This pull request fixes some bugs caused by duplicate auth_token in developer db images.
lookup_from_auth_token selects the first user with an auth_token. One bug to reproduce is this:
- import the database from development-image.sql
- login as eviltrout:password
- go to
- you get “not allowed”
I think the best way is not to include any auth_token in the db dump, so it will be recreated at login.