cookie is the authority on if user is signed in

[Bjvanminnen]

This hasn't been fully tested yet, but I wanted to get feedback on the approach first. I'm not certain how I feel about this - I like that there become a lot fewer ways of checking/setting sign in state, but don't like how it requires sticking data on window.

A recent change (https://github.com/code-dot-org/code-dot-org/pull/18299/files) tried to take advantage of the work we already do to cache user name for our sign in button in the upper right. It had some incorrect understandings, which are currently harmless, but only because that code wouldnt (currently) be called on any cached-scripts.

How that user cache actually works

• In user_header.haml we create some DOM that has the name/id of the current_user set. On cached pages this will still be nil
• We later execute some JS on that page that looks for a cookie, and if that cookie has a different name, it updates the DOM to have the correct name

What this PR does

• Instead of trying to figure out sign in state in a bunch of different places, let the cookie be the canonical representation (with fallback to looking at the DOM).
• As part of code-studio, look for the cookie, and then dispatch an action to our store where having the cookie implies we're signed in.
• One challenge is that because this cookie is keyed off of rack_env, we need to let dashboard tell us where to find the cookie somehow. It might be that there's a better way to do this.

[Bjvanminnen]

Should probably always dispatch setUserSignedIn, but with false if we don't have our cookie.

[Bjvanminnen]

Don't really like this, but not sure how I can do better. One option would be to instead pass rack_env and let client generate cookieKey from this

[islemaster]

I don't mind this actually - and I think it's strictly better than duplicating the logic for constructing the key from the environment on the client. As a cross-cutting concern and (I think) strictly a constant within its rack_env I don't think this pollutes the global namespace too much.

[Bjvanminnen]

I think the only way this happens is if the user deletes their cookies. In that case, we'll still fill in their user name correctly on non-cached scripts because the server set dataset.id. We should be as resilient as the header button.

[islemaster]

I don't understand how this works. Does Rails have a way to identify the user's session that doesn't depend on cookies?

[Bjvanminnen]

Good question. I only deleted the _shortName cookie. I think there's another session cookie that probably still has user info (and allows the server to reconstruct the _shortName cookie). That does mean we probably don't really need to care about this scenario since people are probably deleting all of their cookies (in which case server shouldnt know who you are) or none of them.

[islemaster]

This is relevant to my electron work - I'll read through it soon.

[Bjvanminnen]

One other thing to note is that at this point signInState probably deserves its own reducer - progress doesn't really seem like the right place for it. I'm not going to make that change at this point though.

[Bjvanminnen]

This definitely feels out of place in this file. I think it's okay for now, but in the future sign in state probably deserves its own reducer.

[Bjvanminnen]

@islemaster This is now ready for a real review. I did a little bit of refactoring, and also adding some tests. Thanks!