client side token creation, handle display and single password retry

tst/ControllerTest.php

@@ -814,7 +814,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
     public function testReadBurnAfterReadingWithToken()
     {
         $token = base64_encode(hash_hmac(
-            'sha256', Helper::getPasteId(), random_bytes(32)
+            'sha256', hex2bin(Helper::getPasteId()), random_bytes(32), true
         ));
         $burnPaste = Helper::getPaste(2, array('challenge' => $token));
         $burnPaste['adata'][3] = 1;
@@ -839,7 +839,7 @@ class ControllerTest extends PHPUnit_Framework_TestCase
     public function testReadBurnAfterReadingWithIncorrectToken()
     {
         $token = base64_encode(hash_hmac(
-            'sha256', Helper::getPasteId(), random_bytes(32)
+            'sha256', hex2bin(Helper::getPasteId()), random_bytes(32), true
         ));
         $burnPaste = Helper::getPaste(2, array('challenge' => base64_encode(random_bytes(32))));
         $burnPaste['adata'][3] = 1;

tst/FormatV2Test.php

@@ -71,6 +71,8 @@ class FormatV2Test extends PHPUnit_Framework_TestCase
         $paste['adata'][0][7] = '!#@';
         $this->assertFalse(FormatV2::isValid($paste), 'invalid compression');
 
-        $this->assertFalse(FormatV2::isValid(Helper::getPaste()), 'invalid meta key');
+        $paste = Helper::getPastePost();
+        unset($paste['meta']['expire']);
+        $this->assertFalse(FormatV2::isValid($paste), 'invalid missing meta key');
     }
 }

tst/ModelTest.php

@@ -276,9 +276,9 @@ class ModelTest extends PHPUnit_Framework_TestCase
     {
         $pasteData = Helper::getPastePost();
         $pasteData['meta']['challenge'] = base64_encode(random_bytes(32));
-        $token = hash_hmac(
-            'sha256', Helper::getPasteId(), base64_decode($pasteData['meta']['challenge'])
-        );
+        $token = base64_encode(hash_hmac(
+            'sha256', hex2bin(Helper::getPasteId()), base64_decode($pasteData['meta']['challenge']), true
+        ));
         $this->_model->getPaste(Helper::getPasteId())->delete();
         $paste = $this->_model->getPaste(Helper::getPasteId());
         $this->assertFalse($paste->exists(), 'paste does not yet exist');