feat: add support for migrating totp

[Jonbeckas]

This PR adds the support for a totps attribute in LegacyUser, that allows to migrate multiple Totp devices, that have a base32 encoded secret and are based on SHA1

[daniel-frak]

Hi! Sorry it's taking me so long to look at this one. I'll try to take a closer look around this weekend.

In the meantime, could you document how this TOTP migration works in the README.md, if any additional configuration is required etc.?

[Jonbeckas]

Sorry, I just read your message. Let me now if you need more documentation.

[daniel-frak]

...And so the weekend came and went. Sorry for the delay, again.

Could you add the information you provided in the PR description to the README.md:

• that this plugin supports migration of multiple Totp devices
• that the devices must have a base32 encoded secret and be based on SHA1

It could even be get its own subheader for TOTP migration. I'm not well-versed in TOTP, but I assume both of these are important.

I'll merge this MR regardless, but, if you have some time, it would be cool if you could reformat the code, as there's currently no auto-formatter configured for this project. Some examples:

• double line breaks in this file
• no line breaks between methods
• no line breaks after class declarations
• private final properties not kept together

Last, but not least, a suggestion. This line of code makes me think that the "devices must have a base32 encoded secret and be based on SHA1" requirement could be removed by making the otpModel configurable via the UI:

https://github.com/daniel-frak/keycloak-user-migration/pull/197/files#diff-9ec471ee9ea5062b096c9f6cfd6213c56bd97761d2f51d18504c04399764892aR99

I understand if you don't feel like doing it, but at least for future reference, am I correct in that assumption?

[Jonbeckas]

Thank you.
Based on the Keycloak code it should be possible to use "HmacSha1", "HmacSHA256", "HmacSHA512" based totp, with a secret either encoded in BASE32 or UTF-8, with any number of return digets and any period.
I don't know if it is better to configure the type of totp algorithm in the config or dynamicly within the dto from the legacy system.
What do you think?

[daniel-frak]

Good question!
Now that I think about it, it might be more flexible to allow TOTP configuration from the legacy system, as that way it could be done per-user (should there be a need like that).

Would you like to do it as part of this MR, or should I merge this in?

[Jonbeckas]

I added the configurability now. If your fine with it and the documentation you could merge it.

[daniel-frak]

Some of the properties are missing here.

[daniel-frak]

Using backticks for the properties would increase readability. E.g.,:

"name should be the name of the totp device (...)".

[daniel-frak]

Double newline

[daniel-frak]

Grammar nitpick: the utf8 bytes →UTF-8 bytes (removed the, uppercased and kebab-cased UTF-8).
Ditto about the utf8 bytes below.

[daniel-frak]

I'm not sure if I understand it correctly, but wouldn't UTF-8 plaintext be easier to understand than UTF-8 bytes?

[daniel-frak]

Great! I added a few nitpicks (mostly about documentation) and I see that Sonar found something, as well.

After that's addressed, I'll gladly merge it in :)

[Jonbeckas]

I think i fixed everything

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[daniel-frak]

Great, thanks for the contribution!