Two-factor authentication

[sasetz]

The users need to be able to set up a two-factor authentication in order to better protect their accounts. For now, we can only implement the simplest TOTP (Google authenticator) method, so that we don't need to mess with phone numbers, emails and stuff Although, an email 2FA can be implemented as well, it is not as complicated

• [ ] Add new columns to the users table (secret, 2FA method = none, totp, email)
• [ ] Add the columns to the user model
• [ ] Write an authenticator provider
• [ ] Extend the authentication requests so it requires the user to enter a code
• [ ] Add a controller method to enable the 2FA

[IlliaPonomarov]

I suggest the first release firstly simple authorization and authentication, after we can decide about TF.

[sasetz]

I'm afraid this has to do with Spring Security, so I will have to pass this to you, @IlliaPonomarov, so I'm reassigning it to you. Here's a link that might be helpful: https://github.com/samdjstevens/java-totp/blob/master/totp-spring-boot-starter/README.md