Rename Yubikey 2FA type to Yubico OTP to avoid confusion

doc/sources/admin/authyubikey.rst

@@ -5,4 +5,4 @@ Yubikey
 .. attention::
 
     This module has been replaced by
-    :doc:`Yubikey Second Factor<yubikey2f>`\
+    :doc:`Yubico OTP Second Factor<yubikey2f>`\

doc/sources/admin/cli_examples.rst

@@ -608,7 +608,7 @@ List second factors of a user ::
 
    lemonldap-ng-sessions secondfactors get dwho
 
-Deregister Yubikey of a user ::
+Deregister Yubico OTP for a user ::
 
    lemonldap-ng-sessions secondfactors delType dwho UBK
 

doc/sources/admin/extendedfunctions.rst

@@ -260,11 +260,12 @@ has2f
 
 .. versionadded:: 2.0.10
 
-This function tests if the current user has registered a second factor. The following types are supported:
+This function tests if the current user has registered a second factor. The following types are supported out of the box:
 
 * :doc:`TOTP<totp2f>`
 * :doc:`U2F<u2f>`
 * :doc:`UBK<yubikey2f>`
+* :doc:`WebAuthn<webauthn2f>`
 
 Example::
 
@@ -457,4 +458,4 @@ Simple usage example:
 
 ::
 
-   unicode2isoSafe($name)
+   unicode2isoSafe($name)

doc/sources/admin/parameterlist.rst

@@ -657,17 +657,17 @@ webauthnDisplayNameAttr                                 Session attribute contai
 webauthnRpName                                          WebAuthn Relying Party display name                                                  ✔
 whatToTrace                                             Session parameter used to fill REMOTE_USER                                           ✔      ✔
 wsdlServer                                              Enable /portal.wsdl server                                                           ✔
-yubikey2fActivation                                     Yubikey second factor activation                                                     ✔
-yubikey2fAuthnLevel                                     Authentication level for users authentified by Yubikey second factor                 ✔
+yubikey2fActivation                                     Yubico OTP second factor activation                                                  ✔
+yubikey2fAuthnLevel                                     Authentication level for users authentified by Yubico OTP second factor              ✔
 yubikey2fClientID                                       Yubico client ID                                                                     ✔
-yubikey2fFromSessionAttribute                           Provision yubikey from the given session variable                                    ✔
-yubikey2fLabel                                          Portal label for Yubikey second factor                                               ✔
-yubikey2fLogo                                           Custom logo for Yubikey 2F                                                           ✔
+yubikey2fFromSessionAttribute                           Provision Yubico OTP ID from the given session variable                              ✔
+yubikey2fLabel                                          Portal label for Yubico OTP second factor                                            ✔
+yubikey2fLogo                                           Custom logo for Yubico OTP 2F                                                        ✔
 yubikey2fNonce                                          Yubico nonce                                                                         ✔
-yubikey2fPublicIDSize                                   Yubikey public ID size                                                               ✔
+yubikey2fPublicIDSize                                   Yubico public ID size                                                                ✔
 yubikey2fSecretKey                                      Yubico secret key                                                                    ✔
-yubikey2fSelfRegistration                               Yubikey self registration activation                                                 ✔
-yubikey2fTTL                                            Yubikey device time to live                                                          ✔
+yubikey2fSelfRegistration                               Yubico self registration activation                                                  ✔
+yubikey2fTTL                                            Yubico device time to live                                                           ✔
 yubikey2fUrl                                            Yubico server                                                                        ✔
 yubikey2fUserCanRemoveKey                               Authorize users to remove existing Yubikey                                           ✔
 zimbraAccountKey                                        Zimbra account session key                                                                  ✔               ✔

doc/sources/admin/secondfactor.rst

@@ -103,30 +103,30 @@ Providing tokens from an external source
 ----------------------------------------
 
 If you do not want to use self-registration features for U2F, TOTP and so
-on, you can set tokens by yourself *(in your LDAP server for example)*
+on, you can set devices by yourself *(in your LDAP server for example)*
 and map it to ``_2fDevices`` attribute. ``_2fDevices`` is a JSON array
-that contains token descriptions :
+that contains device descriptions :
 
