Implement a provider for 2 factor authentication (2FA) using one time passwords as described in [RFC 2289](https://www.ietf.org/rfc/rfc2289.txt). 1. It is considered suffici) ...

It seems that the current session id implementation is not deleting all of the old (closed, invalid) sessions from the database. The desired behaviour should be to delete all s) ...

The base should be the idea that there are: 1. users (an account, possibly having ssh keys) 2. organisations (having members and administrators) 3. global access rights (i) ...