forked from ContainerSSH/auth
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathclient_test.go
106 lines (101 loc) · 3.29 KB
/
client_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
package auth_test
import (
"errors"
"net"
"testing"
"time"
"github.com/containerssh/geoip"
"github.com/containerssh/http"
"github.com/containerssh/log"
"github.com/containerssh/metrics"
"github.com/containerssh/auth"
)
// TestPasswordDisabled tests if the call fails with the correct error if the password authentication method is
// disabled. The inverse is not tested because it is already tested by the integration test.
func TestPasswordDisabled(t *testing.T) {
config := auth.ClientConfig{
ClientConfiguration: http.ClientConfiguration{
URL: "http://localhost:8080",
AllowRedirects: false,
Timeout: 100 * time.Millisecond,
},
AuthTimeout: time.Second,
Password: false,
PubKey: true,
}
geoIp, err := geoip.New(geoip.Config{
Provider: geoip.DummyProvider,
})
if err != nil {
t.Fatal(err)
}
c, err := auth.NewHttpAuthClient(
config,
log.NewTestLogger(t),
metrics.New(geoIp),
)
if err != nil {
t.Fatal(err)
}
result, err := c.Password("foo", []byte("bar"), "asdf", net.ParseIP("127.0.0.1"))
if result {
t.Fatal("Password authentication method resulted in successful authentication.")
}
if err == nil {
t.Fatal("Password authentication method did not result in an error.")
}
var realErr log.Message
if !errors.As(err, &realErr) {
t.Fatal("Password authentication did not return a log.Message")
}
if realErr.Code() != auth.EDisabled {
t.Fatal("Disabled password authentication did not return an auth.EDisabled code.")
}
}
// TestPubKeyDisabled tests if the call fails with the correct error if the public key authentication method is
// disabled. The inverse is not tested because it is already tested by the integration test.
func TestPubKeyDisabled(t *testing.T) {
config := auth.ClientConfig{
ClientConfiguration: http.ClientConfiguration{
URL: "http://localhost:8080",
AllowRedirects: false,
Timeout: 100 * time.Millisecond,
},
AuthTimeout: time.Second,
Password: true,
PubKey: false,
}
geoIp, err := geoip.New(geoip.Config{
Provider: geoip.DummyProvider,
})
if err != nil {
t.Fatal(err)
}
c, err := auth.NewHttpAuthClient(
config,
log.NewTestLogger(t),
metrics.New(geoIp),
)
if err != nil {
t.Fatal(err)
}
result, err := c.PubKey(
"foo",
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDP39LqSomHi4kicGADA3XVQoYxzNkvrBLOqN5AEEP01p0TZ39LXa6FdB4Pmvg8h51c+BNLoxpYrTk4UibMD87OPKYYXrNmLvq0GwjMPYpzoICevAJm+/2sDVlK9sXT93Fkin+tei+Evgf/hQK0xN+HXqP8dz8SWSXeWjBv588eHHCdrV+0FlZLXH+9D18tD4BNPHe9iJLpeeH6gsvQBvArXcIEQVvHIo1cCcsy28ymUFndG55LdOaTCA+pcfHLmRtL8HO2mI2Qc/0HBSc2d1gb3lHAnmdMT82K58OjRp9Tegc5hVuKVE+hkmNjfo3f1mVHsNu6JYLxRngnbJ20QdzuKcPb3pRMty+ggRgEQExvgl1pC3OVcgyc8YX1eXiyhYy0kXT/Jg++AcaIC1Xk/hDfB0T7WxCO0Wwd4KSjKr79tIxM/m4jP2K1Hk4yAnT7mZQ0GjdphLLuDk3yt8R809SPuzkPCXBM0sL6FrqT2GVDNihN2pBh1MyuUt7S8ZXpuW0=",
"asdf",
net.ParseIP("127.0.0.1"),
)
if result {
t.Fatal("Public key authentication method resulted in successful authentication.")
}
if err == nil {
t.Fatal("Public key authentication method did not result in an error.")
}
var realErr log.Message
if !errors.As(err, &realErr) {
t.Fatal("Public key authentication did not return a log.Message")
}
if realErr.Code() != auth.EDisabled {
t.Fatal("Disabled public key authentication did not return an auth.EDisabled code.")
}
}