This makes it possible to test two distinct sessions at the same time,
needed to exercise expiring one session when the password is changed in
a second session.

After the user is authenticated, we might update the hashed password if
the bcrypt work factor has been changed. To simplify the code in
preparation for later changes, this patch extracts the updateHash() code
out to a separate function.

Note that this function must run *after* the `res.json()` call for two
reasons. The first is to avoid slowing down the client (send answer
first, do work later). The second is to get the right session cookie
into the POST that we send to ourselves (to /wsapi/update_password) that
does the actual hash updated. The session is updated in
wsapi.authenticateSession, but the cookie isn't regenerated until the
call to `res.json()`, and the POST is sneakily grabbing the cookie out
of the response's Set-Cookie header to copy into the request-to-self.

This includes an error-handling argument to the callback.

Adding a deprecation warning for navigator.id.getVerifiedEmail

Add a console message if only one of privacyPolicy or termsOfService is defined.

Adding @seanmonstar's suggestion to the PR which already got a "looks good from here"

close #1438

Make the dialog window minimizable in Firefox.

Fix the unresponsive set password screen if the staging wsapi returned a throttled response.

(dev/ephemeral deployment) remove unneeded line from post-create script used for aws targeted deployments

use node 0.6.17 in dev and ephemeral deployments

Review and clean up the README

can configure kpi datastore url with env var

Logically the same as what was previously there.  

r+

Upgrade bcrypt to 0.7.1

exclude .svn in addition to .git when building RPM

update awsbox with generate_ephemeral_keys.js

This gets my seal of approval.  r+

Thanks @seanmonstar

close #2244

@6a68 - I am going to merge this in now, we can open separate issues/pull requests for the changes I asked for above.  I have tested this using both OSX and Ubuntu and am happy with this as a base level.

Nice work.

r+

a command-line tool for looking at browserid stuff in localStorage sqlite databases on Firefox, Chrome and Safari

@jrgm - this is a pretty awesome utility!

@jrgm - This is a pretty fantastic utility!  Two suggestions I have:

* Some documentation on where to find the default profiles would be helpful

Default profile locations:
```
Firefox: ~/Library/Application\ Support/Firefox/Profiles/<profile_name>
Chrome: ~/Library/Application\ Support/Google/Chrome/Default/
Safari: ~/Library/Safari/
```

* Change the last bcrypt.get_rounds to bcrypt.getRounds.
* Remove the bcrypt require from tests where it is not needed.
* Remove exports.get_rounds from bcrypt.js, it has been deprecated.

this adds Windows support to bcrypt, as long as you're
using nodejs >= 0.8.5

fixes deprecation warning since newer bcrypt has new API

add nodejs 0.8 to travis-ci

r+

This adds 0.8 in addition to 0.6 testing.

Change loggedInEmail to loggedInUser in the example RP

Give "next" button a unique ID.

Make sure only one is ever shown at a time.  Some further cleanup because tooltip code was fugly.