Api token updates (#5664)

* Create new APIToken model

- Has custom 'name' field
- Has custom expiry date

* Add data migration to port across any existing user tokens

* Adds 'revoked' field - tokens can be manually revoked

* Update API token - allow multiple tokens per user

* Custom token auth handler

- Correctly handles revoked tokens
- Correctly handles expired tokens

* Update AuthRequiredMiddleware

- Check for token active status

* Token API endpoint improvements

- Can return tokens with custom names
- Return more information on the token too

* Consolidate migrations

* When requesting a token, overwrite inactive token for authenticated user

- An authenticated user must receive a token
- Unauthenticated users cannot do this

* Fix

* Use token name for frontend

* Force token expiry, and generate default expiry date

* Force generation of a new token when requested

* Reduce data exposed on token API endpoint

* Display redacted token in admin site

* Log when new token is created for user

* Add default value for token

- Allows raw token to be viewed in the admin interface when created
- After created, no longer visible
- Also provides ability to generate token with static prefix

* Fixes for admin interface

- Prevent user and expiry from being edited after creation

* Implement unit tests for token functionality

* Fix content exclude for import/export

* Fix typo

* Further tweaks

- Prevent editing of "name" field after creation
- Add isoformat date suffix to token

* Longer token requires longer database field!

* Fix other API tokens

* Remove 'delete' method from token API endpoint

* Bump API version

tasks.py

@@ -35,7 +35,7 @@ def content_excludes():
     excludes = [
         "contenttypes",
         "auth.permission",
-        "authtoken.token",
+        "users.apitoken",
         "error_report.error",
         "admin.logentry",
         "django_q.schedule",