diff --git a/antora.yml b/antora.yml index 38cee101..b2ae0b3d 100644 --- a/antora.yml +++ b/antora.yml @@ -7,6 +7,6 @@ nav: asciidoc: attributes: page-origin-private: false - neo4j-version: '5.24' - neo4j-version-exact: '5.24.0' - neo4j-buildnumber: '5.24' \ No newline at end of file + neo4j-version: '5.25' + neo4j-version-exact: '5.25.1' + neo4j-buildnumber: '5.25' diff --git a/modules/ROOT/pages/notifications/all-notifications.adoc b/modules/ROOT/pages/notifications/all-notifications.adoc index a16833c1..79586373 100644 --- a/modules/ROOT/pages/notifications/all-notifications.adoc +++ b/modules/ROOT/pages/notifications/all-notifications.adoc @@ -2795,7 +2795,7 @@ Use `DATABASE *` without the parameter to revoke the privilege on all databases. .Notification details [cols="<1s,<4"] |=== -|Code +|Neo4j code m|Neo.ClientNotification.Security.AuthProviderNotDefined |Title a|The auth provider is not defined. @@ -2804,10 +2804,24 @@ a|The auth provider `{ $provider }` is not defined in the configuration. Verify that the spelling is correct or define `{ $provider }` in the configuration. |Category m|SECURITY +|GQLSTATUS code +m|00N72 +|Status description +a|note: successful completion - undefined auth provider. +The auth provider { $auth } is not defined in the configuration. +Verify that the spelling is correct or define { $auth } in the configuration. +|Classification +m|SECURITY +|SeverityLevel +m|INFORMATION |=== + .Create a user with an auth provider that is not defined in the configuration -==== +[.tabbed-example] +===== +[.include-with-neo4j-code] +====== Command:: + [source, cypher] @@ -2822,10 +2836,35 @@ Verify that the spelling is correct or define `unknownProvider` in the configura Suggestions for improvement:: Make sure that the given provider is correct, or replace it if not. If it is correct, make sure to add it as a known auth provider in one or both of `dbms.security.authentication_providers` and `dbms.security.authorization_providers`. -==== +====== +[.include-with-GQLSTATUS-code] +====== +Command:: ++ +[source, cypher] +---- +CREATE USER foo SET AUTH 'unknownProvider' { SET ID 'idString' } +---- + +Returned GQLSTATUS code:: +00N72 + +Returned status description:: +note: successful completion - undefined auth provider. +The auth provider `unknownProvider` is not defined in the configuration. +Verify that the spelling is correct or define `unknownProvider` in the configuration. + +Suggestions for improvement:: +Make sure that the given provider is correct, or replace it if not. +If it is correct, make sure to add it as a known auth provider in one or both of `dbms.security.authentication_providers` and `dbms.security.authorization_providers`. +====== +===== .Alter a user to add an auth provider that is not defined in the configuration -==== +[.tabbed-example] +===== +[.include-with-neo4j-code] +====== Command:: + [source, cypher] @@ -2840,7 +2879,31 @@ Verify that the spelling is correct or define `unknownProvider` in the configura Suggestions for improvement:: Make sure that the given provider is correct, or replace it if not. If it is correct, make sure to add it as a known auth provider in one or both of `dbms.security.authentication_providers` and `dbms.security.authorization_providers`. -==== +====== + +[.include-with-GQLSTATUS-code] +====== +Command:: ++ +[source, cypher] +---- +ALTER USER foo SET AUTH 'unknownProvider' { SET ID 'idString' } +---- + +Returned GQLSTATUS code:: +00N72 + +Returned status description:: +note: successful completion - undefined auth provider. +The auth provider `unknownProvider` is not defined in the configuration. +Verify that the spelling is correct or define `unknownProvider` in the configuration. + +Suggestions for improvement:: +Make sure that the given provider is correct, or replace it if not. +If it is correct, make sure to add it as a known auth provider in one or both of `dbms.security.authentication_providers` and `dbms.security.authorization_providers`. +====== +===== + [#_neo_clientnotification_security_externalauthnotenabled] === ExternalAuthNotEnabled @@ -2848,20 +2911,30 @@ If it is correct, make sure to add it as a known auth provider in one or both of .Notification details [cols="<1s,<4"] |=== -|Code +|Neo4j code m|Neo.ClientNotification.Security.ExternalAuthNotEnabled |Title a|External auth for user is not enabled. |Description a|Use setting `dbms.security.require_local_user` to enable external auth. -|Severity -m|WARNING |Category m|SECURITY +|GQLSTATUS code +m|01N71 +|Status description +|warn: external auth disabled. +Use the setting 'dbms.security.require_local_user' to enable external auth. +|Classification +m|SECURITY +|SeverityLevel +m|WARNING |=== .Create a user with an external auth provider when linked users are not enabled -==== +[.tabbed-example] +===== +[.include-with-neo4j-code] +====== Command:: + [source, cypher] @@ -2872,10 +2945,35 @@ CREATE USER foo SET AUTH 'exampleProvider' { SET ID 'idString' } Suggestions for improvement:: Enable linked users through the `dbms.security.require_local_user` setting. Until enabled, the new external auth will be ignored, and current external auth behaviors will continue to apply. -==== +====== +[.include-with-GQLSTATUS-code] +====== +Command:: ++ +[source, cypher] +---- +CREATE USER foo SET AUTH 'exampleProvider' { SET ID 'idString' } +---- + +Returned GQLSTATUS code:: +01N71 + +Returned status description:: +warn: external auth disabled. +Use the setting 'dbms.security.require_local_user' to enable external auth. + +Suggestions for improvement:: +Enable linked users through the `dbms.security.require_local_user` setting. +Until enabled, the new external auth will be ignored, and current external auth behaviors will continue to apply. + +====== +===== .Alter a user to add an external auth provider when linked users are not enabled -==== +[.tabbed-example] +===== +[.include-with-neo4j-code] +====== Command:: + [source, cypher] @@ -2886,7 +2984,31 @@ ALTER USER foo SET AUTH 'exampleProvider' { SET ID 'idString' } Suggestions for improvement:: Enable linked users through the `dbms.security.require_local_user` setting. Until enabled, the new external auth will be ignored, and current external auth behaviors will continue to apply. -==== +====== + +[.include-with-GQLSTATUS-code] +====== +Command:: ++ +[source, cypher] +---- +ALTER USER foo SET AUTH 'exampleProvider' { SET ID 'idString' } +---- + +Returned GQLSTATUS code:: +01N71 + +Returned status description:: +warn: external auth disabled. +Use the setting 'dbms.security.require_local_user' to enable external auth. + +Suggestions for improvement:: +Enable linked users through the `dbms.security.require_local_user` setting. +Until enabled, the new external auth will be ignored, and current external auth behaviors will continue to apply. + +====== +===== + [#_topology_notifications] == `TOPOLOGY` category diff --git a/modules/ROOT/pages/notifications/index.adoc b/modules/ROOT/pages/notifications/index.adoc index 45c5fe38..a70e0392 100644 --- a/modules/ROOT/pages/notifications/index.adoc +++ b/modules/ROOT/pages/notifications/index.adoc @@ -305,4 +305,4 @@ Finally, the list of poly-filled GQL-status objects is sorted according to the G |=== // The following table illustrates the compatibility between the different server and driver versions for both the current Notification API and the GqlStatusObject API: -// TODO \ No newline at end of file +// TODO