feat: mfa reset page

• add an OIDC-authenticated page where user can prompt the reset of their MFA
• introduce a unified way of creating and validating JWTs with nonce and expiration time
• unify OIDC and OAuth to read information from the same configuration file

closes PRX-281

config_templates/perun.proxygui.yaml

@@ -16,14 +16,14 @@ general_translations:
       continue: Weiter
       cancel: Abbrechen
 mfa_reset:
-  preferred_mail_attribute: "urn:perun:user:attribute-def:def:rtPreferredMail:" # REQUIRED mail to which MFA reset verification link will be sent
+  preferred_mail_attribute: "urn:perun:user:attribute-def:def:preferredMail:" # REQUIRED mail to which MFA reset verification link will be sent
   all_mails_attribute: "urn:perun:user:attribute-def:virt:tcsMails:mu" # OPTIONAL mails where notification about the MFA reset will be sent if configured
   helpdesk_mail: "it@muni.cz" # REQUIRED mail where request to reset MFA will be forwarded after being confirmed by the user
-  mail_login_credentials_filepath: path_to_credentials # REQUIRED credentials to email from which the MFA reset link and notifications will be sent
-  smtp_server: smtp.example.com
+  mail_login_credentials_filepath: path_to_credentials # OPTIONAL credentials to email from which the MFA reset link and notifications will be sent in a newline-delimited file like username<\n>password
+  smtp_server: smtp.example.com # REQUIRED server from which the signed emails will be sent
   smtp_port: 487
-  cert_filepath: certificate_filepath
-  private_key_filepath: private_key_filepath
+  cert_filepath: certificate_filepath # REQUIRED for S/MIME signatures used in emails
+  private_key_filepath: private_key_filepath # REQUIRED for S/MIME signatures used in emails
 mfa_reset_translations: # OPTIONAL: options below need to be filled out in order for mfa-reset page text to appear
   format: HTML
   sections:
@@ -128,7 +128,7 @@ jwt_nonce_database: # REQUIRED
   connection_string: connection_string
   database_name: database_name
   collection_name: jwt_nonce_collection_name
-oidc_provider: # REQUIRED data for a shared Oauth2 and OIDC configuration for protection of some endpoints
+oidc_provider: # REQUIRED for OAuth2/OIDC protection of some endpoints
   client_id: client_id
   client_secret: client_secret
   provider_name: my_oidc_provider