From 5529458e14ebb64beeb6c22688e8eaade46919b3 Mon Sep 17 00:00:00 2001
From: epriestley <git@epriestley.com>
Date: Thu, 25 Jan 2018 06:52:42 -0800
Subject: [PATCH] Add test coverage for SSH key revocation

Summary: Depends on D18928. Ref T13043. Add some automated test coverage for SSH revocation rules.

Test Plan: Ran tests, got a clean bill of health.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13043

Differential Revision: https://secure.phabricator.com/D18929
---
 src/__phutil_library_map__.php                |  2 +
 .../PhabricatorAuthSSHKeyTestCase.php         | 78 +++++++++++++++++++
 2 files changed, 80 insertions(+)
 create mode 100644 src/applications/auth/__tests__/PhabricatorAuthSSHKeyTestCase.php

diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php
index 2324ac0205..59683e5b5c 100644
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@@ -2133,6 +2133,7 @@ phutil_register_library_map(array(
     'PhabricatorAuthSSHKeyRevokeController' => 'applications/auth/controller/PhabricatorAuthSSHKeyRevokeController.php',
     'PhabricatorAuthSSHKeySearchEngine' => 'applications/auth/query/PhabricatorAuthSSHKeySearchEngine.php',
     'PhabricatorAuthSSHKeyTableView' => 'applications/auth/view/PhabricatorAuthSSHKeyTableView.php',
+    'PhabricatorAuthSSHKeyTestCase' => 'applications/auth/__tests__/PhabricatorAuthSSHKeyTestCase.php',
     'PhabricatorAuthSSHKeyTransaction' => 'applications/auth/storage/PhabricatorAuthSSHKeyTransaction.php',
     'PhabricatorAuthSSHKeyTransactionQuery' => 'applications/auth/query/PhabricatorAuthSSHKeyTransactionQuery.php',
     'PhabricatorAuthSSHKeyViewController' => 'applications/auth/controller/PhabricatorAuthSSHKeyViewController.php',
@@ -7441,6 +7442,7 @@ phutil_register_library_map(array(
     'PhabricatorAuthSSHKeyRevokeController' => 'PhabricatorAuthSSHKeyController',
     'PhabricatorAuthSSHKeySearchEngine' => 'PhabricatorApplicationSearchEngine',
     'PhabricatorAuthSSHKeyTableView' => 'AphrontView',
+    'PhabricatorAuthSSHKeyTestCase' => 'PhabricatorTestCase',
     'PhabricatorAuthSSHKeyTransaction' => 'PhabricatorApplicationTransaction',
     'PhabricatorAuthSSHKeyTransactionQuery' => 'PhabricatorApplicationTransactionQuery',
     'PhabricatorAuthSSHKeyViewController' => 'PhabricatorAuthSSHKeyController',
diff --git a/src/applications/auth/__tests__/PhabricatorAuthSSHKeyTestCase.php b/src/applications/auth/__tests__/PhabricatorAuthSSHKeyTestCase.php
new file mode 100644
index 0000000000..4b1e1b4c02
--- /dev/null
+++ b/src/applications/auth/__tests__/PhabricatorAuthSSHKeyTestCase.php
@@ -0,0 +1,78 @@
+<?php
+
+final class PhabricatorAuthSSHKeyTestCase extends PhabricatorTestCase {
+
+  protected function getPhabricatorTestCaseConfiguration() {
+    return array(
+      self::PHABRICATOR_TESTCONFIG_BUILD_STORAGE_FIXTURES => true,
+    );
+  }
+
+  public function testRevokeSSHKey() {
+    $user = $this->generateNewTestUser();
+    $raw_key = 'ssh-rsa hunter2';
+
+    $ssh_key = PhabricatorAuthSSHKey::initializeNewSSHKey($user, $user);
+
+    // Add the key to the user's account.
+    $xactions = array();
+    $xactions[] = $ssh_key->getApplicationTransactionTemplate()
+      ->setTransactionType(PhabricatorAuthSSHKeyTransaction::TYPE_NAME)
+      ->setNewValue('key1');
+    $xactions[] = $ssh_key->getApplicationTransactionTemplate()
+      ->setTransactionType(PhabricatorAuthSSHKeyTransaction::TYPE_KEY)
+      ->setNewValue($raw_key);
+    $this->applyTransactions($user, $ssh_key, $xactions);
+
+    $ssh_key->reload();
+    $this->assertTrue((bool)$ssh_key->getIsActive());
+
+    // Revoke it.
+    $xactions = array();
+    $xactions[] = $ssh_key->getApplicationTransactionTemplate()
+      ->setTransactionType(PhabricatorAuthSSHKeyTransaction::TYPE_DEACTIVATE)
+      ->setNewValue(true);
+    $this->applyTransactions($user, $ssh_key, $xactions);
+
+    $ssh_key->reload();
+    $this->assertFalse((bool)$ssh_key->getIsActive());
+
+    // Try to add the revoked key back. This should fail with a validation
+    // error because the key was previously revoked by the user.
+    $revoked_key = PhabricatorAuthSSHKey::initializeNewSSHKey($user, $user);
+    $xactions = array();
+    $xactions[] = $ssh_key->getApplicationTransactionTemplate()
+      ->setTransactionType(PhabricatorAuthSSHKeyTransaction::TYPE_NAME)
+      ->setNewValue('key2');
+    $xactions[] = $ssh_key->getApplicationTransactionTemplate()
+      ->setTransactionType(PhabricatorAuthSSHKeyTransaction::TYPE_KEY)
+      ->setNewValue($raw_key);
+
+    $caught = null;
+    try {
+      $this->applyTransactions($user, $ssh_key, $xactions);
+    } catch (PhabricatorApplicationTransactionValidationException $ex) {
+      $errors = $ex->getErrors();
+      $this->assertEqual(1, count($errors));
+      $caught = head($errors)->getType();
+    }
+
+    $this->assertEqual(PhabricatorAuthSSHKeyTransaction::TYPE_KEY, $caught);
+  }
+
+  private function applyTransactions(
+    PhabricatorUser $actor,
+    PhabricatorAuthSSHKey $key,
+    array $xactions) {
+
+    $content_source = $this->newContentSource();
+
+    $editor = $key->getApplicationTransactionEditor()
+      ->setActor($actor)
+      ->setContinueOnNoEffect(true)
+      ->setContinueOnMissingFields(true)
+      ->setContentSource($content_source)
+      ->applyTransactions($key, $xactions);
+  }
+
+}