1 files changed, 235 insertions, 27 deletions
diff --git a/src/key_handling/users.rs b/src/key_handling/users.rs
index bd1748a..1d2cc34 100644
--- a/src/key_handling/users.rs
+++ b/src/key_handling/users.rs
@@ -1,47 +1,90 @@
 use anyhow::{Context, Result};
+use nostr::prelude::*;
+use zeroize::Zeroize;
+use super::encryption::{EncryptDecrypt, Encryptor};
 use crate::{
-    cli_interactor::{Interactor, InteractorPrompt, PromptInputParms},
+    cli_interactor::{Interactor, InteractorPrompt, PromptInputParms, PromptPasswordParms},
-    config::{ConfigManagement, ConfigManager, MyConfig, UserRef},
+    config::{self, ConfigManagement, ConfigManager},
 };
 #[derive(Default)]
 pub struct UserManager {
    config_manager: ConfigManager,
    interactor: Interactor,
+    encryptor: Encryptor,
 }
 pub trait UserManagement {
-    fn add(&self, nsec: &Option<String>) -> Result<()>;
+    fn add(&self, nsec: &Option<String>, password: &Option<String>) -> Result<nostr::Keys>;
 }
 #[cfg(test)]
 use duplicate::duplicate_item;
 #[cfg_attr(test, duplicate_item(UserManager; [UserManager]; [self::tests::MockUserManager]))]
 impl UserManagement for UserManager {
-    fn add(&self, nsec: &Option<String>) -> Result<()> {
+    fn add(&self, nsec: &Option<String>, password: &Option<String>) -> Result<nostr::Keys> {
-        let nsec = match nsec.clone() {
+        let mut prompt = "login with nsec (or hex private key)";
-            Some(nsec) => nsec,
+        let keys = loop {
+            let pk = match nsec.clone() {
+                Some(nsec) => nsec,
+                None => self
+                    .interactor
+                    .input(PromptInputParms::default().with_prompt(prompt))
+                    .context("failed to get nsec input from interactor")?,
+            };
+            match Keys::from_sk_str(&pk) {
+                Ok(key) => {
+                    break key;
+                }
+                Err(e) => {
+                    if nsec.is_some() {
+                        return Err(e).context(
+                            "invalid nsec - supplied parameter could not be converted into a nostr private key",
+                        );
+                    }
+                    prompt = "invalid nsec. try again with nsec (or hex private key)";
+                }
+            }
+        };
+        let mut pass = match password.clone() {
+            Some(pass) => pass,
            None => self
                .interactor
-                .input(
+                .password(
-                    PromptInputParms::default().with_prompt("login with nsec (or hex private key)"),
+                    PromptPasswordParms::default()
+                        .with_prompt("encrypt with password")
+                        .with_confirm(),
                )
-                .context("failed to get nsec input from interactor.input")?,
+                .context("failed to get password input from interactor.password")?,
        };
+        let encrypted_secret_key = self
+            .encryptor
+            .encrypt_key(&keys, &pass)
+            .context("failed to encrypt nsec with password.")?;
+        pass.zeroize();
+        let user_ref = config::UserRef {
+            public_key: keys.public_key(),
+            encrypted_key: encrypted_secret_key,
+        };
+        // remove any duplicate entries for key before adding it to config
+        let mut cfg = self.config_manager.load().context("failed to load application config to find and remove any old versions of the user's encrypted key")?;
+        cfg.users = cfg
+            .users
+            .clone()
+            .into_iter()
