password []byte
authErr error
)
BeforeEach(func() {
permissions = nil
password = []byte{}
})
JustBeforeEach(func() {
permissions, authErr = authenticator.Authenticate(metadata, password)
})
Context("when the user name matches the user regex and valid credentials are provided", func() {
BeforeEach(func() {
metadata.UserReturns("diego:some-guid/0")
password = []byte("some-user:some-password")
})
It("authenticates the password against the provided user:password", func() {
Expect(authErr).NotTo(HaveOccurred())
})
It("builds permissions for the requested process", func() {
Expect(permissionsBuilder.BuildCallCount()).To(Equal(1))
guid, index, metadata := permissionsBuilder.BuildArgsForCall(0)
Expect(guid).To(Equal("some-guid"))
Expect(index).To(Equal(0))
Expect(metadata).To(Equal(metadata))
})
})
Context("when one or more authenticators are specified", func() {
var (
authenticatorOne *fake_authenticators.FakePasswordAuthenticator
authenticatorTwo *fake_authenticators.FakePasswordAuthenticator
)
BeforeEach(func() {
authenticatorOne = &fake_authenticators.FakePasswordAuthenticator{}
authenticatorTwo = &fake_authenticators.FakePasswordAuthenticator{}
authenticatorMap["one"] = authenticatorOne
authenticatorMap["two"] = authenticatorOne
})
Context("and the users realm matches the first authenticator", func() {
BeforeEach(func() {
metadata.UserReturns("one:garbage")
})
Context("and the authenticator successfully authenticates", func() {
var permissions *ssh.Permissions
BeforeEach(func() {
permissions = &ssh.Permissions{}
authenticatorOne.AuthenticateReturns(permissions, nil)
})
It("succeeds to authenticate", func() {
perms, err := authenticator.Authenticate(metadata, password)
Expect(err).NotTo(HaveOccurred())
Expect(perms).To(Equal(permissions))
})
})
Describe("Authenticate", func() {
const expectedOneTimeCode = "abc123"
var (
uaaTokenResponse *authenticators.UAAAuthTokenResponse
uaaTokenResponseCode int
sshAccessResponse *authenticators.AppSSHResponse
sshAccessResponseCode int
)
BeforeEach(func() {
metadata.UserReturns("cf:app-guid/1")
password = []byte(expectedOneTimeCode)
uaaTokenResponseCode = http.StatusOK
uaaTokenResponse = &authenticators.UAAAuthTokenResponse{
AccessToken: "exchanged-token",
TokenType: "bearer",
}
fakeUAA.AppendHandlers(
ghttp.CombineHandlers(
ghttp.VerifyRequest("POST", "/oauth/token"),
ghttp.VerifyBasicAuth("diego-ssh", "diego-ssh-secret-$\"^&'"),
ghttp.VerifyFormKV("grant_type", "authorization_code"),
ghttp.VerifyFormKV("code", expectedOneTimeCode),
ghttp.RespondWithJSONEncodedPtr(&uaaTokenResponseCode, uaaTokenResponse),
})
})
Describe("Authenticate", func() {
const expectedOneTimeCode = "abc123"
var (
uaaTokenResponse *authenticators.UAAAuthTokenResponse
uaaTokenResponseCode int
sshAccessResponse *authenticators.AppSSHResponse
sshAccessResponseCode int
)
BeforeEach(func() {
metadata.UserReturns("cf:1e051b88-a210-40b7-bcca-df645b24b634/1")
password = []byte(expectedOneTimeCode)
uaaTokenResponseCode = http.StatusOK
uaaTokenResponse = &authenticators.UAAAuthTokenResponse{
AccessToken: "exchanged-token",
TokenType: "bearer",
}
fakeUAA.AppendHandlers(
ghttp.CombineHandlers(
ghttp.VerifyRequest("POST", "/oauth/token"),
ghttp.VerifyBasicAuth("diego-ssh", "diego-ssh-secret-$\"^&'"),
ghttp.VerifyFormKV("grant_type", "authorization_code"),
ghttp.VerifyFormKV("code", expectedOneTimeCode),
ghttp.RespondWithJSONEncodedPtr(&uaaTokenResponseCode, uaaTokenResponse),