check user.expiration_date in API

Bengfort requested to merge api-expiration into main

user.expiration_date is usually checked in a middleware. The authentication we use for the API is not compatible with that, so we need to add this explicitly. I am not sure whether we really want that.

Making middleware apply to API requests in general is not the best idea IMHO because this would also include AutoLogoutMiddleware.

Edited by Bengfort

Merge request reports