auth: turn dead AuthUser code into assertion The result of db.User.get_dict never contains the keys 'api_keys' or 'permissions'. The keys returned by get_dict are 1) all the User table columns, 2) the keys explicitly defined in User.__json__, and 3) the keys defined in User.get_api_data, none of which include the two blacklisted keys. 'api_keys' would be returned if __json__ called get_api_data with argument details=True; but currently that is not the case. In case there's a reason why these two keys must never appear in an AuthUser object, the check has not been removed entirely; instead, it's been turned into an assertion. This way, it will be noticed if __json__ is later modified to request detailed API data, for instance.

[tox]
envlist = py{26,27}-{pytest,nose}

[testenv]
setenv =
    PYTHONHASHSEED = 0
deps =
    nose: nose
    pytest: pytest
commands =
    nose: nosetests {posargs}
    pytest: py.test {posargs}