Write new test subsuite proving lack of connect(passphrase=)

3 files changed, 57 insertions, 1 deletions

diff --git a/dev-requirements.txt b/dev-requirements.txt
index 9e09c03e..00ff1c6e 100644
--- a/dev-requirements.txt
+++ b/dev-requirements.txt
@@ -8,3 +8,4 @@ wheel==0.24
 twine==1.9.1
 flake8==2.6.2
 pytest==3.2.1
+pytest_relaxed==1.0.0
diff --git a/setup.cfg b/setup.cfg
index 8cc271fe..00e34ca3 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -11,3 +11,8 @@ omit = paramiko/_winapi.py
 exclude = sites,.git,build,dist,demos,tests
 ignore = E124,E125,E128,E261,E301,E302,E303,E402
 max-line-length = 79
+
+[tool:pytest]
+# We use pytest-relaxed just for its utils at the moment, so disable it at the
+# plugin level until we adapt test organization to really use it.
+addopts = -p no:relaxed
diff --git a/tests/test_client.py b/tests/test_client.py
index 25ec327f..9e7bf379 100644
--- a/tests/test_client.py
+++ b/tests/test_client.py
@@ -20,7 +20,7 @@
 Some unit tests for SSHClient.
 """
 
-from __future__ import with_statement
+from __future__ import with_statement, print_function
 
 import gc
 import os
@@ -33,6 +33,8 @@ import warnings
 import weakref
 from tempfile import mkstemp
 
+from pytest_relaxed import raises
+
 import paramiko
 from paramiko.pkey import PublicBlob
 from paramiko.common import PY2
@@ -640,3 +642,51 @@ class SSHClientTest(ClientTest):
         # Hand in just the class (new behavior)
         client.set_missing_host_key_policy(paramiko.AutoAddPolicy)
         assert isinstance(client._policy, paramiko.AutoAddPolicy)
+
+
+class PasswordPassphraseTests(ClientTest):
+    # TODO: most of these could reasonably be set up to use mocks/assertions
+    # (e.g. "gave passphrase -> expect PKey was given it as the passphrase")
+    # instead of suffering a real connection cycle.
+    # TODO: in that case, move the below to be part of an integration suite?
+
+    def test_password_kwarg_works_for_password_auth(self):
+        # Straightforward / duplicate of earlier basic password test.
+        self._test_connection(password='pygmalion')
+
+    # TODO: more granular exception pending #387
+    @raises(SSHException)
+    def test_passphrase_kwarg_not_used_for_password_auth(self):
+        # Using the "right" password in the "wrong" field shouldn't work.
+        self._test_connection(passphrase='pygmalion')
+
+    def test_passphrase_kwarg_used_for_key_passphrase(self):
+        # Straightforward again, with new passphrase kwarg.
+        self._test_connection(
+            key_filename=_support('test_rsa_password.key'),
+            passphrase='television',
+        )
+
+    def test_password_kwarg_used_for_passphrase_when_no_passphrase_kwarg_given(self): # noqa
+        # Backwards compatibility: passphrase in the password field.
+        self._test_connection(
+            key_filename=_support('test_rsa_password.key'),
+            password='television',
+        )
+
+    @raises(SSHException) # TODO: more granular
+    def test_password_kwarg_not_used_for_passphrase_when_passphrase_kwarg_given(self): # noqa
+        # Sanity: if we're given both fields, the password field is NOT used as
+        # a passphrase.
+        self._test_connection(
+            key_filename=_support('test_rsa_password.key'),
+            password='television',
+            passphrase='wat? lol no',
+        )
+
+    @raises(SSHException) # TODO: more granular
+    def test_passphrase_kwarg_not_used_for_password_value(self): # noqa
+        # Sanity: the new passphrase field is NEVER used for password auth!
+        self._test_connection(
+            passphrase='pygmalion',
+        )