- This allows us to set a custom header for admin calls only (not needed in client calls)
- Adds request-id from Middleware to the API call to ensure the API logs against the same request ID.
This PR changes the flow to change an email address.
Once the user enter their password, they are told "Check your email".
An email has been sent to them containing a link to notify which contains an encrypted token.
The encrypted token contains the user id and new email address. Once the link is clicked the user's email address is updated to the new email address.
They are redirected to the /user-profile page.
Also in this commit is an update from flask.ext.login to flask_login.
Mutating dictionaries is gross and doesn’t work as you’d expect. Better
to have the function return a new dictionary instead.
Means we can be explicit that `created_by` is one of the allowed params
when updating a service.
The post register endpoint will send a random 5 digit code via sms and another via email.
If either code fails to send, the user will not be created and the person can register again.
The codes are saved to the session cookie, and expire in 1 hour.
Another iteration of this story will save the codes to a database.