+            .filter(|r| !r.public_key.eq(&keys.public_key()))
+            .collect();
+        cfg.users.push(user_ref);
        self.config_manager
-            .save(&MyConfig {
+            .save(&cfg)
-                users: vec![UserRef {
-                    nsec: nsec.to_string(),
-                }],
-                ..MyConfig::default()
-            })
            .context("failed to save application configuration with new user details in")?;
-        println!("logged in as {nsec}");
+        Ok(keys)
-        Ok(())
    }
 }
@@ -50,12 +93,17 @@ mod tests {
    use test_utils::*;
    use super::*;
-    use crate::{cli_interactor::MockInteractorPrompt, config::MockConfigManagement};
+    use crate::{
+        cli_interactor::MockInteractorPrompt,
+        config::{MockConfigManagement, MyConfig, UserRef},
+        key_handling::encryption::MockEncryptDecrypt,
+    };
    #[derive(Default)]
    pub struct MockUserManager {
        pub config_manager: MockConfigManagement,
        pub interactor: MockInteractorPrompt,
+        pub encryptor: MockEncryptDecrypt,
    }
    mod add {
@@ -70,28 +118,88 @@ mod tests {
                self.interactor
                    .expect_input()
                    .returning(|_| Ok(TEST_KEY_1_NSEC.into()));
+                self.interactor
+                    .expect_password()
+                    .returning(|_| Ok(TEST_PASSWORD.into()));
+                self.encryptor
+                    .expect_encrypt_key()
+                    .returning(|_, _| Ok(TEST_KEY_1_ENCRYPTED.into()));
                self
            }
        }
-        mod when_nsec_is_passed {
+        fn reuable_user_isnt_prompted(nsec: &str) {
+            let mut m = MockUserManager::default().add_return_expected_responses();
+            m.interactor = MockInteractorPrompt::default();
+            m.interactor.expect_input().never();
+            m.interactor.expect_password().never();
+            let _ = m.add(&Some(nsec.into()), &Some(TEST_PASSWORD.to_string()));
+        }
+        fn reuable_config_isnt_modified(nsec: &str) {
+            let mut m = MockUserManager::default();
+            m.config_manager.expect_save().never();
+            let _ = m.add(&Some(nsec.into()), &Some(TEST_PASSWORD.to_string()));
+        }
+        mod when_valid_nsec_and_password_is_passed {
            use super::*;
            #[test]
            fn user_isnt_prompted() {
+                reuable_user_isnt_prompted(TEST_KEY_1_NSEC);
+            }
+            #[test]
+            fn results_in_correct_keys() {
                let mut m = MockUserManager::default().add_return_expected_responses();
                m.interactor = MockInteractorPrompt::default();
                m.interactor.expect_input().never();
+                m.interactor.expect_password().never();
-                let _ = m.add(&Some(TEST_KEY_1_NSEC.into()));
+                let r = m.add(
+                    &Some(TEST_KEY_1_NSEC.into()),
+                    &Some(TEST_PASSWORD.to_string()),
+                );
+                assert!(r.is_ok(), "should result in keys");
+                assert!(
+                    r.is_ok_and(|k| k
+                        .secret_key()
+                        .is_ok_and(|k| k.display_secret().to_string().eq(TEST_KEY_1_SK_HEX))),
+                    "keys should reflect nsec"
+                );
            }
        }
+        mod when_invalid_nsec_is_passed_with_password {
+            use super::*;
+            #[test]
+            fn user_isnt_prompted() {
+                reuable_user_isnt_prompted(TEST_INVALID_NSEC);
+            }
+            #[test]
