fix: set token in forms correctly

We now use the hash of the token for comparison and as the id.
In order to use it you need the original token though. So forms and
thus the session should have token.to_s rather than token.id.

2 files changed, 3 insertions, 4 deletions

diff --git a/app/controllers/api/sessions_controller.rb b/app/controllers/api/sessions_controller.rb
index 178f86e..3883115 100644
--- a/app/controllers/api/sessions_controller.rb
+++ b/app/controllers/api/sessions_controller.rb
@@ -25,7 +25,7 @@ module Api
     def update
       authenticate!
       @token = Token.create(:user_id => current_user.id)
-      session[:token] = @token.id
+      session[:token] = @token.to_s
       render :json => login_response
     end
 
diff --git a/test/integration/browser/account_livecycle_test.rb b/test/integration/browser/account_livecycle_test.rb
index 3d23363..694ff9c 100644
--- a/test/integration/browser/account_livecycle_test.rb
+++ b/test/integration/browser/account_livecycle_test.rb
@@ -92,7 +92,7 @@ class AccountLivecycleTest < BrowserIntegrationTest
   test "change pgp key" do
     with_config user_actions: ['change_pgp_key'] do
       pgp_key = FactoryGirl.build :pgp_key
-      login
+      username, _password = submit_signup
       click_on "Account Settings"
       within('#update_pgp_key') do
         fill_in 'Public key', with: pgp_key
@@ -102,8 +102,7 @@ class AccountLivecycleTest < BrowserIntegrationTest
       # at some point we're done:
       page.assert_no_selector 'input[value="Saving..."]'
       assert page.has_field? 'Public key', with: pgp_key.to_s
-      @user.reload
-      assert_equal pgp_key, @user.public_key
+      assert_equal pgp_key, User.find_by_login(username).public_key
     end
   end