diff --git a/src/v1/index.js b/src/v1/index.js index 477ff8ded..a2259c35a 100644 --- a/src/v1/index.js +++ b/src/v1/index.js @@ -58,18 +58,18 @@ let USER_AGENT = "neo4j-javascript/" + VERSION; * options are as follows: * * { - * // Encryption level: one of ENCRYPTION_ON, ENCRYPTION_OFF or ENCRYPTION_NON_LOCAL. - * // ENCRYPTION_NON_LOCAL is on by default in modern NodeJS installs, - * // but off by default in the Web Bundle and old (<=1.0.0) NodeJS installs - * // due to technical limitations on those platforms. - * encrypted: ENCRYPTION_ON|ENCRYPTION_OFF|ENCRYPTION_NON_LOCAL + * // Encryption level: ENCRYPTION_ON or ENCRYPTION_OFF. + * encrypted: ENCRYPTION_ON|ENCRYPTION_OFF * * // Trust strategy to use if encryption is enabled. There is no mode to disable * // trust other than disabling encryption altogether. The reason for * // this is that if you don't know who you are talking to, it is easy for an * // attacker to hijack your encrypted connection, rendering encryption pointless. * // - * // TRUST_ON_FIRST_USE is the default for modern NodeJS deployments, and works + * // TRUST_ALL_CERTIFICATES is the default choice for NodeJS deployments. It only requires + * // new host to provide a certificate and does no verification of the provided certificate. + * // + * // TRUST_ON_FIRST_USE is available for modern NodeJS deployments, and works * // similarly to how `ssl` works - the first time we connect to a new host, * // we remember the certificate they use. If the certificate ever changes, we * // assume it is an attempt to hijack the connection and require manual intervention. @@ -84,8 +84,8 @@ let USER_AGENT = "neo4j-javascript/" + VERSION; * // * // TRUST_SYSTEM_CA_SIGNED_CERTIFICATES meand that you trust whatever certificates * // are in the default certificate chain of th - * trust: "TRUST_ON_FIRST_USE" | "TRUST_SIGNED_CERTIFICATES" | TRUST_CUSTOM_CA_SIGNED_CERTIFICATES | - * TRUST_SYSTEM_CA_SIGNED_CERTIFICATES, + * trust: "TRUST_ALL_CERTIFICATES" | "TRUST_ON_FIRST_USE" | "TRUST_SIGNED_CERTIFICATES" | + * "TRUST_CUSTOM_CA_SIGNED_CERTIFICATES" | "TRUST_SYSTEM_CA_SIGNED_CERTIFICATES", * * // List of one or more paths to trusted encryption certificates. This only * // works in the NodeJS bundle, and only matters if you use "TRUST_CUSTOM_CA_SIGNED_CERTIFICATES". diff --git a/src/v1/internal/ch-node.js b/src/v1/internal/ch-node.js index 69d0f5c99..8003473e4 100644 --- a/src/v1/internal/ch-node.js +++ b/src/v1/internal/ch-node.js @@ -16,15 +16,14 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - -import net from 'net'; -import tls from 'tls'; -import fs from 'fs'; -import path from 'path'; -import {EOL} from 'os'; -import {NodeBuffer} from './buf'; -import {isLocalHost, ENCRYPTION_NON_LOCAL, ENCRYPTION_OFF} from './util'; -import {newError, SESSION_EXPIRED} from './../error'; +import net from "net"; +import tls from "tls"; +import fs from "fs"; +import path from "path"; +import {EOL} from "os"; +import {NodeBuffer} from "./buf"; +import {ENCRYPTION_OFF, isEmptyObjectOrNull} from "./util"; +import {newError, SESSION_EXPIRED} from "./../error"; let _CONNECTION_IDGEN = 0; @@ -106,7 +105,7 @@ function storeFingerprint( serverId, knownHostsPath, fingerprint, cb ) { const TrustStrategy = { /** - * @deprecated Since version 1.0. Will be deleted in a future version. TRUST_CUSTOM_CA_SIGNED_CERTIFICATES. + * @deprecated Since version 1.0. Will be deleted in a future version. {@link #TRUST_CUSTOM_CA_SIGNED_CERTIFICATES}. */ TRUST_SIGNED_CERTIFICATES: function( opts, onSuccess, onFailure ) { console.log("`TRUST_SIGNED_CERTIFICATES` has been deprecated as option and will be removed in a future version of " + @@ -119,7 +118,7 @@ const TrustStrategy = { "to verify trust for encrypted connections, but have not configured any " + "trustedCertificates. You must specify the path to at least one trusted " + "X.509 certificate for this to work. Two other alternatives is to use " + - "TRUST_ON_FIRST_USE or to disable encryption by setting encrypted=\"" + ENCRYPTION_OFF + "\"" + + "TRUST_ALL_CERTIFICATES or to disable encryption by setting encrypted=\"" + ENCRYPTION_OFF + "\"" + "in your driver configuration.")); return; } @@ -169,7 +168,13 @@ const TrustStrategy = { socket.on('error', onFailure); return socket; }, + /** + * @deprecated in 1.1 in favour of {@link #TRUST_ALL_CERTIFICATES}. Will be deleted in a future version. + */ TRUST_ON_FIRST_USE : function( opts, onSuccess, onFailure ) { + console.log("`TRUST_ON_FIRST_USE` has been deprecated as option and will be removed in a future version of " + + "the driver. Please use `TRUST_ALL_CERTIFICATES` instead."); + let tlsOpts = { // Because we manually verify the certificate against known_hosts rejectUnauthorized: false @@ -221,13 +226,32 @@ const TrustStrategy = { }); socket.on('error', onFailure); return socket; + }, + + TRUST_ALL_CERTIFICATES: function (opts, onSuccess, onFailure) { + const tlsOpts = { + rejectUnauthorized: false + }; + const socket = tls.connect(opts.port, opts.host, tlsOpts, function () { + const certificate = socket.getPeerCertificate(); + if (isEmptyObjectOrNull(certificate)) { + onFailure(newError("Secure connection was successful but server did not return any valid " + + "certificates. Such connection can not be trusted. If you are just trying " + + " Neo4j out and are not concerned about encryption, simply disable it using " + + "`encrypted=\"" + ENCRYPTION_OFF + "\"` in the driver options. " + + "Socket responded with: " + socket.authorizationError)); + } else { + onSuccess(); + } + }); + socket.on('error', onFailure); + return socket; } }; function connect( opts, onSuccess, onFailure=(()=>null) ) { //still allow boolean for backwards compatibility - if (opts.encrypted === false || opts.encrypted === ENCRYPTION_OFF || - (opts.encrypted === ENCRYPTION_NON_LOCAL && isLocalHost(opts.host))) { + if (opts.encrypted === false || opts.encrypted === ENCRYPTION_OFF) { var conn = net.connect(opts.port, opts.host, onSuccess); conn.on('error', onFailure); return conn; @@ -235,7 +259,7 @@ function connect( opts, onSuccess, onFailure=(()=>null) ) { return TrustStrategy[opts.trust](opts, onSuccess, onFailure); } else { onFailure(newError("Unknown trust strategy: " + opts.trust + ". Please use either " + - "trust:'TRUST_CUSTOM_CA_SIGNED_CERTIFICATES' or trust:'TRUST_ON_FIRST_USE' in your driver " + + "trust:'TRUST_CUSTOM_CA_SIGNED_CERTIFICATES' or trust:'TRUST_ALL_CERTIFICATES' in your driver " + "configuration. Alternatively, you can disable encryption by setting " + "`encrypted:\"" + ENCRYPTION_OFF + "\"`. There is no mechanism to use encryption without trust verification, " + "because this incurs the overhead of encryption without improving security. If " + diff --git a/src/v1/internal/ch-websocket.js b/src/v1/internal/ch-websocket.js index 684ba48db..b8797ee63 100644 --- a/src/v1/internal/ch-websocket.js +++ b/src/v1/internal/ch-websocket.js @@ -17,10 +17,9 @@ * limitations under the License. */ -import debug from "./log"; -import {HeapBuffer} from "./buf"; +import {HeapBuffer} from './buf'; import {newError} from './../error'; -import {isLocalHost, ENCRYPTION_NON_LOCAL, ENCRYPTION_ON, ENCRYPTION_OFF} from './util'; +import {ENCRYPTION_ON, ENCRYPTION_OFF} from './util'; /** * Create a new WebSocketChannel to be used in web browsers. @@ -45,8 +44,7 @@ class WebSocketChannel { let scheme = "ws"; //Allow boolean for backwards compatibility - if( opts.encrypted === true || opts.encrypted === ENCRYPTION_ON || - (opts.encrypted === ENCRYPTION_NON_LOCAL && !isLocalHost(opts.host)) ) { + if( opts.encrypted === true || opts.encrypted === ENCRYPTION_ON) { if((!opts.trust) || opts.trust === "TRUST_CUSTOM_CA_SIGNED_CERTIFICATES" ) { scheme = "wss"; } else { diff --git a/src/v1/internal/connector.js b/src/v1/internal/connector.js index fb9d1bc94..72d0d28c4 100644 --- a/src/v1/internal/connector.js +++ b/src/v1/internal/connector.js @@ -16,17 +16,14 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - -import WebSocketChannel from "./ch-websocket"; -import NodeChannel from "./ch-node"; +import WebSocketChannel from './ch-websocket'; +import NodeChannel from './ch-node'; import {Dechunker, Chunker} from "./chunking"; -import hasFeature from "./features"; -import {Packer,Unpacker} from "./packstream"; -import {alloc, CombinedBuffer} from "./buf"; -import {Node, Relationship, UnboundRelationship, Path, PathSegment} from '../graph-types'; -import {int, isInt} from '../integer'; +import hasFeature from './features'; +import {Packer, Unpacker} from './packstream'; +import {alloc} from './buf'; +import {Node, Relationship, UnboundRelationship, Path, PathSegment} from '../graph-types' import {newError} from './../error'; -import {ENCRYPTION_NON_LOCAL, ENCRYPTION_OFF, shouldEncrypt} from './util'; let Channel; if( WebSocketChannel.available ) { @@ -470,10 +467,10 @@ function connect( url, config = {}) { return new Connection( new Ch({ host: parseHost(url), port: parsePort(url) || 7687, - // Default to using ENCRYPTION_NON_LOCAL if trust-on-first-use is available - encrypted : shouldEncrypt(config.encrypted, (hasFeature("trust_on_first_use") ? ENCRYPTION_NON_LOCAL : ENCRYPTION_OFF), parseHost(url)), - // Default to using TRUST_ON_FIRST_USE if it is available - trust : config.trust || (hasFeature("trust_on_first_use") ? "TRUST_ON_FIRST_USE" : "TRUST_CUSTOM_CA_SIGNED_CERTIFICATES"), + // Default to using encryption if trust-on-first-use is available + encrypted : (config.encrypted == null) ? hasFeature("trust_all_certificates") : config.encrypted, + // Default to using TRUST_ALL_CERTIFICATES if it is available + trust : config.trust || (hasFeature("trust_all_certificates") ? "TRUST_ALL_CERTIFICATES" : "TRUST_CUSTOM_CA_SIGNED_CERTIFICATES"), trustedCertificates : config.trustedCertificates || [], knownHosts : config.knownHosts }), url); diff --git a/src/v1/internal/features.js b/src/v1/internal/features.js index 2e030eb01..6d5b59e01 100644 --- a/src/v1/internal/features.js +++ b/src/v1/internal/features.js @@ -26,11 +26,20 @@ const FEATURES = { // This is insane. We are verifying that we have a version of getPeerCertificate // that supports reading the whole certificate, eg this commit: // https://github.com/nodejs/node/commit/345c40b6 - let desc = require('tls').TLSSocket.prototype.getPeerCertificate; - return desc.length >= 1; + const getPeerCertificateFunction = require('tls').TLSSocket.prototype.getPeerCertificate; + const numberOfParameters = getPeerCertificateFunction.length; + return numberOfParameters >= 1; } catch( e ) { return false; } + }, + trust_all_certificates: () => { + try { + const getPeerCertificateFunction = require('tls').TLSSocket.prototype.getPeerCertificate; + return true; + } catch (e) { + return false; + } } }; diff --git a/src/v1/internal/util.js b/src/v1/internal/util.js index b3e43d04b..9084d42df 100644 --- a/src/v1/internal/util.js +++ b/src/v1/internal/util.js @@ -17,35 +17,25 @@ * limitations under the License. */ -let LOCALHOST_MATCHER = /^(localhost|127(\.