+            fn config_isnt_modified() {
+                reuable_config_isnt_modified(TEST_INVALID_NSEC);
+            }
+            #[test]
+            fn results_in_an_error() {
+                let m = MockUserManager::default();
+                assert!(
+                    m.add(
+                        &Some(TEST_INVALID_NSEC.into()),
+                        &Some(TEST_PASSWORD.to_string())
+                    )
+                    .is_err(),
+                    "should result in an error"
+                );
+            }
+        }
        mod when_no_nsec_is_passed {
            use super::*;
            #[test]
-            fn prompt_for_nsec() {
+            fn prompt_for_nsec_and_password() {
                let mut m = MockUserManager::default().add_return_expected_responses();
                m.interactor = MockInteractorPrompt::new();
@@ -100,12 +208,31 @@ mod tests {
                    .once()
                    .withf(|p| p.prompt.eq("login with nsec (or hex private key)"))
                    .returning(|_| Ok(TEST_KEY_1_NSEC.into()));
+                m.interactor
+                    .expect_password()
+                    .once()
+                    .withf(|p| p.prompt.eq("encrypt with password"))
+                    .returning(|_| Ok(TEST_KEY_1_NSEC.into()));
-                let _ = m.add(&None);
+                let _ = m.add(&None, &None);
            }
            #[test]
-            fn stored_in_config() {
+            fn results_in_correct_keys() {
+                let m = MockUserManager::default().add_return_expected_responses();
+                let r = m.add(&None, &None);
+                assert!(r.is_ok(), "should result in keys");
+                assert!(
+                    r.is_ok_and(|k| k
+                        .secret_key()
+                        .is_ok_and(|k| k.display_secret().to_string().eq(TEST_KEY_1_SK_HEX))),
+                    "keys should reflect nsec"
+                );
+            }
+            #[test]
+            fn stores_encrypted_key_in_config() {
                let mut m = MockUserManager::default().add_return_expected_responses();
                m.config_manager = MockConfigManagement::new();
@@ -114,10 +241,91 @@ mod tests {
                    .returning(|| Ok(MyConfig::default()));
                m.config_manager
                    .expect_save()
-                    .withf(|cfg| cfg.users.len().eq(&1) && cfg.users[0].nsec.eq(TEST_KEY_1_NSEC))
+                    .withf(|cfg| {
+                        cfg.users.len().eq(&1)
+                            && cfg.users[0].encrypted_key.eq(TEST_KEY_1_ENCRYPTED)
+                    })
                    .returning(|_| Ok(()));
-                let _ = m.add(&None);
+                let _ = m.add(&None, &None);
+            }
+            #[test]
+            fn stored_key_encrypted_with_password() {
+                let mut m = MockUserManager::default().add_return_expected_responses();
+                m.encryptor = MockEncryptDecrypt::new();
+                m.encryptor
+                    .expect_encrypt_key()
+                    .once()
+                    .withf(|k, p| {
+                        k.eq(&Keys::from_sk_str(TEST_KEY_1_NSEC).unwrap()) && p.eq(TEST_PASSWORD)
+                    })
+                    .returning(|_, _| Ok(TEST_KEY_1_ENCRYPTED.into()));
+                let _ = m.add(&None, &None);
+            }
+            mod when_user_key_already_stored {
+                use super::*;
+                use crate::config::UserRef;
+                /// key overwritten as password may have changed
+                #[test]
