(core) clean up a collection of small problems affecting grist-core

Summary:
 * Remove adjustSession hack, interfering with loading docs under saml.
 * Allow the anonymous user to receive an empty list of workspaces for
   the merged org.
 * Behave better on first page load when org is in path - this used to
   fail because of lack of cookie.  This is very visible in grist-core,
   as a failure to load localhost:8484 on first visit.
 * Mark cookie explicitly as SameSite=Lax to remove a warning in firefox.
 * Make errorPages available in grist-core.

This changes the default behavior of grist-core to now start off in
anonymous mode, with an explicit sign-in step available.  If SAML is not configured,
the sign-in operation will unconditionally sign the user in as a default
user, without any password check or other security.  The user email is
taken from GRIST_DEFAULT_EMAIL if set.  This is a significant change, but
makes anonymous mode available in grist-core (which is convenient
for testing) and makes behavior with and without SAML much more consistent.

Test Plan: updated test; manual (time to start adding grist-core tests though!)

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2980

stubs/app/server/lib/create.ts

@@ -1,17 +1,11 @@
 import {ActiveDoc} from 'app/server/lib/ActiveDoc';
 import {ICreate} from 'app/server/lib/ICreate';
-import {ScopedSession} from 'app/server/lib/BrowserSession';
 import {NSandboxCreator} from 'app/server/lib/NSandbox';
 
 // Use raw python - update when pynbox or other solution is set up for core.
 const sandboxCreator = new NSandboxCreator({defaultFlavor: 'unsandboxed'});
 
 export const create: ICreate = {
-  adjustSession(scopedSession: ScopedSession): void {
-    const email = process.env.GRIST_DEFAULT_EMAIL || 'anon@getgrist.com';
-    const profile = {email, name: email};
-    scopedSession.getSessionProfile = async () => profile;
-  },
   Billing() {
     return {
       addEndpoints() { /* do nothing */ },

stubs/app/server/lib/logins.ts

@@ -1,13 +1,9 @@
-import {GristLoginMiddleware, GristServer} from 'app/server/lib/GristServer';
-import {getSamlLoginMiddleware} from 'app/server/lib/SamlConfig';
+import { GristLoginMiddleware, GristServer } from 'app/server/lib/GristServer';
+import { getMinimalLoginMiddleware } from 'app/server/lib/MinimalLogin';
+import { getSamlLoginMiddleware } from 'app/server/lib/SamlConfig';
 
 export async function getLoginMiddleware(gristServer: GristServer): Promise<GristLoginMiddleware> {
   const saml = await getSamlLoginMiddleware(gristServer);
   if (saml) { return saml; }
-  return {
-    async getLoginRedirectUrl()  { throw new Error('logins not implemented'); },
-    async getLogoutRedirectUrl() { throw new Error('logins not implemented'); },
-    async getSignUpRedirectUrl() { throw new Error('logins not implemented'); },
-    addEndpoints() { return "no-logins"; }
-  };
+  return getMinimalLoginMiddleware(gristServer);
 }

stubs/app/server/server.ts

@@ -15,8 +15,8 @@ if (!debugging) {
   setDefaultEnv('GRIST_LOG_SKIP_HTTP', 'true');
 }
 
-// Use a distinct cookie.
-setDefaultEnv('GRIST_SESSION_COOKIE', 'grist_core');
+// Use a distinct cookie.  Bump version to 2.
+setDefaultEnv('GRIST_SESSION_COOKIE', 'grist_core2');
 
 import {updateDb} from 'app/server/lib/dbUtils';
 import {main as mergedServerMain} from 'app/server/mergedServerMain';
@@ -41,7 +41,7 @@ export async function main() {
     console.log('For full logs, re-run with DEBUG=1');
   }
 
-  // If SAML is not configured, there's no login system, so force a default email address.
+  // If SAML is not configured, there's no login system, so provide a default email address.
   if (!process.env.GRIST_SAML_SP_HOST) {
     setDefaultEnv('GRIST_DEFAULT_EMAIL', 'you@example.com');
   }