 .. code::
 
-   [ {"type" : "TOTP", "name" : "MyTOTP", …}, {<other_token>}, …]
+   [ {"type" : "TOTP", "name" : "MyTOTP", …}, {<other_device>}, …]
 
-U2F Tokens
+U2F Device
 ~~~~~~~~~~
 
 .. code-block:: json
 
    {"name" : "MyU2FKey" , "type" : "U2F" , "_userKey" : "########" , "_keyHandle":"########" , "epoch":"1524078936"}
 
-TOTP Tokens
+TOTP Device
 ~~~~~~~~~~~
 
 .. code-block:: json
 
    {"name" : "MyTOTP" , "type" : "TOTP" , "_secret" : "########" , "epoch" : "1523817955"}
 
-Yubikey Tokens
-~~~~~~~~~~~~~~
+Yubico OTP Device
+~~~~~~~~~~~~~~~~~
 
 .. code-block:: json
 

doc/sources/admin/start.rst

@@ -157,7 +157,7 @@ Official Backends                                                    Authenticat
 :doc:`SSL<authssl>`                                                  ✔
 :doc:`Twitter<authtwitter>`                                          ✔
 :doc:`WebID<authwebid>`                                              ✔                                               ✔
-:doc:`Yubikey<authyubikey>` |deprecated|                             *Replaced by* :doc:`yubikey2f`
+:doc:`Yubico OTP<authyubikey>` |deprecated|                          *Replaced by* :doc:`yubikey2f`
 :doc:`Custom modules<authcustom>` |new|                              ✔                                               ✔        ✔
 ==================================================================== =============================================== ======== ========
 
@@ -182,7 +182,7 @@ Second factor (:doc:`documentation<secondfactor>`)                   Authenticat
 :doc:`TOTP<totp2f>` *(Google Authenticator,...)* |new|               ✔              ✔
 :doc:`WebAuthn<webauthn2f>` |new|                                    ✔              ✔
 :doc:`E-mail Second Factor<mail2f>` |new|                            ✔
-:doc:`Yubikey<yubikey2f>` |new|                                      ✔              ✔
+:doc:`Yubico OTP<yubikey2f>` |new|                                   ✔              ✔
 :doc:`External Second Factor<external2f>` *(OTP, SMS,...)* |new|     ✔
 :doc:`REST Second Factor<rest2f>` |new|                              ✔
 :doc:`Radius Second Factor<radius2f>` |new|  [3]_                    ✔

doc/sources/admin/writingrulesand_headers.rst

@@ -119,12 +119,11 @@ level depends on authentication backend used by this user. Default
 values are:
 
 -  0 for :doc:`Null<authnull>`
--  1 for :doc:`CAS<authcas>`, :doc:`old OpenID-2<authopenid>`,
+-  1 for :doc:`CAS<authcas>`, :doc:`OpenID Connect<authopenidconnect>`,
    :doc:`Facebook<authfacebook>`,…
 -  2 for web-form based authentication (:doc:`LDAP<authldap>`,
    :doc:`DBI<authdbi>`,…)
--  3 for :doc:`Yubikey<authyubikey>`
--  4 for :doc:`Kerberos<authapache>`
+-  3 for :doc:`Kerberos<authkerberos>`
 -  5 for :doc:`SSL<authssl>`
 
 There are three ways to impose users a higher authentication level:

doc/sources/admin/yubikey2f.rst

@@ -1,9 +1,13 @@
-Yubikey Second Factor
-=====================
+Yubico OTP Second Factor
+========================
 
-A `Yubikey <http://www.yubico.com/yubikey>`__ is a small material token
-manufactured by `Yubico <http://www.yubico.com>`__. It sends an OTP,
-which is validated via Yubico server.
+Yubico OTP is a type of One-Time-Password authentication based on a
+keyboard-emulating hardware device (Yubikey). OTPs are validated against an
+external server, either on the cloud or on premices.
+
+|deprecated| Almost all Yubikeys sold by Yubico now support :doc:`FIDO2 <webauthn2f>`.
+You are encouraged to use this type of second factor instead, since it is
+compatible with a much broader range of devices, and also more secure.
 
