Remove "First time here?..." link

[jeena]

After I changed to "Only administrators can create new accounts" there is still the link: "First time here? Run the first–time setup." on the login page, this should be removed if you're not allowed to run it anyway.

[arturovm]

Yeah :| I'm still trying to decide what's the best strategy for implementing the first–time setup.

1. it opens up a vulnerability where anybody from the internet, prior the running the first time setup, can create an admin–level user and hijack the server
2. it just doesn't make much sense as it is... plus, the check the server does to determine if you can run the first–time setup is a bit hacky (basically it just queries the database for users and if the query returns more than 0 rows, it returns HTTP status 401)

The first–time setup page is hard–coded into the Go program, to have control over when it is displayed and when it is not (the other alternative is JavaScript and Angular partials, but users can always use "View Source").

A temporary solution to the link problem, is to add extra checks to the log in page Angular controller.

[jeena]

I don't see a problem with the 401, the check must be done if someone tries to get the resource, and it doesn't matter if it is because they clicked on a link or they wrote the url to the browser/curl. The hiding of the link is just to have a better ui, so using JS to do that is ok.