+                fn key_not_saved_as_duplicate_but_encrypted_key_overwritten() {
+                    let mut m = MockUserManager::default().add_return_expected_responses();
+                    m.config_manager = MockConfigManagement::default();
+                    m.config_manager.expect_load().returning(|| {
+                        Ok(MyConfig {
+                            users: vec![UserRef {
+                                public_key: TEST_KEY_1_KEYS.public_key(),
+                                // different key to TEST_KEY_1_ENCYPTED
+                                encrypted_key: TEST_KEY_2_ENCRYPTED.into(),
+                            }],
+                            ..MyConfig::default()
+                        })
+                    });
+                    m.config_manager
+                        .expect_save()
+                        .withf(|cfg| {
+                            cfg.users.len() == 1
+                                && cfg.users[0].encrypted_key.eq(TEST_KEY_1_ENCRYPTED)
+                        })
+                        .returning(|_| Ok(()));
+                    let _ = m.add(&None, &None);
+                }
+            }
+            mod when_multiple_users_added {
+                use super::*;
+                #[test]
+                fn both_user_keys_are_stored() {
+                    let mut m = MockUserManager::default().add_return_expected_responses();
+                    m.config_manager = MockConfigManagement::default();
+                    m.config_manager.expect_load().returning(|| {
+                        Ok(MyConfig {
+                            users: vec![UserRef {
+                                public_key: TEST_KEY_2_KEYS.public_key(),
+                                encrypted_key: TEST_KEY_2_ENCRYPTED.into(),
+                            }],
+                            ..MyConfig::default()
+                        })
+                    });
+                    m.config_manager
+                        .expect_save()
+                        .withf(|cfg| {
+                            cfg.users.len() == 2
+                            // latest user stored at end of array
+                            && cfg.users[1].encrypted_key.eq(TEST_KEY_1_ENCRYPTED)
+                        })
+                        .returning(|_| Ok(()));
+                    let _ = m.add(&None, &None);
+                }
            }
        }
    }

diff --git a/src/key_handling/users.rs b/src/key_handling/users.rs index bd1748a..1d2cc34 100644 --- a/src/key_handling/users.rs +++ b/src/key_handling/users.rs
@@ -1,47 +1,90 @@
1	use anyhow::{Context, Result};	1	use anyhow::{Context, Result};
		2	use nostr::prelude::*;
		3	use zeroize::Zeroize;
2		4
		5	use super::encryption::{EncryptDecrypt, Encryptor};
3	use crate::{	6	use crate::{
4	cli_interactor::{Interactor, InteractorPrompt, PromptInputParms},	7	cli_interactor::{Interactor, InteractorPrompt, PromptInputParms, PromptPasswordParms},
5	config::{ConfigManagement, ConfigManager, MyConfig, UserRef},	8	config::{self, ConfigManagement, ConfigManager},
6	};	9	};
7		10
8	#[derive(Default)]	11	#[derive(Default)]
9	pub struct UserManager {	12	pub struct UserManager {
10	config_manager: ConfigManager,	13	config_manager: ConfigManager,
11	interactor: Interactor,	14	interactor: Interactor,
		15	encryptor: Encryptor,
12	}	16	}
13		17
14	pub trait UserManagement {	18	pub trait UserManagement {
15	fn add(&self, nsec: &Option<String>) -> Result<()>;	19	fn add(&self, nsec: &Option<String>, password: &Option<String>) -> Result<nostr::Keys>;
16	}	20	}
17		21
18	#[cfg(test)]	22	#[cfg(test)]
