Merge pull request #155 from artem-sidorenko/challenge-reponse-test

chris-rock · web-flow · commit 941f1e77e7bf · 2017-01-03T13:12:11.000+01:00
Tests for GH-131 and GH-132
diff --git a/spec/recipes/server_spec.rb b/spec/recipes/server_spec.rb
@@ -248,6 +248,42 @@
     end
   end
 
+  it 'disables the challenge response authentication' do
+    expect(chef_run).to render_file('/etc/ssh/sshd_config').
+      with_content(/ChallengeResponseAuthentication no/)
+  end
+
+  context 'with challenge response authentication enabled' do
+    cached(:chef_run) do
+      ChefSpec::ServerRunner.new do |node|
+        node.normal['ssh-hardening']['ssh']['server']['challenge_response_authentication'] = true
+      end.converge(described_recipe)
+    end
+
+    it 'enables the challenge response authentication' do
+      expect(chef_run).to render_file('/etc/ssh/sshd_config').
+        with_content(/ChallengeResponseAuthentication yes/)
+    end
+  end
+
+  it 'sets the login grace time to 30s' do
+    expect(chef_run).to render_file('/etc/ssh/sshd_config').
+      with_content(/LoginGraceTime 30s/)
+  end
+
+  context 'with configured login grace time to 60s' do
+    cached(:chef_run) do
+      ChefSpec::ServerRunner.new do |node|
+        node.normal['ssh-hardening']['ssh']['server']['login_grace_time'] = '60s'
+      end.converge(described_recipe)
+    end
+
+    it 'sets the login grace time to 60s' do
+      expect(chef_run).to render_file('/etc/ssh/sshd_config').
+        with_content(/LoginGraceTime 60s/)
+    end
+  end
+
   it 'leaves deny users commented' do
     expect(chef_run).to render_file('/etc/ssh/sshd_config').
       with_content(/#DenyUsers */)
