Event Timeline
Comment Actions
This should support some kind of "auth" flag that doesn't require user to enter existing password, for cases like forgotten password.
Comment Actions
Forgotten user's access token will have its sudo flag on, skipping the requirement for existing password.