 Prerequisites and dependencies
 ------------------------------
@@ -50,9 +54,9 @@ In the manager (second factors), you just have to enable it:
 
     If you want to use a custom rule for "activation" and
     want to keep self-registration, you must include this in your rule:
-    ``$_2fDevices =~ /"type":\s*"UBK"/s``, else Yubikey will be required
-    even if users are not registered. This is automatically done when
-    "activation" is simply set to "on".
+    ``has2f('UBK')``, else Yubico OTP will be required even if users are not
+    registered. This is automatically done when "activation" is simply set to
+    "on".
 
 Provisioning
 ------------
@@ -71,3 +75,5 @@ Enrollment
 
 If you have enabled self registration, users can register their U2F keys
 using https://portal/2fregisters
+
+.. |deprecated| image:: /documentation/deprecated.png

lemonldap-ng-manager/site/htdocs/static/languages/ar.json

@@ -896,8 +896,8 @@
 "requireToken":"يتطلب توكن للإستمارة",
 "rest2f":"REST second factor",
 "rest2fActivation":"تفعيل",
-"rest2fCodeActivation":"Code regex",
 "rest2fAuthnLevel":"مستوى إثبات الهوية",
+"rest2fCodeActivation":"Code regex",
 "rest2fInitArgs":"Init arguments",
 "rest2fInitUrl":"Init URL",
 "rest2fLabel":"Label",
@@ -1248,7 +1248,7 @@
 "whatToTrace":"المستخدم_البعيد",
 "whiteList":"القائمة البيضاء",
 "wsdlServer":"WSDL server",
-"yubikey2f":"Yubikey",
+"yubikey2f":"Yubico OTP",
 "yubikey2fActivation":"تفعيل",
 "yubikey2fAuthnLevel":"مستوى إثبات الهوية",
 "yubikey2fClientID":"API  العميل ID",
@@ -1263,4 +1263,4 @@
 "yubikey2fUrl":"خدمة أل يو أر ل",
 "yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey",
 "zeroConfExplanations":"لا يحتوي الخادم على إعدادات. استخدام قالب لحفظ الأول"
-}
+}

lemonldap-ng-manager/site/htdocs/static/languages/en.json

@@ -896,8 +896,8 @@
 "requireToken":"Require token for forms",
 "rest2f":"REST second factor",
 "rest2fActivation":"Activation",
-"rest2fCodeActivation":"Code regex",
 "rest2fAuthnLevel":"Authentication level",
+"rest2fCodeActivation":"Code regex",
 "rest2fInitArgs":"Init arguments",
 "rest2fInitUrl":"Init URL",
 "rest2fLabel":"Label",
@@ -1248,7 +1248,7 @@
 "whatToTrace":"REMOTE_USER",
 "whiteList":"White list",
 "wsdlServer":"WSDL server",
-"yubikey2f":"Yubikey",
+"yubikey2f":"Yubico OTP",
 "yubikey2fActivation":"Activation",
 "yubikey2fAuthnLevel":"Authentication level",
 "yubikey2fClientID":"API client ID",

lemonldap-ng-manager/site/htdocs/static/languages/es.json

@@ -896,8 +896,8 @@
 "requireToken":"Require token for forms",
 "rest2f":"Previo",
 "rest2fActivation":"Activación",
-"rest2fCodeActivation":"Regex",
 "rest2fAuthnLevel":"Nivel de autentificación",
+"rest2fCodeActivation":"Regex",
 "rest2fInitArgs":"Argumentos de inicio",
 "rest2fInitUrl":"URL de inicio",
 "rest2fLabel":"Etiqueta",
@@ -1248,7 +1248,7 @@
 "whatToTrace":"REMOTE_USER",
 "whiteList":"White list",
 "wsdlServer":"WSDL server",
-"yubikey2f":"Yubikey",
+"yubikey2f":"Yubico OTP",
 "yubikey2fActivation":"Activación",
 "yubikey2fAuthnLevel":"Nivel de autentificación",
 "yubikey2fClientID":"API client ID",
@@ -1263,4 +1263,4 @@
 "yubikey2fUrl":"URL de servicio",
 "yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey",
 "zeroConfExplanations":"Server has no configuration. Use template to save the first."
-}
+}