19	use duplicate::duplicate_item;	23	use duplicate::duplicate_item;
20	#[cfg_attr(test, duplicate_item(UserManager; [UserManager]; [self::tests::MockUserManager]))]	24	#[cfg_attr(test, duplicate_item(UserManager; [UserManager]; [self::tests::MockUserManager]))]
21	impl UserManagement for UserManager {	25	impl UserManagement for UserManager {
22	fn add(&self, nsec: &Option<String>) -> Result<()> {	26	fn add(&self, nsec: &Option<String>, password: &Option<String>) -> Result<nostr::Keys> {
23	let nsec = match nsec.clone() {	27	let mut prompt = "login with nsec (or hex private key)";
24	Some(nsec) => nsec,	28	let keys = loop {
		29	let pk = match nsec.clone() {
		30	Some(nsec) => nsec,
		31	None => self
		32	.interactor
		33	.input(PromptInputParms::default().with_prompt(prompt))
		34	.context("failed to get nsec input from interactor")?,
		35	};
		36	match Keys::from_sk_str(&pk) {
		37	Ok(key) => {
		38	break key;
		39	}
		40	Err(e) => {
		41	if nsec.is_some() {
		42	return Err(e).context(
		43	"invalid nsec - supplied parameter could not be converted into a nostr private key",
		44	);
		45	}
		46	prompt = "invalid nsec. try again with nsec (or hex private key)";
		47	}
		48	}
		49	};
		50
		51	let mut pass = match password.clone() {
		52	Some(pass) => pass,
25	None => self	53	None => self
26	.interactor	54	.interactor
27	.input(	55	.password(
28	PromptInputParms::default().with_prompt("login with nsec (or hex private key)"),	56	PromptPasswordParms::default()
		57	.with_prompt("encrypt with password")
		58	.with_confirm(),
29	)	59	)
30	.context("failed to get nsec input from interactor.input")?,	60	.context("failed to get password input from interactor.password")?,
31	};	61	};
32		62
		63	let encrypted_secret_key = self
		64	.encryptor
		65	.encrypt_key(&keys, &pass)
		66	.context("failed to encrypt nsec with password.")?;
		67	pass.zeroize();
		68
		69	let user_ref = config::UserRef {
		70	public_key: keys.public_key(),
		71	encrypted_key: encrypted_secret_key,
		72	};
		73
		74	// remove any duplicate entries for key before adding it to config
		75	let mut cfg = self.config_manager.load().context("failed to load application config to find and remove any old versions of the user's encrypted key")?;
		76	cfg.users = cfg
		77	.users
		78	.clone()
		79	.into_iter()
		80	.filter(\|r\| !r.public_key.eq(&keys.public_key()))
		81	.collect();
		82	cfg.users.push(user_ref);
33	self.config_manager	83	self.config_manager
34	.save(&MyConfig {	84	.save(&cfg)
35	users: vec![UserRef {
36	nsec: nsec.to_string(),
37	}],
38	..MyConfig::default()
39	})
40	.context("failed to save application configuration with new user details in")?;	85	.context("failed to save application configuration with new user details in")?;
41		86
42	println!("logged in as {nsec}");	87	Ok(keys)
43
44	Ok(())
45	}	88	}
46	}	89	}
47		90
@@ -50,12 +93,17 @@ mod tests {
50	use test_utils::*;	93	use test_utils::*;
51		94
52	use super::*;	95	use super::*;
53	use crate::{cli_interactor::MockInteractorPrompt, config::MockConfigManagement};	96	use crate::{
		97	cli_interactor::MockInteractorPrompt,
		98	config::{MockConfigManagement, MyConfig, UserRef},
		99	key_handling::encryption::MockEncryptDecrypt,
		100	};
54		101
55	#[derive(Default)]	102	#[derive(Default)]
56	pub struct MockUserManager {	103	pub struct MockUserManager {
57	pub config_manager: MockConfigManagement,	104	pub config_manager: MockConfigManagement,
58	pub interactor: MockInteractorPrompt,	105	pub interactor: MockInteractorPrompt,
		106	pub encryptor: MockEncryptDecrypt,
59	}	107	}
60		108
61	mod add {	109	mod add {
@@ -70,28 +118,88 @@ mod tests {
70	self.interactor	118	self.interactor
