* Deleting the current token used for the session, now forces a logout.
* Removed an assert in the is_valid_token code that was erroneous.
* Sorted imports in test_auth according to style.
* Updated UI to show more information about the token.
* Updated the js API to note the client token when creating it.
* Added prototype override to do add day calculations on dates.
* Updated auth check against token to inspect the expiration date of the token if it possesses one.
* Users are only authenticated against their password on login, and to retrieve a token.
* Passwords are wiped from the app and cookies after login and token retrieval
* Tokens are revoked at the end of the session/logout
* If the user chooses the "remember me" option, the token is stored in the cookie
* A user interface to revoke tokens will be added
* Tokens correctly delete themselves on logout
* API documentation updated for the new user-token endpoints
* Added a Manage tokens tab to the user panel
* Added bullet point about the token authentication for the API
* Added tests for new endpoints and tests against authentication middleware
* Added functionality for administrators to directly add users to the
application
* Added permission users:create:any to handle level that users are
allowed to create other users
* Moved old permission users:create to users:create:self
The bug could be reproduced as follows:
1. Navigate to /posts
2. Search for "test"
3. Navigate to /posts again
4. Refresh the page
The user should see plain post list, but instead they were seeing the
"test" search results again as if step 3 never happened.
Extract the state that controls mass tag form in the posts list header
to a separate class.
It's not exactly a 100% reusable control (the .tpl is shared), but it
should greatly simplify reading the JS.
