})
})
})
Describe("authenticating with the cf realm with a one time code", func() {
BeforeEach(func() {
clientConfig = &ssh.ClientConfig{
User: "******",
Auth: []ssh.AuthMethod{ssh.Password("abc123")},
}
fakeUAA.RouteToHandler("POST", "/oauth/token", ghttp.CombineHandlers(
ghttp.VerifyRequest("POST", "/oauth/token"),
ghttp.VerifyBasicAuth("amandaplease", "password1"),
ghttp.VerifyContentType("application/x-www-form-urlencoded"),
ghttp.VerifyFormKV("grant_type", "authorization_code"),
ghttp.VerifyFormKV("code", "abc123"),
ghttp.RespondWithJSONEncoded(http.StatusOK, authenticators.UAAAuthTokenResponse{
AccessToken: "proxy-token",
TokenType: "bearer",
}),
))
fakeCC.RouteToHandler("GET", "/internal/apps/60f0f26e-86b3-4487-8f19-9e94f848f3d2/ssh_access/99", ghttp.CombineHandlers(
ghttp.VerifyRequest("GET", "/internal/apps/60f0f26e-86b3-4487-8f19-9e94f848f3d2/ssh_access/99"),
ghttp.VerifyHeader(http.Header{"Authorization": []string{"bearer proxy-token"}}),
ghttp.RespondWithJSONEncoded(http.StatusOK, authenticators.AppSSHResponse{
ProcessGuid: processGuid,
}),
))
})
})
Context("setting up http client to request one time code", func() {
var fakeUAA *ghttp.Server
BeforeEach(func() {
authRepo.RefreshToken = "bearer client-bearer-token"
configRepo.SetSSLDisabled(true)
configRepo.SetSSHOAuthClient("ssh-oauth-client-id")
fakeUAA = ghttp.NewTLSServer()
configRepo.SetUaaEndpoint(fakeUAA.URL())
fakeUAA.RouteToHandler("GET", "/oauth/authorize", ghttp.CombineHandlers(
ghttp.VerifyRequest("GET", "/oauth/authorize"),
ghttp.VerifyFormKV("response_type", "code"),
ghttp.VerifyFormKV("client_id", "ssh-oauth-client-id"),
ghttp.VerifyFormKV("grant_type", "authorization_code"),
ghttp.VerifyHeaderKV("authorization", "bearer client-bearer-token"),
ghttp.RespondWith(http.StatusFound, "", http.Header{
"Location": []string{"https://uaa.example.com/login?code=abc123"},
}),
))
})
It("gets the access code from the token endpoint", func() {
runCommand()
Ω(authRepo.RefreshTokenCalled).To(BeTrue())
Ω(fakeUAA.ReceivedRequests()).To(HaveLen(1))
Ω(ui.Outputs).To(ContainSubstrings(
BeforeEach(func() {
metadata.UserReturns("cf:app-guid/1")
password = []byte(expectedOneTimeCode)
uaaTokenResponseCode = http.StatusOK
uaaTokenResponse = &authenticators.UAAAuthTokenResponse{
AccessToken: "exchanged-token",
TokenType: "bearer",
}
fakeUAA.AppendHandlers(
ghttp.CombineHandlers(
ghttp.VerifyRequest("POST", "/oauth/token"),
ghttp.VerifyBasicAuth("diego-ssh", "diego-ssh-secret-$\"^&'"),
ghttp.VerifyFormKV("grant_type", "authorization_code"),
ghttp.VerifyFormKV("code", expectedOneTimeCode),
ghttp.RespondWithJSONEncodedPtr(&uaaTokenResponseCode, uaaTokenResponse),
),
)
sshAccessResponseCode = http.StatusOK
sshAccessResponse = &authenticators.AppSSHResponse{
ProcessGuid: "app-guid-app-version",
}
fakeCC.AppendHandlers(
ghttp.CombineHandlers(
ghttp.VerifyRequest("GET", "/internal/apps/app-guid/ssh_access/1"),
ghttp.VerifyHeader(http.Header{"Authorization": []string{"bearer exchanged-token"}}),
ghttp.RespondWithJSONEncodedPtr(&sshAccessResponseCode, sshAccessResponse),
wg.Wait()
})
})
Describe("The sender", func() {
var server *ghttp.Server
statusCode := 200
data := []byte("[{\"foo\":\"bar\"}]")
BeforeEach(func() {
encodedString := base64.StdEncoding.EncodeToString(data)
server = ghttp.NewServer()
server.AppendHandlers(
ghttp.CombineHandlers(
ghttp.VerifyRequest("POST", "/track"),
ghttp.VerifyFormKV("data", encodedString),
ghttp.RespondWith(statusCode, "1"),
))
})
AfterEach(func() {
server.Close()
})
It("should send base64 encoded request requests to mix pannel", func() {
m := MixPanelSender{URL: server.URL() + "/track"}
err := m.Send(data)
Ω(err).Should(BeNil())
Ω(server.ReceivedRequests()).Should(HaveLen(1))
})
})