some fido2/webauthn keys can have a pin, and the client can request
a mode for the user verification.
'default' (no value set), lets the browser/device decide if the user has to
enter the pin of the device
'discouraged' requests that the user should not need to enter the pin
'preferred' requests that the user should need to enter the pin (if possible)
since we use webauthn only as a 2nd factor, having the user enter
the device pin on login may seem too much hassle for some users, so
give them the option
since this is a client option anyway, do not save it in the backend, but
in the browser local storage
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
This is wrong most of the time, when not loading the web interface
with valid credentials, and thus some checks or defaults did not
evaluated correctly when the underlying value was only set later.
Needs to be set on component creation only, this can be done through
initComponent, even listeners, view controllers or cbind closures.
Use the latter, as all affected components already use cbind.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Clarify that the password of the user one wants to add TFA too is
required, which is not necessarily the one of the current logged in
user. Use an empty text for that.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
the password field should not be indented differently than the rest of
the fields, and we never have a border on the panels
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Dominik Csapak
Thomas Lamprecht
Wolfgang Bumiller