feat: Guest email authentication (#1088)

* feat: API endpoints for email signin

* fix: After testing

* Initial signin flow working

* move shared middleware

* feat: Add guest signin toggle, obey on endpoints

* feat: Basic email signin when enabled

* Improve guest signin email
Disable double signin with JWT

* fix: Simple rate limiting

* create placeholder users in db

* fix: Give invited users default avatar
add invited users to people settings

* test

* add transaction

* tmp: test CI

* derp

* md5

* urgh

* again

* test: pass

* test

* fix: Remove usage of data values

* guest signin page

* Visually separator 'Invited' from other people tabs

* fix: Edge case attempting SSO signin for guest email account

* fix: Correctly set email auth method to cookie

* Improve rate limit error display

* lint: cleanup / comments

* Improve invalid token error display

* style tweaks

* pass guest value to subdomain

* Restore copy link option

* feat: Allow invite revoke from people management

* fix: Incorrect users email schema does not allow for user deletion

* lint

* fix: avatarUrl for deleted user failure

* change default to off for guest invites

* fix: Changing security settings wipes subdomain

* fix: user delete permissioning

* test: Add user.invite specs

server/policies/user.js

@@ -16,10 +16,16 @@ allow(User, 'invite', User, actor => {
   return true;
 });
 
-allow(User, ['update', 'delete'], User, (actor, user) => {
+allow(User, 'update', User, (actor, user) => {
   if (!user || user.teamId !== actor.teamId) return false;
   if (user.id === actor.id) return true;
-  if (actor.isAdmin) return true;
+  throw new AdminRequiredError();
+});
+
+allow(User, 'delete', User, (actor, user) => {
+  if (!user || user.teamId !== actor.teamId) return false;
+  if (user.id === actor.id) return true;
+  if (actor.isAdmin && !user.lastActiveAt) return true;
   throw new AdminRequiredError();
 });