We probably want something slightly fancier, like a banner or something,
that also shows up on the login page (and perhaps other "system" pages),
but for now this should suffice.
Instead of doing formal network traffic on the host-side whenever a
login attempt gets initiated, we now do it no earlier than when we're on
the client-side. This has the important property that network traffic
can only be initiated by authenticated HTTP requests. The previous
implementation, where hosts sent pleas when an unauthenticated HTTP
client said then wanted to log in, was vulnerable to abuse.
So now, formally, the eauth flow starts at the client's confirmation
screen. There is an optional step preceding this, where an attempt is
started on the host (and data is still stored for this), but to get the
redirect target, the host uses remote scry to get the eauth URL out of
the client ship.
Hosts now also give attempt-specific return URLs, useful in case they
are accessible (or even serving different content) from different
hostnames.
We weren't handling these at all. Now we make them enter the same
codepath that %done nacks go into: deleting the attempt and maybe
telling the user if we can.
Note that Eyre will not receive %lost for %boons it crashes on until
Previously, if we noticed %boon handling had caused a crash, we would
transform any existing %boons into %losts, but still emit a new %boon
for the message we ostensibly crashed on.
Now, we make sure to just directly send a %lost if sending the %boon
caused a crash. We drop the existing-moves transformation entirely,
assuming it to vestigial.
This will make it easier to access for tests. The change to its
interface is also nice: in pretty much all scenarios in which we call
it, we already know whether we have redirect deets available to us, so
just provide those as arguments instead of having the function
re-derive.
Brief prompt describing the login attempt's target, properly styled
buttons.
Pulls the CSS code for login pages out into its own arm for cleaner
sharing.
