[skip ci][auth] add check2FACode

docs/scaffolding/auth.rst

@@ -358,11 +358,13 @@ Multi-factor authentication can be enabled conditionally, based on the pre-logge
 
 .. note::
 	It is possible to customize the creation of the generated code, as well as the prefix used.
+	The sample below is implemented with ``robthree/twofactorauth`` library.
 
 .. code-block:: php
    
    	protected function generate2FACode():string{
-   		return \substr(\md5(\uniqid(\rand(), true)), 6, 6);
+   		$tfa=new TwoFactorAuth();
+   		return $tfa->createSecret();
    	}
    	
    	protected function towFACodePrefix():string{

src/Ubiquity/controllers/auth/AuthControllerValidationTrait.php

@@ -112,7 +112,7 @@ public function submitCode(){
 		if(URequest::isPost() && USession::exists(self::$TWO_FA_KEY)){
 			$twoFAInfos=USession::get(self::$TWO_FA_KEY);
 			$expired=$twoFAInfos['expire']<new \DateTime();
-			if(!$expired && $twoFAInfos['code']===URequest::post('code')){
+			if(!$expired && $this->check2FACode($twoFAInfos['code'],URequest::post('code'))){
 				$this->onConnect(USession::get($this->_getUserSessionKey().'-2FA'));
 			}
 			else{
@@ -165,6 +165,16 @@ protected function prepareEmailValidation(string $email){
 	protected function validateEmail(string $mail):bool{
 		return true;
 	}
+
+	/**
+	 * To override for a more secure 2FA code.
+	 * @param string $secret
+	 * @param string $userInput
+	 * @return bool
+	 */
+	protected function check2FACode(string $secret,string $userInput):bool{
+		return $secret===$userInput;
+	}
 
 	/**
 	 * Route for email validation checking.

src/Ubiquity/controllers/auth/AuthControllerVariablesTrait.php

@@ -214,6 +214,7 @@ protected function has2FA($accountValue=null):bool{
 
 	/**
 	 * Generates a new random 2FA code.
+	 * You have to override this basic implementation.
 	 * @return string
 	 */
 	protected function generate2FACode():string{