Send e-mails to a user when their API tokens are created/updated/deleted.

Review Request #8168 — Created May 17, 2016 and submitted — Latest diff uploaded

Information

Review Board
release-2.5.x

Reviewers

In order to help keep accounts safe, this change adds e-mail
notifications when something creates a new API token or updates/deleted
an existing one. This way, if something malicious somehow creates a
token on their behalf, or tricks them into creating a token, they'll be
notified so they can do something about it.

The create/update e-mails contain enough information to identify the
token without exposing the full token (in order to prevent someone with
e-mail access from reading the token ID). The delete e-mail contains the
full token, which is no longer in use at this point, so any
scripts/services using it can be identified.

Unit tests pass.

Tested creating a token, updating it, and deleting it. Received e-mails
for each operation, and verified the HTML and text contents.