* Updated UI to show more information about the token.
* Updated the js API to note the client token when creating it.
* Added prototype override to do add day calculations on dates.
* Updated auth check against token to inspect the expiration date of the token if it possesses one.
* Users are only authenticated against their password on login, and to retrieve a token.
* Passwords are wiped from the app and cookies after login and token retrieval
* Tokens are revoked at the end of the session/logout
* If the user chooses the "remember me" option, the token is stored in the cookie
* A user interface to revoke tokens will be added
* Tokens correctly delete themselves on logout
* API documentation updated for the new user-token endpoints
* Added a Manage tokens tab to the user panel
* Added bullet point about the token authentication for the API
* Added tests for new endpoints and tests against authentication middleware
Print all links through new uri.js component
Refactor the router to use more predictable parsing
Fix linking to entities with weird names (that contain slashes, + etc.)
API responses are cached internally - if they're modified, they're
modified in cache too. This can lead to certain anomalies, that can be
easily solved by making object copies.
The lists in the post model (current state and original state) referred
to the same objects, so that making changes to current state was seen as
if no change has been made. This broke mass tag - it always thought
there were no changes to post tags.
This has important side effect that matters when we check for data
changes using _orig dictionary. Previously, _orig was empty (so its
members fields were undefiend) whereas the real fields were declared as
nulls. This meant that for new entities, the conditions were always
true, which is unintended. Now both _orig and the class itself are
initially populated with _updateFromResponse which syncs the state
between them, removing the problem.
