# vi: set ft=conf
# Regression test for authentication bypass vulnerability
#
# VULNERABILITY DESCRIPTION:
# A critical authentication bypass allows an attacker to impersonate any user
# (including Admin) by offering the user's public key but failing to sign with
# it, then successfully authenticating with their own key.
#
# ATTACK SCENARIO:
# 1. Attacker obtains Admin's public key (publicly available)
# 2. Attacker configures SSH client to offer TWO keys in sequence:
#    - First: Admin's public key (attacker has this but not the private key)
#    - Second: Attacker's own valid key pair
# 3. During SSH handshake:
#    - Server sees admin's public key offered
#    - PublicKeyHandler() is called, looks up admin user, stores in context
#    - Server requests signature with admin's key
#    - Attacker can't sign (doesn't have admin's private key), this key fails
#    - Server tries next key (attacker's key)
#    - PublicKeyHandler() called again with attacker's key
#    - Server requests signature with attacker's key
#    - Attacker signs successfully with their own private key
# 4. Admin user is still in context from step 3, even though authentication
#    succeeded with attacker's key!
# 5. Attacker gains full Admin privileges
#
# THIS TEST VERIFIES:
# - Using "attacksoft" command which offers both admin and attacker keys
# - Attacker should NOT be able to perform admin user operations
# - Attacker should NOT gain admin user privileges

[windows] dos2unix notauthorizederr.txt

# start soft serve
exec soft serve &
# wait for SSH server to start
ensureserverrunning SSH_PORT

# Create a private repo as admin that only admin can access
soft repo create admin-only-repo -p

# TEST 1: Simulate the attack using attacksoft command
! attacksoft repo create attacker-created-repo

# TEST 2: Verify attacker cannot access admin's private repo
! attacksoft git-upload-pack admin-only-repo
cmp stderr notauthorizederr.txt

# TEST 3: Verify admin can still create repos (sanity check)
soft repo create admin-created-repo

# TEST 4: Verify attacker cannot delete admin's repo
! attacksoft repo delete admin-only-repo

# TEST 5: Verify attacker cannot change settings
! attacksoft settings anon-access read-write

# stop the server
[windows] stopserver
[windows] ! stderr .

-- notauthorizederr.txt --
Error: you are not authorized to do this