lemonldap-ng-manager/site/htdocs/static/languages/fr.json

@@ -896,8 +896,8 @@
 "requireToken":"Exiger un jeton pour les formulaires",
 "rest2f":"Second facteur REST",
 "rest2fActivation":"Activation",
-"rest2fCodeActivation":"Expression régulière pour la génération du code",
 "rest2fAuthnLevel":"Niveau d'authentification",
+"rest2fCodeActivation":"Expression régulière pour la génération du code",
 "rest2fInitArgs":"Arguments d'initialisation",
 "rest2fInitUrl":"URL d'initialisation",
 "rest2fLabel":"Label",
@@ -1133,8 +1133,8 @@
 "stayConnectedCookieName":"Nom du cookie",
 "stayConnectedTimeout":"Durée de validité",
 "storePassword":"Stocke le mot de passe de l'utilisateur en session",
-"string":"Chaîne",
 "strictTransportSecurityMax_Age":"Age maximum Strict-Transport-Security",
+"string":"Chaîne",
 "subtitle":"Sous-titre",
 "successLoginNumber":"Nombre de connexions mémorisées",
 "successfullySaved":"Sauvegarde effectuée",
@@ -1248,7 +1248,7 @@
 "whatToTrace":"REMOTE_USER",
 "whiteList":"Liste blanche",
 "wsdlServer":"Serveur WSDL",
-"yubikey2f":"Yubikey",
+"yubikey2f":"Yubico OTP",
 "yubikey2fActivation":"Activation",
 "yubikey2fAuthnLevel":"Niveau d'authentification",
 "yubikey2fClientID":"Identifiant client de l'API",

lemonldap-ng-manager/site/htdocs/static/languages/he.json

@@ -896,8 +896,8 @@
 "requireToken":"דרישת אסימון לטפסים",
 "rest2f":"אימות דו־שלבי ב־REST",
 "rest2fActivation":"הפעלה",
-"rest2fCodeActivation":"Code regex",
 "rest2fAuthnLevel":"דרגת אימות",
+"rest2fCodeActivation":"Code regex",
 "rest2fInitArgs":"Init arguments",
 "rest2fInitUrl":"כתובת אתחול",
 "rest2fLabel":"תווית",
@@ -1248,7 +1248,7 @@
 "whatToTrace":"REMOTE_USER",
 "whiteList":"רשימת היתר",
 "wsdlServer":"שרת WSDL",
-"yubikey2f":"Yubikey",
+"yubikey2f":"Yubico OTP",
 "yubikey2fActivation":"הפעלה",
 "yubikey2fAuthnLevel":"דרגת אימות",
 "yubikey2fClientID":"API client ID",
@@ -1263,4 +1263,4 @@
 "yubikey2fUrl":"כתובת שירות",
 "yubikey2fUserCanRemoveKey":"לאפשר למשתמש להסיר Yubikey",
 "zeroConfExplanations":"Server has no configuration. Use template to save the first."
-}
+}

