* Users are only authenticated against their password on login, and to retrieve a token.
* Passwords are wiped from the app and cookies after login and token retrieval
* Tokens are revoked at the end of the session/logout
* If the user chooses the "remember me" option, the token is stored in the cookie
* A user interface to revoke tokens will be added
* Tokens correctly delete themselves on logout
* API documentation updated for the new user-token endpoints
* Added a Manage tokens tab to the user panel
* Added bullet point about the token authentication for the API
* Added tests for new endpoints and tests against authentication middleware
- Controller lifetime is bound to route lifetime
- View lifetime is bound to controller lifetime
- Control lifetime is bound to view lifetime
- Enhanced event dispatching
- Enhanced responsiveness in some places
- Views communicate user input to controllers via new event system
- Move controls to the "controls/" directory
- Make controls interface look similar to each other
- Prefix "private" methods and attributes with underscore
This commit introduces timer-less retry system:
1. Any change to URL is going to stop listening to any messages.
2. If a message is sent and there's no handler that could pick it up,
the message gets enqueued.
3. The message is sent again to the first handler that attaches itself
to given event type.
While in theory this is full of holes (no control over the first
handler), in practice, it works quite well.
Additionally, views.listenToMessages was attaching to completely wrong
DOM node; this commit fixes this as well.
