Handle failed token test without leaking token (#1138)

If the line `token_info = token_response[token]` fails with a `KeyError`
(due to an error response from lichess), the user's token will be
printed in the error message. Use `token_response.get()` to prevent
this.

Also, use `.get()` on the resulting `token_info` to print a more useful
error message.

Author: MarkZH

lib/lichess.py

@@ -113,13 +113,14 @@ def __init__(self, token: str, url: str, version: str, logging_level: int, max_r
 
         # Confirm that the OAuth token has the proper permission to play on lichess
         token_response = cast(TOKEN_TESTS_TYPE, self.api_post("token_test", data=token))
-        token_info = token_response[token]
+        token_info = token_response.get(token)
 
         if not token_info:
-            raise RuntimeError("Token in config file is not recognized by lichess. "
-                               "Please check that it was copied correctly into your configuration file.")
+            raise RuntimeError("There was an error in retrieving information about the bot's token. "
+                               "Please check that it was copied correctly into your configuration file "
+                               "and try again.")
 
-        scopes = token_info["scopes"]
+        scopes = token_info.get("scopes", "")
         if "bot:play" not in scopes.split(","):
             raise RuntimeError("Please use an API access token for your bot that "
                                'has the scope "Play games with the bot API (bot:play)". '