From fce15599646c9a9ce009ff00564715afe586059c Mon Sep 17 00:00:00 2001
From: Seth Vargo <seth@sethvargo.com>
Date: Fri, 11 Sep 2020 15:45:18 -0400
Subject: [PATCH 1/6] Move realm selection to login package

---
 cmd/server/assets/{realms/select.html => login/select-realm.html} | 0
 pkg/controller/{realm/index.go => login/select.go}                | 0
 2 files changed, 0 insertions(+), 0 deletions(-)
 rename cmd/server/assets/{realms/select.html => login/select-realm.html} (100%)
 rename pkg/controller/{realm/index.go => login/select.go} (100%)

diff --git a/cmd/server/assets/realms/select.html b/cmd/server/assets/login/select-realm.html
similarity index 100%
rename from cmd/server/assets/realms/select.html
rename to cmd/server/assets/login/select-realm.html
diff --git a/pkg/controller/realm/index.go b/pkg/controller/login/select.go
similarity index 100%
rename from pkg/controller/realm/index.go
rename to pkg/controller/login/select.go

From cd4a018bdbfb3c85e4e2be1ae8f134338dad2496 Mon Sep 17 00:00:00 2001
From: Seth Vargo <seth@sethvargo.com>
Date: Fri, 11 Sep 2020 16:31:56 -0400
Subject: [PATCH 2/6] Use a pill instead of changing the background

---
 cmd/server/assets/login/select-realm.html | 56 ++++++++++++++---------
 1 file changed, 34 insertions(+), 22 deletions(-)

diff --git a/cmd/server/assets/login/select-realm.html b/cmd/server/assets/login/select-realm.html
index cbd45c4ee..f79245d71 100644
--- a/cmd/server/assets/login/select-realm.html
+++ b/cmd/server/assets/login/select-realm.html
@@ -17,30 +17,42 @@
     {{template "flash" .}}
 
     <h1>Select your realm</h1>
-    <p class="mb-4">
-      You are a member of multiple realms - please select one to continue. You
-      can switch to another realm at any time.
-    </p>
+    {{if $realms}}
+      <p class="mb-3">
+        You are a member of multiple realms - please select one to continue. You
+        can switch to another realm at any time.
+      </p>
 
-    <div class="list-group">
-    {{range $realm := $realms}}
-      <form action="/realm/select" method="POST">
-        {{$csrfField}}
-        <input type="hidden" name="realm" value="{{$realm.ID}}" />
-        <a href="#" class="w-100 d-flex flex-row justify-content-between align-items-center align-self-center list-group-item list-group-item-action {{if $currentRealm }}{{if eq $currentRealm.Name $realm.Name}}active{{end}}{{end}}" data-submit-form>
-          <div>
-            <h5 class="mb-1">{{$realm.Name}}</h5>
-            {{if $realm.RegionCode}}
-            <p class="mb-1">{{$realm.RegionCode}}</p>
-            {{end}}
-          </div>
-          <div>
-            <span class="oi oi-arrow-right" aria-hidden="true"></span>
-          </div>
-        </a>
-      </form>
+      <div class="list-group mb-3">
+      {{range $realm := $realms}}
+        <form action="/login/select-realm" method="POST">
+          {{$csrfField}}
+          <input type="hidden" name="realm" value="{{$realm.ID}}" />
+          <a href="#" class="w-100 d-flex flex-row justify-content-between align-items-center align-self-center list-group-item list-group-item-action" data-submit-form>
+            <div>
+              <h5 class="mb-1">
+                {{$realm.Name}}
+                {{if $currentRealm}}{{if eq $currentRealm.ID $realm.ID}}
+                <span class="badge badge-secondary float-right ml-2">currently selected</span>
+                {{end}}{{end}}
+              </h5>
+              {{if $realm.RegionCode}}
+              <p class="mb-1">{{$realm.RegionCode}}</p>
+              {{end}}
+            </div>
+            <div>
+              <span class="oi oi-arrow-right" aria-hidden="true"></span>
+            </div>
+          </a>
+        </form>
+      {{end}}
+      </div>
+    {{else}}
+      <p class="mb-3">
+        You are not a member of any realms. Contact your realm administrator for
+        assistance.
+      </p>
     {{end}}
-    </div>
   </main>
 
   {{template "scripts" .}}

From b918665fc93b197eb9d948b6b35879a37a7875fa Mon Sep 17 00:00:00 2001
From: Seth Vargo <seth@sethvargo.com>
Date: Fri, 11 Sep 2020 16:33:01 -0400
Subject: [PATCH 3/6] Rename verify email

---
 cmd/server/assets/login/{verifyemail.html => verify-email.html} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename cmd/server/assets/login/{verifyemail.html => verify-email.html} (100%)

diff --git a/cmd/server/assets/login/verifyemail.html b/cmd/server/assets/login/verify-email.html
similarity index 100%
rename from cmd/server/assets/login/verifyemail.html
rename to cmd/server/assets/login/verify-email.html

From 66ea845e98de6cafadcd32a142df1a8f190550bd Mon Sep 17 00:00:00 2001
From: Seth Vargo <seth@sethvargo.com>
Date: Fri, 11 Sep 2020 16:34:41 -0400
Subject: [PATCH 4/6] Rename register phone

---
 .../assets/login/{registerphone.html => register-phone.html}      | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename cmd/server/assets/login/{registerphone.html => register-phone.html} (100%)

diff --git a/cmd/server/assets/login/registerphone.html b/cmd/server/assets/login/register-phone.html
similarity index 100%
rename from cmd/server/assets/login/registerphone.html
rename to cmd/server/assets/login/register-phone.html

From 1b49ae4c16ff224e3a67deff49c0c8ac9df5853c Mon Sep 17 00:00:00 2001
From: Seth Vargo <seth@sethvargo.com>
Date: Fri, 11 Sep 2020 16:35:26 -0400
Subject: [PATCH 5/6] Rename reset password

---
 .../assets/login/{resetpassword.html => reset-password.html}      | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename cmd/server/assets/login/{resetpassword.html => reset-password.html} (100%)

diff --git a/cmd/server/assets/login/resetpassword.html b/cmd/server/assets/login/reset-password.html
similarity index 100%
rename from cmd/server/assets/login/resetpassword.html
rename to cmd/server/assets/login/reset-password.html

From d9a37cead5fb037cb06f063e13f852765231dec3 Mon Sep 17 00:00:00 2001
From: Seth Vargo <seth@sethvargo.com>
Date: Fri, 11 Sep 2020 18:45:35 -0400
Subject: [PATCH 6/6] Standardize a bunch of UX and file structures

---
 cmd/server/assets/admin/new.html              | 143 +++++++++---------
 cmd/server/assets/admin/realms.html           |   4 +-
 cmd/server/assets/apikeys/edit.html           |  55 +++----
 cmd/server/assets/apikeys/index.html          |   4 +-
 cmd/server/assets/apikeys/new.html            |  50 +++---
 cmd/server/assets/apikeys/show.html           |   8 +-
 cmd/server/assets/codestatus/index.html       |  10 +-
 cmd/server/assets/codestatus/show.html        |  81 +++++-----
 cmd/server/assets/header.html                 |   5 +-
 cmd/server/assets/home.html                   |  12 +-
 cmd/server/assets/login/_loginscripts.html    |   2 +-
 cmd/server/assets/login/login.html            |   2 +-
 cmd/server/assets/login/register-phone.html   |  76 +++++-----
 cmd/server/assets/login/reset-password.html   |   2 +-
 cmd/server/assets/login/select-realm.html     |  86 ++++++-----
 cmd/server/assets/login/signout.html          |   7 +-
 cmd/server/assets/login/verify-email.html     |  38 ++---
 cmd/server/assets/realm.html                  |  12 +-
 cmd/server/assets/realmkeys.html              |  11 +-
 cmd/server/assets/realmstats.html             |   7 +-
 cmd/server/assets/users/_form.html            |  67 ++++----
 cmd/server/assets/users/edit.html             |   5 +-
 cmd/server/assets/users/index.html            |   4 +-
 cmd/server/assets/users/new.html              |   4 +-
 cmd/server/assets/users/show.html             |   8 +-
 cmd/server/main.go                            |  56 +++----
 pkg/controller/controller.go                  |   4 +-
 pkg/controller/login/register.go              |   2 +-
 .../{resetpassword.go => reset_password.go}   |   2 +-
 pkg/controller/login/select.go                |  76 +++++++---
 .../login/{verifyemail.go => verify_email.go} |   2 +-
 pkg/controller/middleware/emailverified.go    |   2 +-
 pkg/controller/realm/realm.go                 |  47 ------
 pkg/controller/realm/select.go                |  70 ---------
 34 files changed, 424 insertions(+), 540 deletions(-)
 rename pkg/controller/login/{resetpassword.go => reset_password.go} (95%)
 rename pkg/controller/login/{verifyemail.go => verify_email.go} (95%)
 delete mode 100644 pkg/controller/realm/realm.go
 delete mode 100644 pkg/controller/realm/select.go

diff --git a/cmd/server/assets/admin/new.html b/cmd/server/assets/admin/new.html
index 6939cfa2f..5f55a042d 100644
--- a/cmd/server/assets/admin/new.html
+++ b/cmd/server/assets/admin/new.html
@@ -6,9 +6,10 @@
 <html lang="en">
 <head>
   {{template "head" .}}
+  {{template "floatingform" .}}
 </head>
 
