Feature addition: Multi-Factor Authentication

[chesspro13]

Features added

• TOTP (Time-based One-Time Password) with recovery codes
• OAuth/OpenID sign on

To test TOTP:
You will need some sort of authentication app/extension prior to testing.

1. Go to "Options" -> "MFA"
2. Check the "Enable TOTP" checkbox
3. Click the "Generate TOTP Secret" button
4. Copy the generated secret to your authentication app/extension
5. Click the "Generate Recovery Codes" button
6. Copy the recovery codes. Recovery codes can only be used once in place of TOTP and will say the date/time they were used in zulu time on subsequent visits to this page.
7. Save the secret in .env under "TOTP_SECRET"
8. Restart trilium.
9. Logout or navigate to login page. You can now use the TOTP or recovery codes to login.

To test Oauth/OpenID
You will need to setup a authentication provider. I tested with Authentik, Google, and 0Auth. This requires a bit of extra setup. Linked here is how to test this with Google.

1. Setup Google or another provider. The key bits of information needed are

• Issuer URL (googles example is https://accounts.google.com/.well-known/openid-configuration
• Client ID
• Secret
  The redirect URL's needed are http://localhost:8080/ and http://localhost:8080/callback

2. Go to "Options" -> "MFA"
3. Check the "Enable Oauth/OpenID" checkbox
4. Click the "Login to Configured OAuth Service" button. It should redirect you to the authentication provider.
5. When you are redirected back, click the "Save User" button. It should show a toast with the user you logged in as for your provider.
6. You can now login and out with the service provider and should be able to login and logout without using your password.

[eliandoran]

@chesspro13 , why close the PR?

[chesspro13]

@eliandoran I had trouble making it merge with develop, so I started fresh on a new branch. PR #401 is the successor.