protect password reset with 2fa

This needed some internal changes, because now 2fa data needs to be
checked for a user that is not logged in. Providers may need adjustments
if they access user data.

protect password reset with 2fa

This needed some internal changes, because now 2fa data needs to be
checked for a user that is not logged in. Providers may need adjustments
if they access user data. They should use the getUserData() method of
the abstract Provider class to do so.

show more ...

do not access attribute plugin directly

We always want to use the Settings class to be able to replace the
attribute plugin in the future.

handle user default providers

basic profile managment refactoring

We now use standard OTP passwords for all providers by default.