--- 9.0.3	2024-12-12 08:06:13.000000000 +0100
+++ aneksajo	2024-12-16 08:23:15.000000000 +0100
@@ -22,6 +22,7 @@
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/services/forms"
 
+	"github.com/google/uuid"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -461,3 +462,27 @@
 		ctx.Session.MakeRequest(t, req, http.StatusNoContent)
 	}
 }
+
+// generate and activate an ssh key for the user attached to the APITestContext
+// TODO: pick a better name; golang doesn't do method overriding.
+func withCtxKeyFile(t *testing.T, ctx APITestContext, callback func()) {
+	// we need to have write:public_key to do this step
+	// the easiest way is to create a throwaway ctx that is identical but only has that permission
+	ctxKeyWriter := ctx
+	ctxKeyWriter.Token = getTokenForLoggedInUser(t, ctx.Session, auth.AccessTokenScopeWriteUser)
+
+	keyName := "One of " + ctx.Username + "'s keys: #" + uuid.New().String()
+	withKeyFile(t, keyName, func(keyFile string) {
+		var key api.PublicKey
+
+		doAPICreateUserKey(ctxKeyWriter, keyName, keyFile,
+			func(t *testing.T, _key api.PublicKey) {
+				// save the key ID so we can delete it at the end
+				key = _key
+			})(t)
+
+		defer doAPIDeleteUserKey(ctxKeyWriter, key.ID)(t)
+
+		callback()
+	})
+}