auth: 13568ac73ac3

Note the potential for CSRF attacks. Our auth provider probably shouldn't have security vulnerabilities. Add TODOs to ensure that logging in and authorizing a grant are not susceptible to CSRF attacks, or it becomes pretty easy for an attacker to gain access to user data or to gain access to a user account.

     1.1 --- a/context.go	Sat Aug 16 05:33:23 2014 -0400
     1.2 +++ b/context.go	Sat Aug 16 06:18:09 2014 -0400
     1.3 @@ -65,6 +65,7 @@
     1.4  		log.Println("Confirmation template is nil, can't render confirmation.")
     1.5  		return
     1.6  	}
     1.7 +	// TODO: CSRF prevention
     1.8  	err := c.Templates.Confirmation.Execute(w, nil)
     1.9  	if err != nil {
    1.10  		log.Printf("Error executing confirmation template: %s\n", err)
    1.11 @@ -77,6 +78,7 @@
    1.12  		log.Println("Login template is nil, can't render confirmation.")
    1.13  		return
    1.14  	}
    1.15 +	// TODO: CSRF prevention
    1.16  	err := c.Templates.Login.Execute(w, nil)
    1.17  	if err != nil {
    1.18  		log.Printf("Error executing login template: %s\n", err)