Better behaviour when not authorised #13
Description
When an email address is not authorised to create a secret,
system sends a token, and when clicked, it displays a flash saying “Token not found”
Also see #14
Expected behaviour would be:
- if user has already received a secret :
send a token, show dashboard/history - if user has never received a secret:
- if the system is closed: don’t send a token at all, display message explaining and asking to contact admins.
- if the system is open or mono-directionnal: send a token and allow creation of token