Use localstorage instead of cookies for password hash

[duvholt]

Fixes #265

Implemented using a separate websocket event and only sends passwordhash to backend when needed.
Client reply is implemented using a saga that simply waits for the 'request action' and responds with a 'send action'.

[codecov]

Codecov Report

Merging #296 into master will increase coverage by 1.01%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master     #296      +/-   ##
==========================================
+ Coverage   86.96%   87.98%   +1.01%     
==========================================
  Files          20       24       +4     
  Lines         744      832      +88     
==========================================
+ Hits          647      732      +85     
- Misses         97      100       +3

Impacted Files	Coverage Δ
server/channels/index.js	82.92% <ø> (+1.53%)	⬆️
server/utils/generateTestData.js	100% <100%> (ø)	⬆️
server/channels/vote.js	86.53% <100%> (+0.53%)	⬆️
server/channels/connection.js	100% <100%> (ø)	⬆️
server/managers/user.js	90.69% <100%> (ø)	⬆️
server/utils/socketAction.js	100% <100%> (ø)
server/auth/user.js	100% <0%> (ø)	⬆️
server/auth/providers/ow4.js	84.21% <0%> (ø)
server/auth/conf.js	100% <0%> (ø)
... and 2 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 982fa94...fd8728c. Read the comment docs.

[sklirg]

The websocket emits events on a channel, so I'd say the function should be named waitForEvent and have channel as one of its parameters (instead of event as it has now).

Considering that we use "action" as the name for everything that goes through redux, I'm okay with leaving it as is.

This would also do something with the weird naming like socket.createAction.action, which probably should be socket.createEvent.action (or auth or admin), if I'm not mistaken.

TL;DR: naming things is hard

[duvholt]

In this case it is literally waiting for an action though. Yes, it uses events to do that, but it only cares about a single action from that event listener.
And regarding channel: both Nodejs and socketio use eventName to refer to what I have called event. I will consider changing it to eventName though.

I agree about socket.createAction. That started as an ugly hack that grew uglier. I think I'll rename it to emitEvent. Preferably it would just be named emit, but we have to mock that function for testing.

[sklirg]

I'm a bit uncertain on how Node handles these promises if e.g. 1000000 users open and quickly closes a WS connection (as a DoS attempt). NodeJS runtime will GC this if it's not referenced and/or in scope, so it most likely won't be an issue. It could be something to consider researching further, though.

[duvholt]

I think it will be garbage collected like everything else in connection when socket is disconnected.