From 51eae76dd663d23c1f4bb1e809e9c258e800cb73 Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Wed, 10 Jun 2020 14:29:35 +0100
Subject: Only show access tokens once, and store hashed.

---
 t/app/controller/dashboard.t | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 't/app/controller/dashboard.t')

diff --git a/t/app/controller/dashboard.t b/t/app/controller/dashboard.t
index c62ada89a..0f07bcae0 100644
--- a/t/app/controller/dashboard.t
+++ b/t/app/controller/dashboard.t
@@ -236,14 +236,15 @@ FixMyStreet::override_config {
     subtest 'export as csv using token' => sub {
         $mech->log_out_ok;
 
-        $counciluser->set_extra_metadata('access_token', '1234567890abcdefgh');
+        my $u = FixMyStreet::DB->resultset("User")->new({ password => '1234567890abcdefgh' });
+        $counciluser->set_extra_metadata('access_token', $u->password);
         $counciluser->update();
 
         $mech->get_ok('/dashboard?export=1');
         like $mech->res->header('Content-type'), qr'text/html';
         $mech->content_lacks('Report ID');
 
-        $mech->add_header('Authorization', 'Bearer 1234567890abcdefgh');
+        $mech->add_header('Authorization', 'Bearer ' . $counciluser->id . '-1234567890abcdefgh');
         $mech->get_ok('/dashboard?export=1');
         like $mech->res->header('Content-type'), qr'text/csv';
         $mech->content_contains('Report ID');
-- 
cgit v1.2.3