2 files changed, 19 insertions, 32 deletions

diff --git a/src/setup/app.rs b/src/setup/app.rs
index 1856519..2a8ec30 100644
--- a/src/setup/app.rs
+++ b/src/setup/app.rs
@@ -6,7 +6,7 @@ use crate::{
     event::Broadcaster,
     name::Name,
     password::Password,
-    token::{Secret, repo::Provider as _},
+    token::{Secret, Token, repo::Provider as _},
     user::create::{self, Create},
 };
 
@@ -31,17 +31,20 @@ impl<'a> Setup<'a> {
         let validated = create.validate()?;
 
         let mut tx = self.db.begin().await?;
-        let stored = if tx.setup().completed().await? {
-            Err(Error::SetupCompleted)?
+        if tx.setup().completed().await? {
+            Err(Error::SetupCompleted)
         } else {
-            validated.store(&mut tx).await?
-        };
-        let secret = tx.tokens().issue(stored.user(), created_at).await?;
-        tx.commit().await?;
+            let stored = validated.store(&mut tx).await?;
+            let login = stored.login();
+
+            let (token, secret) = Token::generate(login, created_at);
+            tx.tokens().create(&token, &secret).await?;
+            tx.commit().await?;
 
-        stored.publish(self.events);
+            stored.publish(self.events);
 
-        Ok(secret)
+            Ok(secret)
+        }
     }
 
     pub async fn completed(&self) -> Result<bool, sqlx::Error> {
diff --git a/src/setup/handlers/setup/test.rs b/src/setup/handlers/setup/test.rs
index 4a37690..283fe8b 100644
--- a/src/setup/handlers/setup/test.rs
+++ b/src/setup/handlers/setup/test.rs
@@ -1,6 +1,10 @@
 use axum::extract::{Json, State};
 
-use crate::{empty::Empty, setup::app, test::fixtures};
+use crate::{
+    empty::Empty,
+    setup::app,
+    test::{fixtures, verify},
+};
 
 #[tokio::test]
 async fn fresh_instance() {
@@ -21,30 +25,10 @@ async fn fresh_instance() {
             .expect("setup in a fresh app succeeds");
 
     // Verify that the issued token is valid
-
-    let secret = identity
-        .secret()
-        .expect("newly-issued identity has a token secret");
-    let (_, login) = app
-        .tokens()
-        .validate(&secret, &fixtures::now())
-        .await
-        .expect("newly-issued identity cookie is valid");
-    assert_eq!(name, login.name);
+    verify::identity::valid_for_name(&app, &identity, &name).await;
 
     // Verify that the given credentials can log in
-
-    let secret = app
-        .tokens()
-        .login(&name, &password, &fixtures::now())
-        .await
-        .expect("credentials given on signup are valid");
-    let (_, login) = app
-        .tokens()
-        .validate(&secret, &fixtures::now())
-        .await
-        .expect("validating a newly-issued token secret succeeds");
-    assert_eq!(name, login.name);
+    verify::login::valid_login(&app, &name, &password).await;
 }
 
 #[tokio::test]