aboutsummaryrefslogtreecommitdiffstats
path: root/t/app/controller
diff options
context:
space:
mode:
Diffstat (limited to 't/app/controller')
-rw-r--r--t/app/controller/auth.t11
-rw-r--r--t/app/controller/auth_profile.t12
-rw-r--r--t/app/controller/dashboard.t5
3 files changed, 15 insertions, 13 deletions
diff --git a/t/app/controller/auth.t b/t/app/controller/auth.t
index 24deb8cab..8b4b772fc 100644
--- a/t/app/controller/auth.t
+++ b/t/app/controller/auth.t
@@ -245,19 +245,20 @@ subtest "check logging in with token" => sub {
my $user = FixMyStreet::DB->resultset('User')->find( { email => $test_email } );
# token needs to be 18 characters
- $user->set_extra_metadata('access_token', '1234567890abcdefgh');
+ my $u = FixMyStreet::DB->resultset("User")->new({ password => '1234567890abcdefgh' });
+ $user->set_extra_metadata('access_token', $u->password);
$user->update();
- $mech->add_header('Authorization', 'Bearer 1234567890abcdefgh');
+ $mech->add_header('Authorization', 'Bearer ' . $user->id . '-1234567890abcdefgh');
$mech->logged_in_ok;
$mech->delete_header('Authorization');
$mech->not_logged_in_ok;
- $mech->get_ok('/auth/check_auth?access_token=1234567890abcdefgh');
+ $mech->get_ok('/auth/check_auth?access_token=' . $user->id . '-1234567890abcdefgh');
- $mech->add_header('Authorization', 'Bearer 1234567890abcdefgh');
- $user->set_extra_metadata('access_token', 'XXXXXXXXXXXXXXXXXX');
+ $mech->add_header('Authorization', 'Bearer ' . $user->id . '-1234567890abcdefgh');
+ $user->set_extra_metadata('access_token', '$2a$08$HNslSx7Uic7q6Ti5WYT5JOT6npYPwrwLnDMJMJoD22LIqG5TfDIKf');
$user->update();
$mech->not_logged_in_ok;
diff --git a/t/app/controller/auth_profile.t b/t/app/controller/auth_profile.t
index e5dfe2764..230e02d2b 100644
--- a/t/app/controller/auth_profile.t
+++ b/t/app/controller/auth_profile.t
@@ -417,16 +417,16 @@ subtest "Test generate token page" => sub {
"submit generate token form"
);
$mech->content_contains( 'Your token has been generated', "token generated" );
+ my ($token) = $mech->content =~ /<span>(.*?)<\/span>/;
+ my @parts = split /-/, $token, 2;
+ is $parts[0], $user->id, 'token has user ID at start';
$user->discard_changes();
- my $token = $user->get_extra_metadata('access_token');
- ok $token, 'access token set';
-
- $mech->content_contains($token, 'access token displayed');
+ $user->password($user->get_extra_metadata('access_token'), 1);
+ ok $user->check_password($parts[1]), 'access token set';
$mech->get_ok('/auth/generate_token');
- $mech->content_contains('Current token:');
- $mech->content_contains($token, 'access token displayed');
+ $mech->content_lacks($parts[1], 'access token not displayed');
$mech->content_contains('If you generate a new token');
$mech->log_out_ok;
diff --git a/t/app/controller/dashboard.t b/t/app/controller/dashboard.t
index c62ada89a..0f07bcae0 100644
--- a/t/app/controller/dashboard.t
+++ b/t/app/controller/dashboard.t
@@ -236,14 +236,15 @@ FixMyStreet::override_config {
subtest 'export as csv using token' => sub {
$mech->log_out_ok;
- $counciluser->set_extra_metadata('access_token', '1234567890abcdefgh');
+ my $u = FixMyStreet::DB->resultset("User")->new({ password => '1234567890abcdefgh' });
+ $counciluser->set_extra_metadata('access_token', $u->password);
$counciluser->update();
$mech->get_ok('/dashboard?export=1');
like $mech->res->header('Content-type'), qr'text/html';
$mech->content_lacks('Report ID');
- $mech->add_header('Authorization', 'Bearer 1234567890abcdefgh');
+ $mech->add_header('Authorization', 'Bearer ' . $counciluser->id . '-1234567890abcdefgh');
$mech->get_ok('/dashboard?export=1');
like $mech->res->header('Content-type'), qr'text/csv';
$mech->content_contains('Report ID');