-<body>
+<body class="bg-light">
   {{template "navbar" .}}
 
   <main role="main" class="container">
@@ -19,98 +20,90 @@ <h1>New realm</h1>
       Use the form below to create a new realm.
     </p>
 
-    <div class="card mb-3">
+    <div class="card mb-3 shadow-sm">
       <div class="card-header">Details</div>
       <div class="card-body">
         <form method="POST" action="/admin/realms/create">
           {{ .csrfField }}
 
-          <div class="form-group row">
-            <label for="name" class="col-sm-3">Name:</label>
-            <div class="col-sm-9">
-              <input type="text" id="name" name="name" class="form-control{{if $realm.ErrorsFor "name"}} is-invalid{{end}}" value="{{$realm.Name}}" />
-              {{if $realm.ErrorsFor "name"}}
-              <div class="invalid-feedback">
-                {{joinStrings ($realm.ErrorsFor "name") ", "}}
-              </div>
-              {{end}}
+          <div class="form-label-group">
+            <input type="text" id="name" name="name" class="form-control{{if $realm.ErrorsFor "name"}} is-invalid{{end}}" value="{{$realm.Name}}" placeholder="Realm name" />
+            <label for="name">Realm name</label>
+            {{if $realm.ErrorsFor "name"}}
+            <div class="invalid-feedback">
+              {{joinStrings ($realm.ErrorsFor "name") ", "}}
             </div>
+            {{end}}
+            <small class="form-text text-muted">
+              The realm name should be descriptive. It must also be globally
+              unique.
+            </small>
           </div>
 
-          <div class="form-group row">
-            <label for="name" class="col-sm-3">Region code:</label>
-            <div class="col-sm-9">
-              <input type="text" id="regionCode" name="regionCode" class="form-control{{if $realm.ErrorsFor "regionCode"}} is-invalid{{end}}" value="{{$realm.RegionCode}}" />
-              {{if $realm.ErrorsFor "regionCode"}}
-              <div class="invalid-feedback">
-                {{joinStrings ($realm.ErrorsFor "regionCode") ", "}}
-              </div>
-              {{end}}
-              <small class="form-text text-muted">
-                Used in creating deep link SMS for multi-helath authority apps. Region should
-                be <a href="https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes">ISO 3166-1 country codes and ISO 3166-2 subdivision codes</a> where applicable.
-                For example, Washington State would be <code>US-WA</code>.
-              </small>
+          <div class="form-label-group">
+            <input type="text" id="regionCode" name="regionCode" class="form-control{{if $realm.ErrorsFor "regionCode"}} is-invalid{{end}}" value="{{$realm.RegionCode}}" placeholder="Region code" />
+            <label for="name">Region code</label>
+            {{if $realm.ErrorsFor "regionCode"}}
+            <div class="invalid-feedback">
+              {{joinStrings ($realm.ErrorsFor "regionCode") ", "}}
             </div>
+            {{end}}
+            <small class="form-text text-muted">
+              Used in creating deep link SMS for multi-helath authority apps. Region should
+              be <a href="https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes">ISO 3166-1 country codes and ISO 3166-2 subdivision codes</a> where applicable.
+              For example, Washington State would be <code>US-WA</code>.
+            </small>
           </div>
 
           {{if .supportsPerRealmSigning}}
-          <div class="form-group row">
-            <label for="type" class="col-sm-3">Certificate signing keys:</label>
-            <div class="col-sm-9">
-              <select class="form-control{{if $realm.ErrorsFor "UseRealmCertificateKey"}} is-invalid{{end}}" name="useRealmCertificateKey" id="useRealmCertificateKey">
-                <option value="true" {{if $realm.UseRealmCertificateKey}}selected{{end}}>Create realm specific signing key</option>
-                <option value="false" {{if not $realm.UseRealmCertificateKey}}selected{{end}}>Use system signing key</option>
-              </select>
-              {{if $realm.ErrorsFor "UseRealmCertificateKey"}}
-              <div class="invalid-feedback">
-                {{joinStrings ($realm.ErrorsFor "UseRealmCertificateKey") ", "}}
-              </div>
-              {{end}}
-              <small class="form-text text-muted">
-                It is recommended that you create a realm specific signing key when creating a new realm. However, it
-                is important to note that this once a realm is created, you cannot switch back to using the system
-                signing key.
-              </small>
+          <div class="form-group">
+            <select class="form-control{{if $realm.ErrorsFor "UseRealmCertificateKey"}} is-invalid{{end}}" name="useRealmCertificateKey" id="useRealmCertificateKey">
+              <option value="true" {{if $realm.UseRealmCertificateKey}}selected{{end}}>Create realm-specific signing key</option>
+              <option value="false" {{if not $realm.UseRealmCertificateKey}}selected{{end}}>Use system signing key</option>
+            </select>
+            {{if $realm.ErrorsFor "UseRealmCertificateKey"}}
+            <div class="invalid-feedback">
+              {{joinStrings ($realm.ErrorsFor "UseRealmCertificateKey") ", "}}
             </div>
+            {{end}}
+            <small class="form-text text-muted">
+              It is recommended that you create a realm-specific signing key when creating a new realm. However, it
+              is important to note that this once a realm is created, you cannot switch back to using the system
+              signing key.
+            </small>
           </div>
-          
-          <div class="form-group row">
-            <label for="name" class="col-sm-3">Issuer (iss):</label>
-            <div class="col-sm-9">
-              <input type="text" id="certificateIssuer" name="certificateIssuer" class="form-control{{if $realm.ErrorsFor "certificateIssuer"}} is-invalid{{end}}" value="{{$realm.CertificateIssuer}}" />
-              {{if $realm.ErrorsFor "certificateIssuer"}}
-                <div class="invalid-feedback">
-                  {{joinStrings ($realm.ErrorsFor "certificateIssuer") ", "}}
-                </div>
-              {{end}}
-              <small class="form-text text-muted">
-                This value is specific to the health authority.<br/>After created using realm specific keys, this field cannot be changed.
-              </small>
-            </div>
+
+          <div class="form-label-group">
+            <input type="text" id="certificateIssuer" name="certificateIssuer" class="form-control{{if $realm.ErrorsFor "certificateIssuer"}} is-invalid{{end}}" value="{{$realm.CertificateIssuer}}" placeholder="Issuer (iss)" />
+            <label for="name">Issuer (iss)</label>
+            {{if $realm.ErrorsFor "certificateIssuer"}}
+              <div class="invalid-feedback">
+                {{joinStrings ($realm.ErrorsFor "certificateIssuer") ", "}}
+              </div>
+            {{end}}
+            <small class="form-text text-muted">
+              This value is specific to the health authority. After created
+              using realm-specific keys, this field cannot be changed.
+            </small>
           </div>
-          <div class="form-group row">
-            <label for="name" class="col-sm-3">Audience (aud):</label>
-            <div class="col-sm-9">
-              <input type="text" id="certificateAudiance" name="certificateAudiance" class="form-control{{if $realm.ErrorsFor "certificateAudience"}} is-invalid{{end}}" value="{{$realm.CertificateAudience}}" />
-              {{if $realm.ErrorsFor "certificateAudience"}}
-                <div class="invalid-feedback">
-                  {{joinStrings ($realm.ErrorsFor "certificateAudience") ", "}}
-                </div>
-              {{end}}
-              <small class="form-text text-muted">
-                The audience (<tt>aud</tt>) value is provided the <em>key server</em> operator.<br/>
-                After upgrading to use realm specific keys, this field cannot be changed.
-              </small>
-            </div>
+
+          <div class="form-label-group">
+            <input type="text" id="certificateAudiance" name="certificateAudiance" class="form-control{{if $realm.ErrorsFor "certificateAudience"}} is-invalid{{end}}" value="{{$realm.CertificateAudience}}" placeholder="Audience (aud)" />
+            <label for="name">Audience (aud)</label>
+            {{if $realm.ErrorsFor "certificateAudience"}}
+              <div class="invalid-feedback">
+                {{joinStrings ($realm.ErrorsFor "certificateAudience") ", "}}
+              </div>
+            {{end}}
+            <small class="form-text text-muted">
+              The audience (<code>aud</code>) value is provided the <em>key
+              server</em> operator. After upgrading to use realm-specific keys,
+              this field cannot be changed.
+            </small>
           </div>
           {{end}}
 
-          <div class="form-group row">
-            <div class="offset-sm-3 col-sm-9">
-              <button type="submit" class="btn btn-primary btn-block">Create realm</button>
-            </div>
-          </div>
+          <button type="submit" class="btn btn-primary btn-block">Create realm</button>
         </form>
       </div>
     </div>
diff --git a/cmd/server/assets/admin/realms.html b/cmd/server/assets/admin/realms.html
index c62e846f7..adcf97cfe 100644
--- a/cmd/server/assets/admin/realms.html
+++ b/cmd/server/assets/admin/realms.html
@@ -6,7 +6,7 @@
   {{template "head" .}}
 </head>
 
-<body>
+<body class="bg-light">
   {{template "navbar" .}}
 
   <main role="main" class="container">
@@ -19,7 +19,7 @@ <h1>Realms</h1>
 
     {{if .realms}}
     <div class="table-responsive">
-      <table class="table table-bordered table-striped">
+      <table class="table table-bordered table-striped bg-white">
         <thead>
           <tr>
             <th scope="col">Name</th>
diff --git a/cmd/server/assets/apikeys/edit.html b/cmd/server/assets/apikeys/edit.html
index dbb875aa1..b35ca3cea 100644
--- a/cmd/server/assets/apikeys/edit.html
+++ b/cmd/server/assets/apikeys/edit.html
@@ -6,9 +6,10 @@
 <html lang="en">
 <head>
   {{template "head" .}}
+  {{template "floatingform" .}}
 </head>
 
