Until now, AuthService used to check for empty e-mail in order to tell
whether an account is activated. This was wrong for following scenario:
1. User doesn't enter any e-mail.
2. Because he is about to become the first user to register, he will
become an administrator.
3. Administrators don't need to confirm their e-mail address. Activation
e-mail is not sent, code for e-mail activation is run instead.
4. The user succeeds to create an e-mail-less administrator account.
5. The user fails to login due to unconfirmed e-mail.
6. The code that activates an e-mail just moves unconfirmed e-mail to
primary e-mail. That was the bug, there's no e-mail to confirm.
Things got (hopefully) simpler now, since I added separate column for
indicating whether account is activated.
I still struggle to find out how to deal with arguments like
$userNameOrEmail. Should I trim() them in controllers, or in service?
If I do it in service, shouldn't all of such validation belong in there?
