Fixed failing tests

Author: technige

lib/browser/neo4j-web.js

@@ -230,10 +230,11 @@ var USER_AGENT = "neo4j-javascript/" + _version.VERSION;
  * options are as follows:
  *
  *     {
- *       // Enable TLS encryption. This is on by default in modern NodeJS installs,
+ *       // Encryption level: one of ENCRYPTION_ON, ENCRYPTION_OFF or ENCRYPTION_NON_LOCAL.
+ *       // ENCRYPTION_NON_LOCAL is on by default in modern NodeJS installs,
  *       // but off by default in the Web Bundle and old (<=1.0.0) NodeJS installs
  *       // due to technical limitations on those platforms.
- *       encrypted: true|false,
+ *       encrypted: ENCRYPTION_ON|ENCRYPTION_OFF|ENCRYPTION_NON_LOCAL
  *
  *       // Trust strategy to use if encryption is enabled. There is no mode to disable
  *       // trust other than disabling encryption altogether. The reason for

lib/browser/neo4j-web.min.js

@@ -44,6 +44,11 @@ var DummyChannel = (function () {
   }
 
   _createClass(DummyChannel, [{
+    key: "isEncrypted",
+    value: function isEncrypted() {
+      return false;
+    }
+  }, {
     key: "write",
     value: function write(buf) {
       this.written.push(buf);

lib/browser/neo4j-web.test.js

@@ -49,6 +49,8 @@ var _os = require('os');
 
 var _buf = require('./buf');
 
+var _util = require('./util');
+
 var _error = require('./../error');
 
 var _CONNECTION_IDGEN = 0;
@@ -83,13 +85,17 @@ function loadFingerprint(serverId, knownHostsPath, cb) {
 }
 
 function storeFingerprint(serverId, knownHostsPath, fingerprint) {
-  _fs2['default'].appendFile(knownHostsPath, serverId + " " + fingerprint + _os.EOL, "utf8");
+  _fs2['default'].appendFile(knownHostsPath, serverId + " " + fingerprint + _os.EOL, "utf8", function (err) {
+    if (err) {
+      console.log(err);
+    }
+  });
 }
 
 var TrustStrategy = {
   TRUST_SIGNED_CERTIFICATES: function TRUST_SIGNED_CERTIFICATES(opts, onSuccess, onFailure) {
     if (!opts.trustedCertificates || opts.trustedCertificates.length == 0) {
-      onFailure((0, _error.newError)("You are using TRUST_SIGNED_CERTIFICATES as the method " + "to verify trust for encrypted  connections, but have not configured any " + "trustedCertificates. You  must specify the path to at least one trusted " + "X.509 certificate for this to work. Two other alternatives is to use " + "TRUST_ON_FIRST_USE or to disable encryption by setting encrypted=false " + "in your driver configuration."));
+      onFailure((0, _error.newError)("You are using TRUST_SIGNED_CERTIFICATES as the method " + "to verify trust for encrypted  connections, but have not configured any " + "trustedCertificates. You  must specify the path to at least one trusted " + "X.509 certificate for this to work. Two other alternatives is to use " + "TRUST_ON_FIRST_USE or to disable encryption by setting encrypted=\"" + _util.ENCRYPTION_OFF + "\"" + "in your driver configuration."));
       return;
     }
 
