3 files changed, 15 insertions, 13 deletions

diff --git a/t/app/controller/auth.t b/t/app/controller/auth.t
index 24deb8cab..8b4b772fc 100644
--- a/t/app/controller/auth.t
+++ b/t/app/controller/auth.t
@@ -245,19 +245,20 @@ subtest "check logging in with token" => sub {
 
     my $user =  FixMyStreet::DB->resultset('User')->find( { email => $test_email } );
     # token needs to be 18 characters
-    $user->set_extra_metadata('access_token', '1234567890abcdefgh');
+    my $u = FixMyStreet::DB->resultset("User")->new({ password => '1234567890abcdefgh' });
+    $user->set_extra_metadata('access_token', $u->password);
     $user->update();
 
-    $mech->add_header('Authorization', 'Bearer 1234567890abcdefgh');
+    $mech->add_header('Authorization', 'Bearer ' . $user->id . '-1234567890abcdefgh');
     $mech->logged_in_ok;
 
     $mech->delete_header('Authorization');
     $mech->not_logged_in_ok;
 
-    $mech->get_ok('/auth/check_auth?access_token=1234567890abcdefgh');
+    $mech->get_ok('/auth/check_auth?access_token=' . $user->id . '-1234567890abcdefgh');
 
-    $mech->add_header('Authorization', 'Bearer 1234567890abcdefgh');
-    $user->set_extra_metadata('access_token', 'XXXXXXXXXXXXXXXXXX');
+    $mech->add_header('Authorization', 'Bearer ' . $user->id . '-1234567890abcdefgh');
+    $user->set_extra_metadata('access_token', '$2a$08$HNslSx7Uic7q6Ti5WYT5JOT6npYPwrwLnDMJMJoD22LIqG5TfDIKf');
     $user->update();
     $mech->not_logged_in_ok;
 
diff --git a/t/app/controller/auth_profile.t b/t/app/controller/auth_profile.t
index e5dfe2764..230e02d2b 100644
--- a/t/app/controller/auth_profile.t
+++ b/t/app/controller/auth_profile.t
@@ -417,16 +417,16 @@ subtest "Test generate token page" => sub {
         "submit generate token form"
     );
     $mech->content_contains( 'Your token has been generated', "token generated" );
+    my ($token) = $mech->content =~ /<span>(.*?)<\/span>/;
+    my @parts = split /-/, $token, 2;
+    is $parts[0], $user->id, 'token has user ID at start';
 
     $user->discard_changes();
-    my $token = $user->get_extra_metadata('access_token');
-    ok $token, 'access token set';
-
-    $mech->content_contains($token, 'access token displayed');
+    $user->password($user->get_extra_metadata('access_token'), 1);
+    ok $user->check_password($parts[1]), 'access token set';
 
     $mech->get_ok('/auth/generate_token');
-    $mech->content_contains('Current token:');
-    $mech->content_contains($token, 'access token displayed');
+    $mech->content_lacks($parts[1], 'access token not displayed');
     $mech->content_contains('If you generate a new token');
 
     $mech->log_out_ok;
diff --git a/t/app/controller/dashboard.t b/t/app/controller/dashboard.t
index c62ada89a..0f07bcae0 100644
--- a/t/app/controller/dashboard.t
+++ b/t/app/controller/dashboard.t
@@ -236,14 +236,15 @@ FixMyStreet::override_config {
     subtest 'export as csv using token' => sub {
         $mech->log_out_ok;
 
-        $counciluser->set_extra_metadata('access_token', '1234567890abcdefgh');
+        my $u = FixMyStreet::DB->resultset("User")->new({ password => '1234567890abcdefgh' });
+        $counciluser->set_extra_metadata('access_token', $u->password);
         $counciluser->update();
 
         $mech->get_ok('/dashboard?export=1');
         like $mech->res->header('Content-type'), qr'text/html';
         $mech->content_lacks('Report ID');
 
-        $mech->add_header('Authorization', 'Bearer 1234567890abcdefgh');
+        $mech->add_header('Authorization', 'Bearer ' . $counciluser->id . '-1234567890abcdefgh');
         $mech->get_ok('/dashboard?export=1');
         like $mech->res->header('Content-type'), qr'text/csv';
         $mech->content_contains('Report ID');