* Deleting the current token used for the session, now forces a logout.
* Removed an assert in the is_valid_token code that was erroneous.
* Sorted imports in test_auth according to style.
* Updated UI to show more information about the token.
* Updated the js API to note the client token when creating it.
* Added prototype override to do add day calculations on dates.
* Updated auth check against token to inspect the expiration date of the token if it possesses one.
* Users are only authenticated against their password on login, and to retrieve a token.
* Passwords are wiped from the app and cookies after login and token retrieval
* Tokens are revoked at the end of the session/logout
* If the user chooses the "remember me" option, the token is stored in the cookie
* A user interface to revoke tokens will be added
* Tokens correctly delete themselves on logout
* API documentation updated for the new user-token endpoints
* Added a Manage tokens tab to the user panel
* Added bullet point about the token authentication for the API
* Added tests for new endpoints and tests against authentication middleware
* Added functionality for administrators to directly add users to the
application
* Added permission users:create:any to handle level that users are
allowed to create other users
* Moved old permission users:create to users:create:self
The bug could be reproduced as follows:
1. Navigate to /posts
2. Search for "test"
3. Navigate to /posts again
4. Refresh the page
The user should see plain post list, but instead they were seeing the
"test" search results again as if step 3 never happened.
Extract the state that controls mass tag form in the posts list header
to a separate class.
It's not exactly a 100% reusable control (the .tpl is shared), but it
should greatly simplify reading the JS.
Print all links through new uri.js component
Refactor the router to use more predictable parsing
Fix linking to entities with weird names (that contain slashes, + etc.)
