If the supertest request fails its basic assertions, there may not even
be a body to perform checks against, so bail early when possible.

Safer tests - step1 [back-port to 2.x]

We should never be showing this publically.
Adds unit test for hiding verification token.
This is a back-port of pull request strongloop#1851 from gausie/patch-4

Update PersistedModel.findOrCreate() JSDoc to reflect the
callback accepts an additional created boolean parameter.
This is a back-port of pull request strongloop#1983 from noderat/patch-1

...ms-2.x
Fix travis platforms [2.x]

Fix race condition in error handler test

* Change.diff
* Change.findOrCreateChange
* Change.rectifyModelChanges
* Change.prototype.currentRevision
* Change.prototype.rectify

Using console.log like this can result in invalid xml when the xunit
reporter is used.
[Backport of pull request strongloop#2035]

 * Remove sl-blip from dependency (Candy)
 * Fix race condition in replication tests (Miroslav Bajtoš)
 * test: remove errant console.log from test (Ryan Graham)
 * Promisify Model Change (Jue Hou)
 * Fix race condition in error handler test (Miroslav Bajtoš)
 * Travis: drop iojs, add v4.x and v5.x (Miroslav Bajtoš)
 * Correct JSDoc findOrCreate() callback in PersistedModel (Miroslav Bajtoš)
 * Hide verificationToken (Miroslav Bajtoš)
 * test: use ephemeral port for e2e server (Ryan Graham)
 * test: fail on error instead of crash (Ryan Graham)
 * ensure app is booted before integration tests (Ryan Graham)
 * Checkpoint speedup (Amir Jafarian)
 * Pull in API doc fix from PR into master strongloop#1910 (crandmck)

[back-port of pull request strongloop#2088]

[back-port of pull request strongloop#2105]

Add two new options:
 - When `enableDoublecheck` is true, the middleware will run
 even if a previous middleware has already set `req.accessToken`
 (possibly to `null` for anonymous requests)
 - When `overwriteExistingToken` is true (and `enableDoublecheck` too),
 the middleware will overwrite `req.accessToken` set by a previous
 middleware instances.

Allow built-in token middleware to run repeatedly [back-port to 2.x]

Prevent apps from crashing when using `Model.nestRemoting` without
`{ hooks: false }` option.
Note that it is not possible to reproduce this bug using our current
Mocha test suite, because other tests modify the global state in such
way that the bug no longer occurs.
[back-port of strongloop#2245]

... a remote method.
Signed-off-by: Supasate Choochaisri <supasate.c@gmail.com>

...ble-remote-method-event
BACKPORT Add new feature to emit a `remoteMethodDisabled` event when disabling

 * Add new feature to emit a `remoteMethodDisabled` event when disabling a remote method. (Supasate Choochaisri)
 * Fix typo in Model.nestRemoting (Tim Needham)
 * Allow built-in token middleware to run repeatedly (Benjamin Kröger)
 * Improve error message on connector init error (Miroslav Bajtoš)
 * application: correct spelling of "cannont" (Sam Roberts)

Rework User tests to not depend on `app.autoAttach()` and global shared
registry of Models. Instead, each tests creates a fresh app instance
with a new in-memory datasource and a new set of Models.

Rework tests in `test/rest.middleware.test.js` to not depend
on `app.autoAttach()` and global shared registry of Models. Instead,
each tests creates a fresh app instance with a new in-memory datasource
and a new set of Models.

...o-attach-2.x
Clean up unit-tests - use local registry [2.x]

...ut_patch
Reorder PATCH Vs PUT endpoints

...ource-app-2x
Make the app instance available to connectors

Backport strongloop#2684 

Apply g.f to literal strings

Fix a typo in "app.enableAuth" that caused the method to not detect
the situation when e.g. the built-in User model is already attached
to a datasource.

Fix app.enableAuth and test/user

 * test/user: don't attach User model twice (Miroslav Bajtoš)
 * app.enableAuth: correctly detect attached models (Miroslav Bajtoš)
 * Apply g.f to literal strings (Candy)
 * Make the app instance available to connectors (Subramanian Krishnan)
 * Reorder PATCH Vs PUT endpoints (Amir Jafarian)
 * streamline use if `self` (Benjamin Kroeger)
 * resolve related models from correct registry (Benjamin Kroeger)
 * KeyValueModel: add API for listing keys (Miroslav Bajtoš)

Drop hand-crafted RegExp in favour of a 3rd-party module that supports
RFC5321, RFC5322 and other relevant standards.

Rework email validation to use isemail

Fix the definition of "data" argument to
 { type: 'object', model: modelName, ... }
That way strong-remoting passed the request body directly to the model
method (does not create a new model instance), but the swagger will
still provide correct schema for these arguments.
This fixes a bug where upsert in relation methods was adding default
property values to request payload.

...guments
Fix remoting metadata for "data" arguments

Backport of strongloop#2539 

...here_2.x
Expose upsertWithWhere

* Related PR: strongloop#2727 

...upsertWithWhere
Fix data argument for upsertWithWhere

 * Fix data argument for upsertWithWhere (Amir Jafarian)
 * Expose upsertWithWhere (Sonali Samantaray)
 * Fix remoting metadata for "data" arguments (Miroslav Bajtoš)
 * Rework email validation to use isemail (Miroslav Bajtoš)

Fix the code building the URL used in the email-verification email
to prevent double-slash in the URL when e.g. restApiRoot is '/'.
Before:
 http://example.com//users/confirm?...
Now:
 http://example.com/users/confirm?...

...ail-with-empty-rest-root-2x
Fix double-slash in confirmation URL

 * Fix double-slash in confirmation URL (Miroslav Bajtoš)