From b1eec1e37bcdaf0e25f22334ba4a7926d8320cb2 Mon Sep 17 00:00:00 2001
From: Houkime <>
Date: Thu, 21 Dec 2023 13:05:06 +0000
Subject: [PATCH] test(ssh): admin keys json storage tests

---
 .../test_rest_endpoints/services/test_ssh.py  |   8 --
 tests/test_ssh.py                             | 100 +++++++++++++++++-
 2 files changed, 99 insertions(+), 9 deletions(-)

diff --git a/tests/test_rest_endpoints/services/test_ssh.py b/tests/test_rest_endpoints/services/test_ssh.py
index 03dadb3..10f7752 100644
--- a/tests/test_rest_endpoints/services/test_ssh.py
+++ b/tests/test_rest_endpoints/services/test_ssh.py
@@ -95,14 +95,6 @@ def some_users(mocker, datadir):
 ## /ssh/keys/{user} ######################################################
 
 
-def test_delete_admin_key_on_undefined(authorized_client, undefined_settings):
-    response = authorized_client.delete(
-        "/services/ssh/keys/tester", json={"public_key": "ssh-rsa KEY test@pc"}
-    )
-    assert response.status_code == 404
-    assert "sshKeys" not in read_json(undefined_settings / "undefined.json")
-
-
 def test_add_admin_key(authorized_client, ssh_on):
     response = authorized_client.post(
         "/services/ssh/keys/tester", json={"public_key": "ssh-rsa KEY test@pc"}
diff --git a/tests/test_ssh.py b/tests/test_ssh.py
index ec8b4b2..d333eef 100644
--- a/tests/test_ssh.py
+++ b/tests/test_ssh.py
@@ -4,6 +4,7 @@ Action-level tests of ssh
 """
 
 import pytest
+from typing import Optional
 
 from selfprivacy_api.actions.ssh import (
     set_ssh_settings,
@@ -12,7 +13,11 @@ from selfprivacy_api.actions.ssh import (
     remove_ssh_key,
     KeyNotFound,
 )
-from selfprivacy_api.actions.users import get_users
+from selfprivacy_api.actions.users import (
+    get_users,
+    get_user_by_username,
+    UserDataUserOrigin,
+)
 from selfprivacy_api.utils import WriteUserData, ReadUserData
 
 
@@ -64,6 +69,14 @@ def password_auth_spectrum(request):
     return request.param
 
 
+def admin_name() -> Optional[str]:
+    users = get_users()
+    for user in users:
+        if user.origin == UserDataUserOrigin.PRIMARY:
+            return user.username
+    return None
+
+
 def get_raw_json_ssh_setting(setting: str):
     with ReadUserData() as data:
         return (data.get("ssh") or {}).get(setting)
@@ -121,6 +134,9 @@ def test_enabling_disabling_writes_json(
             )
 
 
+############### ROOTKEYS
+
+
 def test_read_root_keys_from_json(generic_userdata):
     assert get_ssh_settings().rootKeys == ["ssh-ed25519 KEY test@pc"]
     new_keys = ["ssh-ed25519 KEY test@pc", "ssh-ed25519 KEY2 test@pc"]
@@ -216,3 +232,85 @@ def test_adding_root_key_writes_json(generic_userdata):
         assert "rootKeys" in data["ssh"]
         # order is irrelevant
         assert set(data["ssh"]["rootKeys"]) == set([key1, key2])
+
+
+############### ADMIN KEYS
+
+
+def test_read_admin_keys_from_json(generic_userdata):
+    admin_name = "tester"
+    assert get_user_by_username(admin_name).ssh_keys == ["ssh-rsa KEY test@pc"]
+    new_keys = ["ssh-rsa KEY test@pc", "ssh-ed25519 KEY2 test@pc"]
+
+    with WriteUserData() as data:
+        data["sshKeys"] = new_keys
+
+    get_user_by_username(admin_name).ssh_keys == new_keys
+
+    with WriteUserData() as data:
+        del data["sshKeys"]
+
+    get_user_by_username(admin_name).ssh_keys == []
+
+
+def test_adding_admin_key_writes_json(generic_userdata):
+    admin_name = "tester"
+
+    with WriteUserData() as data:
+        del data["sshKeys"]
+    key1 = "ssh-ed25519 KEY test@pc"
+    key2 = "ssh-ed25519 KEY2 test@pc"
+    create_ssh_key(admin_name, key1)
+
+    with ReadUserData() as data:
+        assert "sshKeys" in data
+        assert data["sshKeys"] == [key1]
+
+    create_ssh_key(admin_name, key2)
+
+    with ReadUserData() as data:
+        assert "sshKeys" in data
+        # order is irrelevant
+        assert set(data["sshKeys"]) == set([key1, key2])
+
+
+def test_removing_admin_key_writes_json(generic_userdata):
+    # generic userdata has a a single root key
+    admin_name = "tester"
+
+    admin_keys = get_user_by_username(admin_name).ssh_keys
+    assert len(admin_keys) == 1
+    key1 = admin_keys[0]
+    key2 = "ssh-rsa MYSUPERKEY admin@pc"
+
+    create_ssh_key(admin_name, key2)
+    admin_keys = get_user_by_username(admin_name).ssh_keys
+    assert len(admin_keys) == 2
+
+    remove_ssh_key(admin_name, key2)
+
+    with ReadUserData() as data:
+        assert "sshKeys" in data
+        assert data["sshKeys"] == [key1]
+
+    remove_ssh_key(admin_name, key1)
+    with ReadUserData() as data:
+        assert "sshKeys" in data
+        assert data["sshKeys"] == []
+
+
+def test_remove_admin_key_on_undefined(generic_userdata):
+    # generic userdata has a a single root key
+    admin_name = "tester"
+
+    admin_keys = get_user_by_username(admin_name).ssh_keys
+    assert len(admin_keys) == 1
+    key1 = admin_keys[0]
+
+    with WriteUserData() as data:
+        del data["sshKeys"]
+
+    with pytest.raises(KeyNotFound):
+        remove_ssh_key(admin_name, key1)
+    admin_keys = get_user_by_username(admin_name).ssh_keys
+    assert len(admin_keys) == 0