🚜 feat(webauthn) Merge totp plugin in webauthn

It would be too complicated to split totp and webauthn as they would
 both need to rely on the recovery code and other 2FA specificities.

issue #6019

webauthn/config/webauthn/class_WebauthnConfig.inc

@@ -40,7 +40,7 @@ class webauthnConfig extends simplePlugin
     global $config;
 
     return [
-      'main' => [
+      'webauthn' => [
         'name'  => _('WebAuthn'),
         'attrs' => [
           new SetAttribute(
@@ -53,6 +53,26 @@ class webauthnConfig extends simplePlugin
           ),
         ]
       ],
+      'totp' => [
+        'name'  => _('TOTP'),
+        'attrs' => [
+          new SelectAttribute(
+            _('Digest'), _('Digest to use for TOTP tokens'),
+            'fdTotpDigest', TRUE,
+            hash_algos(), 'sha1'
+          ),
+          new IntAttribute(
+            _('Period'), _('Validity period for TOTP tokens'),
+            'fdTotpPeriod', TRUE,
+            1, FALSE, 30
+          ),
+          new IntAttribute(
+            _('Digits'), _('Number of digits for TOTP tokens'),
+            'fdTotpDigits', TRUE,
+            1, FALSE, 6
+          ),
+        ]
+      ],
     ];
   }
 }

webauthn/contrib/openldap/webauthn-fd-conf.schema

@@ -2,16 +2,36 @@
 ## webauthn-fd-conf.schema - Needed by Fusion Directory for managing webauthn plugin configuration backend
 ##
 
-attributetype ( 1.3.6.1.4.1.38414.74.1.1 NAME 'fdWebauthnFormats'
+attributetype ( 1.3.6.1.4.1.38414.74.10.1 NAME 'fdWebauthnFormats'
   DESC 'FusionDirectory - Allowed webauthn formats'
   EQUALITY caseExactMatch
   SUBSTR caseExactSubstringsMatch
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 
+attributetype ( 1.3.6.1.4.1.38414.74.11.1 NAME 'fdTotpDigest'
+  DESC 'FusionDirectory - Digest for TOTP tokens (default is sha1)'
+  EQUALITY caseExactMatch
+  SUBSTR caseExactSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.74.11.2 NAME 'fdTotpPeriod'
+  DESC 'FusionDirectory - Period in seconds for TOTP tokens (default is 30)'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.74.11.3 NAME 'fdTotpDigits'
+  DESC 'FusionDirectory - Number of digits for TOTP tokens (default is 6)'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE)
+
 objectclass ( 1.3.6.1.4.1.38414.74.2.1 NAME 'fdWebauthnPluginConf'
   DESC 'FusionDirectory webauthn plugin configuration'
   SUP top AUXILIARY
   MUST ( cn )
   MAY (
-    fdWebauthnFormats
+    fdWebauthnFormats $
+    fdTotpDigest $ fdTotpPeriod $ fdTotpDigits
   ) )

webauthn/contrib/openldap/webauthn-fd.schema

@@ -9,7 +9,13 @@ attributetype ( 1.3.6.1.4.1.38414.73.1.1 NAME 'fdWebauthnRegistrations'
   SUBSTR caseIgnoreSubstringsMatch
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
 
+attributetype ( 1.3.6.1.4.1.38414.73.1.2 NAME 'fdTOTPTokens'
+  DESC 'FusionDirectory - TOTP registrations stored as date|uri'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
 # Objectclasses
 objectclass (1.3.6.1.4.1.38414.73.2.1 NAME 'fdWebauthnAccount' SUP top AUXILIARY
   DESC 'FusionDirectory - User WebAuthn tab'
-  MUST ( fdWebauthnRegistrations ) )
+  MAY ( fdWebauthnRegistrations $ fdTOTPTokens ) )

webauthn/personal/webauthn/class_webauthnAccount.inc

@@ -48,7 +48,17 @@ class webauthnAccount extends simplePlugin
         'attrs' => [
           new WebauthnRegistrationsAttribute(
             _('Registrations'), _('Registrations for this user'),
-            'fdWebauthnRegistrations', TRUE
+            'fdWebauthnRegistrations'
+          )
+        ]
+      ],
+      'totp' => [
+        'name'  => _('TOTP'),
+        'class' => ['fullwidth'],
+        'attrs' => [
+          new TOTPRegistrationsAttribute(
+            _('Codes'), _('TOTP codes for this user'),
+            'fdTOTPTokens'
           )
         ]
       ]