Send e-mails to a user when their API tokens are created/updated/deleted.
Review Request #8168 — Created May 17, 2016 and submitted — Latest diff uploaded
In order to help keep accounts safe, this change adds e-mail notifications when something creates a new API token or updates/deleted an existing one. This way, if something malicious somehow creates a token on their behalf, or tricks them into creating a token, they'll be notified so they can do something about it. The create/update e-mails contain enough information to identify the token without exposing the full token (in order to prevent someone with e-mail access from reading the token ID). The delete e-mail contains the full token, which is no longer in use at this point, so any scripts/services using it can be identified.
Unit tests pass.
Tested creating a token, updating it, and deleting it. Received e-mails
for each operation, and verified the HTML and text contents.