Complete trusted browser implementation
The goal of this MR is to fix #2490 (closed) by implementing a $_trustedBrowser variable that can be used in 2FA activation rules
Once the trusted browser plugin is enabled:
- Users are always offered to trust their browser
- After login, if the user matches a given rule (can be based on _2f, authenticationLevel, groups, etc), browser fingerprint (TOTP) is collected and llngconnection cookie is set
- On next logins, if llngconnection is set and TOTP challenge works, the $_trustedBrowser variable is set
StayConnected (auto-login) is still implemented and works without changes, the "stayConnected" option has been renamed to "Authentication bypass" in the manager
Edited by Maxime Besson