diff --git a/authenticators/cf_authenticator.go b/authenticators/cf_authenticator.go index e81c0ad..a9d19d9 100644 --- a/authenticators/cf_authenticator.go +++ b/authenticators/cf_authenticator.go @@ -77,7 +77,7 @@ func (cfa *CFAuthenticator) Authenticate(metadata ssh.ConnMetadata, password []b return nil, err } - processGuid, err := cfa.checkAccess(logger, appGuid, string(cred)) + processGuid, err := cfa.checkAccess(logger, appGuid, index, string(cred)) if err != nil { return nil, err } @@ -128,8 +128,8 @@ func (cfa *CFAuthenticator) exchangeAccessCodeForToken(logger lager.Logger, code return fmt.Sprintf("%s %s", tokenResponse.TokenType, tokenResponse.AccessToken), nil } -func (cfa *CFAuthenticator) checkAccess(logger lager.Logger, appGuid string, token string) (string, error) { - path := fmt.Sprintf("%s/internal/apps/%s/ssh_access", cfa.ccURL, appGuid) +func (cfa *CFAuthenticator) checkAccess(logger lager.Logger, appGuid string, index int, token string) (string, error) { + path := fmt.Sprintf("%s/internal/apps/%s/ssh_access/%d", cfa.ccURL, appGuid, index) req, err := http.NewRequest("GET", path, nil) if err != nil { diff --git a/authenticators/cf_authenticator_test.go b/authenticators/cf_authenticator_test.go index 40864b9..120035e 100644 --- a/authenticators/cf_authenticator_test.go +++ b/authenticators/cf_authenticator_test.go @@ -126,7 +126,7 @@ var _ = Describe("CFAuthenticator", func() { fakeCC.AppendHandlers( ghttp.CombineHandlers( - ghttp.VerifyRequest("GET", "/internal/apps/app-guid/ssh_access"), + ghttp.VerifyRequest("GET", "/internal/apps/app-guid/ssh_access/1"), ghttp.VerifyHeader(http.Header{"Authorization": []string{"bearer exchanged-token"}}), ghttp.RespondWithJSONEncodedPtr(&sshAccessResponseCode, sshAccessResponse), ), @@ -220,8 +220,8 @@ var _ = Describe("CFAuthenticator", func() { Context("when the cc ssh_access response cannot be parsed", func() { BeforeEach(func() { - fakeCC.RouteToHandler("GET", "/internal/apps/app-guid/ssh_access", ghttp.CombineHandlers( - ghttp.VerifyRequest("GET", "/internal/apps/app-guid/ssh_access"), + fakeCC.RouteToHandler("GET", "/internal/apps/app-guid/ssh_access/1", ghttp.CombineHandlers( + ghttp.VerifyRequest("GET", "/internal/apps/app-guid/ssh_access/1"), ghttp.VerifyHeader(http.Header{"Authorization": []string{"bearer exchanged-token"}}), ghttp.RespondWith(http.StatusOK, "{{"), )) @@ -236,7 +236,7 @@ var _ = Describe("CFAuthenticator", func() { Context("the the cc ssh_access check times out", func() { BeforeEach(func() { ccTempClientTimeout := httpClientTimeout - fakeCC.RouteToHandler("GET", "/internal/apps/app-guid/ssh_access", + fakeCC.RouteToHandler("GET", "/internal/apps/app-guid/ssh_access/1", func(w http.ResponseWriter, req *http.Request) { time.Sleep(ccTempClientTimeout * 2) w.Write([]byte(`[]`)) diff --git a/cmd/ssh-proxy/main_test.go b/cmd/ssh-proxy/main_test.go index c208629..02ed7ff 100644 --- a/cmd/ssh-proxy/main_test.go +++ b/cmd/ssh-proxy/main_test.go @@ -400,8 +400,8 @@ var _ = Describe("SSH proxy", func() { }), )) - fakeCC.RouteToHandler("GET", "/internal/apps/app-guid/ssh_access", ghttp.CombineHandlers( - ghttp.VerifyRequest("GET", "/internal/apps/app-guid/ssh_access"), + fakeCC.RouteToHandler("GET", "/internal/apps/app-guid/ssh_access/99", ghttp.CombineHandlers( + ghttp.VerifyRequest("GET", "/internal/apps/app-guid/ssh_access/99"), ghttp.VerifyHeader(http.Header{"Authorization": []string{"bearer proxy-token"}}), ghttp.RespondWithJSONEncoded(http.StatusOK, authenticators.AppSSHResponse{ ProcessGuid: processGuid,