\d+){3})$/i; -let ENCRYPTION_ON = "ENCRYPTION_ON"; -let ENCRYPTION_OFF = "ENCRYPTION_OFF"; -let ENCRYPTION_NON_LOCAL = "ENCRYPTION_NON_LOCAL"; +const ENCRYPTION_ON = "ENCRYPTION_ON"; +const ENCRYPTION_OFF = "ENCRYPTION_OFF"; -function isLocalHost(host) { - return LOCALHOST_MATCHER.test(host); -} +function isEmptyObjectOrNull(object) { + if (!object) { + return true; + } -/* Coerce an encryption setting to a definitive boolean value, - * given a valid default and a target host. If encryption is - * explicitly set on or off, then the mapping is a simple - * conversion to true or false respectively. If set to - * ENCRYPTION_NON_LOCAL then respond according to whether or - * not the host is localhost/127.x.x.x. In all other cases - * (including undefined) then fall back to the default and - * re-evaluate. - */ -function shouldEncrypt(encryption, encryptionDefault, host) { - if (encryption === ENCRYPTION_ON || encryption === true) return true; - if (encryption === ENCRYPTION_OFF || encryption === false) return false; - if (encryption === ENCRYPTION_NON_LOCAL) return !isLocalHost(host); - return shouldEncrypt(encryptionDefault, ENCRYPTION_OFF, host); + for (let prop in object) { + if (object.hasOwnProperty(prop)) { + return false; + } + } + + return true; } export { - isLocalHost, - shouldEncrypt, + isEmptyObjectOrNull, ENCRYPTION_ON, - ENCRYPTION_OFF, - ENCRYPTION_NON_LOCAL + ENCRYPTION_OFF } diff --git a/src/v1/routing-driver.js b/src/v1/routing-driver.js index 0da77c4cf..e006b514a 100644 --- a/src/v1/routing-driver.js +++ b/src/v1/routing-driver.js @@ -30,7 +30,7 @@ import Integer from './integer' class RoutingDriver extends Driver { constructor(url, userAgent, token = {}, config = {}) { - super(url, userAgent, token, config); + super(url, userAgent, token, RoutingDriver._validateConfig(config)); this._clusterView = new ClusterView(new RoundRobinArray([url])); } @@ -148,6 +148,13 @@ class RoutingDriver extends Driver { this._pool.purge(url); this._clusterView.remove(url); } + + static _validateConfig(config) { + if(config.trust === 'TRUST_ON_FIRST_USE') { + throw newError('The chosen trust mode is not compatible with a routing driver'); + } + return config; + } } class ClusterView { diff --git a/test/internal/tls.test.js b/test/internal/tls.test.js index 9908daa1d..bfa42f7c1 100644 --- a/test/internal/tls.test.js +++ b/test/internal/tls.test.js @@ -16,19 +16,18 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -var NodeChannel = require('../../lib/v1/internal/ch-node.js'); +var NodeChannel = require('../../lib/v1/internal/ch-node.js').default; var neo4j = require("../../lib/v1"); var fs = require("fs"); var path = require('path'); var hasFeature = require("../../lib/v1/internal/features").default; -var isLocalHost = require("../../lib/v1/internal/util").isLocalHost; describe('trust-signed-certificates', function() { var driver; - var log = console.log; + var log; beforeEach(function() { - console.log = function () {}; // To mute deprecation message in test output + log = muteConsoleLog(); }); it('should reject unknown certificates', function(done) { // Assuming we only run this test on NodeJS @@ -91,7 +90,37 @@ describe('trust-signed-certificates', function() { if( driver ) { driver.close(); } - console.log = log; + unMuteConsoleLog(log); + }); +}); + +describe('trust-all-certificates', function () { + + var driver; + it('should work with default certificate', function (done) { + // Assuming we only run this test on NodeJS with TAC support + if (!hasFeature("trust_all_certificates")) { + done(); + return; + } + + // Given + driver = neo4j.driver("bolt://localhost", neo4j.auth.basic("neo4j", "neo4j"), { + encrypted: "ENCRYPTION_ON", + trust: "TRUST_ALL_CERTIFICATES" + }); + + // When + driver.session().run("RETURN 1").then(function (result) { + expect(result.records[0].get(0).toNumber()).toBe(1); + done(); + }); + }); + + afterEach(function () { + if (driver) { + driver.close(); + } }); }); @@ -172,7 +201,12 @@ describe('trust-system-ca-signed-certificates', function() { describe('trust-on-first-use', function() { var driver; + var log; + beforeEach(function() { + log = muteConsoleLog(); + }); afterEach(function(){ + unMuteConsoleLog(log); if( driver ) { driver.close(); } @@ -359,22 +393,20 @@ describe('trust-on-first-use', function() { }); }); - it('should detect localhost', function() { - expect(isLocalHost('localhost')).toBe(true); - expect(isLocalHost('LOCALHOST')).toBe(true); - expect(isLocalHost('localHost')).toBe(true); - expect(isLocalHost('127.0.0.1')).toBe(true); - expect(isLocalHost('127.0.0.11')).toBe(true); - expect(isLocalHost('127.1.0.0')).toBe(true); - - expect(isLocalHost('172.1.0.0')).toBe(false); - expect(isLocalHost('127.0.0.0.0')).toBe(false); - expect(isLocalHost("google.com")).toBe(false); - }); - afterEach(function(){ if( driver ) { driver.close(); } }); }); + +// To mute deprecation message in test output +function muteConsoleLog() { + const originalLog = console.log; + console.log = () => {}; + return originalLog; +} + +function unMuteConsoleLog(originalLog) { + console.log = originalLog; +} diff --git a/test/v1/direct.driver.boltkit.it.js b/test/v1/direct.driver.boltkit.it.js index bf2ab9b45..369a71f41 100644 --- a/test/v1/direct.driver.boltkit.it.js +++ b/test/v1/direct.driver.boltkit.it.js @@ -33,7 +33,10 @@ describe('direct driver', function() { var server = kit.start('./test/resources/boltkit/return_x.script', 9001); kit.run(function () { - var driver = neo4j.driver("bolt://localhost:9001", neo4j.auth.basic("neo4j", "neo4j")); + // BoltKit currently does not support encryption, create driver with encryption turned off + var driver = neo4j.driver("bolt://localhost:9001", neo4j.auth.basic("neo4j", "neo4j"), { + encrypted: "ENCRYPTION_OFF" + }); // When var session = driver.session(); // Then diff --git a/test/v1/driver.test.js b/test/v1/driver.test.js index 2a120fa44..c6190544e 100644 --- a/test/v1/driver.test.js +++ b/test/v1/driver.test.js @@ -152,6 +152,17 @@ describe('driver', function() { routingDriver.close(); }); + it('should fail when TRUST_ON_FIRST_USE is used with routing', () => { + const createRoutingDriverWithTOFU = () => { + driver = neo4j.driver('bolt+routing://localhost', neo4j.auth.basic('neo4j', 'neo4j'), { + encrypted: "ENCRYPTION_ON", + trust: 'TRUST_ON_FIRST_USE' + }); + }; + + expect(createRoutingDriverWithTOFU).toThrow(); + }); + var exposedTypes = [ 'Node', 'Path', diff --git a/test/v1/examples.test.js b/test/v1/examples.test.js index 21e234bb7..d3d2a432e 100644 --- a/test/v1/examples.test.js +++ b/test/v1/examples.test.js @@ -365,7 +365,7 @@ describe('examples', function() { var neo4j = neo4jv1; // tag::tls-require-encryption[] var driver = neo4j.driver("bolt://localhost:7687", neo4j.auth.basic("neo4j", "neo4j"), { - //In