diff options
| author | Matthew Somerville <matthew@mysociety.org> | 2020-06-10 14:29:35 +0100 |
|---|---|---|
| committer | Matthew Somerville <matthew@mysociety.org> | 2020-06-30 11:24:57 +0100 |
| commit | 51eae76dd663d23c1f4bb1e809e9c258e800cb73 (patch) | |
| tree | fc0bcf5c37119c302908319ec02abf7c8123f94b /t/app/controller/auth.t | |
| parent | 3c98b8f4dbe7085d52887deff90681db552fb580 (diff) | |
Only show access tokens once, and store hashed.
Diffstat (limited to 't/app/controller/auth.t')
| -rw-r--r-- | t/app/controller/auth.t | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/t/app/controller/auth.t b/t/app/controller/auth.t index 24deb8cab..8b4b772fc 100644 --- a/t/app/controller/auth.t +++ b/t/app/controller/auth.t @@ -245,19 +245,20 @@ subtest "check logging in with token" => sub { my $user = FixMyStreet::DB->resultset('User')->find( { email => $test_email } ); # token needs to be 18 characters - $user->set_extra_metadata('access_token', '1234567890abcdefgh'); + my $u = FixMyStreet::DB->resultset("User")->new({ password => '1234567890abcdefgh' }); + $user->set_extra_metadata('access_token', $u->password); $user->update(); - $mech->add_header('Authorization', 'Bearer 1234567890abcdefgh'); + $mech->add_header('Authorization', 'Bearer ' . $user->id . '-1234567890abcdefgh'); $mech->logged_in_ok; $mech->delete_header('Authorization'); $mech->not_logged_in_ok; - $mech->get_ok('/auth/check_auth?access_token=1234567890abcdefgh'); + $mech->get_ok('/auth/check_auth?access_token=' . $user->id . '-1234567890abcdefgh'); - $mech->add_header('Authorization', 'Bearer 1234567890abcdefgh'); - $user->set_extra_metadata('access_token', 'XXXXXXXXXXXXXXXXXX'); + $mech->add_header('Authorization', 'Bearer ' . $user->id . '-1234567890abcdefgh'); + $user->set_extra_metadata('access_token', '$2a$08$HNslSx7Uic7q6Ti5WYT5JOT6npYPwrwLnDMJMJoD22LIqG5TfDIKf'); $user->update(); $mech->not_logged_in_ok; |