
     }
-  }, {
-    key: "isEncrypted",
-    value: function isEncrypted() {
-      return this._encrypted;
-    }
 
     /**
      * Write the passed in buffer to connection

lib/v1/internal/ch-dummy.js

@@ -59,8 +59,6 @@ var _integer = require('../integer');
 
 var _error = require('./../error');
 
-var _util = require('./util');
-
 var Channel = undefined;
 if (_chWebsocket2["default"].available) {
   Channel = _chWebsocket2["default"].channel;
@@ -469,11 +467,6 @@ var Connection = (function () {
     value: function isOpen() {
       return !this._isBroken && this._ch._open;
     }
-  }, {
-    key: "isEncrypted",
-    value: function isEncrypted() {
-      return this._ch.isEncrypted();
-    }
 
     /**
      * Call close on the channel.
@@ -496,9 +489,9 @@ function connect(url) {
   return new Connection(new Ch({
     host: host(url),
     port: port(url) || 7687,
-    // Default to using ENCRYPTION_NON_LOCAL if trust-on-first-use is available
-    encrypted: (0, _util.shouldEncrypt)(config.encrypted, (0, _features2["default"])("trust_on_first_use") ? _util.ENCRYPTION_NON_LOCAL : _util.ENCRYPTION_OFF, host(url)),
-    // Default to using TRUST_ON_FIRST_USE if it is available
+    // Default to using encryption if trust-on-first-use is available
+    encrypted: config.encrypted == null ? (0, _features2["default"])("trust_on_first_use") : config.encrypted,
+    // Default to using trust-on-first-use if it is available
     trust: config.trust || ((0, _features2["default"])("trust_on_first_use") ? "TRUST_ON_FIRST_USE" : "TRUST_SIGNED_CERTIFICATES"),
     trustedCertificates: config.trustedCertificates || [],
     knownHosts: config.knownHosts

lib/v1/internal/ch-node.js

@@ -1,3 +1,4 @@
+
 /**
  * Copyright (c) 2002-2016 "Neo Technology,"
  * Network Engine for Objects in Lund AB [http://neotechnology.com]
@@ -31,37 +32,7 @@ function isLocalHost(host) {
   return LOCALHOST_MATCHER.test(host);
 }
 
-/* Coerce an encryption setting to a definitive boolean value,
- * given a valid default and a target host. If encryption is
- * explicitly set on or off, then the mapping is a simple
- * conversion to true or false respectively. If set to
- * ENCRYPTION_NON_LOCAL then respond according to whether or
- * not the host is localhost/127.x.x.x. In all other cases
- * (including undefined) then fall back to the default and
- * re-evaluate.
- */
-function shouldEncrypt(_x, _x2, _x3) {
-  var _again = true;
-
-  _function: while (_again) {
-    var encryption = _x,
-        encryptionDefault = _x2,
-        host = _x3;
-    _again = false;
-
-    if (encryption === ENCRYPTION_ON || encryption === true) return true;
-    if (encryption === ENCRYPTION_OFF || encryption === false) return false;
-    if (encryption === ENCRYPTION_NON_LOCAL) return !isLocalHost(host);
-    _x = encryptionDefault;
-    _x2 = ENCRYPTION_OFF;
-    _x3 = host;
-    _again = true;
-    continue _function;
-  }
-}
-
 exports.isLocalHost = isLocalHost;
-exports.shouldEncrypt = shouldEncrypt;
 exports.ENCRYPTION_ON = ENCRYPTION_ON;
 exports.ENCRYPTION_OFF = ENCRYPTION_OFF;
 exports.ENCRYPTION_NON_LOCAL = ENCRYPTION_NON_LOCAL;

lib/v1/internal/ch-websocket.js

@@ -97,22 +97,6 @@ var Record = (function () {
       }
     }
 
-    /**
-     * Generates an object out of the current Record
-     *
-     * @returns {Object}
-     */
-  }, {
-    key: "toObject",
-    value: function toObject() {
-      var object = {};
-      this.forEach(function (value, key) {
-        object[key] = value;
-      });
-
-      return object;
-    }
-
     /**
      * Get a value from this record, either by index or by field key.
      *
@@ -138,24 +122,6 @@ var Record = (function () {
 
       return this._fields[index];
     }
-
-    /**
-     * Check if a value from this record, either by index or by field key, exists.
-     *
-     * @param {string|Number} key Field key, or the index of the field.
-     * @returns {boolean}
-     */
-  }, {
-    key: "has",
-    value: function has(key) {
-      // if key is a number, we check if it is in the _fields array
-      if (typeof key === "number") {
-        return key >= 0 && key < this._fields.length;
-      }
-
-      // if it's not a number, we check _fieldLookup dictionary directly
-      return this._fieldLookup[key] !== undefined;
-    }
   }]);
 
   return Record;

lib/v1/internal/connector.js

@@ -64,21 +64,16 @@ var Session = (function () {
     this._hasTx = false;
   }
 
-  _createClass(Session, [{
-    key: 'isEncrypted',
-    value: function isEncrypted() {
-      return this._conn.isEncrypted();
-    }
+  /**
+   * Run Cypher statement
+   * Could be called with a statement object i.e.: {statement: "MATCH ...", parameters: {param: 1}}
+   * or with the statement and parameters as separate arguments.
+   * @param {mixed} statement - Cypher statement to execute
+   * @param {Object} parameters - Map with parameters to use in statement
+   * @return {Result} - New Result
+   */
 
-    /**
-     * Run Cypher statement
-     * Could be called with a statement object i.e.: {statement: "MATCH ...", parameters: {param: 1}}
-     * or with the statement and parameters as separate arguments.
-     * @param {mixed} statement - Cypher statement to execute
-     * @param {Object} parameters - Map with parameters to use in statement
-     * @return {Result} - New Result
-     */
-  }, {
+  _createClass(Session, [{
     key: 'run',
     value: function run(statement) {
       var parameters = arguments.length <= 1 || arguments[1] === undefined ? {} : arguments[1];