@@ -102,7 +108,7 @@ var TrustStrategy = {
 
     var socket = _tls2['default'].connect(opts.port, opts.host, tlsOpts, function () {
       if (!socket.authorized) {
-        onFailure((0, _error.newError)("Server certificate is not trusted. If you trust the database you are connecting to, add" + " the signing certificate, or the server certificate, to the list of certificates trusted by this driver" + " using `neo4j.v1.driver(.., { trustedCertificates:['path/to/certificate.crt']}). This " + " is a security measure to protect against man-in-the-middle attacks. If you are just trying " + " Neo4j out and are not concerned about encryption, simply disable it using `encrypted=false` in the driver" + " options."));
+        onFailure((0, _error.newError)("Server certificate is not trusted. If you trust the database you are connecting to, add" + " the signing certificate, or the server certificate, to the list of certificates trusted by this driver" + " using `neo4j.v1.driver(.., { trustedCertificates:['path/to/certificate.crt']}). This " + " is a security measure to protect against man-in-the-middle attacks. If you are just trying " + " Neo4j out and are not concerned about encryption, simply disable it using `encrypted=\"" + _util.ENCRYPTION_OFF + "\"` in the driver" + " options."));
       } else {
         onSuccess();
       }
@@ -124,7 +130,7 @@ var TrustStrategy = {
         // the raw cert cannot be accessed (or, at least I couldn't find a way to)
         // therefore, we can't generate a SHA512 fingerprint, meaning we can't
         // do TOFU, and the safe approach is to fail.
-        onFailure((0, _error.newError)("You are using a version of NodeJS that does not " + "support trust-on-first use encryption. You can either upgrade NodeJS to " + "a newer version, use `trust:TRUST_SIGNED_CERTIFICATES` in your driver " + "config instead, or disable encryption using `encrypted:false`."));
+        onFailure((0, _error.newError)("You are using a version of NodeJS that does not " + "support trust-on-first use encryption. You can either upgrade NodeJS to " + "a newer version, use `trust:TRUST_SIGNED_CERTIFICATES` in your driver " + "config instead, or disable encryption using `encrypted:\"" + _util.ENCRYPTION_OFF + "\"`."));
         return;
       }
 
@@ -139,7 +145,7 @@ var TrustStrategy = {
           storeFingerprint(serverId, knownHostsPath, serverFingerprint);
           onSuccess();
         } else {
-          onFailure((0, _error.newError)("Database encryption certificate has changed, and no longer " + "matches the certificate stored for " + serverId + " in `" + knownHostsPath + "`. As a security precaution, this driver will not automatically trust the new " + "certificate, because doing so would allow an attacker to pretend to be the Neo4j " + "instance we want to connect to. The certificate provided by the server looks like: " + serverCert + ". If you trust that this certificate is valid, simply remove the line " + "starting with " + serverId + " in `" + knownHostsPath + "`, and the driver will " + "update the file with the new certificate. You can configure which file the driver " + "should use to store this information by setting `knownHosts` to another path in " + "your driver configuration - and you can disable encryption there as well using " + "`encrypted:false`."));
+          onFailure((0, _error.newError)("Database encryption certificate has changed, and no longer " + "matches the certificate stored for " + serverId + " in `" + knownHostsPath + "`. As a security precaution, this driver will not automatically trust the new " + "certificate, because doing so would allow an attacker to pretend to be the Neo4j " + "instance we want to connect to. The certificate provided by the server looks like: " + serverCert + ". If you trust that this certificate is valid, simply remove the line " + "starting with " + serverId + " in `" + knownHostsPath + "`, and the driver will " + "update the file with the new certificate. You can configure which file the driver " + "should use to store this information by setting `knownHosts` to another path in " + "your driver configuration - and you can disable encryption there as well using " + "`encrypted:\"" + _util.ENCRYPTION_OFF + "\"`."));
         }
       });
     });
@@ -153,14 +159,15 @@ function connect(opts, onSuccess) {
     return null;
   } : arguments[2];
 
