Require Ueberauth 0.7 and implement its CSRF protection

[arjan]

This update makes Facebook login work again with the newest ueberauth

[yordis]

Thank you so much!

[njwest]

Is this change going to be published to Hex.pm soon?

[yordis]

@njwest I need @doomspork with the HEX API Token in the CI environment

[nbw]

@arjan @yordis I was the one that added the documentation for that state param. I'm totally on board with the new CSRF changes in 0.7, but I'm wondering how does one pass state now? Is that still possible? Apologies if I've missed something obvious. I've been reading through the original issue #135 CSRF PR, and this PR.

I use the state param to pass a few things I need for later.

And thanks arjan for the PR.

[yordis]

@nbw it seems that we need to give people control over the state value, we need to fix Ueberauth itself for that.

Would you mind opening an issue there and ping me?