Ensure that when a user verifies in a different browser than what they reset their password with, they must authenticate to complete the verification

not BrowserID, but Persona

Manually tested, tests still run.

r+

Remove extraneous params in load_gen requests

Instead of hard coding 8 and 80, use named constants.

* This is still not pretty, but it is a safe for hotfix into staging. This makes the unsupported dialog and cookies disabled screens look equivalent to the current prod.

cherry picked from the stage hotfix - 977706bc288660a5b40c5ea58001fc9bba4fda90

Add instructions on hacking things directly in code/

I just tested this sequence on an instance.  Works beautifully.

r+

Add a link to the repo and current source in the top level of each served up HTML resource.

close #1655

Update unit test module names to match directory structure.

close #1986

Allow assertions issued by person to be used to authenticate.  This make...

Allow assertions issued by person to be used to authenticate.  This makes it possible for "proxy idps" to work without the implementation details leaking out into others verifier implementations.

Conflicts:
	resources/views/layout.ejs

Remove en-US from the SUMO link

Before authenticating, check password length.

localize main site

<%- is an alias for <%=.

Update one unit test so all frontend tests pass.

Add new authentication related KPIs for @nmalkin

close #1825

adorn confirmations on main site (like 'd00d, sure you wanna cancel') with gettext() for proper extraction and substition

'or' was not gettext() decorated in index.ejs - allow a translator more control over the whole phrase

Minimalist implementation of support in core for Proxy IDP (a.k.a. "BigTent")

Fix cookie check cookie made into a session cookie in IE8

log reason for bad verifier assertion and increment statsd failure counter

gettextify the last portion of the about page.

add test coverage of origins that start with digits, and relax validation regex a bit - closes #2042