-  if (opts.encrypted === false) {
+  //still allow boolean for backwards compatibility
+  if (opts.encrypted === false || opts.encrypted === _util.ENCRYPTION_OFF || opts.encrypted === _util.ENCRYPTION_NON_LOCAL && (0, _util.isLocalHost)(opts.host)) {
     var conn = _net2['default'].connect(opts.port, opts.host, onSuccess);
     conn.on('error', onFailure);
     return conn;
   } else if (TrustStrategy[opts.trust]) {
     return TrustStrategy[opts.trust](opts, onSuccess, onFailure);
   } else {
-    onFailure((0, _error.newError)("Unknown trust strategy: " + opts.trust + ". Please use either " + "trust:'TRUST_SIGNED_CERTIFICATES' or trust:'TRUST_ON_FIRST_USE' in your driver " + "configuration. Alternatively, you can disable encryption by setting " + "`encrypted:false`. There is no mechanism to use encryption without trust verification, " + "because this incurs the overhead of encryption without improving security. If " + "the driver does not verify that the peer it is connected to is really Neo4j, it " + "is very easy for an attacker to bypass the encryption by pretending to be Neo4j."));
+    onFailure((0, _error.newError)("Unknown trust strategy: " + opts.trust + ". Please use either " + "trust:'TRUST_SIGNED_CERTIFICATES' or trust:'TRUST_ON_FIRST_USE' in your driver " + "configuration. Alternatively, you can disable encryption by setting " + "`encrypted:\"" + _util.ENCRYPTION_OFF + "\"`. There is no mechanism to use encryption without trust verification, " + "because this incurs the overhead of encryption without improving security. If " + "the driver does not verify that the peer it is connected to is really Neo4j, it " + "is very easy for an attacker to bypass the encryption by pretending to be Neo4j."));
   }
 }
 
@@ -191,6 +198,7 @@ var NodeChannel = (function () {
     this._error = null;
     this._handleConnectionError = this._handleConnectionError.bind(this);
 
+    this._encrypted = opts.encrypted;
     this._conn = connect(opts, function () {
       if (!self._open) {
         return;
@@ -221,6 +229,11 @@ var NodeChannel = (function () {
         this.onerror(err);
       }
     }
+  }, {
+    key: 'isEncrypted',
+    value: function isEncrypted() {
+      return this._encrypted;
+    }
 
     /**
      * Write the passed in buffer to connection

lib/v1/driver.js

@@ -33,6 +33,8 @@ var _buf = require("./buf");
 
 var _error = require('./../error');
 
+var _util = require('./util');
+
 /**
  * Create a new WebSocketChannel to be used in web browsers.
  * @access private
@@ -55,12 +57,15 @@ var WebSocketChannel = (function () {
     this._error = null;
     this._handleConnectionError = this._handleConnectionError.bind(this);
 
+    this._encrypted = opts.encrypted;
+
     var scheme = "ws";
-    if (opts.encrypted) {
+    //Allow boolean for backwards compatibility
+    if (opts.encrypted === true || opts.encrypted === _util.ENCRYPTION_ON || opts.encrypted === _util.ENCRYPTION_NON_LOCAL && !(0, _util.isLocalHost)(opts.host)) {
       if (!opts.trust || opts.trust === "TRUST_SIGNED_CERTIFICATES") {
         scheme = "wss";
       } else {
-        this._error = (0, _error.newError)("The browser version of this driver only supports one trust " + "strategy, 'TRUST_SIGNED_CERTIFICATES'. " + opts.trust + " is not supported. Please " + "either use TRUST_SIGNED_CERTIFICATES or disable encryption by setting " + "`encrypted:false` in the driver configuration.");
+        this._error = (0, _error.newError)("The browser version of this driver only supports one trust " + "strategy, 'TRUST_SIGNED_CERTIFICATES'. " + opts.trust + " is not supported. Please " + "either use TRUST_SIGNED_CERTIFICATES or disable encryption by setting " + "`encrypted:\"" + _util.ENCRYPTION_OFF + "\"` in the driver configuration.");
         return;
       }
     }
@@ -106,6 +111,11 @@ var WebSocketChannel = (function () {
         }
       }
     }
+  }, {
+    key: "isEncrypted",
+    value: function isEncrypted() {
+      return this._encrypted;
+    }
 
