Refactor the login handler

The login handler is now a simpler, standalone http.Handler wrapper. The separation between the SSO application and the login handler is now fairly complete.

The login handler no longer forces the user to a specific workflow via session cookies, but it works on a request-by-request basis instead, which makes the "back" button works as expected (allowing the user to bail out of a broken 2FA process, for example).

Session handling has been simplified as well: there is a single session for authentication and login state, which should remove the opportunity for session synchronization errors.

added 1 commit

• e6ce37fb - Simpler mechanism for embedding SRI hashes

Compare with previous version

added 7 commits

• a714fb79 - Use the merged context when calling ExecuteTemplate
• b3cd8da3 - Fix submission URLs for 2FA login forms
• c8f18956 - Improve error message when the 2FA constraints are not met
• 6e9891f4 - Generate the SRI map in sorted order
• c9da7d18 - Bindata update for the 2fa forms
• 6387bf4c - Block default favicon requests
• 1284ea50 - Add script to run a local server for UI testing purposes

Compare with previous version

added 4 commits

• 4de18c1c - Lighten background a bit
• 821df6df - Use securecookie for long-term device ID cookie
• 891862ab - Update SRI and bindata for the latest css fix
• 42482e82 - Use securecookie for the httpsso handler

Compare with previous version

added 2 commits

• 655b0a9f - Fix callers of SSOWrapper
• 1418640d - Switch to a simpler session implementation

Compare with previous version

added 1 commit

• c2e0f43c - We no longer need a gorilla/mux in the main app

Compare with previous version

added 1 commit

• dfe0056b - Add an integration test

Compare with previous version

unmarked as a Work In Progress

changed the description

merged

mentioned in commit 58b34085

mentioned in issue #11 (closed)

mentioned in issue #9 (closed)

mentioned in merge request !7 (merged)