Login Refactor

[kane-mason]

The fact that doLogin was expecting the req as a parameter was causing some headaches in my project.

So i set out to refactor it a bit to accept explicit parameters.

I also found that signing with the email address is not necessary anymore? Though i will need your input on this point please.

Since doLogin is exposed as a util this is a breaking change - though not sure major version increase necessary

Refactored userPermissions to permissions to make more generic

[kane-mason]

Sorry i should have been a bit clearer! When i saying signing without the email, i mean signing the jwt, not signing in :)

So when attempting the log in the user supplies email and password which, which is verified by finding user on db, and comparing password with hashed salt.

If that succeeds then a token is generated using jsonwebtoken as so:

jwt.sign({
  _id: user._id,
  email: user.email,
  collection
}, jwt_secret, jwt_options)

but i found there is no real need to include the email at this stage, maybe it has a use at some stage, but now its just kinda decoration? unless i am missing something?

[kane-mason]

I have been using this for a few days without issue, and now need it a bit desperately, so will merge it tonight if no objections