-<body>
+<body class="bg-light">
   {{template "navbar" .}}
 
   <main role="main" class="container">
@@ -19,46 +20,38 @@ <h1>Edit API key</h1>
       Use the form below to edit the API key.
     </p>
 
-    <div class="card mb-3">
+    <div class="card mb-3 shadow-sm">
       <div class="card-header">Details</div>
       <div class="card-body">
         <form method="POST" action="/apikeys/{{$authApp.ID}}">
           <input type="hidden" name="_method" value="PATCH">
           {{ .csrfField }}
 
-          <div class="form-group row">
-            <label for="name" class="col-sm-3">App name:</label>
-            <div class="col-sm-9">
-              <input type="text" id="name" name="name" class="form-control{{if $authApp.ErrorsFor "name"}} is-invalid{{end}}" value="{{$authApp.Name}}">
-              {{if $authApp.ErrorsFor "name"}}
-              <div class="invalid-feedback">
-                {{joinStrings ($authApp.ErrorsFor "name") ", "}}
-              </div>
-              {{end}}
-            </div>
-          </div>
-          <div class="form-group row">
-            <label for="type" class="col-sm-3">Type:</label>
-            <div class="col-sm-9">
-              <select class="form-control" name="type" id="type" disabled>
-                <option selected>
-                  {{if (eq $authApp.APIKeyType 0)}}
-                    Device (can verify codes)
-                  {{else if (eq $authApp.APIKeyType 1)}}
-                    Admin (can issue codes)
-                  {{else}}
-                    Unknown
-                  {{end}}
-                </option>
-              </select>
+          <div class="form-label-group">
+            <input type="text" id="name" name="name" class="form-control{{if $authApp.ErrorsFor "name"}} is-invalid{{end}}" value="{{$authApp.Name}}" placeholder="Application name" autofocus>
+            <label for="name">Application name</label>
+            {{if $authApp.ErrorsFor "name"}}
+            <div class="invalid-feedback">
+              {{joinStrings ($authApp.ErrorsFor "name") ", "}}
             </div>
+            {{end}}
           </div>
 
-          <div class="form-group row">
-            <div class="offset-sm-3 col-sm-9">
-              <button type="submit" class="btn btn-primary btn-block">Update API key</button>
-            </div>
+          <div class="form-group">
+            <select class="form-control" name="type" id="type" disabled>
+              <option selected>
+                {{if (eq $authApp.APIKeyType 0)}}
+                  Device (can verify codes)
+                {{else if (eq $authApp.APIKeyType 1)}}
+                  Admin (can issue codes)
+                {{else}}
+                  Unknown
+                {{end}}
+              </option>
+            </select>
           </div>
+
+          <button type="submit" class="btn btn-primary btn-block">Update API key</button>
         </form>
       </div>
     </div>
diff --git a/cmd/server/assets/apikeys/index.html b/cmd/server/assets/apikeys/index.html
index 078c1e409..d2d4b900b 100644
--- a/cmd/server/assets/apikeys/index.html
+++ b/cmd/server/assets/apikeys/index.html
@@ -8,7 +8,7 @@
   {{template "head" .}}
 </head>
 
-<body>
+<body class="bg-light">
   {{template "navbar" .}}
 
   <main role="main" class="container">
@@ -22,7 +22,7 @@ <h1>API keys</h1>
 
     {{if .apps}}
     <div class="table-responsive">
-      <table class="table table-bordered table-striped">
+      <table class="table table-bordered table-striped bg-white">
         <thead>
           <tr>
             <th scope="col">App</th>
diff --git a/cmd/server/assets/apikeys/new.html b/cmd/server/assets/apikeys/new.html
index 4e7d574ec..85609f4bd 100644
--- a/cmd/server/assets/apikeys/new.html
+++ b/cmd/server/assets/apikeys/new.html
@@ -6,9 +6,10 @@
 <html lang="en">
 <head>
   {{template "head" .}}
+  {{template "floatingform" .}}
 </head>
 
-<body>
+<body class="bg-light">
   {{template "navbar" .}}
 
   <main role="main" class="container">
@@ -19,45 +20,36 @@ <h1>New API key</h1>
       Use the form below to create a new API key.
     </p>
 
-    <div class="card mb-3">
+    <div class="card mb-3 shadow-sm">
       <div class="card-header">Details</div>
       <div class="card-body">
         <form method="POST" action="/apikeys">
           {{ .csrfField }}
 
-          <div class="form-group row">
-            <label for="name" class="col-sm-3">App name:</label>
-            <div class="col-sm-9">
-              <input type="text" id="name" name="name" class="form-control{{if $authApp.ErrorsFor "name"}} is-invalid{{end}}" value="{{$authApp.Name}}">
-              {{if $authApp.ErrorsFor "name"}}
-              <div class="invalid-feedback">
-                {{joinStrings ($authApp.ErrorsFor "name") ", "}}
-              </div>
-              {{end}}
+          <div class="form-label-group">
+            <input type="text" id="name" name="name" class="form-control{{if $authApp.ErrorsFor "name"}} is-invalid{{end}}" value="{{$authApp.Name}}" placeholder="Application name" autofocus>
+            <label for="name">Application name</label>
+            {{if $authApp.ErrorsFor "name"}}
+            <div class="invalid-feedback">
+              {{joinStrings ($authApp.ErrorsFor "name") ", "}}
             </div>
+            {{end}}
           </div>
 
-          <div class="form-group row">
-            <label for="type" class="col-sm-3">Type:</label>
-            <div class="col-sm-9">
-              <select class="form-control{{if $authApp.ErrorsFor "type"}} is-invalid{{end}}" name="type" id="type">
-                <option value="-1" {{if (eq $authApp.APIKeyType -1)}}selected{{else}}disabled{{end}}>Select...</option>
-                <option value="{{.typeDevice}}" {{if (eq $authApp.APIKeyType .typeDevice)}}selected{{end}}>Device (can verify codes)</option>
-                <option value="{{.typeAdmin}}" {{if (eq $authApp.APIKeyType .typeAdmin)}}selected{{end}}>Admin (can issue codes)</option>
-              </select>
-              {{if $authApp.ErrorsFor "type"}}
-              <div class="invalid-feedback">
-                {{joinStrings ($authApp.ErrorsFor "type") ", "}}
-              </div>
-              {{end}}
+          <div class="form-group">
+            <select class="form-control{{if $authApp.ErrorsFor "type"}} is-invalid{{end}}" name="type" id="type">
+              <option value="-1" {{if (eq $authApp.APIKeyType -1)}}selected{{else}}disabled{{end}}>Select type...</option>
+              <option value="{{.typeDevice}}" {{if (eq $authApp.APIKeyType .typeDevice)}}selected{{end}}>Device (can verify codes)</option>
+              <option value="{{.typeAdmin}}" {{if (eq $authApp.APIKeyType .typeAdmin)}}selected{{end}}>Admin (can issue codes)</option>
+            </select>
+            {{if $authApp.ErrorsFor "type"}}
+            <div class="invalid-feedback">
+              {{joinStrings ($authApp.ErrorsFor "type") ", "}}
             </div>
+            {{end}}
           </div>
 
-          <div class="form-group row">
-            <div class="offset-sm-3 col-sm-9">
-              <button type="submit" class="btn btn-primary btn-block">Create API key</button>
-            </div>
-          </div>
+          <button type="submit" class="btn btn-primary btn-block">Create API key</button>
         </form>
       </div>
     </div>
diff --git a/cmd/server/assets/apikeys/show.html b/cmd/server/assets/apikeys/show.html
index 5a9d8e8cc..ecafefaf7 100644
--- a/cmd/server/assets/apikeys/show.html
+++ b/cmd/server/assets/apikeys/show.html
@@ -11,7 +11,7 @@
   {{template "head" .}}
 </head>
 
-<body>
+<body class="bg-light">
   {{template "navbar" .}}
 
   <main role="main" class="container">
@@ -26,7 +26,7 @@ <h1>{{$authApp.Name}} API key</h1>
     </p>
 
     {{if $apiKey}}
-    <div class="card mb-3">
+    <div class="card mb-3 shadow-sm">
       <div class="card-header">API key</div>
       <div class="card-body">
         <div class="alert alert-danger" role="alert">
@@ -39,7 +39,7 @@ <h1>{{$authApp.Name}} API key</h1>
     </div>
     {{end}}
 
-    <div class="card mb-3">
+    <div class="card mb-3 shadow-sm">
       <div class="card-header">Details</div>
       <div class="card-body">
         <strong>App name</strong>
@@ -60,7 +60,7 @@ <h1>{{$authApp.Name}} API key</h1>
       </div>
     </div>
 
-    <div class="card mb-3">
+    <div class="card mb-3 shadow-sm">
       <div class="card-header">Statistics</div>
       <div class="card-body table-responsive">
         {{if $stats}}
diff --git a/cmd/server/assets/codestatus/index.html b/cmd/server/assets/codestatus/index.html
index a6c981851..1d1d061d7 100644
--- a/cmd/server/assets/codestatus/index.html
+++ b/cmd/server/assets/codestatus/index.html
@@ -21,7 +21,7 @@ <h1>Verification code status</h1>
       Use an identifier to check the status of a code previously shared with your patient.
     </p>
 
