password []byte authErr error ) BeforeEach(func() { permissions = nil password = []byte{} }) JustBeforeEach(func() { permissions, authErr = authenticator.Authenticate(metadata, password) }) Context("when the user name matches the user regex and valid credentials are provided", func() { BeforeEach(func() { metadata.UserReturns("diego:some-guid/0") password = []byte("some-user:some-password") }) It("authenticates the password against the provided user:password", func() { Expect(authErr).NotTo(HaveOccurred()) }) It("builds permissions for the requested process", func() { Expect(permissionsBuilder.BuildCallCount()).To(Equal(1)) guid, index, metadata := permissionsBuilder.BuildArgsForCall(0) Expect(guid).To(Equal("some-guid")) Expect(index).To(Equal(0)) Expect(metadata).To(Equal(metadata)) }) })
Context("when one or more authenticators are specified", func() { var ( authenticatorOne *fake_authenticators.FakePasswordAuthenticator authenticatorTwo *fake_authenticators.FakePasswordAuthenticator ) BeforeEach(func() { authenticatorOne = &fake_authenticators.FakePasswordAuthenticator{} authenticatorTwo = &fake_authenticators.FakePasswordAuthenticator{} authenticatorMap["one"] = authenticatorOne authenticatorMap["two"] = authenticatorOne }) Context("and the users realm matches the first authenticator", func() { BeforeEach(func() { metadata.UserReturns("one:garbage") }) Context("and the authenticator successfully authenticates", func() { var permissions *ssh.Permissions BeforeEach(func() { permissions = &ssh.Permissions{} authenticatorOne.AuthenticateReturns(permissions, nil) }) It("succeeds to authenticate", func() { perms, err := authenticator.Authenticate(metadata, password) Expect(err).NotTo(HaveOccurred()) Expect(perms).To(Equal(permissions))
}) }) Describe("Authenticate", func() { const expectedOneTimeCode = "abc123" var ( uaaTokenResponse *authenticators.UAAAuthTokenResponse uaaTokenResponseCode int sshAccessResponse *authenticators.AppSSHResponse sshAccessResponseCode int ) BeforeEach(func() { metadata.UserReturns("cf:app-guid/1") password = []byte(expectedOneTimeCode) uaaTokenResponseCode = http.StatusOK uaaTokenResponse = &authenticators.UAAAuthTokenResponse{ AccessToken: "exchanged-token", TokenType: "bearer", } fakeUAA.AppendHandlers( ghttp.CombineHandlers( ghttp.VerifyRequest("POST", "/oauth/token"), ghttp.VerifyBasicAuth("diego-ssh", "diego-ssh-secret-$\"^&'"), ghttp.VerifyFormKV("grant_type", "authorization_code"), ghttp.VerifyFormKV("code", expectedOneTimeCode), ghttp.RespondWithJSONEncodedPtr(&uaaTokenResponseCode, uaaTokenResponse),
}) }) Describe("Authenticate", func() { const expectedOneTimeCode = "abc123" var ( uaaTokenResponse *authenticators.UAAAuthTokenResponse uaaTokenResponseCode int sshAccessResponse *authenticators.AppSSHResponse sshAccessResponseCode int ) BeforeEach(func() { metadata.UserReturns("cf:1e051b88-a210-40b7-bcca-df645b24b634/1") password = []byte(expectedOneTimeCode) uaaTokenResponseCode = http.StatusOK uaaTokenResponse = &authenticators.UAAAuthTokenResponse{ AccessToken: "exchanged-token", TokenType: "bearer", } fakeUAA.AppendHandlers( ghttp.CombineHandlers( ghttp.VerifyRequest("POST", "/oauth/token"), ghttp.VerifyBasicAuth("diego-ssh", "diego-ssh-secret-$\"^&'"), ghttp.VerifyFormKV("grant_type", "authorization_code"), ghttp.VerifyFormKV("code", expectedOneTimeCode), ghttp.RespondWithJSONEncodedPtr(&uaaTokenResponseCode, uaaTokenResponse),