BeforeEach(func() {
permissions = &ssh.Permissions{}
authenticatorOne.AuthenticateReturns(permissions, nil)
})
It("succeeds to authenticate", func() {
perms, err := authenticator.Authenticate(metadata, password)
Expect(err).NotTo(HaveOccurred())
Expect(perms).To(Equal(permissions))
})
It("should provide the metadata to the authenticator", func() {
_, err := authenticator.Authenticate(metadata, password)
Expect(err).NotTo(HaveOccurred())
m, p := authenticatorOne.AuthenticateArgsForCall(0)
Expect(m).To(Equal(metadata))
Expect(p).To(Equal(password))
})
})
Context("and the authenticator fails to authenticate", func() {
BeforeEach(func() {
authenticatorOne.AuthenticateReturns(nil, errors.New("boom"))
})
It("fails to authenticate", func() {
_, err := authenticator.Authenticate(metadata, password)
Expect(err).To(MatchError("boom"))
})
BeforeEach(func() {
clientConfig = &ssh.ClientConfig{
User: "******",
Auth: []ssh.AuthMethod{
ssh.Password("diego-user:diego-password"),
},
}
})
It("performs a handshake with the client using the proxy server config", func() {
_, err := ssh.Dial("tcp", proxyAddress, clientConfig)
Expect(err).NotTo(HaveOccurred())
Expect(proxyAuthenticator.AuthenticateCallCount()).To(Equal(1))
metadata, password := proxyAuthenticator.AuthenticateArgsForCall(0)
Expect(metadata.User()).To(Equal("diego:some-instance-guid"))
Expect(string(password)).To(Equal("diego-user:diego-password"))
})
Context("when the handshake fails", func() {
BeforeEach(func() {
proxyAuthenticator.AuthenticateReturns(nil, errors.New("go away"))
})
JustBeforeEach(func() {
_, err := ssh.Dial("tcp", proxyAddress, clientConfig)
Expect(err).To(MatchError(ContainSubstring("ssh: handshake failed: ssh: unable to authenticate")))
})
It("does not attempt to authenticate with the daemon", func() {
