Refactor Panoptes authentication in all packages

[eatyourgreens]

Refactor usePanoptesUser to get the current user from the stored Panoptes JWT (#4766.) Fall back to auth.checkCurrent(), which gets a new session and token from the Panoptes API, if we don't have a stored token.

Refactor the classifier to authenticate in ClassifierContainer, waiting until sign-in is complete and all user data has loaded before rendering the Classifier component (#4845 and #4875.) Move all the workflow validation up to ClassifierContainer, so that we validate the workflow ID (from the URL) when the user has loaded, then pass down null to Classifier if they don't have permission to view that workflow.

Test ClassifierContainer, checking that:

• inactive workflows only load when you have permission to view them.
• the mock API for /subjects/queued is only called once.

Fix a bug, in the project app, where updating the project user in the project app's store will unmount and mount the classifier (#4946.)

Fix a bug where a project_roles request is continually made (closes #4975).

The Classifier component uses MobX observable data, but isn't wrapped in observer, so I've also fixed that here.

Please request review from @zooniverse/frontend team or an individual member of that team.

Package

• app-content-pages
• app-project
• lib-classifier

Linked Issue and/or Talk Post

• Closes Reflect on JWT payload for authentication  #4766.
• Closes Classifier user is null when logged in #4845.
• Closes Classifier: Subject Queue for logged-in users sometimes fetched twice #4875.
• Closes Classifier unmounts and remounts with a logged-in user #4946.
• Closes Multiple project_roles requests #4975.
• Client creates a new token for each page load/refresh panoptes-javascript-client#53

How to Review

This PR reflects on the Panoptes JSON Web Token to get the logged-in user for the project app, the content pages app and the classifier, which should be faster than pinging the API for the current user session and won’t ask Panoptes OAuth to generate a new token (zooniverse/panoptes-javascript-client#53.) If there's no stored token yet, it falls back to auth.checkCurrent(), which is currently used for all user checks.

You should be able to use any project, logged-in or not, and continue to use Admin Mode without any changes to the app's behaviour.

On page load, there should only be one request to /api/me to get the user resource.

Subjects should only be fetched once, with your access token, after you log in (#4875.)

Apps will still lose your stored session when they unload eg. when going from PFE to FEM on the same origin, or when going from the project app to the content pages app. That can be tested in staging, on the https://frontend.preview.zooniverse.org origin, after this PR merges.

Checklist

PR Creator - Please cater the checklist to fit the review needed for your code changes.
PR Reviewer - Use the checklist during your review. Each point should be checkmarked or discussed before PR approval.

General

• Tests are passing locally and on Github
• Documentation is up to date and changelog has been updated if appropriate
• You can yarn panic && yarn bootstrap or docker-compose up --build and FEM works as expected
• FEM works in all major desktop browsers: Firefox, Chrome, Edge, Safari (Use Browserstack account as needed)
• FEM works in a mobile browser

General UX

Example Staging Project: i-fancy-cats

• All pages of a FEM project load: Home Page, Classify Page, and About Pages
• Can submit a classification
• Can sign-in and sign-out
• The component is accessible
  • Can be used with a screen reader BBC guide to VoiceOver
  • Can be used from the keyboard WebAIM guide to keyboard testing
  • It is passing accessibility checks in the storybook

Refactoring

• The PR creator has described the reason for refactoring
• The refactored component(s) continue to work as expected

[coveralls]

coverage: 81.95% (-0.1%) from 82.064% when pulling 0d5f5d0 on panoptes-token-auth into 42c767a on master.

[eatyourgreens]

Adding the 'bug' label to this because it fixes a small bug in the classifier. When you are already logged in, on the Classify page, usePanoptesUser in the classifier returns null when the Classifier component first loads (#4845.)

[eatyourgreens]

You can try out a production build of this branch here:
https://fe-project-branch.preview.zooniverse.org/projects/zooniverse/gravity-spy

[goplayoutside3]

Looks good! I re-tested each of the Issues tagged here. The dev classifier runs as expected, as do the Zooniverse content pages and classifier storybook.

[goplayoutside3]

Question: Just for my understanding, what does the change here implement?

[eatyourgreens]

subjects.active is a reference (it's actually the subject ID.) References should be accessed via tryReference to avoid errors.

https://mobx-state-tree.js.org/API/#tryreference

[eatyourgreens]

The mock store errored on this line during cleanup, because subjects.active isn't always a valid reference when the store is destroyed.