3399e45130
- New untenanted Identity and Membership models - New `identity_token` cookie with path "/" holds state across tenants We're not sure whether the untenanted database will be sqlite or MySQL, and so I've been careful to minimize - database reads, placing them behind etags and caching - database writes, only writing when a new Session is created (login) Note that we track two things in the identity_token cookie: a signed id, and the updated_at for the underlying Identity object. This allows us to effectively cache on the Identity without having to hit the database, by using an Identity::Mock object that is compatible with etag and cache methods. The new integration test shows the desired user-facing behavior, which is to make it easy to login without a tenanted URL and to jump between tenants. - the untenanted "login_help" page shows all linked memberships - the jump menu shows all linked memberships (except the current) Also introduced a utility script to populate existing employee Identities, grouping accounts by email address.