-    <div class="card mb-3">
+    <div class="card mb-3 shadow-sm">
       <div class="card-header">Code status</div>
       <div class="card-body">
         <form method="POST" action="show" class="floating-form">
@@ -30,7 +30,7 @@ <h1>Verification code status</h1>
             <div class="form-label-group ">
               <input type="text" id="uuid" name="uuid"
                 class='form-control text-monospace{{if $code.ErrorsFor "uuid"}} is-invalid{{end}}'
-                value="{{$code.UUID}}" placeholder="UUID" autocomplete="off">
+                value="{{$code.UUID}}" placeholder="UUID" autocomplete="off" required autofocus>
               <label for="uuid">UUID</label>
               {{if $code.ErrorsFor "uuid"}}
               <div class="invalid-feedback">
@@ -43,11 +43,7 @@ <h1>Verification code status</h1>
             </div>
           </div>
 
-          <div class="row form-group">
-            <div class="col-sm-9">
-              <button id="submit" class="btn btn-primary btn-block">Check status</button>
-            </div>
-          </div>
+          <button id="submit" class="btn btn-primary btn-block">Check status</button>
         </form>
       </div>
     </div>
diff --git a/cmd/server/assets/codestatus/show.html b/cmd/server/assets/codestatus/show.html
index f9e5f2841..ce762cc19 100644
--- a/cmd/server/assets/codestatus/show.html
+++ b/cmd/server/assets/codestatus/show.html
@@ -18,41 +18,44 @@ <h1>Verification code status</h1>
       Status of a verification code previously shared with your patient.
     </p>
 
-    <div class="card mb-3">
+    <div class="card mb-3 shadow-sm">
       <div class="card-header">
         Code status
       </div>
-      <div class="list-group-item">
-        <h5 class="mb-1">UUID</h5>
-        <p class="mb-1 text-monospace">{{.code.UUID}}</p>
-      </div>
-      <div class="list-group-item">
-        <h5 class="mb-1">{{.code.IssuerType}}</h5>
-        <p class="mb-1">{{.code.Issuer}}</p>
-      </div>
-      <div class="list-group-item">
-        <h5 class="mb-1">Test type</h5>
-        <p class="mb-1">{{.code.TestType}}</p>
-      </div>
-      <div class="list-group-item">
-        <h5 class="mb-1">Status</h5>
-        <p class="mb-1">{{.code.Status}}</p>
-      </div>
-      <div class="list-group-item">
-        <h5 class="mb-1">Expiry</h5>
-        <span id="code-expires-at" class="sm text-danger"></span>
-      </div>
-      {{if .code.HasLongExpires}}
-      <div class="list-group-item">
-        <h5 class="mb-1">SMS link expiry</h5>
-        <span id="long-code-expires-at" class="sm text-danger"></span>
-      </div>
-      {{end}}
-      <div class="card-body">
-        <a href="/code/{{.code.UUID}}/expire" class="d-block text-danger" data-method="PATCH"
-          data-confirm="Are you sure you want to expire this code?" data-toggle="tooltip" title="Expire code">
-          <button type="submit" id="invalidate" class="btn btn-danger btn-sm">Invalidate code now</button>
-        </a>
+      <div class="list-group list-group-flush">
+        <div class="list-group-item">
+          <h5 class="mb-1">UUID</h5>
+          <p class="mb-1 text-monospace">{{.code.UUID}}</p>
+        </div>
+        <div class="list-group-item">
+          <h5 class="mb-1">{{.code.IssuerType}}</h5>
+          <p class="mb-1">{{.code.Issuer}}</p>
+        </div>
+        <div class="list-group-item">
+          <h5 class="mb-1">Test type</h5>
+          <p class="mb-1">{{.code.TestType}}</p>
+        </div>
+        <div class="list-group-item">
+          <h5 class="mb-1">Status</h5>
+          <p class="mb-1">{{.code.Status}}</p>
+        </div>
+        <div class="list-group-item">
+          <h5 class="mb-1">Expiry</h5>
+          <span id="code-expires-at" class="sm text-danger">&nbsp;</span>
+        </div>
+        {{if .code.HasLongExpires}}
+        <div class="list-group-item">
+          <h5 class="mb-1">SMS link expiry</h5>
+          <span id="long-code-expires-at" class="sm text-danger">&nbsp;</span>
+        </div>
+        {{end}}
+        {{if .code.Expires}}
+        <div class="list-group-item">
+          <a href="/code/{{.code.UUID}}/expire" class="btn btn-danger d-block" data-method="PATCH" data-confirm="Are you sure you want to expire this code?">
+            Invalidate code now
+          </a>
+        </div>
+        {{end}}
       </div>
     </div>
 
@@ -65,23 +68,15 @@ <h5 class="mb-1">SMS link expiry</h5>
   <script type="text/javascript">
     let $buttonInvalidate = $('button#invalidate');
     let expires = {{ .code.Expires }};
-    let longExpires = {{ .code.LongExpires }}
+    let longExpires = {{ .code.LongExpires }};
 
     $(function() {
       let $codeExpiresAt = $('#code-expires-at');
-      // Start countdown
-      countdown($codeExpiresAt, expires, function() {
-        {{if not .code.HasLongExpires}}
-        // Disable the submit if already expired.
-        $buttonInvalidate.prop('disabled', true);
-        {{end}}
-      });
+      countdown($codeExpiresAt, expires);
 
       {{if .code.HasLongExpires}}
       let $longCodeExpiresAt = $('#long-code-expires-at');
-      countdown($longCodeExpiresAt, longExpires, function() {
-        $buttonInvalidate.prop('disabled', true);
-      });
+      countdown($longCodeExpiresAt, longExpires);
       {{end}}
     });
   </script>
diff --git a/cmd/server/assets/header.html b/cmd/server/assets/header.html
index 833d8a7e8..04f57a985 100644
--- a/cmd/server/assets/header.html
+++ b/cmd/server/assets/header.html
@@ -34,7 +34,6 @@
     cursor: pointer;
     text-decoration: none;
   }
-
 </style>
 {{end}}
 
@@ -43,8 +42,6 @@
   .floating-form {
     width: 100%;
     height: 100%;
-    max-width: 420px;
-    padding: 15px;
     margin: auto;
   }
 
@@ -212,7 +209,7 @@ <h6 class="dropdown-header">System admin</h6>
 
               <h6 class="dropdown-header">Actions</h6>
               {{if gt (len .currentUser.Realms) 1}}
-              <a class="dropdown-item" href="/realm">Change realm</a>
+              <a class="dropdown-item" href="/login/select-realm">Change realm</a>
               {{end}}
               <a class="dropdown-item" href="/signout">Sign out</a>
             </div>
diff --git a/cmd/server/assets/home.html b/cmd/server/assets/home.html
index bbc579ad6..b57570314 100644
--- a/cmd/server/assets/home.html
+++ b/cmd/server/assets/home.html
@@ -48,7 +48,7 @@ <h1>Create verification code</h1>
 
     <form id="issue" action="#">
       <div id="form-area">
-        <div class="card mb-3">
+        <div class="card mb-3 shadow-sm">
           <div class="card-header">Diagnosis</div>
           <div class="card-body">
             <div class="form-row">
@@ -97,7 +97,7 @@ <h1>Create verification code</h1>
           </div>
         </div>
 
-        <div class="card mb-3">
+        <div class="card mb-3 shadow-sm">
           <div class="card-header">Dates</div>
           <div class="card-body">
             <div class="form-row">
@@ -128,7 +128,7 @@ <h1>Create verification code</h1>
         </div>
 
         {{ if $hasSMSConfig }}
-        <div class="card mb-3">
+        <div class="card mb-3 shadow-sm">
           <div class="card-header">Notification</div>
           <div class="card-body">
             <div class="row form-group">
@@ -156,7 +156,7 @@ <h1>Create verification code</h1>
       </div>
     </form>
 
-    <div id="long-code-confirm" class="card d-none mb-3">
+    <div id="long-code-confirm" class="card d-none mb-3 shadow-sm">
       <div class="card-header">
         SMS verification link
         <span id="long-code-expires-at" class="sm float-right text-danger"></span>
@@ -169,7 +169,7 @@ <h1>Create verification code</h1>
       </div>
     </div>
 
-    <div id="code-confirm" class="card d-none mb-3">
+    <div id="code-confirm" class="card d-none mb-3 shadow-sm">
       <div class="card-header">
         Generated short code
         <span id="code-expires-at" class="sm float-right text-danger"></span>
@@ -184,7 +184,7 @@ <h1>Create verification code</h1>
       </div>
     </div>
 
-    <div id="uuid-confirm" class="card d-none mb-3">
+    <div id="uuid-confirm" class="card d-none mb-3 shadow-sm">
       <div class="card-header">Unique identifier</div>
       <div class="card-body">
         <p>
diff --git a/cmd/server/assets/login/_loginscripts.html b/cmd/server/assets/login/_loginscripts.html
index 9f149f172..dc2c0e40b 100644
--- a/cmd/server/assets/login/_loginscripts.html
+++ b/cmd/server/assets/login/_loginscripts.html
@@ -22,7 +22,7 @@
         contentType: 'application/x-www-form-urlencoded',
         success: function(returnData) {
           // The user successfully signed in, redirect to realm selection.
-          window.location.assign('/realm');
+          window.location.assign('/login/select-realm');
         },
         error: function(xhr, status, e) {
           // There was an error finding the user. Redirect to the
diff --git a/cmd/server/assets/login/login.html b/cmd/server/assets/login/login.html
index 0aaf9e846..bdb042b3a 100644
--- a/cmd/server/assets/login/login.html
+++ b/cmd/server/assets/login/login.html
@@ -35,7 +35,7 @@
               </form>
               <div class="card-body">
                 <a class="card-link" href="login/create">New user</a>
-                <a class="card-link" href="login/resetpassword">Forgot password</a>
+                <a class="card-link" href="login/reset-password">Forgot password</a>
               </div>
             </div>
           </div>
diff --git a/cmd/server/assets/login/register-phone.html b/cmd/server/assets/login/register-phone.html
index 5b75fc03b..dd6633c82 100644
--- a/cmd/server/assets/login/register-phone.html
+++ b/cmd/server/assets/login/register-phone.html
@@ -1,57 +1,59 @@
-{{define "login/register"}}
+{{define "login/register-phone"}}
+
+{{$currentRealm := .currentRealm}}
+
 <!doctype html>
 <html lang="en">
 