lemonldap-ng-manager/site/htdocs/static/languages/it.json

@@ -896,8 +896,8 @@
 "requireToken":"Richiede il token per i moduli",
 "rest2f":"REST secondo fattore",
 "rest2fActivation":"Attivazione",
-"rest2fCodeActivation":"Codice regex",
 "rest2fAuthnLevel":"Livello di autenticazione",
+"rest2fCodeActivation":"Codice regex",
 "rest2fInitArgs":"Argomenti di init",
 "rest2fInitUrl":"URL iniziale",
 "rest2fLabel":"Label",
@@ -1248,7 +1248,7 @@
 "whatToTrace":"\nREMOTE_USER",
 "whiteList":"Lista bianca",
 "wsdlServer":"Server WSDL",
-"yubikey2f":"Yubikey",
+"yubikey2f":"Yubico OTP",
 "yubikey2fActivation":"Attivazione",
 "yubikey2fAuthnLevel":"Livello di autenticazione",
 "yubikey2fClientID":"ID client API",
@@ -1263,4 +1263,4 @@
 "yubikey2fUrl":"URL del servizio",
 "yubikey2fUserCanRemoveKey":"Autorizza l'utente a rimuovere la Yubikey",
 "zeroConfExplanations":"Il server non ha alcuna configurazione. Utilizza il modello per salvare il primo."
-}
+}

lemonldap-ng-manager/site/htdocs/static/languages/pl.json

@@ -896,8 +896,8 @@
 "requireToken":"Wymagaj tokena do formularzy",
 "rest2f":"Drugi czynnik REST",
 "rest2fActivation":"Aktywacja",
-"rest2fCodeActivation":"Wyrażenie regularne kodu",
 "rest2fAuthnLevel":"Poziom uwierzytelnienia",
+"rest2fCodeActivation":"Wyrażenie regularne kodu",
 "rest2fInitArgs":"Początkowe argumenty",
 "rest2fInitUrl":"Początkowy adres URL",
 "rest2fLabel":"Etykieta",
@@ -1248,7 +1248,7 @@
 "whatToTrace":"REMOTE_USER",
 "whiteList":"Biała lista",
 "wsdlServer":"Serwer WSDL",
-"yubikey2f":"Yubikey",
+"yubikey2f":"Yubico OTP",
 "yubikey2fActivation":"Aktywacja",
 "yubikey2fAuthnLevel":"Poziom uwierzytelnienia",
 "yubikey2fClientID":"Identyfikator klienta API",
@@ -1263,4 +1263,4 @@
 "yubikey2fUrl":"URL usługi",
 "yubikey2fUserCanRemoveKey":"Pozwól użytkownikowi usunąć Yubikey",
 "zeroConfExplanations":"Serwer nie ma konfiguracji. Użyj szablonu, aby zapisać pierwszy."
-}
+}

lemonldap-ng-manager/site/htdocs/static/languages/tr.json

@@ -896,8 +896,8 @@
 "requireToken":"Formlar için jeton gerekir",
 "rest2f":"REST ile ikinci faktör",
 "rest2fActivation":"Aktivasyon",
-"rest2fCodeActivation":"Düzenli ifade kodla",
 "rest2fAuthnLevel":"Doğrulama seviyesi",
+"rest2fCodeActivation":"Düzenli ifade kodla",
 "rest2fInitArgs":"Başlangıç argümanları",
 "rest2fInitUrl":"Başlangıç URL",
 "rest2fLabel":"Etiket",
@@ -1248,7 +1248,7 @@
 "whatToTrace":"REMOTE_USER",
 "whiteList":"Beyaz liste",
 "wsdlServer":"WSDL sunucusu",
-"yubikey2f":"Yubikey",
+"yubikey2f":"Yubico OTP",
 "yubikey2fActivation":"Aktivasyon",
 "yubikey2fAuthnLevel":"Doğrulama seviyesi",
 "yubikey2fClientID":"API istemci ID",
@@ -1263,4 +1263,4 @@
 "yubikey2fUrl":"Servis URL'si",
 "yubikey2fUserCanRemoveKey":"Yubikey'i kaldırmak için kullanıcıya izin ver",
 "zeroConfExplanations":"Sunucunun yapılandırması yok. Şimdi bir tane kaydetmek için şablonu kullanın."
-}
+}

