* Users are only authenticated against their password on login,
and to retrieve a token
* Passwords are wiped from the GUI frontend and cookies
after login and token retrieval
* Tokens are revoked at the end of the session/logout
* If the user chooses the "remember me" option,
the token is stored in the cookie
* Tokens correctly delete themselves on logout
* Tokens can expire at user-specified date
* Tokens have their last usage time
* Tokens can have user defined descriptions
* Users can manage login tokens in their account settings
- Controller lifetime is bound to route lifetime
- View lifetime is bound to controller lifetime
- Control lifetime is bound to view lifetime
- Enhanced event dispatching
- Enhanced responsiveness in some places
- Views communicate user input to controllers via new event system
- Move controls to the "controls/" directory
- Make controls interface look similar to each other
- Prefix "private" methods and attributes with underscore
This commit introduces timer-less retry system:
1. Any change to URL is going to stop listening to any messages.
2. If a message is sent and there's no handler that could pick it up,
the message gets enqueued.
3. The message is sent again to the first handler that attaches itself
to given event type.
While in theory this is full of holes (no control over the first
handler), in practice, it works quite well.
Additionally, views.listenToMessages was attaching to completely wrong
DOM node; this commit fixes this as well.