 <head>
   {{template "head" .}}
-
+  {{template "floatingform" .}}
   {{template "firebase" .}}
 </head>
 
-<body>
+<body class="bg-light">
   {{template "navbar" .}}
 
   <main role="main" class="container">
     {{template "flash" .}}
 
-    <h1>SMS auth registration</h1>
-    <p id="subtitle">Use this page to register a phone number for 2-factor authentication.</p>
+    <h1>Configure enhanced security</h1>
+    <p class="mb-3">
+      Use the form below to configure advanced security settings for your
+      account on {{$currentRealm.Name}}.
+    </p>
 
-    <div class="card mb-3">
+    <div class="card mb-3 shadow-sm">
+      <div class="card-header">Multi-factor authentication</div>
       <div class="card-body">
-        <form id="registerForm" action="/" method="POST">
-          <div class="row form-group">
-            <label for="display" class="col-sm-3">Display name</label>
-            <div class="col-sm-9">
-              <div class="input-group p-0 shadow-sm">
-                <input type="text" id="display" name="display" class="form-control" value="Personal phone" />
-              </div>
-              <small class="form-text text-muted">
-                Display name for this phone number
-              </small>
-            </div>
-          </div>
-          <div class="row form-group">
-            <label for="phone" class="col-sm-3">Phone number</label>
-            <div class="col-sm-9">
-              <div class="input-group p-0 shadow-sm">
-                <input type="tel" id="phone" name="phone" class="form-control" />
-              </div>
-              <small class="form-text text-muted">
-                Fully qualified phone number beginning with '+'. Standard SMS rates may apply.
-              </small>
-            </div>
+        <p class="mb-3">
+          {{$currentRealm.Name}} {{if eq .currentRealm.MFAModeString "required"}}requires{{else}}recommends{{end}}
+          enhanced security via SMS-based 2-factor authentication. Please
+          provide your information below.
+        </p>
+
+        <form id="registerForm" class="floating-form" action="/" method="POST">
+          <div class="form-label-group">
+            <input type="tel" id="phone" name="phone" class="form-control" placeholder="Phone number" required autofocus />
+            <label for="phone">Phone number</label>
+            <small class="form-text text-muted">
+              Fully qualified phone number beginning with '+'. Standard SMS rates may apply.
+            </small>
           </div>
 
-          <div class="row form-group">
-            <div class="offset-sm-3 col-sm-9">
-              <button type="submit" id="register" class="btn btn-primary btn-block">Register</button>
-            </div>
+          <div class="form-label-group">
+            <input type="text" id="display" name="display" class="form-control" placeholder="Display name" />
+            <label for="display">Display name</label>
+            <small class="form-text text-muted">
+              Name for this phone.
+            </small>
           </div>
+
+          <button type="submit" id="register" class="btn btn-primary btn-block">Register</button>
         </form>
 
         {{if ne .currentRealm.MFAModeString "required"}}
-        <a id="skip" class="card-link" href="/home">Skip for now</a>
+          <a id="skip" class="float-right mt-3 text-muted" href="/home">Skip for now</a>
         {{end}}
       </div>
     </div>
@@ -62,9 +64,9 @@ <h1>SMS auth registration</h1>
   {{template "scripts" .}}
 
   <script>
-        {{if eq .currentRealm.MFAModeString "required"}}
-        flash("This realm requires multi-factor authorization.","warning")
-        {{end}}
+    {{if eq .currentRealm.MFAModeString "required"}}
+    flash("This realm requires multi-factor authorization.","warning")
+    {{end}}
 
     window.recaptchaVerifier = new firebase.auth.RecaptchaVerifier(
       'recaptcha-container',
@@ -113,7 +115,7 @@ <h1>SMS auth registration</h1>
           $skip.text("Continue")
         }).catch(function (err) {
           clearExistingFlash();
-          flash(err.message);
+          flash(err.message, "danger");
           $submit.prop('disabled', false);
         }
         );
diff --git a/cmd/server/assets/login/reset-password.html b/cmd/server/assets/login/reset-password.html
index 023d2e0b3..6264df6a4 100644
--- a/cmd/server/assets/login/reset-password.html
+++ b/cmd/server/assets/login/reset-password.html
@@ -1,4 +1,4 @@
-{{define "login/resetpassword"}}
+{{define "login/reset-password"}}
 <!doctype html>
 <html lang="en">
 
diff --git a/cmd/server/assets/login/select-realm.html b/cmd/server/assets/login/select-realm.html
index f79245d71..d07ef5ccd 100644
--- a/cmd/server/assets/login/select-realm.html
+++ b/cmd/server/assets/login/select-realm.html
@@ -1,4 +1,4 @@
-{{define "realms/select"}}
+{{define "login/select-realm"}}
 
 {{$csrfField := .csrfField}}
 {{$realms := .realms}}
@@ -17,42 +17,56 @@
     {{template "flash" .}}
 
     <h1>Select your realm</h1>
-    {{if $realms}}
-      <p class="mb-3">
-        You are a member of multiple realms - please select one to continue. You
-        can switch to another realm at any time.
-      </p>
-
-      <div class="list-group mb-3">
-      {{range $realm := $realms}}
-        <form action="/login/select-realm" method="POST">
-          {{$csrfField}}
-          <input type="hidden" name="realm" value="{{$realm.ID}}" />
-          <a href="#" class="w-100 d-flex flex-row justify-content-between align-items-center align-self-center list-group-item list-group-item-action" data-submit-form>
-            <div>
-              <h5 class="mb-1">
-                {{$realm.Name}}
-                {{if $currentRealm}}{{if eq $currentRealm.ID $realm.ID}}
-                <span class="badge badge-secondary float-right ml-2">currently selected</span>
-                {{end}}{{end}}
-              </h5>
-              {{if $realm.RegionCode}}
-              <p class="mb-1">{{$realm.RegionCode}}</p>
-              {{end}}
-            </div>
-            <div>
-              <span class="oi oi-arrow-right" aria-hidden="true"></span>
-            </div>
-          </a>
-        </form>
-      {{end}}
+    <p>
+      Use the form below to select a realm.
+    </p>
+
+    <div class="card mb-3 shadow-sm">
+      <div class="card-header">
+        Realm selector
       </div>
-    {{else}}
-      <p class="mb-3">
-        You are not a member of any realms. Contact your realm administrator for
-        assistance.
-      </p>
-    {{end}}
+
+      {{if $realms}}
+        <div class="card-body">
+          <p class="mb-0">
+            You are a member of multiple realms - please select one to continue. You
+            can switch to another realm at any time.
+          </p>
+        </div>
+
+        <div class="list-group list-group-flush">
+        {{range $realm := $realms}}
+          <form action="/login/select-realm" method="POST" class="list-group-item p-0">
+            {{$csrfField}}
+            <input type="hidden" name="realm" value="{{$realm.ID}}" />
+            <a href="#" class="w-100 d-flex flex-row justify-content-between align-items-center align-self-center list-group-item-action px-4 py-3" data-submit-form>
+              <div>
+                <h5 class="mb-1">
+                  {{$realm.Name}}
+                  {{if $currentRealm}}{{if eq $currentRealm.ID $realm.ID}}
+                  <span class="badge badge-secondary float-right ml-2">currently selected</span>
+                  {{end}}{{end}}
+                </h5>
+                {{if $realm.RegionCode}}
+                <p class="mb-1">{{$realm.RegionCode}}</p>
+                {{end}}
+              </div>
+              <div>
+                <span class="oi oi-arrow-right" aria-hidden="true"></span>
+              </div>
+            </a>
+          </form>
+        {{end}}
+        </div>
+      {{else}}
+        <div class="card-body">
+          <p class="mb-0">
+            You are not a member of any realms. Contact your realm administrator for
+            assistance.
+          </p>
+        </div>
+      {{end}}
+    </div>
   </main>
 
   {{template "scripts" .}}
diff --git a/cmd/server/assets/login/signout.html b/cmd/server/assets/login/signout.html
index ac50ab37e..e2f4b2479 100644
--- a/cmd/server/assets/login/signout.html
+++ b/cmd/server/assets/login/signout.html
@@ -24,12 +24,7 @@
   <script type="text/javascript">
     window.addEventListener('load', function () {
       firebase.auth().signOut().then(function () {
-        flash("You are logged out.", "success")
-
-        $('#signout').text("Redirecting to login...")
-        window.setTimeout(function () {
-          window.location.assign("/");
-        }, 3000)
+        window.location.assign("/");
       }).catch(function (error) {
         flash("Error signing out, close browser window.", "danger")
       });
diff --git a/cmd/server/assets/login/verify-email.html b/cmd/server/assets/login/verify-email.html
index 68195c4f8..577594a65 100644
--- a/cmd/server/assets/login/verify-email.html
+++ b/cmd/server/assets/login/verify-email.html
@@ -1,4 +1,4 @@
-{{define "login/verifyemail"}}
+{{define "login/verify-email"}}
 <!doctype html>
 <html lang="en">
 
