Add 2FA authentication via scheb/2fa

[alexander-schranz]

Q	A
Bug fix?	no
New feature?	yes
BC breaks?	no
Deprecations?	no
Fixed tickets	fixes #3482
Related issues/PRs	-
License	MIT
Documentation PR	sulu/sulu-docs#720

What's in this PR?

Add 2fa authentication via scheb/2fa.

Why?

Supporting two factor authentication.

Example Usage

composer require scheb/2fa-bundle
composer require scheb/2fa-email
# additional recommended
composer require scheb/2fa-trusted-devices
composer require scheb/2fa-backup-codes
# alternative
composer require scheb/2fa-google-authenticator
composer require scheb/2fa-totp

To Do

• Create a documentation PR
• Add breaking changes to UPGRADE.md
• User Entity
  • 2FA Type Method
  • 2FA Options
• Api Implementation https://symfony.com/bundles/SchebTwoFactorBundle/current/api.html
• Open Questions
  • check 2FA and multiple Firewalls
  • 2FA enabled only on website
  • 2FA enabled only on admin
  • Backup Codes should never be outputted by the API
    • As discussed all twoFactorOptions should be encrypted / decrypt need to be lazy as it should not effect performance as user is loaded every request. canceled
• Frontend Implementation
  • Profile
    • Type Selection
    • QR Code (totp, google authenticator)
  • Login
    • Email
    • Totp
    • Google Authenticator
    • Backup Codes
    • Trusted Devices
    • Error Handling
• Translation "Back to Login" / "Zurück zum Login" (auch für Passwort vergessen)
• Translation "Verifizieren"
• Smaller Checkbox text

[matthieu2607]

@alexander-schranz, nice feature ;)

[alexander-schranz]

@matthieu2607 Thx it does look good that we will get this into Sulu 2.5. Already preparing the frontend for 2fa codes:

Emails already send with the code, but need to implement the success handlers and check endpoints. Maybe will get a running prototype next week.