Revert "Moves some files, adds notes, starts poc for back office login providers"

Signed-off-by: Bjarke Berg <mail@bergmania.dk>

src/Umbraco.Web.BackOffice/Controllers/BackOfficeController.cs

@@ -34,11 +34,10 @@ using Microsoft.AspNetCore.Identity;
 using System.Security.Claims;
 using Microsoft.AspNetCore.Http;
 using Umbraco.Web.Security;
-using Umbraco.Web.BackOffice.Security;
 
 namespace Umbraco.Web.BackOffice.Controllers
 {
-    [DisableBrowserCache]
+    [DisableBrowserCache] //TODO Reintroduce
     //[UmbracoRequireHttps] //TODO Reintroduce
     [PluginController(Constants.Web.Mvc.BackOfficeArea)]
     public class BackOfficeController : UmbracoController
@@ -414,7 +413,7 @@ namespace Umbraco.Web.BackOffice.Controllers
             }
             else
             {
-                autoLinkOptions = _externalLogins.Get(authType.Name)?.AutoLinkOptions;
+                autoLinkOptions = _externalLogins.Get(authType.Name);
             }
 
             // Sign in the user with this external login provider if the user already has a login
@@ -461,9 +460,7 @@ namespace Umbraco.Web.BackOffice.Controllers
                 return false;
 
             if (autoLinkOptions.AutoLinkExternalAccount == false)
-            {
                 return true; // TODO: This seems weird to return true, but it was like that before so must be a reason?
-            }   
 
             var email = loginInfo.Principal.FindFirstValue(ClaimTypes.Email);
 
@@ -581,6 +578,10 @@ namespace Umbraco.Web.BackOffice.Controllers
             }
         }
 
+        // Used for XSRF protection when adding external logins
+        // TODO: This is duplicated in BackOfficeSignInManager
+        private const string XsrfKey = "XsrfId";
+
         private IActionResult RedirectToLocal(string returnUrl)
         {
             if (Url.IsLocalUrl(returnUrl))