Issues 2088 and 2104

(example code) fix logout button in example primary.  we've required that folks call navigator.id.logout(), invoking the logout function with navigator.id as the this pointer.

When a secondary email is verified, make sure its verified bit is set to true.  Lots of cleanup for readability.

When the verification poll completes, if the user is not currently authenticated to the "password" level, use the staged password to authenticate the user.

If user never entered a password, kick them over to the enter your password screen.

Issue2104 verify email reset multiple browsers

audit and simplify logic in email_for_token to return proper hint to frontend on whether they should get a password from the user and forward it along with the 'complete' request during verification process for acct creation, password reset, email addition, and email re-verificaiton

Fix forgot password redirection to /signin

Fix error on too short of old password when changing password.

Update "Developer" links to point to our MDN root

Rather than going straight to the quick setup, we should link to somewhere that
gives a little more context.

* to page_helpers.emailSent, add a new input paramter - pollFuncName.  The poll functions are unique for each type of email sent.

* Generalize and cleanup unit tests

Ensure that when a user verifies in a different browser than what they reset their password with, they must authenticate to complete the verification

add access-control-allow-origin to all static resources (excluding views...

tests pass, fonts look good.  I can see the access-control-allow-origin on requested static resources.

r+

add access-control-allow-origin to all static resources (excluding views), to allow fonts to be requested cross domain.  fixes a regression introduced during the merge of router, for issue #1973

returnTo, siteName, and siteLogo only should work with the observer API.

move metrics to router: avoids headers not being forwarded and caching -...

not BrowserID, but Persona

Manually tested, tests still run.

r+

Remove extraneous params in load_gen requests

Instead of hard coding 8 and 80, use named constants.

* This is still not pretty, but it is a safe for hotfix into staging. This makes the unsupported dialog and cookies disabled screens look equivalent to the current prod.

cherry picked from the stage hotfix - 977706bc288660a5b40c5ea58001fc9bba4fda90

Add instructions on hacking things directly in code/

I just tested this sequence on an instance.  Works beautifully.

r+

Add a link to the repo and current source in the top level of each served up HTML resource.

close #1655

Update unit test module names to match directory structure.

close #1986

Allow assertions issued by person to be used to authenticate.  This make...

Allow assertions issued by person to be used to authenticate.  This makes it possible for "proxy idps" to work without the implementation details leaking out into others verifier implementations.

Conflicts:
	resources/views/layout.ejs

Remove en-US from the SUMO link