Bug 28772: Make secret validation use the new method

This patch makes the Koha::OAuth library use the new validation method

To test:
1. In master, enable RESTOAuth2ClientCredentials and have your
   superlibrarian patron a client_id/secret pair generated
2. Use Postman to gain an access token with the client_id/secret pair
=> SUCCESS: This works in Koha
3. Use the access token to GET /api/v1/patrons
=> SUCCESS: It works
4. Apply this patchset up to the regression tests
5. Run:
   $ updatedatabase
   $ koha-plack --restart kohadev
=> SUCCESS: All good
6. Repeat 2
=> FAIL: You get an error trying to acquire an access token. Boo
7. Run:
   $ kshell
  k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: Tests fail!
8. Apply this patch
9. Run:
   $ koha-plack --restart kohadev
   $ kshell
  k$ prove t/db_dependent/api/v1/oauth.t
=> SUCCESS: Tests pass!
10. Repeat 2
=> SUCCESS: Your original client_id/secret pair works!
11. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Koha/OAuth.pm

@@ -65,7 +65,7 @@ sub _verify_client_cb {
     # client_id mandatory and exists on the DB
     return (0, 'unauthorized_client') unless $api_key && $api_key->active;
 
-    return (0, 'access_denied') unless $api_key->secret eq $client_secret;
+    return (0, 'access_denied') unless $api_key->validate_secret( $client_secret );
 
     return (1, undef, []);
 }