4 files changed, 97 insertions, 16 deletions

diff --git a/test/auth/password_test.exs b/test/auth/password_test.exs
index 974f2fa..8c93ea9 100644
--- a/test/auth/password_test.exs
+++ b/test/auth/password_test.exs
@@ -1,27 +1,27 @@
 defmodule Chessh.Auth.PasswordAuthenticatorTest do
   use ExUnit.Case
-  alias Chessh.Player
-  alias Chessh.Repo
+  alias Chessh.{Player, Repo}
 
   @valid_user %{username: "logan", password: "password"}
 
-  setup do
-    :ok = Ecto.Adapters.SQL.Sandbox.checkout(Chessh.Repo)
+  setup_all do
+    Ecto.Adapters.SQL.Sandbox.checkout(Repo)
+    Ecto.Adapters.SQL.Sandbox.mode(Repo, {:shared, self()})
 
     {:ok, _user} = Repo.insert(Player.registration_changeset(%Player{}, @valid_user))
 
     :ok
   end
 
-  test "User can sign in with their password" do
+  test "Password can authenticate a hashed password" do
     assert Chessh.Auth.PasswordAuthenticator.authenticate(
-             String.to_charlist(@valid_user.username),
-             String.to_charlist(@valid_user.password)
+             @valid_user.username,
+             @valid_user.password
            )
 
     refute Chessh.Auth.PasswordAuthenticator.authenticate(
-             String.to_charlist(@valid_user.username),
-             String.to_charlist("a_bad_password")
+             @valid_user.username,
+             "a_bad_password"
            )
   end
 end
diff --git a/test/auth/pubkey_test.exs b/test/auth/pubkey_test.exs
index 78eecfb..da2518b 100644
--- a/test/auth/pubkey_test.exs
+++ b/test/auth/pubkey_test.exs
@@ -1,8 +1,6 @@
 defmodule Chessh.Auth.PublicKeyAuthenticatorTest do
   use ExUnit.Case
-  alias Chessh.Key
-  alias Chessh.Repo
-  alias Chessh.Player
+  alias Chessh.{Key, Repo, Player}
 
   @valid_user %{username: "logan", password: "password"}
   @valid_key %{
@@ -10,8 +8,9 @@ defmodule Chessh.Auth.PublicKeyAuthenticatorTest do
     key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/2LOJGGEd/dhFgRxJ5MMv0jJw4s4pA8qmMbZyulN44"
   }
 
-  setup do
-    :ok = Ecto.Adapters.SQL.Sandbox.checkout(Chessh.Repo)
+  setup_all do
+    Ecto.Adapters.SQL.Sandbox.checkout(Repo)
+    Ecto.Adapters.SQL.Sandbox.mode(Repo, {:shared, self()})
 
     {:ok, player} = Repo.insert(Player.registration_changeset(%Player{}, @valid_user))
 
diff --git a/test/schema/register_test.exs b/test/schema/register_test.exs
index 5705d31..0e9fdf1 100644
--- a/test/schema/register_test.exs
+++ b/test/schema/register_test.exs
@@ -1,8 +1,7 @@
 defmodule Chessh.Auth.UserRegistrationTest do
   use Chessh.RepoCase
   use ExUnit.Case
-  alias Chessh.Player
-  alias Chessh.Repo
+  alias Chessh.{Player, Repo}
 
   @valid_user %{username: "logan", password: "password"}
   @invalid_username %{username: "a", password: "password"}
diff --git a/test/ssh/ssh_auth_test.exs b/test/ssh/ssh_auth_test.exs
new file mode 100644
index 0000000..27d5e4c
--- /dev/null
+++ b/test/ssh/ssh_auth_test.exs
@@ -0,0 +1,83 @@
+defmodule Chessh.SSH.AuthTest do
+  use ExUnit.Case
+  alias Chessh.{Player, Repo, Key}
+
+  @localhost '127.0.0.1'
+  @localhost_inet {{127, 0, 0, 1}, 1}
+  @key_name "The Gamer Machine"
+  @valid_user %{username: "logan", password: "password"}
+  @client_test_keys_dir Path.join(Application.compile_env!(:chessh, :key_dir), "client_keys")
+  @client_pub_key 'id_ed25519.pub'
+
+  setup_all do
+    Ecto.Adapters.SQL.Sandbox.checkout(Repo)
+    Ecto.Adapters.SQL.Sandbox.mode(Repo, {:shared, self()})
+
+    {:ok, player} = Repo.insert(Player.registration_changeset(%Player{}, @valid_user))
+
+    {:ok, key_text} = File.read(Path.join(@client_test_keys_dir, @client_pub_key))
+
+    {:ok, _key} =
+      Repo.insert(
+        Key.changeset(%Key{}, %{key: key_text, name: @key_name})
+        |> Ecto.Changeset.put_assoc(:player, player)
+      )
+
+    :ok
+  end
+
+  test "Password attempts are rate limited" do
+    jail_attempt_threshold =
+      Application.get_env(:chessh, RateLimits)
+      |> Keyword.get(:jail_attempt_threshold)
+
+    assert :disconnect ==
+             Enum.reduce(
+               0..(jail_attempt_threshold + 1),
+               fn _, _ ->
+                 Chessh.SSH.Daemon.pwd_authenticate(
+                   @valid_user.username,
+                   "wrong_password",
+                   @localhost_inet
+                 )
+               end
+             )
+  end
+
+  test "INTEGRATION - Can ssh into daemon with password or public key" do
+    {:ok, sup} = Task.Supervisor.start_link()
+    test_pid = self()
+
+    Task.Supervisor.start_child(sup, fn ->
+      {:ok, _pid} =
+        :ssh.connect(@localhost, Application.fetch_env!(:chessh, :port),
+          user: String.to_charlist(@valid_user.username),
+          password: String.to_charlist(@valid_user.password),
+          auth_methods: 'password',
+          silently_accept_hosts: true
+        )
+
+      send(test_pid, :connected_via_password)
+    end)
+
+    Task.Supervisor.start_child(sup, fn ->
+      {:ok, _pid} =
+        :ssh.connect(@localhost, Application.fetch_env!(:chessh, :port),
+          user: String.to_charlist(@valid_user.username),
+          auth_methods: 'publickey',
+          silently_accept_hosts: true,
+          user_dir: String.to_charlist(@client_test_keys_dir)
+        )
+
+      send(test_pid, :connected_via_public_key)
+    end)
+
+    assert_receive(:connected_via_password, 500)
+    assert_receive(:connected_via_public_key, 500)
+  end
+
+  # TODO
+  #  test "INTEGRATION - User cannot have more than specified concurrent sessions" do
+  #    :ok
+  #  end
+end