Allow token based logins without 2fa for automated access

By default token auth accesses to the API are now always allowed without
2fa. If you need automated access to other endpoints (like a script

Allow token based logins without 2fa for automated access

By default token auth accesses to the API are now always allowed without
2fa. If you need automated access to other endpoints (like a script
provided by a plugin) an option enables that.

show more ...

allow to skip 2fa for trusted IP addresses

Add "useinternaluid" option

removed obsolete config and language

remove enable config

Plugins are enabled or disabled in the extension manager. No need to
duplicate it here. The feature was also broken because of strict type
checking.

* Added LogLog support to this module.
* Refactored workflow to eliminate redundant calls and provide cleaner logging.
* Rewrote the login function to (properly) use a cookie to survive a session pur

* Added LogLog support to this module.
* Refactored workflow to eliminate redundant calls and provide cleaner logging.
* Rewrote the login function to (properly) use a cookie to survive a session purge.
* The login cookie now has a server-side timeout setting.
* Added audit/debug logging. The audit logging will provide enough logging without LogLog to track user login activity. The debug logging will help me assist when others have problems.
* Removed trailing spaces.
* Added language internationalization for many options including email notification of successful login option.

show more ...

* Removed GetInfo from this module to fallback to base class method.
* Updated plugin.info.txt.
* Implemented a method-breaking change to _send_otp. The first argument is now the subject for the mes

* Removed GetInfo from this module to fallback to base class method.
* Updated plugin.info.txt.
* Implemented a method-breaking change to _send_otp. The first argument is now the subject for the message to be sent. This is used only if the transport supports it.
* Implemented login notification in _grant_clearance.
* Fixed session-loss fix so that when logging in via tokens (like with GA), the session id is properly recorded.
* Split out the message sending function of _send_otp into _send_message in action.php.
* Added new configuration options to the module to support the login notification and new message subject functionality.
* Rearranged the layout of the en/lang.php file.
* Removed the phone string from en/lang.php. This is being pushed back into the transport modules.
* Added setting translations for the new settings.
* Added per-item translations for the choice settings. This should further help with translations.

show more ...

* Check to see if session is closed before opening and closing the session for _logout and _grant_clearance functions.
* Updated the publication information in preparation for posting to the internet

* Check to see if session is closed before opening and closing the session for _logout and _grant_clearance functions.
* Updated the publication information in preparation for posting to the internet.
* Fixed admin page to purge child attribute files.
* Fixed failure to pass user to exist check in _settingsGet.
* Fixed logic flaw identifying the module used to send OTP, effectively breaking that.
* Removed die statement to enable otp passwords.
* Updated image for Twofactor Settings.
* Refactored code to have new actions for twofactor_login and twofactor_profile. It is a bit cleaner now.
* Restructured twofactor_before_auth_check to do a better job of handling OTP acceptance (or lack thereof).

show more ...

* Pulled out debugging code I forgot to remove before releasing.
* Forgot to publish some language updates for new settings I added with the SMS verification.

* Adding initial twofactor plugin files.

Signed-off-by: Michael Wilmes <mwilmes@wilminator.com>