Implement optional quick login functionality with a Pin

[ywarnecke]

Currently users always have to re-login with their (hopefully long and complicated) passwords, everytime they want to start a new survey. This hinders the productivity in a clinical environment.

However, since MoPat can have direct access to patient information it is not a possible to disable security entirely.

Instead, we want to implement an optional feature to enable a quick re-login for already authorized uses with a pin. So after a patient has completed their survey, only the pin has to be re-entered to start a new survey.

[ywarnecke]

The currently planned workflow now looks like this:

• It is possible to define and activate the pin during registration and in the user settings
• Pin is encrypted with the same salt and pepper as the passwords in the DB
• Pin must not contain consecutive numbers (123456) or only identical numbers (000000)
• The flag that requests should be redirected to the pin login is set after the start of a questionnaire. The session is then no longer invalidated, as before
• Subsequently, all authorized requests are redirected to the pin login, so there is no way around it
• Entering the pin deactivates the filter again
• Spring sessions have been increased to 24 hours
  • This needs some rethinking in order to prevent session misuse
• A cron job deletes all flags for the pin and all sessions at midnight
• After 3 failed login attempts, the pin flag is deleted and the session is invalidated
• A global flag in the settings can disable pin auth in general, in case it should not be used

[ywarnecke]

Added additional security mechanism: A cron job runs every 5 minutes and checks, if a session is inactive for 25 minutes. If that is the case, the session will be processed in two ways:

• If pin auth for a user is active, it will add the flag to the db, causing the filter to be active for the user
• If pin auth is disabled, the session will instead be invalidated, requiring to re-login.