refactor-user-tokens

[TorstenDittmann]

What does this PR do?

This PR removes login sessions from the Tokens collection and uses a new dedicated collection called Sessions for authentication tokens. It also decouples OAuth2 references from the User document and moves them to Sessions This will allow us in the future to easily extend the authentication with more providers.

Collections

• Tokens
  • removes OS, Client and Device information rules
  • Stopped being used for login sessions
• Sessions
  • introduces new Collection for login sessions
  • Rules:
    • userID
    • secret
    • provider (Determines what Login provider was used for this session: email, anonymous or any other OAuth2 provider)
    • providerUid (Unique identifier passed from the provider like E-Mail Address or User ID form an OAuth2 provider)
    • providerToken (optional - can store data like Access Token from OAuth2 Providers)
    • expire
    • userAgent
    • .... OS, Device and Client informations
• Users
  • removes every oauth2 and oauth2AccessToken rule
  • adds Sessions collection to be used for authentication

Migration

Invalidate all Login Tokens, since they can't be migrated to the new structure. Reason for it is the missing distinction between E-Mail and OAuth2 tokens.

Also migrates every collection change.

Test Plan

Utilizes already present tests and added new test to check for duplicate collection rules.

Related PRs and Issues

none

Have you read the Contributing Guidelines on issues?

✅

[TorstenDittmann]

@eldadfux checked all the stuff, ready for review 🙂

[eldadfux]

Looks good!