Refactor user processing and cookies into methods

Refactor user creation

Store and reload entire $_REQUEST

Only force relogins during GET request to doku.php

upped version

Save page only if there is text to be saved

Occasionally a page was deleted, i.e. saved with no text, upon relogin
forced by oauth. It is unclear how this was caused, but this fix should
prevent the

Save page only if there is text to be saved

Occasionally a page was deleted, i.e. saved with no text, upon relogin
forced by oauth. It is unclear how this was caused, but this fix should
prevent the deletion and show the page before editing to the user.

show more ...

Make getValidDomains more consistent and intuitive

Use more existing functions

Honor if registration is globally disabled in conf

Allow mailRestriction to multiple domains

upped version

Add option for custom redirect URI

If the wiki has per default a local TLD, it may be necessary to
specifies a public redirect URI for some services , e.g. Google, to
work.

Ensure a secure eMail restriction

Update plugin.info.txt

Make the restriction apply to all oauth domains

Do not use hd and only check user afterwards

Add error message for denied login.

Add conf option to deny all but one hosted domain

upped version

Relogin if session is lost or auth_sec_timeout

If the session is lost, possibly to bad server configuration, try a
silent relogin, if an cookie is present that indicates an oauth-session.

If auth_s

Relogin if session is lost or auth_sec_timeout

If the session is lost, possibly to bad server configuration, try a
silent relogin, if an cookie is present that indicates an oauth-session.

If auth_security_timeout is triggered try to re-login based on the
existing session data.

In both cases: Mostly correctly re-set the prvious state after re-login.
Some actions do not work as expected, e.g. pagination in old revisions.

It was decided not to use refresh-tokens. The desired functionality can be achieved by an online-relogin just as
good. Hence this should be prefered to the more user-security invasive
refresh-token mechanism.

show more ...

Delete auth cookie if auth cannot be verified

If one was logged out by the auth_security_timeout, one was unable to
log in via the plain plugin, because the auth cookie was still set to
oauth.

Redirect to original page, if the login is successful

Update email-adress in plugin.info.txt

Update email-adress in README

Version upped

Change default value from 'AllowAll' to ''