fix: add test for publickey auth using wrong key

adamkirchberger · adamkirchberger · commit 1bb8067a6b24 · 2024-08-07T12:37:56.000Z
diff --git a/tests/integration/test_ncclient.py b/tests/integration/test_ncclient.py
@@ -266,3 +266,30 @@ def test_when_connecting_using_username_and_rsa_key_then_authentication_passes(
     ) as m:
         # THEN expect to be connected
         assert m.connected
+
+
+def test_when_connecting_using_username_and_wrong_key_then_authentication_fails(
+    netconf_server, tmp_path
+):
+    # GIVEN generated key
+    key_filepath = (tmp_path / "key").as_posix()
+    key = paramiko.RSAKey.generate(bits=2048)
+    key.write_private_key_file(key_filepath)
+
+    # GIVEN SSH username and a different key have been defined
+    netconf_server.username = "admin"
+    netconf_server.authorized_key = f"foobar"
+
+    # WHEN connecting using wrong key
+    with pytest.raises(AuthenticationError) as error:
+        with manager.connect(
+            host="localhost",
+            port=8830,
+            username="foo",
+            key_filename=key_filepath,
+            hostkey_verify=False,
+        ):
+            ...
+
+    # THEN expect error
+    assert error
diff --git a/tests/integration/test_netconf_client.py b/tests/integration/test_netconf_client.py
@@ -264,3 +264,29 @@ def test_when_connecting_using_username_and_rsa_key_then_authentication_passes(
     ) as session:
         # THEN expect to be connected
         assert session.session_id
+
+def test_when_connecting_using_username_and_wrong_key_then_authentication_fails(
+    netconf_server, tmp_path
+):
+    # GIVEN generated key
+    key_filepath = (tmp_path / "key").as_posix()
+    key = paramiko.RSAKey.generate(bits=2048)
+    key.write_private_key_file(key_filepath)
+
+    # GIVEN SSH username and a different key have been defined
+    netconf_server.username = "admin"
+    netconf_server.authorized_key = f"foobar"
+
+    # WHEN connecting using wrong key
+    with pytest.raises(paramiko.ssh_exception.AuthenticationException) as error:
+        with connect_ssh(
+            host="localhost",
+            port=8830,
+            username="foo",
+            password=None,
+            key_filename=key_filepath,
+        ) as session:
+            Manager(session=session)
+
+    # THEN expect error
+    assert "Authentication failed." in str(error)
diff --git a/tests/integration/test_scrapli_netconf.py b/tests/integration/test_scrapli_netconf.py
@@ -280,3 +280,29 @@ def test_when_connecting_using_username_and_rsa_key_then_authentication_passes(
     ) as conn:
         # THEN expect to be connected
         assert conn.isalive()
+
+def test_when_connecting_using_username_and_wrong_key_then_authentication_fails(
+    netconf_server, tmp_path
+):
+    # GIVEN generated key
+    key_filepath = (tmp_path / "key").as_posix()
+    key = paramiko.RSAKey.generate(bits=2048)
+    key.write_private_key_file(key_filepath)
+
+    # GIVEN SSH username and a different key have been defined
+    netconf_server.username = "admin"
+    netconf_server.authorized_key = f"foobar"
+
+    # WHEN connecting using wrong key
+    with pytest.raises(ScrapliConnectionError) as error:
+        with NetconfDriver(
+            host="localhost",
+            port=8830,
+            auth_username="foo",
+            auth_private_key=key_filepath,
+            auth_strict_key=False,
+        ):
+            pass
+
+    # THEN expect error
+    assert "permission denied, please try again." in str(error)
