warpgate/tests/test_ssh_user_auth_ticket.py

64 lines
1.9 KiB
Python
Raw Normal View History

2022-08-14 18:36:49 +08:00
from pathlib import Path
from textwrap import dedent
from .conftest import ProcessManager
from .util import create_ticket, wait_port
class Test:
def test(
2022-09-02 20:00:08 +08:00
self, processes: ProcessManager, wg_c_ed25519_pubkey: Path, password_123_hash, timeout
2022-08-14 18:36:49 +08:00
):
ssh_port = processes.start_ssh_server(
trusted_keys=[wg_c_ed25519_pubkey.read_text()]
)
_, wg_ports = processes.start_wg(
dedent(
f'''\
targets:
- name: ssh
allow_roles: [role]
ssh:
host: localhost
port: {ssh_port}
2022-09-02 20:00:08 +08:00
- name: warpgate:admin
2022-08-14 18:36:49 +08:00
allow_roles: [admin]
web_admin: {{}}
users:
- username: user
roles: [role]
credentials:
- type: password
hash: '{password_123_hash}'
- username: admin
2022-09-02 20:00:08 +08:00
roles: [warpgate:admin]
2022-08-14 18:36:49 +08:00
credentials:
- type: password
hash: '{password_123_hash}'
'''
),
)
wait_port(ssh_port)
wait_port(wg_ports['ssh'])
wait_port(wg_ports['http'], recv=False)
url = f'https://localhost:{wg_ports["http"]}'
secret = create_ticket(url, 'user', 'ssh')
ssh_client = processes.start_ssh_client(
f'ticket-{secret}@localhost',
'-p',
str(wg_ports['ssh']),
'-i',
'/dev/null',
'-o',
'PreferredAuthentications=password',
'ls',
'/bin/sh',
password='123',
)
2022-09-02 20:00:08 +08:00
assert ssh_client.communicate(timeout=timeout)[0] == b'/bin/sh\n'
2022-08-14 18:36:49 +08:00
assert ssh_client.returncode == 0