Update docstrings in response to CR feedback. In particular, document
parameter and return types more clearly.

This is now obsolete since login always happens in a popup window.

These tests previously existed for the cookie-based auth but needed to
be re-implemented following the switch-over to OAuth.

These dependencies are no longer used following the removal of the
legacy cookie auth and JWT-based API tokens.

After OAuth tokens are changed by another tab, a `session.load()` call
is needed to actually fetch an updated profile.

The `store.profile.read` operation which fetches the profile is done in
a loop until it succeeds, on the basis that network requests may fail if
connectivity is intermittent. The `update` step should always succeed
however, so move it out of the loop.

This token is not fetched from the service or sent to any requests to
the service when using OAuth.

This was only used when using cookie-based authentication

This commit removes several tests that are still relevant for OAuth,
such as caching of profile data. These will be re-implemented in a
subsequent commit.

Remove the runtime switching between cookie and OAuth authentication.

As long as we are using Yarn as the official way to manage exact
versions of the client, ignore npm v5+ lockfiles in the source tree.

The client uses Yarn rather than `npm` for package management. Having
the npm v5 lockfile present creates opportunities for the npm and Yarn
lockfiles to disagree on which versions of packages to install.

This happened with 'babelify' (v6.x in the npm lockfile, v7.x in Yarn).

Add comments to clarify several issues raised during PR #554.

Also add a missing test case and a small cleanup for the function.

The conversion of start time and end time path params into query string
params is still not particularly robust but it is good enough for us to
do some initial testing in production.

embed internet archive videos

Send search URIs to other frames by postMessage()

Add support for receiving postMessage() requests from other windows or
frames and responding by sending the list of search URIs that the client
is using for the current document to search the Hypothesis API for
annotations.

This can be used by our LTI app to get the search URIs when the student
submits an assignment. The app needs the search URIs to later search the
API for the student's annotations.

Make re-fetching of annotations when the logged-in user ID changes work with OAuth

The sidebar had two separate watchers checking for a change in the
current user ID and focused group, each of which independently called
`loadAnnotations`. Therefore if both changed at the same time,
annotations could be loaded twice. This happens when logging out if a
private group was selected prior to doing so, since the group switches
to "Public" at the same time as the userid becomes `null`.

This commit fixes the issue by consolidating the check for a change in
group ID and a change in user ID into a single watcher. If either or
both change, `loadAnnotations` will only be called once.

Refetching of annotations when the logged-in user ID changes was
previously triggered by a complete reload of the `<sidebar-content>`
component via a `$route.reload()` call. This happened in response to a
`USER_CHANGED` event except for the first time that the profile was
fetched.

When using OAuth this broke because the test for whether this was the
first profile fetch or not was based on a change from null => non null
CSRF token (see `isInitialLoad` initialization). When using OAuth
however, there is no CSRF token.

This commit reworks refetching of annotations to remove the route
reloading and instead trigger it in the same way that it is triggered
when frames connect or disconnect, by calling
`SidebarContentController#loadAnnotations` when the logged-in userid
changes.

Remove iframe size check

Since we now only enable annotation of iframes that are explicitly opted
in by the containing page, we can avoid checking the size of the iframe
as well. That check was originally added to filter out ads and hidden
iframes.

This resolves an issue with Epub.js where an iframe initially has zero
width. This is because book content is laid out into a variable number
of fixed-width columns and the iframe's width is set to the total width
of all columns. Until the content is loaded, the number of columns and
hence the width, is zero.

Stop exporting the main annotation layer object as `window.annotator`

The main application object in the code which runs in the host page was
made visible to other code on the page as `window.annotator`.

This export existed for legacy reasons (the client's Annotator.js
heritage), is not part of the public API of the client and we do not
make any effort to avoid breaking changes to it between releases.
Removing this export should prevent third parties writing code which
depends on its interface.

Adjust the preferred initial size of the OAuth popup window.