Add totp2fEncryptSecret in manager (#2625)

lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm

@@ -31,7 +31,7 @@ use constant DEFAULTCONFBACKENDOPTIONS => (
 );
 our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|f(?:indUser(?:Exclud|Search)ingAttribute|acebookExportedVar)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|ScopeRule|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|heckUserHiddenHeader|ombModule)s)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
 our $arrayParameters = qr/^mySessionAuthorizedRWKeys$/;
-our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|t(?:ayConnected(?:BypassFG)?|orePassword)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Claims|JWT))|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration|OnlyDeclaredScopes)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|c(?:a(?:sS(?:rvMetaDataOptions(?:Gateway|Renew)|trictMatching)|ptcha_(?:register|login|mail)_enabled)|heck(?:DevOps(?:D(?:isplayNormalizedHeaders|ownload)|CheckSessionAttributes)?|State|User|XSS)|o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|rowdsec|da)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|E(?:rrorOn(?:ExpiredSession|MailNotFound)|nablePasswordDisplay)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxy(?:AuthServiceImpersonation|UseSoap))|l(?:dap(?:(?:G(?:roup(?:DecodeSearchedValu|Recursiv)|etUserBeforePasswordChang)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|n(?:o(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|ewLocationWarning)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|d(?:is(?:ablePersistentStorage|playSessionId)|biDynamicHashEnabled)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|to(?:tp2fUserCanRemoveKey|kenUseGlobalStorage)|g(?:roupsBeforeMacros|lobalLogoutTimer)|a(?:voidAssignment|ctiveTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs)|(?:wsdlServ|findUs)er)$/;
+our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|t(?:ayConnected(?:BypassFG)?|orePassword)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Claims|JWT))|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration|OnlyDeclaredScopes)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|c(?:a(?:sS(?:rvMetaDataOptions(?:Gateway|Renew)|trictMatching)|ptcha_(?:register|login|mail)_enabled)|heck(?:DevOps(?:D(?:isplayNormalizedHeaders|ownload)|CheckSessionAttributes)?|State|User|XSS)|o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|rowdsec|da)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|E(?:rrorOn(?:ExpiredSession|MailNotFound)|nablePasswordDisplay)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxy(?:AuthServiceImpersonation|UseSoap))|l(?:dap(?:(?:G(?:roup(?:DecodeSearchedValu|Recursiv)|etUserBeforePasswordChang)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|n(?:o(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|ewLocationWarning)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|d(?:is(?:ablePersistentStorage|playSessionId)|biDynamicHashEnabled)|to(?:tp2f(?:UserCanRemoveKey|EncryptSecret)|kenUseGlobalStorage)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|g(?:roupsBeforeMacros|lobalLogoutTimer)|a(?:voidAssignment|ctiveTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs)|(?:wsdlServ|findUs)er)$/;
 
 our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );
 

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm

@@ -4238,6 +4238,10 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
             'default' => 6,
             'type'    => 'int'
         },
+        'totp2fEncryptSecret' => {
+            'default' => 0,
+            'type'    => 'bool'
+        },
         'totp2fInterval' => {
             'default' => 30,
             'type'    => 'int'

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm

@@ -1956,6 +1956,11 @@ sub attributes {
             type          => 'int',
             documentation => 'TOTP device time to live ',
         },
+        totp2fEncryptSecret => {
+            type          => 'bool',
+            default       => 0,
+            documentation => 'Encrypt TOTP secrets in database',
+        },
 
         # UTOTP 2F
         utotp2fActivation => {

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm

@@ -906,6 +906,7 @@ sub tree {
                                 'totp2fInterval',
                                 'totp2fRange',
                                 'totp2fDigits',
+                                'totp2fEncryptSecret',
                                 'totp2fAuthnLevel',
                                 'totp2fLabel',
                                 'totp2fLogo',

lemonldap-ng-manager/site/htdocs/static/languages/ar.json

@@ -1133,6 +1133,7 @@
 "totp2fActivation":"تفعيل",
 "totp2fAuthnLevel":"مستوى إثبات الهوية",
 "totp2fDigits":"Number of digits",
+"totp2fEncryptSecret":"Encrypt TOTP secrets",
 "totp2fInterval":"Interval",
 "totp2fIssuer":"Issuer name",
 "totp2fLabel":"Label",