@@ -8,24 +8,27 @@
   {{template "firebase" .}}
 </head>
 
-<body>
+<body class="bg-light">
   {{template "navbar" .}}
 
   <main role="main" class="container">
     {{template "flash" .}}
 
-    <div class="card mb-3">
-      <div class="card-body">
-        <h1>Email verification</h1>
-        <p id="subtitle">Use this page to verify your login email address</p>
+    <h1>Email verification</h1>
+    <p>
+      You must verify your email address to continue.
+    </p>
 
-        <div class="row form-group">
-          <div class="col-sm-9">
-            <button id="verify" class="btn btn-primary btn-block" disabled>Send verification email</button>
-          </div>
-        </div>
+    <div class="card mb-3 shadow-sm">
+      <div class="card-header">Email verification</div>
+      <div class="card-body">
+        <p>
+          Click the button below to send a verification email, then check your
+          inbox for the message.
+        </p>
+        <button id="verify" class="btn btn-primary btn-block" disabled>Send verification email</button>
 
-        <a id="skip" class="card-link" href="/">Continue</a>
+        <a id="skip" class="float-right mt-3 text-muted" href="/home">Skip for now</a>
       </div>
     </div>
   </main>
@@ -34,7 +37,6 @@ <h1>Email verification</h1>
 
   <script>
     let $verify = $('#verify');
-    let $subtitle = $('#subtitle');
     let $skip = $('#skip');
 
     $(function () {
@@ -45,8 +47,7 @@ <h1>Email verification</h1>
             clearExistingFlash();
             flash("Verification email sent.", "success");
             $verify.prop('disabled', true);
-          }
-          );
+          });
         }
       });
     });
@@ -54,14 +55,13 @@ <h1>Email verification</h1>
     firebase.auth().onAuthStateChanged(function (user) {
       if (!user) {
         window.location.assign("/signout");
-        return
+        return;
       }
 
       if (user.emailVerified) {
-        $subtitle.text("Welcome, " + user.email + ". Your email has already been verified.");
-        $skip.text("Continue")
+        window.location.assign('/home');
+        return;
       } else {
-        $subtitle.text("Welcome, " + user.email + ". Please verify your email to continue.");
         $verify.prop('disabled', false);
       }
     });
diff --git a/cmd/server/assets/realm.html b/cmd/server/assets/realm.html
index 8148552e7..8dec08441 100644
--- a/cmd/server/assets/realm.html
+++ b/cmd/server/assets/realm.html
@@ -10,7 +10,7 @@
   {{template "head" .}}
 </head>
 
-<body>
+<body class="bg-light">
   {{template "navbar" .}}
 
   <main role="main" class="container">
@@ -22,7 +22,7 @@ <h1>Realm settings</h1>
     </p>
 
     {{if not $realm.EnableENExpress}}
-      <div class="card mb-3">
+      <div class="card mb-3 shadow-sm">
         <div class="card-header">
           Exposure Notifications Express
         </div>
@@ -49,7 +49,7 @@ <h1>Realm settings</h1>
     <form method="POST" action="/realm/settings/save">
       {{ .csrfField }}
 
-      <div class="card mb-3">
+      <div class="card mb-3 shadow-sm">
         <div class="card-header">
           General settings
         </div>
@@ -147,7 +147,7 @@ <h1>Realm settings</h1>
         </div>
       </div>
 
-      <div class="card mb-3">
+      <div class="card mb-3 shadow-sm">
         <div class="card-header">
           Verification code configuration
         </div>
@@ -351,7 +351,7 @@ <h1>Realm settings</h1>
         </div>
       </div>
 
-      <div class="card mb-3">
+      <div class="card mb-3 shadow-sm">
         <div class="card-header">
           SMS configuration
         </div>
@@ -392,7 +392,7 @@ <h1>Realm settings</h1>
     </form>
 
     {{if $realm.EnableENExpress}}
-    <div class="card mb-3">
+    <div class="card mb-3 shadow-sm">
       <div class="card-header">
         Exposure Notifications Express
       </div>
diff --git a/cmd/server/assets/realmkeys.html b/cmd/server/assets/realmkeys.html
index 393f44f17..951b03bf7 100644
--- a/cmd/server/assets/realmkeys.html
+++ b/cmd/server/assets/realmkeys.html
@@ -1,6 +1,6 @@
 {{define "systemkeys"}}
 {{/* This is only shown if the realm is NOT set to use per-realm signing keys */}}
-<div class="card mb-3">
+<div class="card mb-3 shadow-sm">
   <div class="card-header">
     System verification certificate information
   </div>
@@ -54,7 +54,7 @@
 
 {{define "realmpublickeys"}}
   {{if .supportsPerRealmSigning}}
-    <div class="card mb-3">
+    <div class="card mb-3 shadow-sm">
       <div class="card-header">
         Realm public keys
       </div>
@@ -159,7 +159,7 @@
   {{template "head" .}}
 </head>
 
-<body>
+<body class="bg-light">
   {{template "navbar" .}}
 
   <main role="main" class="container">
@@ -174,7 +174,7 @@ <h1>Verification certificate key settings</h1>
       {{template "systemkeys" .}}
     {{end}}
 
-    <div class="card mb-3">
+    <div class="card mb-3 shadow-sm">
       <div class="card-header">
         Realm signing key configuration
       </div>
@@ -293,9 +293,8 @@ <h1>Verification certificate key settings</h1>
     </div>
 
     {{template "realmpublickeys" .}}
-
-
   </main>
+
   {{template "scripts" .}}
 </body>
 </html>
diff --git a/cmd/server/assets/realmstats.html b/cmd/server/assets/realmstats.html
index c225d79a6..ca3f03ac6 100644
--- a/cmd/server/assets/realmstats.html
+++ b/cmd/server/assets/realmstats.html
@@ -9,15 +9,18 @@
   {{template "head" .}}
 </head>
 
-<body>
+<body class="bg-light">
   {{template "navbar" .}}
 
   <main role="main" class="container">
     {{template "flash" .}}
 
     <h1>Realm stats</h1>
+    <p>
+      The data below shows realm statistics.
+    </p>
 
-    <div class="card mb-3">
+    <div class="card mb-3 shadow-sm">
       <div class="card-header">Statistics</div>
       <div class="card-body table-responsive">
         {{if $stats}}
diff --git a/cmd/server/assets/users/_form.html b/cmd/server/assets/users/_form.html
index fc1d8989a..81e6f46c2 100644
--- a/cmd/server/assets/users/_form.html
+++ b/cmd/server/assets/users/_form.html
@@ -11,54 +11,43 @@
 
     {{ .csrfField }}
 
-    <div class="form-group col-sm-9">
-      <div class="form-label-group">
-        <input type="text" id="name" name="name" class="form-control{{if $user.ErrorsFor "name"}} is-invalid{{end}}"
-          value="{{$user.Name}}" placeholder="Name" required autofocus />
-        <label for="name">Name</label>
-        {{if $user.ErrorsFor "name"}}
-        <div class="invalid-feedback">
-          {{joinStrings ($user.ErrorsFor "name") ", "}}
-        </div>
-        {{end}}
+    <div class="form-label-group">
+      <input type="text" id="name" name="name" class="form-control{{if $user.ErrorsFor "name"}} is-invalid{{end}}"
+        value="{{$user.Name}}" placeholder="Name" required autofocus />
+      <label for="name">Name</label>
+      {{if $user.ErrorsFor "name"}}
+      <div class="invalid-feedback">
+        {{joinStrings ($user.ErrorsFor "name") ", "}}
       </div>
+      {{end}}
     </div>
 
-    <div class="form-group col-sm-9">
-      <div class="form-label-group">
-        <input type="email" id="email" name="email" class="form-control{{if $user.ErrorsFor "email"}} is-invalid{{end}}"
-          value="{{$user.Email}}" placeholder="Email address" required />
-        <label for="name">Email address</label>
-        {{if $user.ErrorsFor "email"}}
-        <div class="invalid-feedback">
-          {{joinStrings ($user.ErrorsFor "email") ", "}}
-        </div>
-        {{end}}
+    <div class="form-label-group">
+      <input type="email" id="email" name="email" class="form-control{{if $user.ErrorsFor "email"}} is-invalid{{end}}"
+        value="{{$user.Email}}" placeholder="Email address" required />
+      <label for="name">Email address</label>
+      {{if $user.ErrorsFor "email"}}
+      <div class="invalid-feedback">
+        {{joinStrings ($user.ErrorsFor "email") ", "}}
       </div>
+      {{end}}
     </div>
 
-    <div class="form-group row col-sm-9">
-      <label for="admin" class="col-sm-3">Options:</label>
-      <div class="col-sm">
-        <div class="form-check">
-          <input type="checkbox" id="admin" name="admin" class="form-check-input"
-            {{if $user.CanAdminRealm $currentRealm.ID}} checked{{end}}>
-          <label class="form-check-label" for="admin">Admin</label>
-        </div>
+    <div class="form-group">
+      <div class="form-check">
+        <input type="checkbox" id="admin" name="admin" class="form-check-input"
+          {{if $user.CanAdminRealm $currentRealm.ID}} checked{{end}}>
+        <label class="form-check-label" for="admin">Admin</label>
       </div>
     </div>
 
