Remove form-input and form-validate directives

Coalesce anchoring status updates

Respond to CR feedback that the function of this code was unclear.

Profiling the test case in #556 showed significant overhead from the
processing involved in or triggered by each `UPDATE_ANCHOR_STATUS`
action handled by the store. Previously one `UPDATE_ANCHOR_STATUS`
action was dispatched for each annotation whose anchoring status
changed.

Improve the situation by making the `UPDATE_ANCHOR_STATUS` action handle
updates for multiple annotations at once and modifying the `frameSync`
service to coalesce anchoring status updates from the host page into
a smaller number of `UPDATE_ANCHOR_STATUS` actions.

Fixes #556

Historically annotations did not have local tags until after they had
been anchored in the page.

This is no longer the case as annotations are assigned local tags as
soon as they are added into the app state by ADD_ANNOTATIONS.

Therefore, it is no longer necessary for the UPDATE_ANCHOR_STATUS action
to support updating the tags of annotations or to support identifying
the annotation which has been anchored by its ID instead of its tag.

This is unused since the removal of the login form from the sidebar app.

This is now unused

These directives were used only by the inline login form which was
removed as part of the removal of cookie auth support.

There are still a couple of references to "form-input" in templates but
these are CSS classes used for styling purposes.

Remove cookie auth related code

Update docstrings in response to CR feedback. In particular, document
parameter and return types more clearly.

This is now obsolete since login always happens in a popup window.

Add missing page index bounds check

Strip unknown query params when generating Internet Archive embed URLs

Add OAuth client registration steps to developer docs

These tests previously existed for the cookie-based auth but needed to
be re-implemented following the switch-over to OAuth.

These dependencies are no longer used following the removal of the
legacy cookie auth and JWT-based API tokens.

After OAuth tokens are changed by another tab, a `session.load()` call
is needed to actually fetch an updated profile.

The `store.profile.read` operation which fetches the profile is done in
a loop until it succeeds, on the basis that network requests may fail if
connectivity is intermittent. The `update` step should always succeed
however, so move it out of the loop.

This token is not fetched from the service or sent to any requests to
the service when using OAuth.

This was only used when using cookie-based authentication

This commit removes several tests that are still relevant for OAuth,
such as caching of profile data. These will be re-implemented in a
subsequent commit.

Remove the runtime switching between cookie and OAuth authentication.

As long as we are using Yarn as the official way to manage exact
versions of the client, ignore npm v5+ lockfiles in the source tree.

The client uses Yarn rather than `npm` for package management. Having
the npm v5 lockfile present creates opportunities for the npm and Yarn
lockfiles to disagree on which versions of packages to install.

This happened with 'babelify' (v6.x in the npm lockfile, v7.x in Yarn).

When anchoring an annotation with a position and a quote selector, if
the position selector fails, then PDF anchoring searches page contents
starting with those pages nearest the position.

If the position selector's `start` offset was greater than the length of
the PDF's text, `prioritizePages` would try to fetch the text of page
indexes beyond the valid range, causing PDF.js to throw an exception and
quote anchoring to fail.

Fix this by adding a missing bounds check.

This is a partial fix for #558. It fixes anchoring of one of two test
annotations on that page. The other fails due to differences in the
extracted text between the HTML and PDF versions of the article.

Internet Archive details pages may include params in the query string
as well as "start" and "end" params in the path. In that case invalid
URLs were being generated.

Use a more robust approach to generating embed URLs and add some missing
test cases. Any unrecognized query params are ignored when generating
the embed URLs.

Add comments to clarify several issues raised during PR #554.

Also add a missing test case and a small cleanup for the function.

The conversion of start time and end time path params into query string
params is still not particularly robust but it is good enough for us to
do some initial testing in production.

embed internet archive videos