Make authentication logic simpler and safer (#270)

* Fixed exposed password in session

The project password was set in clear text
in the session cookie. The cookie payload is
only base64 encoded so it must not be used to
store private information. The password is
simply replaced by a boolean.

* Simplify authentication logic

1 files changed, 2 insertions, 2 deletions

diff --git a/ihatemoney/tests/tests.py b/ihatemoney/tests/tests.py
index 36ca6fc..6c0ccb9 100644
--- a/ihatemoney/tests/tests.py
+++ b/ihatemoney/tests/tests.py
@@ -181,7 +181,7 @@ class BudgetTestCase(IhatemoneyTestCase):
             })
 
             # session is updated
-            self.assertEqual(session['raclette'], 'party')
+            self.assertTrue(session['raclette'])
 
             # project is created
             self.assertEqual(len(models.Project.query.all()), 1)
@@ -373,7 +373,7 @@ class BudgetTestCase(IhatemoneyTestCase):
 
             self.assertNotIn("Authentication", resp.data.decode('utf-8'))
             self.assertIn('raclette', session)
-            self.assertEqual(session['raclette'], 'raclette')
+            self.assertTrue(session['raclette'])
 
             # logout should wipe the session out
             c.get("/exit")