From 51eae76dd663d23c1f4bb1e809e9c258e800cb73 Mon Sep 17 00:00:00 2001 From: Matthew Somerville Date: Wed, 10 Jun 2020 14:29:35 +0100 Subject: Only show access tokens once, and store hashed. --- t/app/controller/dashboard.t | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 't/app/controller/dashboard.t') diff --git a/t/app/controller/dashboard.t b/t/app/controller/dashboard.t index c62ada89a..0f07bcae0 100644 --- a/t/app/controller/dashboard.t +++ b/t/app/controller/dashboard.t @@ -236,14 +236,15 @@ FixMyStreet::override_config { subtest 'export as csv using token' => sub { $mech->log_out_ok; - $counciluser->set_extra_metadata('access_token', '1234567890abcdefgh'); + my $u = FixMyStreet::DB->resultset("User")->new({ password => '1234567890abcdefgh' }); + $counciluser->set_extra_metadata('access_token', $u->password); $counciluser->update(); $mech->get_ok('/dashboard?export=1'); like $mech->res->header('Content-type'), qr'text/html'; $mech->content_lacks('Report ID'); - $mech->add_header('Authorization', 'Bearer 1234567890abcdefgh'); + $mech->add_header('Authorization', 'Bearer ' . $counciluser->id . '-1234567890abcdefgh'); $mech->get_ok('/dashboard?export=1'); like $mech->res->header('Content-type'), qr'text/csv'; $mech->content_contains('Report ID'); -- cgit v1.2.3