authenticate: validate origin of signout (#1876)

* authenticate: validate origin of signout

- add a debug task to kill envoy
- improve various function docs
- userinfo: return "error" page if user is logged out without redirect uri set
- remove front channel logout. There's little difference between it, and the signout function.

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

internal/frontend/assets/html/userInfo.html

@@ -12,7 +12,13 @@
     <div class="header clearfix">
       <div class="heading">
         <a href="{{.RedirectURL}}" class="logo"></a>
-        <span><a class="button" href="{{.SignOutURL}}">Logout</a></span>
+            <span>
+              <form action="{{.SignOutURL}}" method="post">
+                {{.csrfField}}
+                <input type="hidden" name="pomerium_redirect_uri" value="{{.RedirectURL}}">
+                <input class="button" type="submit" value="Logout"/>
+              </form>
+            </span>
       </div>
     </div>
     <div class="content">

internal/frontend/assets/style/main.css

@@ -458,6 +458,7 @@ table tbody tr:nth-child(2n + 1) td {
   background: #f6f9fc;
 }
 
+input,
 button,
 a.button {
   background: #6e43e8;
@@ -468,22 +469,10 @@ a.button {
   color: #f6f9fc;
   font-weight: 500;
   padding: 0 12px;
-  /* line-height: 32px; */
   cursor: pointer;
   outline: none;
   display: inline-block;
   text-decoration: none;
   text-transform: none;
-}
-
-.button {
-  background: white;
-  box-shadow: rgba(0, 0, 0, 0) 0px 0px 0px 0px, rgba(0, 0, 0, 0) 0px 0px 0px 0px,
-    rgba(0, 0, 0, 0.12) 0px 1px 1px 0px, rgba(60, 66, 87, 0.16) 0px 0px 0px 1px,
-    rgba(0, 0, 0, 0) 0px 0px 0px 0px, rgba(0, 0, 0, 0) 0px 0px 0px 0px,
-    rgba(60, 66, 87, 0.12) 0px 2px 5px 0px;
-  /* box-shadow: 0 2px 5px 0 rgba(50, 50, 93, .20), 0 1px 1px 0 rgba(0, 0, 0, .14); */
-  color: var(--sail-color-text);
-  margin-top: 2px;
   transition: box-shadow 150ms ease-in-out;
 }