71	.expect_input()	119	.expect_input()
72	.returning(\|_\| Ok(TEST_KEY_1_NSEC.into()));	120	.returning(\|_\| Ok(TEST_KEY_1_NSEC.into()));
		121	self.interactor
		122	.expect_password()
		123	.returning(\|_\| Ok(TEST_PASSWORD.into()));
		124	self.encryptor
		125	.expect_encrypt_key()
		126	.returning(\|_, _\| Ok(TEST_KEY_1_ENCRYPTED.into()));
73	self	127	self
74	}	128	}
75	}	129	}
76		130
77	mod when_nsec_is_passed {	131	fn reuable_user_isnt_prompted(nsec: &str) {
		132	let mut m = MockUserManager::default().add_return_expected_responses();
		133	m.interactor = MockInteractorPrompt::default();
		134	m.interactor.expect_input().never();
		135	m.interactor.expect_password().never();
		136	let _ = m.add(&Some(nsec.into()), &Some(TEST_PASSWORD.to_string()));
		137	}
		138
		139	fn reuable_config_isnt_modified(nsec: &str) {
		140	let mut m = MockUserManager::default();
		141	m.config_manager.expect_save().never();
		142	let _ = m.add(&Some(nsec.into()), &Some(TEST_PASSWORD.to_string()));
		143	}
		144
		145	mod when_valid_nsec_and_password_is_passed {
78	use super::*;	146	use super::*;
79		147
80	#[test]	148	#[test]
81	fn user_isnt_prompted() {	149	fn user_isnt_prompted() {
		150	reuable_user_isnt_prompted(TEST_KEY_1_NSEC);
		151	}
		152
		153	#[test]
		154	fn results_in_correct_keys() {
82	let mut m = MockUserManager::default().add_return_expected_responses();	155	let mut m = MockUserManager::default().add_return_expected_responses();
83	m.interactor = MockInteractorPrompt::default();	156	m.interactor = MockInteractorPrompt::default();
84	m.interactor.expect_input().never();	157	m.interactor.expect_input().never();
85		158	m.interactor.expect_password().never();
86	let _ = m.add(&Some(TEST_KEY_1_NSEC.into()));	159	let r = m.add(
		160	&Some(TEST_KEY_1_NSEC.into()),
		161	&Some(TEST_PASSWORD.to_string()),
		162	);
		163	assert!(r.is_ok(), "should result in keys");
		164	assert!(
		165	r.is_ok_and(\|k\| k
		166	.secret_key()
		167	.is_ok_and(\|k\| k.display_secret().to_string().eq(TEST_KEY_1_SK_HEX))),
		168	"keys should reflect nsec"
		169	);
87	}	170	}
88	}	171	}
		172	mod when_invalid_nsec_is_passed_with_password {
		173	use super::*;
89		174
		175	#[test]
		176	fn user_isnt_prompted() {
		177	reuable_user_isnt_prompted(TEST_INVALID_NSEC);
		178	}
		179
		180	#[test]
		181	fn config_isnt_modified() {
		182	reuable_config_isnt_modified(TEST_INVALID_NSEC);
		183	}
		184
		185	#[test]
		186	fn results_in_an_error() {
		187	let m = MockUserManager::default();
		188	assert!(
		189	m.add(
		190	&Some(TEST_INVALID_NSEC.into()),
		191	&Some(TEST_PASSWORD.to_string())
		192	)
		193	.is_err(),
		194	"should result in an error"
		195	);
		196	}
		197	}
90	mod when_no_nsec_is_passed {	198	mod when_no_nsec_is_passed {
91	use super::*;	199	use super::*;
92		200
93	#[test]	201	#[test]
94	fn prompt_for_nsec() {	202	fn prompt_for_nsec_and_password() {
95	let mut m = MockUserManager::default().add_return_expected_responses();	203	let mut m = MockUserManager::default().add_return_expected_responses();
96		204
97	m.interactor = MockInteractorPrompt::new();	205	m.interactor = MockInteractorPrompt::new();
@@ -100,12 +208,31 @@ mod tests {
100	.once()	208	.once()
101	.withf(\|p\| p.prompt.eq("login with nsec (or hex private key)"))	209	.withf(\|p\| p.prompt.eq("login with nsec (or hex private key)"))
102	.returning(\|_\| Ok(TEST_KEY_1_NSEC.into()));	210	.returning(\|_\| Ok(TEST_KEY_1_NSEC.into()));
		211	m.interactor
		212	.expect_password()
		213	.once()
		214	.withf(\|p\| p.prompt.eq("encrypt with password"))
		215	.returning(\|_\| Ok(TEST_KEY_1_NSEC.into()));
103		216