lemonldap-ng-manager/site/htdocs/static/languages/de.json

@@ -1133,6 +1133,7 @@
 "totp2fActivation":"Activation",
 "totp2fAuthnLevel":"Authentication level",
 "totp2fDigits":"Number of digits",
+"totp2fEncryptSecret":"Encrypt TOTP secrets",
 "totp2fInterval":"Interval",
 "totp2fIssuer":"Issuer name",
 "totp2fLabel":"Label",

lemonldap-ng-manager/site/htdocs/static/languages/en.json

@@ -1133,6 +1133,7 @@
 "totp2fActivation":"Activation",
 "totp2fAuthnLevel":"Authentication level",
 "totp2fDigits":"Number of digits",
+"totp2fEncryptSecret":"Encrypt TOTP secrets",
 "totp2fInterval":"Interval",
 "totp2fIssuer":"Issuer name",
 "totp2fLabel":"Label",

lemonldap-ng-manager/site/htdocs/static/languages/es.json

@@ -1133,6 +1133,7 @@
 "totp2fActivation":"Activación",
 "totp2fAuthnLevel":"Nivel de autentificación",
 "totp2fDigits":"Cantidad de dígitos",
+"totp2fEncryptSecret":"Encrypt TOTP secrets",
 "totp2fInterval":"Intervalo",
 "totp2fIssuer":"Issuer name",
 "totp2fLabel":"Etiqueta",

lemonldap-ng-manager/site/htdocs/static/languages/fr.json

@@ -1133,6 +1133,7 @@
 "totp2fActivation":"Activation",
 "totp2fAuthnLevel":"Niveau d'authentification",
 "totp2fDigits":"Nombre de chiffres",
+"totp2fEncryptSecret":"Chiffrer le secret TOTP",
 "totp2fInterval":"Intervalle",
 "totp2fIssuer":"Nom du fournisseur",
 "totp2fLabel":"Label",

lemonldap-ng-manager/site/htdocs/static/languages/it.json

@@ -1133,6 +1133,7 @@
 "totp2fActivation":"Attivazione",
 "totp2fAuthnLevel":"Livello di autenticazione",
 "totp2fDigits":"Numero di cifre",
+"totp2fEncryptSecret":"Encrypt TOTP secrets",
 "totp2fInterval":"Intervallo",
 "totp2fIssuer":"Issuer name",
 "totp2fLabel":"Label",

lemonldap-ng-manager/site/htdocs/static/languages/pl.json

@@ -1133,6 +1133,7 @@
 "totp2fActivation":"Aktywacja",
 "totp2fAuthnLevel":"Poziom uwierzytelnienia",
 "totp2fDigits":"Ilość cyfr",
+"totp2fEncryptSecret":"Encrypt TOTP secrets",
 "totp2fInterval":"Interwał",
 "totp2fIssuer":"Issuer name",
 "totp2fLabel":"Etykieta",

lemonldap-ng-manager/site/htdocs/static/languages/tr.json

@@ -1133,6 +1133,7 @@
 "totp2fActivation":"Aktivasyon",
 "totp2fAuthnLevel":"Doğrulama seviyesi",
 "totp2fDigits":"Rakam sayısı",
+"totp2fEncryptSecret":"Encrypt TOTP secrets",
 "totp2fInterval":"Süre aralığı",
 "totp2fIssuer":"Düzenleyici adı",
 "totp2fLabel":"Etiket",

lemonldap-ng-manager/site/htdocs/static/languages/vi.json

@@ -1133,6 +1133,7 @@
 "totp2fActivation":"Kích hoạt",
 "totp2fAuthnLevel":"Mức xác thực",
 "totp2fDigits":"Number of digits",
+"totp2fEncryptSecret":"Encrypt TOTP secrets",
 "totp2fInterval":"Interval",
 "totp2fIssuer":"Issuer name",
 "totp2fLabel":"Label",

lemonldap-ng-manager/site/htdocs/static/languages/zh.json

@@ -1133,6 +1133,7 @@
 "totp2fActivation":"激活",
 "totp2fAuthnLevel":"Authentication level",
 "totp2fDigits":"Number of digits",
+"totp2fEncryptSecret":"Encrypt TOTP secrets",
 "totp2fInterval":"Interval",
 "totp2fIssuer":"Issuer name",
 "totp2fLabel":"Label",

lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json

@@ -1133,6 +1133,7 @@
 "totp2fActivation":"啟用",
 "totp2fAuthnLevel":"驗證等級",
 "totp2fDigits":"位數",
+"totp2fEncryptSecret":"Encrypt TOTP secrets",
 "totp2fInterval":"間隔",
 "totp2fIssuer":"Issuer name",
 "totp2fLabel":"標籤",