lemonldap-ng-manager/site/htdocs/static/languages/vi.json

@@ -896,8 +896,8 @@
 "requireToken":"Yêu cầu token cho các biểu mẫu",
 "rest2f":"REST second factor",
 "rest2fActivation":"Kích hoạt",
-"rest2fCodeActivation":"Code regex",
 "rest2fAuthnLevel":"Mức xác thực",
+"rest2fCodeActivation":"Code regex",
 "rest2fInitArgs":"Init arguments",
 "rest2fInitUrl":"Init URL",
 "rest2fLabel":"Label",
@@ -1248,7 +1248,7 @@
 "whatToTrace":"REMOTE_USER",
 "whiteList":"Danh sách trắng",
 "wsdlServer":"Địa chỉ WSDL",
-"yubikey2f":"Yubikey",
+"yubikey2f":"Yubico OTP",
 "yubikey2fActivation":"Kích hoạt",
 "yubikey2fAuthnLevel":"Mức xác thực",
 "yubikey2fClientID":"ID ứng dụng khách API",
@@ -1263,4 +1263,4 @@
 "yubikey2fUrl":"Dịch vụ URL",
 "yubikey2fUserCanRemoveKey":"Allow user to remove Yubikey",
 "zeroConfExplanations":"Máy chủ không có cấu hình. Sử dụng mẫu để lưu đầu tiên. "
-}
+}

lemonldap-ng-manager/site/htdocs/static/languages/zh.json

@@ -896,8 +896,8 @@
 "requireToken":"需要表單權杖",
 "rest2f":"REST 第二因素",
 "rest2fActivation":"激活",
-"rest2fCodeActivation":"代碼正規表示式",
 "rest2fAuthnLevel":"认证等级",
+"rest2fCodeActivation":"代碼正規表示式",
 "rest2fInitArgs":"初始化參數",
 "rest2fInitUrl":"初始化 URL",
 "rest2fLabel":"標籤",
@@ -1248,7 +1248,7 @@
 "whatToTrace":"REMOTE_USER",
 "whiteList":"白名單",
 "wsdlServer":"WSDL 服务器",
-"yubikey2f":"Yubikey",
+"yubikey2f":"Yubico OTP",
 "yubikey2fActivation":"激活",
 "yubikey2fAuthnLevel":"认证等级",
 "yubikey2fClientID":"API 客戶端 ID",
@@ -1263,4 +1263,4 @@
 "yubikey2fUrl":"服务 URL",
 "yubikey2fUserCanRemoveKey":"允許使用者移除 Yubikey",
 "zeroConfExplanations":"伺服器未設定。使用飯本來儲存第一個。"
-}
+}

lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json

@@ -896,8 +896,8 @@
 "requireToken":"需要表單權杖",
 "rest2f":"REST 第二因素",
 "rest2fActivation":"啟用",
-"rest2fCodeActivation":"代碼正規表示式",
 "rest2fAuthnLevel":"驗證等級",
+"rest2fCodeActivation":"代碼正規表示式",
 "rest2fInitArgs":"初始化參數",
 "rest2fInitUrl":"初始化 URL",
 "rest2fLabel":"標籤",
@@ -1248,7 +1248,7 @@
 "whatToTrace":"REMOTE_USER",
 "whiteList":"白名單",
 "wsdlServer":"WSDL 伺服器",
-"yubikey2f":"Yubikey",
+"yubikey2f":"Yubico OTP",
 "yubikey2fActivation":"啟用",
 "yubikey2fAuthnLevel":"驗證等級",
 "yubikey2fClientID":"API 客戶端 ID",
@@ -1263,4 +1263,4 @@
 "yubikey2fUrl":"服務 URL",
 "yubikey2fUserCanRemoveKey":"允許使用者移除 Yubikey",
 "zeroConfExplanations":"伺服器未設定。使用飯本來儲存第一個。"
-}
+}

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Yubikey.pm

@@ -1,7 +1,7 @@
-# Yubikey second factor authentication
+# Yubico OTP second factor authentication
 #
 # This plugin handle authentications to ask Yubikey second factor for users that
-# have registered their Yubikey
+# have registered their Yubikey using legacy OTP mode
 package Lemonldap::NG::Portal::2F::Yubikey;
 
 use strict;