No longer hash auth tokens + store the token scopes

This partially reverts commit c57aefd48b.
The code to check against hashed tokens remains, because existing tokens
should still work.

The unhashed tokens are necessary for fetching badges from Blender ID.

tests/test_api/test_auth.py

@@ -114,15 +114,16 @@ class AuthenticationTests(AbstractPillarTest):
             past = now - datetime.timedelta(days=1)
             subclient = self.app.config['BLENDER_ID_SUBCLIENT_ID']
 
+        with self.app.test_request_context():
             auth.store_token(user_id, 'nonexpired-main', future, None)
             auth.store_token(user_id, 'nonexpired-sub', future, subclient)
             token3 = auth.store_token(user_id, 'expired-sub', past, subclient)
 
-            # We should not find the given tokens as unhashed tokens.
+            # We should find the given tokens as unhashed tokens.
             tokens_coll = self.app.db('tokens')
-            self.assertIsNone(tokens_coll.find_one({'token': 'nonespired-main'}))
-            self.assertIsNone(tokens_coll.find_one({'token': 'nonespired-sub'}))
-            self.assertIsNone(tokens_coll.find_one({'token': 'expired-sub'}))
+            self.assertIsNotNone(tokens_coll.find_one({'token': 'nonexpired-main'}))
+            self.assertIsNotNone(tokens_coll.find_one({'token': 'nonexpired-sub'}))
+            self.assertIsNotNone(tokens_coll.find_one({'token': 'expired-sub'}))
 
         with self.app.test_request_context(
                 headers={'Authorization': self.make_header('nonexpired-main')}):
@@ -206,19 +207,19 @@ class AuthenticationTests(AbstractPillarTest):
         with self.app.test_request_context():
             from pillar.api.utils import authentication as auth
 
-            tokdat_le = auth.store_token(user_id, 'long-expired',
-                                         now - datetime.timedelta(days=365), None)
-            tokdat_se = auth.store_token(user_id, 'short-expired',
-                                         now - datetime.timedelta(seconds=5), None)
-            tokdat_ne = auth.store_token(user_id, 'not-expired',
-                                         now + datetime.timedelta(days=1), None)
+            auth.store_token(user_id, 'long-expired',
+                             now - datetime.timedelta(days=365), None)
+            auth.store_token(user_id, 'short-expired',
+                             now - datetime.timedelta(seconds=5), None)
+            auth.store_token(user_id, 'not-expired',
+                             now + datetime.timedelta(days=1), None)
 
             # Validation should clean up old tokens.
             auth.validate_this_token('je', 'moeder')
 
             token_coll = self.app.data.driver.db['tokens']
-            self.assertEqual({tokdat_se['token_hashed'], tokdat_ne['token_hashed']},
-                             {item['token_hashed'] for item in token_coll.find()})
+            self.assertEqual({'short-expired', 'not-expired'},
+                             {item['token'] for item in token_coll.find()})
 
     def test_token_hashing_cli(self):
         from dateutil.parser import parse