fix: JWT Backend Storage, JWT Bugs

[juslam19]

• Fix logging out requiring a valid access token, can now do so without any token
• Reset password now will log everything out by purging refresh token
• Fix token using mutable user data, now only uses immutable data parts
• Only allow one refreshToken at a time:

• To ensure only one login on a client (browser)
• To ensure a clean backend storage, as if user keeps logging in and deleting refreshToken, will accumulate
• Prevent stealing of old defunct refreshToken, as mentioned earlier

• Current issues:

• Still has some issue with middleware: middleware previously used UserWithoutPassword to User unsafe typecast
• Also has issue with jwt expiring outside of refreshing entire page - probably where all issues came from for jwt expiring {Fixed on assignment-3-jwt branch for assignment submission}
• Shows editQuestion even though that is admin protected for frontend
• Merged with master and oauth

To fix in future PR, NOT HERE:

• Make the JWT extend to all services!

I think this bug was always there, in latest commit here:
mostly works for jwt, bug: need to refresh profile page upon login to then see user details, after that works every time

[seelengxd]

don't see any errors - looks good - maybe merge and see what happens on deployment

the 10s token thing... isnt permanent right?

[juslam19]

don't see any errors - looks good - maybe merge and see what happens on deployment

the 10s token thing... isnt permanent right?

regarding the 10s token thing, it is not permanent. It is just to see that the thing overall works for the ones covered by JWT. But let's be real, the presentation and stuff is too easy to mess up. Just to play it superrrr safe, I'll place it at 1h expiry time.