Closes#282
* Added a new route
* Added new methods
* Triple security!
* Passwords are actually changed
* Also added a change password button, because 'save' has too much baggage.
On security: checks whether you're logged in. Then checks whether your old password is actually the one that belongs to you (gets value from the email field for the email, see caveat no2). Checks the new passwords for === and length > 6 on client and server side as well. And THEN changes passwords.
Caveats:
* didn't add a test, as mocha fails spectacularly on my machine. SQLITE_CORRUPT: database disk image is malformed. Cute, huh?
* Because we don't have / I'm not aware of / could not find a "currentuser" variable, I need to get the email address of the user we want to change from the email field. Theoretically if they replace that with another user's email address, and supply their pw, they will change THEIR password instead of their own.
closes#276
- settings screen now loads a model when a pane is requested, rather than when the whole screen is requested
- added browse, read and edit methods and routes for users to the API
- added user model & template to client and wired everything up.
- provided default images for cover and profile picture
- Ghost.View now extends Ghost.TemplateView giving all views access to subviews and templates
- Views which implemented templates no longer need to
- Some views needed to re-override render which is a bit annoying
- Settings screen now has sub-templates for each pane and for the sidebar
- Additional Casper tests for settings screen