NodeJS, encryption is ENCRYPTION_NON_LOCAL on by default. In the web bundle, it is ENCRYPTION_OFF. + // In NodeJS, encryption is on by default. In the web bundle, it is off. encrypted:"ENCRYPTION_ON" }); // end::tls-require-encryption[] @@ -377,10 +377,10 @@ describe('examples', function() { // tag::tls-trust-on-first-use[] var driver = neo4j.driver("bolt://localhost:7687", neo4j.auth.basic("neo4j", "neo4j"), { // Note that trust-on-first-use is not available in the browser bundle, - // in NodeJS, trust-on-first-use is the default trust mode. In the browser + // in NodeJS, trust-all-certificates is the default trust mode. In the browser // it is TRUST_CUSTOM_CA_SIGNED_CERTIFICATES. trust: "TRUST_ON_FIRST_USE", - encrypted:"ENCRYPTION_NON_LOCAL" + encrypted:"ENCRYPTION_ON" }); // end::tls-trust-on-first-use[] driver.close(); @@ -395,7 +395,7 @@ describe('examples', function() { // in NodeJS. In the browser bundle the browsers list of trusted // certificates is used, due to technical limitations in some browsers. trustedCertificates : ["path/to/ca.crt"], - encrypted:"ENCRYPTION_NON_LOCAL" + encrypted:"ENCRYPTION_ON" }); // end::tls-signed[] driver.close(); @@ -406,7 +406,7 @@ describe('examples', function() { // tag::connect-with-auth-disabled[] var driver = neo4j.driver("bolt://localhost:7687", { // In NodeJS, encryption is on by default. In the web bundle, it is off. - encrypted:"ENCRYPTION_NON_LOCAL" + encrypted:"ENCRYPTION_ON" }); // end::connect-with-auth-disabled[] driver.close(); diff --git a/test/v1/routing.driver.boltkit.it.js b/test/v1/routing.driver.boltkit.it.js index 76277ac38..e7af14af9 100644 --- a/test/v1/routing.driver.boltkit.it.js +++ b/test/v1/routing.driver.boltkit.it.js @@ -41,7 +41,7 @@ describe('routing driver ', function () { var server = kit.start('./test/resources/boltkit/discover_servers.script', 9001); kit.run(function () { - var driver = neo4j.driver("bolt+routing://127.0.0.1:9001", neo4j.auth.basic("neo4j", "neo4j")); + var driver = newDriver("bolt+routing://127.0.0.1:9001"); // When var session = driver.session(); session.run("MATCH (n) RETURN n.name").then(function () { @@ -72,7 +72,7 @@ describe('routing driver ', function () { var server = kit.start('./test/resources/boltkit/discover_new_servers.script', 9001); kit.run(function () { - var driver = neo4j.driver("bolt+routing://127.0.0.1:9001", neo4j.auth.basic("neo4j", "neo4j")); + var driver = newDriver("bolt+routing://127.0.0.1:9001"); // When var session = driver.session(); session.run("MATCH (n) RETURN n.name").then(function () { @@ -101,7 +101,7 @@ describe('routing driver ', function () { var server = kit.start('./test/resources/boltkit/discover_new_servers.script', 9001); kit.run(function () { - var driver = neo4j.driver("bolt+routing://127.0.0.1:9001", neo4j.auth.basic("neo4j", "neo4j")); + var driver = newDriver("bolt+routing://127.0.0.1:9001"); // When var session = driver.session(); session.run("MATCH (n) RETURN n.name").subscribe({ @@ -132,7 +132,7 @@ describe('routing driver ', function () { var server = kit.start('./test/resources/boltkit/handle_empty_get_servers_response.script', 9001); kit.run(function () { - var driver = neo4j.driver("bolt+routing://127.0.0.1:9001", neo4j.auth.basic("neo4j", "neo4j")); + var driver = newDriver("bolt+routing://127.0.0.1:9001"); // When var session = driver.session(neo4j.READ); @@ -162,7 +162,7 @@ describe('routing driver ', function () { var readServer = kit.start('./test/resources/boltkit/read_server.script', 9005); kit.run(function () { - var driver = neo4j.driver("bolt+routing://127.0.0.1:9001", neo4j.auth.basic("neo4j", "neo4j")); + var driver = newDriver("bolt+routing://127.0.0.1:9001"); // When var session = driver.session(neo4j.session.READ); session.run("MATCH (n) RETURN n.name").then(function (res) { @@ -200,7 +200,7 @@ describe('routing driver ', function () { var readServer2 = kit.start('./test/resources/boltkit/read_server.script', 9005); kit.run(function () { - var driver = neo4j.driver("bolt+routing://127.0.0.1:9000", neo4j.auth.basic("neo4j", "neo4j")); + var driver = newDriver("bolt+routing://127.0.0.1:9000"); // When var session = driver.session(neo4j.session.READ); session.run("MATCH (n) RETURN n.name").then(function (res) { @@ -248,7 +248,7 @@ describe('routing driver ', function () { var readServer2 = kit.start('./test/resources/boltkit/read_server.script', 9006); kit.run(function () { - var driver = neo4j.driver("bolt+routing://127.0.0.1:9001", neo4j.auth.basic("neo4j", "neo4j")); + var driver = newDriver("bolt+routing://127.0.0.1:9001"); // When var session = driver.session(neo4j.session.READ); session.run("MATCH (n) RETURN n.name").then(function (res) { @@ -292,7 +292,7 @@ describe('routing driver ', function () { var readServer = kit.start('./test/resources/boltkit/dead_server.script', 9005); kit.run(function () { - var driver = neo4j.driver("bolt+routing://127.0.0.1:9001", neo4j.auth.basic("neo4j", "neo4j")); + var driver = newDriver("bolt+routing://127.0.0.1:9001"); // When var session = driver.session(neo4j.session.READ); session.run("MATCH (n) RETURN n.name").catch(function (err) { @@ -320,7 +320,7 @@ describe('routing driver ', function () { var writeServer = kit.start('./test/resources/boltkit/write_server.script', 9007); kit.run(function () { - var driver = neo4j.driver("bolt+routing://127.0.0.1:9001", neo4j.auth.basic("neo4j", "neo4j")); + var driver = newDriver("bolt+routing://127.0.0.1:9001"); // When var session = driver.session(neo4j.session.WRITE); session.run("CREATE (n {name:'Bob'})").then(function () { @@ -350,7 +350,7 @@ describe('routing driver ', function () { var readServer2 = kit.start('./test/resources/boltkit/write_server.script', 9008); kit.run(function () { - var driver = neo4j.driver("bolt+routing://127.0.0.1:9001", neo4j.auth.basic("neo4j", "neo4j")); + var driver = newDriver("bolt+routing://127.0.0.1:9001"); // When var session = driver.session(neo4j.session.WRITE); session.run("CREATE (n {name:'Bob'})").then(function () { @@ -384,7 +384,7 @@ describe('routing driver ', function () { var readServer = kit.start('./test/resources/boltkit/dead_server.script', 9007); kit.run(function () { - var driver = neo4j.driver("bolt+routing://127.0.0.1:9001", neo4j.auth.basic("neo4j", "neo4j")); + var driver = newDriver("bolt+routing://127.0.0.1:9001"); // When var session = driver.session(neo4j.session.WRITE); session.run("MATCH (n) RETURN n.name").catch(function (err) { @@ -412,7 +412,7 @@ describe('routing driver ', function () { var readServer = kit.start('./test/resources/boltkit/read_server.script', 9005); kit.run(function () { - var driver = neo4j.driver("bolt+routing://127.0.0.1:9001", neo4j.auth.basic("neo4j", "neo4j")); + var driver = newDriver("bolt+routing://127.0.0.1:9001"); // When var session = driver.session(neo4j.session.READ); session.run("MATCH (n) RETURN n.name").then(function () { @@ -444,7 +444,7 @@ describe('routing driver ', function () { var readServer = kit.start('./test/resources/boltkit/dead_server.script', 9005); kit.run(function () { - var driver = neo4j.driver("bolt+routing://127.0.0.1:9001", neo4j.auth.basic("neo4j", "neo4j")); + var