     /**
      * Write the passed in buffer to connection

lib/v1/internal/ch-dummy.js

@@ -59,6 +59,8 @@ var _integer = require('../integer');
 
 var _error = require('./../error');
 
+var _util = require('./util');
+
 var Channel = undefined;
 if (_chWebsocket2["default"].available) {
   Channel = _chWebsocket2["default"].channel;
@@ -467,6 +469,11 @@ var Connection = (function () {
     value: function isOpen() {
       return !this._isBroken && this._ch._open;
     }
+  }, {
+    key: "isEncrypted",
+    value: function isEncrypted() {
+      return this._ch.isEncrypted();
+    }
 
     /**
      * Call close on the channel.
@@ -489,9 +496,9 @@ function connect(url) {
   return new Connection(new Ch({
     host: host(url),
     port: port(url) || 7687,
-    // Default to using encryption if trust-on-first-use is available
-    encrypted: config.encrypted == null ? (0, _features2["default"])("trust_on_first_use") : config.encrypted,
-    // Default to using trust-on-first-use if it is available
+    // Default to using ENCRYPTION_NON_LOCAL if trust-on-first-use is available
+    encrypted: (0, _util.shouldEncrypt)(config.encrypted, (0, _features2["default"])("trust_on_first_use") ? _util.ENCRYPTION_NON_LOCAL : _util.ENCRYPTION_OFF, host(url)),
+    // Default to using TRUST_ON_FIRST_USE if it is available
     trust: config.trust || ((0, _features2["default"])("trust_on_first_use") ? "TRUST_ON_FIRST_USE" : "TRUST_SIGNED_CERTIFICATES"),
     trustedCertificates: config.trustedCertificates || [],
     knownHosts: config.knownHosts

lib/v1/internal/ch-node.js

@@ -1,4 +1,3 @@
-
 /**
  * Copyright (c) 2002-2016 "Neo Technology,"
  * Network Engine for Objects in Lund AB [http://neotechnology.com]
@@ -32,7 +31,37 @@ function isLocalHost(host) {
   return LOCALHOST_MATCHER.test(host);
 }
 
+/* Coerce an encryption setting to a definitive boolean value,
+ * given a valid default and a target host. If encryption is
+ * explicitly set on or off, then the mapping is a simple
+ * conversion to true or false respectively. If set to
+ * ENCRYPTION_NON_LOCAL then respond according to whether or
+ * not the host is localhost/127.x.x.x. In all other cases
+ * (including undefined) then fall back to the default and
+ * re-evaluate.
+ */
+function shouldEncrypt(_x, _x2, _x3) {
+  var _again = true;
+
+  _function: while (_again) {
+    var encryption = _x,
+        encryptionDefault = _x2,
+        host = _x3;
+    _again = false;
+
+    if (encryption === ENCRYPTION_ON || encryption === true) return true;
+    if (encryption === ENCRYPTION_OFF || encryption === false) return false;
+    if (encryption === ENCRYPTION_NON_LOCAL) return !isLocalHost(host);
+    _x = encryptionDefault;
+    _x2 = ENCRYPTION_OFF;
+    _x3 = host;
+    _again = true;
+    continue _function;
+  }
+}
+
 exports.isLocalHost = isLocalHost;
+exports.shouldEncrypt = shouldEncrypt;
 exports.ENCRYPTION_ON = ENCRYPTION_ON;
 exports.ENCRYPTION_OFF = ENCRYPTION_OFF;
 exports.ENCRYPTION_NON_LOCAL = ENCRYPTION_NON_LOCAL;

lib/v1/internal/ch-websocket.js

@@ -97,6 +97,22 @@ var Record = (function () {
       }
     }
 
+    /**
+     * Generates an object out of the current Record
+     *
+     * @returns {Object}
+     */
+  }, {
+    key: "toObject",
+    value: function toObject() {
+      var object = {};
+      this.forEach(function (value, key) {
+        object[key] = value;
+      });
+
+      return object;
+    }
+
     /**
      * Get a value from this record, either by index or by field key.
      *
@@ -122,6 +138,24 @@ var Record = (function () {
 
