* Implement listing user sessions in user settings
* Make copy adjustments (h/t @metmarkosaric)
* Make warning button text color more consistent across user settings
* Add tests for `UserAuth.revoke_user_session/2`
* Test and improve `Auth.UserSessions`
* Test and improve controller actions
* Update CHANGELOG.md
* Remove support for legacy user sessions
* Implement revoking all sessions for a given user
* Revoke all user sessions on password reset
* Add tests for revoking all user sessions on password reset
* Reload page when dashboard API request fails with 404
* Revert "Reload page when dashboard API request fails with 404"
This reverts commit 77d1a1035658915f9afe538afc5fb9a3da0ec905.
* Remove custom background on "Choose Plan" page
* Avoid `UserAuth` test failing due to bad timing
---------
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Turn `Plausible.Auth.UserSession` into full schema
* Implement token based sessions and use them as default
* Ignore expired user sessions during retrieval from DB
* Implement plug bumping user session last used and timeout timestamps
* Implement Oban worker removing expired user sessions with grace period
* Implement legacy session conversion on touch, when applicable
* Update `UserAuth` moduledoc
* Extend `UserAuth` tests to account for db-backed session tokens
* Update CHANGELOG
* Add tests for `UserSessionTouch` plug
* Add test for `CleanUserSessions` worker
* Add logging of legacy session retrievals
* Use single update permitting stale records when touching user session
* Don't fetch session and user for external API endpoints (/api/event too)
* Refactor `Users.with_subscription/1` and expose helper query
* Skip fetching session in legacy `SessionTimeoutPlug`
* Rely on user session assign from `AuthContext` in `SentryContext`
* Silence legacy session warnings in `UserSessionTouchTest`
* Rely on session assign from `AuthPlug` in `SuperAdminOnlyPlug`
* Change `UserAuth` to get session, user and last subscription in one go
* Avoid refetching user session in `AuthorizeSiteAccess` plug
* Fix code formatting
* Refactor `UserAuth.get_user_token/1` (h/t @aerosol)
* Remove bogus empty opts from `scope` declarations in router
* Only touch session once an hour and keep `user.last_seen` in sync
* Bring back logging of legacy token use
* Extract session management from AuthController
* Don't explicitly pass `current_user_id` to `live_render`'s session
* Add ability to retrieve session and user from token via `UserAuth`
* Always fetch current user (or just id) via `UserAuth` API
* Introduce `UserSession` as an embedded schema for now
* Make `UserAuth.get_user/1` accept `UserSession` as an input
* Introduce LV auth context populating user data from session on mount
* Refactor `AuthPlug` and make it populate `current_user_session` as well
* Rely on authenticated user data provided by auth plug or LV context
* Make `Sites.get_for_user(!)` accept `User` struct as well
* Set `logged_in` cookie explicitly when it's out of sync with session
* Expand modules documentation a bit
* Improve and extend tests slightly