})
Context("and the authenticator fails to authenticate", func() {
BeforeEach(func() {
authenticatorOne.AuthenticateReturns(nil, errors.New("boom"))
})
It("fails to authenticate", func() {
_, err := authenticator.Authenticate(metadata, password)
Expect(err).To(MatchError("boom"))
})
})
It("does not attempt to authenticate with any other authenticators", func() {
authenticator.Authenticate(metadata, password)
Expect(authenticatorTwo.AuthenticateCallCount()).To(Equal(0))
})
})
Context("and the user realm is not valid", func() {
BeforeEach(func() {
metadata.UserReturns("one")
})
It("fails to authenticate", func() {
_, err := authenticator.Authenticate(metadata, password)
Expect(err).To(Equal(authenticators.InvalidCredentialsErr))
Expect(authenticatorOne.AuthenticateCallCount()).To(Equal(0))
Expect(authenticatorTwo.AuthenticateCallCount()).To(Equal(0))
})
var clientConfig *ssh.ClientConfig
BeforeEach(func() {
clientConfig = &ssh.ClientConfig{
User: "******",
Auth: []ssh.AuthMethod{
ssh.Password("diego-user:diego-password"),
},
}
})
It("performs a handshake with the client using the proxy server config", func() {
_, err := ssh.Dial("tcp", proxyAddress, clientConfig)
Expect(err).NotTo(HaveOccurred())
Expect(proxyAuthenticator.AuthenticateCallCount()).To(Equal(1))
metadata, password := proxyAuthenticator.AuthenticateArgsForCall(0)
Expect(metadata.User()).To(Equal("diego:some-instance-guid"))
Expect(string(password)).To(Equal("diego-user:diego-password"))
})
Context("when the handshake fails", func() {
BeforeEach(func() {
proxyAuthenticator.AuthenticateReturns(nil, errors.New("go away"))
})
JustBeforeEach(func() {
_, err := ssh.Dial("tcp", proxyAddress, clientConfig)
Expect(err).To(MatchError(ContainSubstring("ssh: handshake failed: ssh: unable to authenticate")))
})