104	let _ = m.add(&None);	217	let _ = m.add(&None, &None);
105	}	218	}
106		219
107	#[test]	220	#[test]
108	fn stored_in_config() {	221	fn results_in_correct_keys() {
		222	let m = MockUserManager::default().add_return_expected_responses();
		223
		224	let r = m.add(&None, &None);
		225	assert!(r.is_ok(), "should result in keys");
		226	assert!(
		227	r.is_ok_and(\|k\| k
		228	.secret_key()
		229	.is_ok_and(\|k\| k.display_secret().to_string().eq(TEST_KEY_1_SK_HEX))),
		230	"keys should reflect nsec"
		231	);
		232	}
		233
		234	#[test]
		235	fn stores_encrypted_key_in_config() {
109	let mut m = MockUserManager::default().add_return_expected_responses();	236	let mut m = MockUserManager::default().add_return_expected_responses();
110		237
111	m.config_manager = MockConfigManagement::new();	238	m.config_manager = MockConfigManagement::new();
@@ -114,10 +241,91 @@ mod tests {
114	.returning(\|\| Ok(MyConfig::default()));	241	.returning(\|\| Ok(MyConfig::default()));
115	m.config_manager	242	m.config_manager
116	.expect_save()	243	.expect_save()
117	.withf(\|cfg\| cfg.users.len().eq(&1) && cfg.users[0].nsec.eq(TEST_KEY_1_NSEC))	244	.withf(\|cfg\| {
		245	cfg.users.len().eq(&1)
		246	&& cfg.users[0].encrypted_key.eq(TEST_KEY_1_ENCRYPTED)
		247	})
118	.returning(\|_\| Ok(()));	248	.returning(\|_\| Ok(()));
119		249
120	let _ = m.add(&None);	250	let _ = m.add(&None, &None);
		251	}
		252
		253	#[test]
		254	fn stored_key_encrypted_with_password() {
		255	let mut m = MockUserManager::default().add_return_expected_responses();
		256
		257	m.encryptor = MockEncryptDecrypt::new();
		258	m.encryptor
		259	.expect_encrypt_key()
		260	.once()
		261	.withf(\|k, p\| {
		262	k.eq(&Keys::from_sk_str(TEST_KEY_1_NSEC).unwrap()) && p.eq(TEST_PASSWORD)
		263	})
		264	.returning(\|_, _\| Ok(TEST_KEY_1_ENCRYPTED.into()));
		265
		266	let _ = m.add(&None, &None);
		267	}
		268
		269	mod when_user_key_already_stored {
		270	use super::*;
		271	use crate::config::UserRef;
		272
		273	/// key overwritten as password may have changed
		274	#[test]
		275	fn key_not_saved_as_duplicate_but_encrypted_key_overwritten() {
		276	let mut m = MockUserManager::default().add_return_expected_responses();
		277
		278	m.config_manager = MockConfigManagement::default();
		279	m.config_manager.expect_load().returning(\|\| {
		280	Ok(MyConfig {
		281	users: vec![UserRef {
		282	public_key: TEST_KEY_1_KEYS.public_key(),
		283	// different key to TEST_KEY_1_ENCYPTED
		284	encrypted_key: TEST_KEY_2_ENCRYPTED.into(),
		285	}],
		286	..MyConfig::default()
		287	})
		288	});
		289	m.config_manager
		290	.expect_save()
		291	.withf(\|cfg\| {
		292	cfg.users.len() == 1
		293	&& cfg.users[0].encrypted_key.eq(TEST_KEY_1_ENCRYPTED)
		294	})
		295	.returning(\|_\| Ok(()));
		296
		297	let _ = m.add(&None, &None);
		298	}
		299	}
		300
		301	mod when_multiple_users_added {
		302	use super::*;
		303
		304	#[test]
		305	fn both_user_keys_are_stored() {
		306	let mut m = MockUserManager::default().add_return_expected_responses();
		307
		308	m.config_manager = MockConfigManagement::default();
		309	m.config_manager.expect_load().returning(\|\| {
		310	Ok(MyConfig {
		311	users: vec![UserRef {
		312	public_key: TEST_KEY_2_KEYS.public_key(),
		313	encrypted_key: TEST_KEY_2_ENCRYPTED.into(),
		314	}],
		315	..MyConfig::default()
		316	})
		317	});
		318	m.config_manager
		319	.expect_save()
		320	.withf(\|cfg\| {
		321	cfg.users.len() == 2
		322	// latest user stored at end of array
		323	&& cfg.users[1].encrypted_key.eq(TEST_KEY_1_ENCRYPTED)
		324	})
		325	.returning(\|_\| Ok(()));
		326
		327	let _ = m.add(&None, &None);
		328	}
121	}	329	}
122	}	330	}
123	}	331	}