[SECURITY-243] APIToken auth needs to create the user.
In the case the user is valid but not saved the user need to be created. This catches the case where the user has not saved anything and is using their default API token.
Please register or sign in to comment