-    <div class="form-group row">
-      <div class="col-sm-9">
-        <button type="submit" class="btn btn-primary btn-block">
-          {{if $user.ID}}
-          Update user
-          {{else}}
-          Create user
-          {{end}}
-        </button>
-      </div>
-    </div>
+    <button type="submit" class="btn btn-primary btn-block">
+      {{if $user.ID}}
+      Update user
+      {{else}}
+      Create user
+      {{end}}
+    </button>
   </form>
 
   {{end}}
diff --git a/cmd/server/assets/users/edit.html b/cmd/server/assets/users/edit.html
index b8b3b27b3..327711b36 100644
--- a/cmd/server/assets/users/edit.html
+++ b/cmd/server/assets/users/edit.html
@@ -7,9 +7,10 @@
 <html lang="en">
 <head>
   {{template "head" .}}
+  {{template "floatingform" .}}
 </head>
 
-<body>
+<body class="bg-light">
   {{template "navbar" .}}
 
   <main role="main" class="container">
@@ -20,7 +21,7 @@ <h1>Edit user</h1>
       Use the form below to edit the user.
     </p>
 
-    <div class="card mb-3">
+    <div class="card mb-3 shadow-sm">
       <div class="card-header">Details</div>
       <div class="card-body">
         {{template "users/_form" .}}
diff --git a/cmd/server/assets/users/index.html b/cmd/server/assets/users/index.html
index 9bb5f573b..ac3cd6d2f 100644
--- a/cmd/server/assets/users/index.html
+++ b/cmd/server/assets/users/index.html
@@ -12,7 +12,7 @@
   {{template "head" .}}
 </head>
 
-<body>
+<body class="bg-light">
   {{template "navbar" .}}
 
   <main role="main" class="container">
@@ -26,7 +26,7 @@ <h1>Users</h1>
 
     {{if $users}}
     <div class="table-responsive">
-      <table class="table table-bordered table-striped">
+      <table class="table table-bordered table-striped bg-white">
         <thead>
           <tr>
             <th scope="col">Name</th>
diff --git a/cmd/server/assets/users/new.html b/cmd/server/assets/users/new.html
index 4098be605..88aa50405 100644
--- a/cmd/server/assets/users/new.html
+++ b/cmd/server/assets/users/new.html
@@ -13,7 +13,7 @@
   {{end}}
 </head>
 
-<body>
+<body class="bg-light">
   {{template "navbar" .}}
 
   <main role="main" class="container">
@@ -24,7 +24,7 @@ <h1>New user</h1>
       Use the form below to create a new user.
     </p>
 
-    <div class="card mb-3">
+    <div class="card mb-3 shadow-sm">
       <div class="card-header">Details</div>
       <div class="card-body">
         {{template "users/_form" .}}
diff --git a/cmd/server/assets/users/show.html b/cmd/server/assets/users/show.html
index 4af28742a..ebcb2451c 100644
--- a/cmd/server/assets/users/show.html
+++ b/cmd/server/assets/users/show.html
@@ -10,7 +10,7 @@
   {{template "head" .}}
 </head>
 
-<body>
+<body class="bg-light">
   {{template "navbar" .}}
 
   <main role="main" class="container">
@@ -24,7 +24,7 @@ <h1>{{$user.Name}}</h1>
       Here is information about the user.
     </p>
 
-    <div class="card mb-3">
+    <div class="card mb-3 shadow-sm">
       <div class="card-header">Details</div>
       <div class="card-body">
         <strong>Name</strong>
@@ -38,13 +38,13 @@ <h1>{{$user.Name}}</h1>
         </div>
 
         <strong>Admin</strong>
-        <div class="mb-3">
+        <div>
           {{$user.CanAdminRealm $currentRealm.ID}}
         </div>
       </div>
     </div>
 
-    <div class="card mb-3">
+    <div class="card mb-3 shadow-sm">
       <div class="card-header">Statistics</div>
       <div class="card-body table-responsive">
         {{if $stats}}
diff --git a/cmd/server/main.go b/cmd/server/main.go
index fe23fa258..2b6bce96d 100644
--- a/cmd/server/main.go
+++ b/cmd/server/main.go
@@ -35,7 +35,6 @@ import (
 	"github.com/google/exposure-notifications-verification-server/pkg/controller/jwks"
 	"github.com/google/exposure-notifications-verification-server/pkg/controller/login"
 	"github.com/google/exposure-notifications-verification-server/pkg/controller/middleware"
-	"github.com/google/exposure-notifications-verification-server/pkg/controller/realm"
 	"github.com/google/exposure-notifications-verification-server/pkg/controller/realmadmin"
 	"github.com/google/exposure-notifications-verification-server/pkg/controller/realmkeys"
 	"github.com/google/exposure-notifications-verification-server/pkg/controller/user"
@@ -198,6 +197,11 @@ func realMain(ctx context.Context) error {
 		r.PathPrefix("/static/").Handler(http.StripPrefix("/static/", fs))
 	}
 
+	{
+		sub := r.PathPrefix("").Subrouter()
+		sub.Handle("/health", controller.HandleHealthz(ctx, &config.Database, h)).Methods("GET")
+	}
+
 	{
 		loginController := login.New(ctx, auth, config, db, h)
 		{
@@ -206,48 +210,36 @@ func realMain(ctx context.Context) error {
 
 			sub.Handle("/", loginController.HandleLogin()).Methods("GET")
 			sub.Handle("/login/create", loginController.HandleLoginCreate()).Methods("GET")
-			sub.Handle("/login/resetpassword", loginController.HandleResetPassword()).Methods("GET")
+			sub.Handle("/login/reset-password", loginController.HandleResetPassword()).Methods("GET")
 			sub.Handle("/session", loginController.HandleCreateSession()).Methods("POST")
 			sub.Handle("/signout", loginController.HandleSignOut()).Methods("GET")
-		}
-
-		{
-			sub := r.PathPrefix("").Subrouter()
-			sub.Handle("/health", controller.HandleHealthz(ctx, &config.Database, h)).Methods("GET")
-		}
 
-		{
-			sub := r.PathPrefix("/login/verifyemail").Subrouter()
-			sub.Use(rateLimit)
+			// Verifying email requires the user is logged in
+			sub = r.PathPrefix("").Subrouter()
 			sub.Use(requireAuth)
-
-			sub.Handle("", loginController.HandleVerifyEmail()).Methods("GET")
-		}
-
-		{
-			sub := r.PathPrefix("/login").Subrouter()
 			sub.Use(rateLimit)
+			sub.Use(loadCurrentRealm)
+			sub.Handle("/login/verify-email", loginController.HandleVerifyEmail()).Methods("GET")
+
+			// Realm selection
+			sub = r.PathPrefix("").Subrouter()
 			sub.Use(requireAuth)
+			sub.Use(rateLimit)
+			sub.Use(loadCurrentRealm)
 			sub.Use(requireVerified)
-			sub.Use(requireRealm)
+			sub.Handle("/login/select-realm", loginController.HandleSelectRealm()).Methods("GET", "POST")
 
-			sub.Handle("/registerphone", loginController.HandleRegisterPhone()).Methods("GET")
+			// SMS auth registration is realm-specific, so it needs to load the current realm.
+			sub = r.PathPrefix("").Subrouter()
+			sub.Use(requireAuth)
+			sub.Use(rateLimit)
+			sub.Use(loadCurrentRealm)
+			sub.Use(requireRealm)
+			sub.Use(requireVerified)
+			sub.Handle("/login/register-phone", loginController.HandleRegisterPhone()).Methods("GET")
 		}
 	}
 
-	{
-		sub := r.PathPrefix("/realm").Subrouter()
-		sub.Use(requireAuth)
-		sub.Use(requireVerified)
-		sub.Use(loadCurrentRealm)
-		sub.Use(rateLimit)
-
-		// Realms - list and select.
-		realmController := realm.New(ctx, config, db, h)
-		sub.Handle("", realmController.HandleIndex()).Methods("GET")
-		sub.Handle("/select", realmController.HandleSelect()).Methods("POST")
-	}
-
 	{
 		sub := r.PathPrefix("/home").Subrouter()
 		sub.Use(requireAuth)
diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go
index d4ff8a4c3..426743e9f 100644
--- a/pkg/controller/controller.go
+++ b/pkg/controller/controller.go
@@ -91,7 +91,7 @@ func MissingRealm(w http.ResponseWriter, r *http.Request, h *render.Renderer) {
 	case prefixInList(accept, ContentTypeHTML):
 		flash := Flash(SessionFromContext(r.Context()))
 		flash.Error("Please select a realm to continue.")
-		http.Redirect(w, r, "/realm", http.StatusSeeOther)
+		http.Redirect(w, r, "/login/select-realm", http.StatusSeeOther)
 	case prefixInList(accept, ContentTypeJSON):
 		h.RenderJSON(w, http.StatusBadRequest, apiErrorMissingRealm)
 	default:
@@ -117,7 +117,7 @@ func MissingUser(w http.ResponseWriter, r *http.Request, h *render.Renderer) {
 
