Only show access tokens once, and store hashed.

author: Matthew Somerville <matthew@mysociety.org> 2020-06-10 14:29:35 +0100
committer: Matthew Somerville <matthew@mysociety.org> 2020-06-30 11:24:57 +0100
commit: 51eae76dd663d23c1f4bb1e809e9c258e800cb73 (patch)
tree: fc0bcf5c37119c302908319ec02abf7c8123f94b /t/app/controller/dashboard.t
parent: 3c98b8f4dbe7085d52887deff90681db552fb580 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/t/app/controller/dashboard.t b/t/app/controller/dashboard.t
index c62ada89a..0f07bcae0 100644
--- a/t/app/controller/dashboard.t
+++ b/t/app/controller/dashboard.t
@@ -236,14 +236,15 @@ FixMyStreet::override_config {
     subtest 'export as csv using token' => sub {
         $mech->log_out_ok;
 
-        $counciluser->set_extra_metadata('access_token', '1234567890abcdefgh');
+        my $u = FixMyStreet::DB->resultset("User")->new({ password => '1234567890abcdefgh' });
+        $counciluser->set_extra_metadata('access_token', $u->password);
         $counciluser->update();
 
         $mech->get_ok('/dashboard?export=1');
         like $mech->res->header('Content-type'), qr'text/html';
         $mech->content_lacks('Report ID');
 
-        $mech->add_header('Authorization', 'Bearer 1234567890abcdefgh');
+        $mech->add_header('Authorization', 'Bearer ' . $counciluser->id . '-1234567890abcdefgh');
         $mech->get_ok('/dashboard?export=1');
         like $mech->res->header('Content-type'), qr'text/csv';
         $mech->content_contains('Report ID');
author	Matthew Somerville <matthew@mysociety.org>	2020-06-10 14:29:35 +0100
committer	Matthew Somerville <matthew@mysociety.org>	2020-06-30 11:24:57 +0100
commit	51eae76dd663d23c1f4bb1e809e9c258e800cb73 (patch)
tree	fc0bcf5c37119c302908319ec02abf7c8123f94b /t/app/controller/dashboard.t
parent	3c98b8f4dbe7085d52887deff90681db552fb580 (diff)