Adds `Accounts.validateLoginAttempt`, `Accounts.onLogin`, and
`Accounts.onLoginFailure`.
The process for logging in a user is consolidated in accounts-base,
which is now the only package which directly accesses login tokens in
the database.
All login methods now go through `Accounts._loginMethod`, which
ensures that exceptions are captured and login hooks are called in all
cases.
The callback hook implementation code from livedata is extracted into
an internal `callback-hook` package, where it can be used by accounts.
Document `Meteor.onConnection` instead of `Meteor.server.onConnection`.
Condense sections about when there is a session reconnect into a
single {{note}}.
Document the `stop` handle returned by `onConnect`.
Document `this.session` in Meteor.methods section.
- Remove starter-browser-policy and replace it with
BrowserPolicy.enableContentSecurityPolicy(), which gives you the starter
policy and allows you to use the other BrowserPolicy functions to configure
it. This is motivated by the fact that the API isn't very intuitive without a
well-defined starting policy. ex: if the package starts off without a policy,
and then the user calls allowAllContentSameOrigin(), that will result in
turning off inline scripts, which is probably not what they wanted.
- AllContent functions do more of what you'd expect now;
i.e. BrowserPolicy.disallowAllContent() actually disallows all content,
instead of setting default-src to 'none', which will allow other types of
content that have previously had srcs set for them.
- Add some tests
This code depends on PR 680. In addition, the docs include a link to
the proposed AppCache wiki page.
Adds the appcache smart package and associated documentation.
QA notes are in packages/appcache/QA.md (Is this a good place to put
them?)
