# Please enter a commit message to explain why this merge is necessary,
# especially if it merges an updated upstream into a topic branch.
#
# Lines starting with '#' will be ignored, and an empty message aborts
# the commit.
Adds `Accounts.validateLoginAttempt`, `Accounts.onLogin`, and
`Accounts.onLoginFailure`.
The process for logging in a user is consolidated in accounts-base,
which is now the only package which directly accesses login tokens in
the database.
All login methods now go through `Accounts._loginMethod`, which
ensures that exceptions are captured and login hooks are called in all
cases.
The callback hook implementation code from livedata is extracted into
an internal `callback-hook` package, where it can be used by accounts.
This is less efficient, as we don't actually need to compute it every time.
However, I think this is pretty small compared to the other work we're doing
(string splitting via regexp, string copies, etc).
This makes the code clearer and easier to understand, as all the code is in
one place. Also, it was distracting at the top of the file as it came before
the commit saying what was in the file.
This syntax has a bug where it relies on having html5-tokenizer on the client, code which was written for the server (and uses Function.bind, defineGetter, etc.).
The plan is to deprecate/remove this syntax anyway, i.e. not allow
you to say `<x {{{attrs}}}>` and then have `attrs` evaluate to a string like
'key1="value1" key2="value2"' at runtime. Constructing these strings is error-prone and likely to be insecure.
Instead, you'll have your choice of double-stache in an attribute value, with or without quotes (`<a b={{c}}>`, or `<a b="{{c}} {{d}}"`, or even `<a b={{c}}-{{d}}>`), or double-stache at the top level of a tag, as in `<a {{b}}>`, in which case `b` must be either a dictionary of attribute names and values or a string containing at most a single attribute name (e.g. "selected" or "").
