Modernize login (#5500)

This PR replaces the legacy Zend-based login form and authentication
controller with their ipl equivalents, and extracts the login page view
script markup into a reusable widget.

### Convert `LoginForm` to `CompatForm`
`LoginForm` now extends `CompatForm`, replacing
`init()`/`createElements()` with `__construct()`/`assemble()` and Zend
decorator arrays with inline ipl decorator objects. The
`CsrfCounterMeasure` and `FormUid` traits are added.

`getRedirectUrl()` is renamed to `createRedirectUrl()` to avoid
overriding `CompatForm::getRedirectUrl()`, using `hasBeenAssembled`
instead of `$this->created` and `str_contains()` instead of `strpos()`.
`onSuccess()` is rewritten for the CompatForm lifecycle: void return,
explicit `setRedirectUrl()` call, `Icinga::app()->getResponse()` instead
of `$this->getResponse()`, and `addMessage()` instead of `addError()`.

### New `LoginPage` widget to replace view script
Extracts the login page structure (logo, footer, social links,
decorative orbs) from `login.phtml` into a new `LoginPage` widget
extending `HtmlDocument`, so the markup is defined in one place and no
longer lives in a view script. Additional login buttons provided by
`LoginButtonHook` are now grouped in a `div.login-buttons` flex
container, rendered only when buttons are actually present.

### Convert `AuthenticationController` to `CompatController`
`AuthenticationController` now extends `CompatController`, dropping
`login.phtml` in favour of `LoginPage` and `addContent()`. The form is
built with an `ON_SUBMIT` handler for the redirect and an `ON_REQUEST`
handler delegating to `LoginForm::onRequest()`. Uses
`$this->getServerRequest()` instead of `ServerRequest::fromGlobals()`.

### CSS / JS fixes
- `login.less`: 
- `height: 100%` -> `100vh` on `#login` (now a grandchild of `#layout`
via `.content`)
- `.login-buttons` styled as a flex column with a row gap and top margin
  - per-`li` error styling, including spacing inside `.login-buttons`
  - `.icinga-form` width and control-group spacing
  - `align-items: center` on `.remember-me-box`
  - label `margin-right` reset for the disabled-state description
- `history.js`: `#layout > #login` -> `#layout #login` (direct-child
selector broke with the new nesting)
- `login-orbs.less`: fixes long-standing typo `#orb-notifactions` ->
`#orb-notifications`

Author: lippserd

application/controllers/AuthenticationController.php

@@ -5,7 +5,6 @@
 
 namespace Icinga\Controllers;
 
-use GuzzleHttp\Psr7\ServerRequest;
 use Icinga\Application\ClassLoader;
 use Icinga\Application\Hook\AuthenticationHook;
 use Icinga\Application\Hook\LoginButtonHook;
@@ -16,17 +15,20 @@
 use Icinga\Common\Database;
 use Icinga\Exception\AuthenticationException;
 use Icinga\Forms\Authentication\LoginForm;
-use Icinga\Web\Controller;
 use Icinga\Web\Helper\CookieHelper;
 use Icinga\Web\RememberMe;
 use Icinga\Web\Url;
+use Icinga\Web\Widget\LoginPage;
+use ipl\Html\Contract\Form;
+use ipl\Web\Compat\CompatController;
+use Psr\Http\Message\ServerRequestInterface;
 use RuntimeException;
 use Throwable;
 
 /**
  * Application wide controller for authentication
  */
-class AuthenticationController extends Controller
+class AuthenticationController extends CompatController
 {
     use Database;
 
@@ -49,7 +51,17 @@ public function loginAction()
         if (($requiresSetup = $icinga->requiresSetup()) && $icinga->setupTokenExists()) {
             $this->redirectNow(Url::fromPath('setup'));
         }
-        $form = new LoginForm();
+
+        $form = (new LoginForm())
+            ->setAction(Url::fromRequest()->getAbsoluteUrl())
+            ->on(Form::ON_SUBMIT, function (LoginForm $form) {
+                if ($redirectUrl = $form->getRedirectUrl()) {
+                    $this->redirectNow($redirectUrl);
+                }
+            })
+            ->on(Form::ON_REQUEST, function (ServerRequestInterface $_, LoginForm $form) {
+                $form->onRequest();
+            });
 
         if (RememberMe::hasCookie() && $this->hasDb()) {
             $authenticated = false;
@@ -81,14 +93,16 @@ public function loginAction()
             if ($redirect) {
                 $redirectUrl = Url::fromPath($redirect, [], $this->getRequest());
                 if ($redirectUrl->isExternal()) {
-                    $this->httpBadRequest('nope');
+                    $this->httpBadRequest('Redirect to an external host is not allowed');
                 }
             } else {
-                $redirectUrl = $form->getRedirectUrl();
+                $redirectUrl = $form->createRedirectUrl();
             }
 
             $this->redirectNow($redirectUrl);
         }
+
+        $request = $this->getServerRequest();
         if (! $requiresSetup) {
             $cookies = new CookieHelper($this->getRequest());
             if (! $cookies->isSupported()) {
@@ -99,11 +113,10 @@ public function loginAction()
                     ->sendResponse();
                 exit;
             }
-            $form->handleRequest();
+            $form->handleRequest($request);
         }
 
         $loginButtons = [];
-        $request = ServerRequest::fromGlobals();
 
         foreach (LoginButtonHook::all() as $class => $hook) {
             try {
@@ -115,7 +128,7 @@ public function loginAction()
                         $button,
                         ClassLoader::classBelongsToModule($class) ? ClassLoader::extractModuleName($class) : null
                     ))
-                        ->on(LoginButtonForm::ON_SUCCESS, function () use ($button): void {
+                        ->on(Form::ON_SUBMIT, function () use ($button): void {
                             ($button->onClick)();
                         })
                         ->handleRequest($request);
@@ -126,10 +139,10 @@ public function loginAction()
             }
         }
 
-        $this->view->form = $form;
-        $this->view->loginButtons = $loginButtons;
-        $this->view->defaultTitle = $this->translate('Icinga Web 2 Login');
-        $this->view->requiresSetup = $requiresSetup;
+        // Suppress the rendering of controls bar
+        $this->view->compact = true;
+        $this->setTitle($this->translate('Icinga Web 2 Login'));
+        $this->addContent(new LoginPage($form, $loginButtons, $requiresSetup));
     }
 
     /**