Johan Nordberg

Wouldn't a encrypted PDF defeat the purpose of a password backup? Or are you suggesting we encrypt it with a key we hold and provide some sort of decryption service?

Where are we at with this? Any reason for not merging?

Something to bear in mind is that allowing the username to be changed after approval excludes it from being a variable used in the approval process

@pkattera Yes

Sequelize can be tested with an in-memory sqlite database

Doing this the same time as #319 would be a good idea

Isn't it easier to do `attempts = model.phone_code_attempts || 0`? And what issue does this solve?

IMO we should fix the logic to check for null instead to avoid the migration. If that's not an option the schema change needs to add `allowNull: false` as well

Because they are are JSON Web Tokens which contains a signed `{email: }` object This is very poor design for multiple reasons and I'm planning to address this in the...

+100 for json based logging, that's what all new node.js services (conveyor, kingdom, gatekeeper, faucet, faucet-admin, overseer) uses already scalyr auto-parses json logs as well