driver = newDriver("bolt+routing://127.0.0.1:9001"); // When var session = driver.session(neo4j.session.READ); session.run("MATCH (n) RETURN n.name").catch(function () { @@ -477,7 +477,7 @@ describe('routing driver ', function () { var seedServer = kit.start('./test/resources/boltkit/acquire_endpoints.script', 9001); kit.run(function () { - var driver = neo4j.driver("bolt+routing://127.0.0.1:9001", neo4j.auth.basic("neo4j", "neo4j")); + var driver = newDriver("bolt+routing://127.0.0.1:9001"); // When var session = driver.session(neo4j.session.READ); session.run("MATCH (n) RETURN n.name").catch(function (err) { @@ -508,7 +508,7 @@ describe('routing driver ', function () { var readServer = kit.start('./test/resources/boltkit/read_server.script', 9005); kit.run(function () { - var driver = neo4j.driver("bolt+routing://127.0.0.1:9001", neo4j.auth.basic("neo4j", "neo4j")); + var driver = newDriver("bolt+routing://127.0.0.1:9001"); // When var session = driver.session(neo4j.session.READ); session.run("MATCH (n) RETURN n.name").catch(function (err) { @@ -537,7 +537,7 @@ describe('routing driver ', function () { var server = kit.start('./test/resources/boltkit/non_discovery.script', 9001); kit.run(function () { - var driver = neo4j.driver("bolt+routing://127.0.0.1:9001", neo4j.auth.basic("neo4j", "neo4j")); + var driver = newDriver("bolt+routing://127.0.0.1:9001"); // When var session = driver.session(); session.run("MATCH (n) RETURN n.name").catch(function (err) { @@ -563,7 +563,7 @@ describe('routing driver ', function () { var readServer = kit.start('./test/resources/boltkit/not_able_to_write.script', 9007); kit.run(function () { - var driver = neo4j.driver("bolt+routing://127.0.0.1:9001", neo4j.auth.basic("neo4j", "neo4j")); + var driver = newDriver("bolt+routing://127.0.0.1:9001"); // When var session = driver.session(); session.run("CREATE ()").catch(function (err) { @@ -594,7 +594,7 @@ describe('routing driver ', function () { var readServer = kit.start('./test/resources/boltkit/not_able_to_write_in_transaction.script', 9007); kit.run(function () { - var driver = neo4j.driver("bolt+routing://127.0.0.1:9001", neo4j.auth.basic("neo4j", "neo4j")); + var driver = newDriver("bolt+routing://127.0.0.1:9001"); // When var session = driver.session(); var tx = session.beginTransaction(); @@ -627,7 +627,7 @@ describe('routing driver ', function () { var seedServer = kit.start('./test/resources/boltkit/no_writers.script', 9001); kit.run(function () { - var driver = neo4j.driver("bolt+routing://127.0.0.1:9001", neo4j.auth.basic("neo4j", "neo4j")); + var driver = newDriver("bolt+routing://127.0.0.1:9001"); // When var session = driver.session(neo4j.session.WRITE); session.run("MATCH (n) RETURN n.name").catch(function (err) { @@ -651,7 +651,7 @@ describe('routing driver ', function () { var writeServer = kit.start('./test/resources/boltkit/two_write_responses_server.script', 9001); kit.run(function () { - var driver = neo4j.driver("bolt+routing://127.0.0.1:9002", neo4j.auth.basic("neo4j", "neo4j")); + var driver = newDriver("bolt+routing://127.0.0.1:9002"); // When var session = driver.session(neo4j.session.WRITE); session.run("CREATE (n {name:'Bob'})").then(function () { @@ -673,4 +673,11 @@ describe('routing driver ', function () { }); }); }); + + function newDriver(url) { + // BoltKit currently does not support encryption, create driver with encryption turned off + return neo4j.driver(url, neo4j.auth.basic("neo4j", "neo4j"), { + encrypted: "ENCRYPTION_OFF" + }); + } });