This PR encompasses the changes required to enforce 2fa for all users. It allows for users to reset their 2fa secret while logged in, and this same mechanism allows admins to reset the 2fa secret for a non-admin user (for example, if the user was to lose access to their Authenticator app).
Major changes:
Login page now submits via ajax, allowing for 2 step login flow (username/password validation, then 2fa code submission). This means the user is not logged in fully until all checks have passed.
New settings page for testing/resetting 2fa codes
New db table for 2fa information, linked to user table
New paster command for resetting a user's 2fa secret (useful for login flow in automated testing scenarios, but also as a backup for sysadmins to reset a users secret from the commandline)
This PR encompasses the changes required to enforce 2fa for all users. It allows for users to reset their 2fa secret while logged in, and this same mechanism allows admins to reset the 2fa secret for a non-admin user (for example, if the user was to lose access to their Authenticator app).
Major changes: