Add two factor authentication

[dissidente]

Replaced speakeasy library by otpauth for 2FA

[marado]

Hi there,

I did rebase this PR, squash its commits and refactor around a little bit. Since this is taking me longer than I wanted to, I've uploaded what I've got on the 2fa branch*, but the work in there is still incomplete: in particular:

• both 2fa token and backup code are being saved in the database in plain text, when we could and should be saving just an hash of them (same as what we do for passwords).
• There's a typo somewhere, "soft woken" instead of "soft token" ;-)

Anyway, if you want to take care of those two things on top of the 2fa branch, that would be great.

• https://github.com/marado/TalkerNode/tree/2fa

[dissidente]

Hi @marado

Regarding the backup code I actually thought about that while I was pushing, and considered leaving to a later stage, but this time is as good as any later one =) I will change the code to store the hash instead of the code, as the backup code doesn't need to be retrieved at any time after it has been generated.

However, the secret key does need to be retrieved for the token verification process, making hashing out of the question. I would approach this generating an uid or talker password stored in the talker.db to symmetrically encrypt/decrypt the 2FA secret key (and any other relevant information we might consider worth the process). I would prefer something unique to the environment instead of the installation, but this will facilitate disaster recovery and service migration to another machine. An alternative could be to use a file as a key for the encryption/decryption process (which could be local or retrieved from an url; the hash of the file would be used as a key).

[dissidente]

Encryption key could also come from environment variable