 // RedirectToMFA redirects to the MFA registration.
 func RedirectToMFA(w http.ResponseWriter, r *http.Request, h *render.Renderer) {
-	http.Redirect(w, r, "/login/registerphone", http.StatusSeeOther)
+	http.Redirect(w, r, "/login/register-phone", http.StatusSeeOther)
 }
 
 func prefixInList(list []string, prefix string) bool {
diff --git a/pkg/controller/login/register.go b/pkg/controller/login/register.go
index 5ded14a12..670c45cf6 100644
--- a/pkg/controller/login/register.go
+++ b/pkg/controller/login/register.go
@@ -42,6 +42,6 @@ func (c *Controller) HandleRegisterPhone() http.Handler {
 
 		m := controller.TemplateMapFromContext(ctx)
 		m["firebase"] = c.config.Firebase
-		c.h.RenderHTML(w, "login/register", m)
+		c.h.RenderHTML(w, "login/register-phone", m)
 	})
 }
diff --git a/pkg/controller/login/resetpassword.go b/pkg/controller/login/reset_password.go
similarity index 95%
rename from pkg/controller/login/resetpassword.go
rename to pkg/controller/login/reset_password.go
index 8366f94f8..005f2f250 100644
--- a/pkg/controller/login/resetpassword.go
+++ b/pkg/controller/login/reset_password.go
@@ -27,6 +27,6 @@ func (c *Controller) HandleResetPassword() http.Handler {
 
 		m := controller.TemplateMapFromContext(ctx)
 		m["firebase"] = c.config.Firebase
-		c.h.RenderHTML(w, "login/resetpassword", m)
+		c.h.RenderHTML(w, "login/reset-password", m)
 	})
 }
diff --git a/pkg/controller/login/select.go b/pkg/controller/login/select.go
index 58049d874..7808f1a66 100644
--- a/pkg/controller/login/select.go
+++ b/pkg/controller/login/select.go
@@ -12,15 +12,21 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package realm
+package login
 
 import (
+	"context"
 	"net/http"
 
 	"github.com/google/exposure-notifications-verification-server/pkg/controller"
+	"github.com/google/exposure-notifications-verification-server/pkg/database"
 )
 
-func (c *Controller) HandleIndex() http.Handler {
+func (c *Controller) HandleSelectRealm() http.Handler {
+	type FormData struct {
+		RealmID uint `form:"realm,required"`
+	}
+
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		ctx := r.Context()
 
@@ -37,31 +43,65 @@ func (c *Controller) HandleIndex() http.Handler {
 			return
 		}
 
-		userRealms := user.Realms
-		if len(userRealms) == 0 {
-			flash.Error("No realms enabled. Contact your administrator.")
-			http.Redirect(w, r, "/signout", http.StatusSeeOther)
-			return
-		}
-
 		// If the user is only a member of one realm, set that and bypass selection.
-		if len(userRealms) == 1 {
-			realm := userRealms[0]
+		if len(user.Realms) == 1 {
+			realm := user.Realms[0]
 
+			// The user is already logged in and the current realm matches the
+			// expected realm - just redirect.
 			if controller.RealmIDFromSession(session) == realm.ID {
-				http.Redirect(w, r, "/home", http.StatusFound)
+				http.Redirect(w, r, "/home", http.StatusSeeOther)
 				return
 			}
 
+			// Clear any flashes. It's possible that the user was redirected via a
+			// "missing realm" because their session expired, but then we auto logged
+			// them in and they are only a member of one realm. In that case, they'd
+			// get an error that says "please select a realm" and a success message
+			// that they successfully logged in.
+			flash.Clear()
+
 			controller.StoreSessionRealm(session, realm)
-			flash.Alert("Logged into verification system for '%s'", realm.Name)
-			http.Redirect(w, r, "/home", http.StatusFound)
+			http.Redirect(w, r, "/home", http.StatusSeeOther)
 			return
 		}
 
-		// User must select their realm.
-		m := controller.TemplateMapFromContext(ctx)
-		m["realms"] = userRealms
-		c.h.RenderHTML(w, "realms/select", m)
+		// Requested form, stop processing.
+		if r.Method == http.MethodGet {
+			c.renderSelect(ctx, w, user.Realms)
+			return
+		}
+
+		var form FormData
+		if err := controller.BindForm(w, r, &form); err != nil {
+			flash.Error(err.Error())
+			c.renderSelect(ctx, w, user.Realms)
+			return
+		}
+
+		realm := user.GetRealm(form.RealmID)
+		if realm == nil {
+			flash.Error("Please select a realm to continue.")
+			c.renderSelect(ctx, w, user.Realms)
+			return
+		}
+
+		// Verify that the user has access to the realm.
+		if !user.CanViewRealm(realm.ID) {
+			flash.Error("Invalid realm selection.")
+			c.renderSelect(ctx, w, user.Realms)
+			return
+		}
+
+		controller.StoreSessionRealm(session, realm)
+		flash.Alert("Successfully selected realm '%s'", realm.Name)
+		http.Redirect(w, r, "/home", http.StatusSeeOther)
 	})
 }
+
+// renderSelect renders the realm selection page.
+func (c *Controller) renderSelect(ctx context.Context, w http.ResponseWriter, realms []*database.Realm) {
+	m := controller.TemplateMapFromContext(ctx)
+	m["realms"] = realms
+	c.h.RenderHTML(w, "login/select-realm", m)
+}
diff --git a/pkg/controller/login/verifyemail.go b/pkg/controller/login/verify_email.go
similarity index 95%
rename from pkg/controller/login/verifyemail.go
rename to pkg/controller/login/verify_email.go
index ce048308b..8b5fbbbbd 100644
--- a/pkg/controller/login/verifyemail.go
+++ b/pkg/controller/login/verify_email.go
@@ -27,6 +27,6 @@ func (c *Controller) HandleVerifyEmail() http.Handler {
 
 		m := controller.TemplateMapFromContext(ctx)
 		m["firebase"] = c.config.Firebase
-		c.h.RenderHTML(w, "login/verifyemail", m)
+		c.h.RenderHTML(w, "login/verify-email", m)
 	})
 }
diff --git a/pkg/controller/middleware/emailverified.go b/pkg/controller/middleware/emailverified.go
index 67a232ec1..71fc224fc 100644
--- a/pkg/controller/middleware/emailverified.go
+++ b/pkg/controller/middleware/emailverified.go
@@ -72,7 +72,7 @@ func RequireVerified(ctx context.Context, client *auth.Client, db *database.Data
 				delete(m, "currentUser") // Remove user from the template map.
 				logger.Debugw("user email not verified")
 				flash.Error("User email not verified.")
-				http.Redirect(w, r, "/login/verifyemail", http.StatusSeeOther)
+				http.Redirect(w, r, "/login/verify-email", http.StatusSeeOther)
 				return
 			}
 
diff --git a/pkg/controller/realm/realm.go b/pkg/controller/realm/realm.go
deleted file mode 100644
index a61609485..000000000
--- a/pkg/controller/realm/realm.go
+++ /dev/null
@@ -1,47 +0,0 @@
-// Copyright 2020 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Package realm contains web controllers for selecting the effective realm.
-package realm
-
-import (
-	"context"
-
-	"github.com/google/exposure-notifications-verification-server/pkg/config"
-	"github.com/google/exposure-notifications-verification-server/pkg/database"
-	"github.com/google/exposure-notifications-verification-server/pkg/render"
-
-	"github.com/google/exposure-notifications-server/pkg/logging"
-
-	"go.uber.org/zap"
-)
-
-type Controller struct {
-	config *config.ServerConfig
-	db     *database.Database
-	h      *render.Renderer
-	logger *zap.SugaredLogger
-}
-
-// New creates a new realm controller.
-func New(ctx context.Context, config *config.ServerConfig, db *database.Database, h *render.Renderer) *Controller {
-	logger := logging.FromContext(ctx)
-
-	return &Controller{
-		config: config,
-		db:     db,
-		h:      h,
-		logger: logger,
-	}
-}
diff --git a/pkg/controller/realm/select.go b/pkg/controller/realm/select.go
deleted file mode 100644
index 5306ddd11..000000000
--- a/pkg/controller/realm/select.go
+++ /dev/null
@@ -1,70 +0,0 @@
-// Copyright 2020 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package realm
-
-import (
-	"net/http"
-
-	"github.com/google/exposure-notifications-verification-server/pkg/controller"
-)
-
-func (c *Controller) HandleSelect() http.Handler {
-	type FormData struct {
-		RealmID uint `form:"realm,required"`
-	}
-
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		ctx := r.Context()
-
-		session := controller.SessionFromContext(ctx)
-		if session == nil {
-			controller.MissingSession(w, r, c.h)
-			return
-		}
-		flash := controller.Flash(session)
-
-		user := controller.UserFromContext(ctx)
-		if user == nil {
-			controller.MissingUser(w, r, c.h)
-			return
-		}
-
-		var form FormData
-		if err := controller.BindForm(w, r, &form); err != nil {
-			flash.Error("Failed to process form: %v", err)
-			http.Redirect(w, r, "/realm", http.StatusSeeOther)
-			return
-		}
-
-		realm := user.GetRealm(form.RealmID)
-		if realm == nil {
-			flash.Error("Select a realm to continue.")
-			http.Redirect(w, r, "/realm", http.StatusSeeOther)
-			return
-		}
-
-		// Verify that the user has access to the realm.
-		if user.CanViewRealm(realm.ID) {
-			controller.StoreSessionRealm(session, realm)
-			flash.Alert("Successfully selected realm '%s'", realm.Name)
-			http.Redirect(w, r, "/home", http.StatusSeeOther)
-			return
-		}
-
-		// Not allowed to see the realm selected.
-		flash.Error("Invalid realm selection.")
-		http.Redirect(w, r, "/realm", http.StatusSeeOther)
-	})
-}