* Deleting the current token used for the session, now forces a logout.
* Removed an assert in the is_valid_token code that was erroneous.
* Sorted imports in test_auth according to style.
* Updated UI to show more information about the token.
* Updated the js API to note the client token when creating it.
* Added prototype override to do add day calculations on dates.
* Updated auth check against token to inspect the expiration date of the token if it possesses one.
* Users are only authenticated against their password on login, and to retrieve a token.
* Passwords are wiped from the app and cookies after login and token retrieval
* Tokens are revoked at the end of the session/logout
* If the user chooses the "remember me" option, the token is stored in the cookie
* A user interface to revoke tokens will be added
* Tokens correctly delete themselves on logout
* API documentation updated for the new user-token endpoints
* Added a Manage tokens tab to the user panel
* Added bullet point about the token authentication for the API
* Added tests for new endpoints and tests against authentication middleware
Print all links through new uri.js component
Refactor the router to use more predictable parsing
Fix linking to entities with weird names (that contain slashes, + etc.)
In other words, verify the privileges client-side before issuing an
request to the server. This commit focuses on routing (e.g. clicking a
link while not logged in), rather than DOM element visibility that
should be already taken care of.
- Controller lifetime is bound to route lifetime
- View lifetime is bound to controller lifetime
- Control lifetime is bound to view lifetime
- Enhanced event dispatching
- Enhanced responsiveness in some places
- Views communicate user input to controllers via new event system