       return this._fields[index];
     }
+
+    /**
+     * Check if a value from this record, either by index or by field key, exists.
+     *
+     * @param {string|Number} key Field key, or the index of the field.
+     * @returns {boolean}
+     */
+  }, {
+    key: "has",
+    value: function has(key) {
+      // if key is a number, we check if it is in the _fields array
+      if (typeof key === "number") {
+        return key >= 0 && key < this._fields.length;
+      }
+
+      // if it's not a number, we check _fieldLookup dictionary directly
+      return this._fieldLookup[key] !== undefined;
+    }
   }]);
 
   return Record;

lib/v1/internal/connector.js

@@ -64,16 +64,21 @@ var Session = (function () {
     this._hasTx = false;
   }
 
-  /**
-   * Run Cypher statement
-   * Could be called with a statement object i.e.: {statement: "MATCH ...", parameters: {param: 1}}
-   * or with the statement and parameters as separate arguments.
-   * @param {mixed} statement - Cypher statement to execute
-   * @param {Object} parameters - Map with parameters to use in statement
-   * @return {Result} - New Result
-   */
-
   _createClass(Session, [{
+    key: 'isEncrypted',
+    value: function isEncrypted() {
+      return this._conn.isEncrypted();
+    }
+
+    /**
+     * Run Cypher statement
+     * Could be called with a statement object i.e.: {statement: "MATCH ...", parameters: {param: 1}}
+     * or with the statement and parameters as separate arguments.
+     * @param {mixed} statement - Cypher statement to execute
+     * @param {Object} parameters - Map with parameters to use in statement
+     * @return {Result} - New Result
+     */
+  }, {
     key: 'run',
     value: function run(statement) {
       var parameters = arguments.length <= 1 || arguments[1] === undefined ? {} : arguments[1];

lib/v1/internal/util.js

@@ -29,6 +29,9 @@ class DummyChannel {
   constructor(opts) {
     this.written = [];
   }
+  isEncrypted() {
+    return false;
+  }
   write( buf ) {
     this.written.push(buf);
     observer.updateInstance(this);

lib/v1/record.js

@@ -23,7 +23,7 @@ import fs from 'fs';
 import path from 'path';
 import {EOL} from 'os';
 import {NodeBuffer} from './buf';
-import {isLocalHost, ENCRYPTION_NON_LOCAL, ENCRYPTION_ON, ENCRYPTION_OFF} from './util';
+import {isLocalHost, ENCRYPTION_NON_LOCAL, ENCRYPTION_OFF} from './util';
 import {newError} from './../error';
 
 let _CONNECTION_IDGEN = 0;
@@ -194,6 +194,7 @@ class NodeChannel {
     this._error = null;
     this._handleConnectionError = this._handleConnectionError.bind(this);
 
+    this._encrypted = opts.encrypted;
     this._conn = connect(opts, () => {
       if(!self._open) {
         return;
@@ -223,6 +224,10 @@ class NodeChannel {
     }
   }
 
+  isEncrypted() {
+    return this._encrypted;
+  }
+
   /**
    * Write the passed in buffer to connection
    * @param {NodeBuffer} buffer - Buffer to write

lib/v1/session.js

@@ -41,6 +41,8 @@ class WebSocketChannel {
     this._error = null;
     this._handleConnectionError = this._handleConnectionError.bind(this);
 
+    this._encrypted = opts.encrypted;
+
     let scheme = "ws";
     //Allow boolean for backwards compatibility
     if( opts.encrypted === true || opts.encrypted === ENCRYPTION_ON ||
@@ -101,6 +103,10 @@ class WebSocketChannel {
       }
     }
   }
+  
+  isEncrypted() {
+    return this._encrypted;
+  }
 
   /**
    * Write the passed in buffer to connection