[low-prio] Use custom authentication system instead of Devise

[Splines]

Rails now comes with a very basic sessions generator. One can build upon that to set up your own authentification system as described in details in this blog post. We don't even use an external OAuth provider, so the guide should even be shorter for us.

This might also put us in a better situation to tackle the Shibboleth login (#42) since we will probably need a lot of customization and custom flows for this anyways.

But of course, setting this up on your own requires some time and good testing, so we should weigh the options we have. We could also try to integrate Shibboleth into the existing system, that should work too.

[fosterfarrell9]

I would strongly plead for staying with Devise. Building an own authentification system, making it secure and robust and make sure that it stays secure is something that we cannot deliver with limited ressources in my mind.

See e.g. this blog post.