* Users are only authenticated against their password on login,
and to retrieve a token
* Passwords are wiped from the GUI frontend and cookies
after login and token retrieval
* Tokens are revoked at the end of the session/logout
* If the user chooses the "remember me" option,
the token is stored in the cookie
* Tokens correctly delete themselves on logout
* Tokens can expire at user-specified date
* Tokens have their last usage time
* Tokens can have user defined descriptions
* Users can manage login tokens in their account settings
* Added functionality for administrators to directly add users to the
application
* Added permission users:create:any to handle level that users are
allowed to create other users
* Moved old permission users:create to users:create:self
- Added type hinting (for now, 3.5-compatible)
- Split `db` namespace into `db` module and `model` namespace
- Changed elastic search to be created lazily for each operation
- Changed to class based approach in entity serialization to allow
stronger typing
- Removed `required` argument from `context.get_*` family of functions;
now it's implied if `default` argument is omitted
- Changed `unalias_dict` implementation to use less magic inputs
Rather than flushing the post right away only to find out that there
were validation errors, try to postpone flushing for as long as
possible.
The previous behavior has led to too eager spending of post IDs - each
flush calls nextval(post_id_seq), and postgres sequences are not
affected by transaction rollbacks, so each erroneous post creation
discarded a post ID, which has led to gaps in post IDs.
Ignored only the rules about continuing / hanging indentation.
Also, added __init__.py to tests so that pylint discovers them. (I don't
buy pytest's BS about installing your package.)
For quite some time, I hated Falcon's class maps approach that caused
more chaos than good for Szurubooru. I've taken a look at the other
frameworks (hug, flask, etc) again, but they all looked too
bloated/over-engineered. I decided to just talk to WSGI myself.
Regex-based routing may not be the fastest in the world, but I'm fine
with response time of 10 ms for cached /posts.
Shyam Sunder