Store Blender ID OAuth scopes in MongoDB + request badge scope too

This also changes the way we treat Blender ID tokens. Before, the Blender ID
token was discarded and a random token was generated & stored. Now the
actual Blender ID token is stored.

The Facebook and Google OAuth code still uses the old approach of generating
a new token. Not sure what the added value is, though, because once the
Django session is gone there is nothing left to authenticate the user and
thus the random token is useless anyway.

tests/test_api/test_auth.py

@@ -69,7 +69,7 @@ class AuthenticationTests(AbstractPillarTest):
     @responses.activate
     def test_validate_token__force_not_logged_in(self):
         from pillar.api.utils import authentication as auth
-        from pillar.auth import UserClass, current_user
+        from pillar.auth import UserClass
 
         with self.app.test_request_context():
             from flask import g
@@ -160,8 +160,7 @@ class AuthenticationTests(AbstractPillarTest):
     def test_save_own_user(self):
         """Tests that a user can't change their own fields."""
 
-        from pillar.api.utils import authentication as auth
-        from pillar.api.utils import PillarJSONEncoder, remove_private_keys
+        from pillar.api.utils import remove_private_keys
 
         user_id = self.create_user(roles=['subscriber'], token='token')
 

tests/test_api/test_oauth.py

@@ -62,6 +62,8 @@ class OAuthTests(AbstractPillarTest):
             cb = oauth_provider.callback()
             self.assertEqual(cb.id, '7')
             self.assertEqual(cb.email, 'harry@blender.org')
+            self.assertEqual(cb.access_token, 'successful-token')
+            self.assertEqual(cb.scopes, ['email', 'badge'])
 
     @responses.activate
     def test_provider_callback_missing_code(self):