Manage user authentication

When a user connects, the authentication can be performed:
* either with a basic authentication (this must only be the case on test and demo environments).
* or with with an LDAP authentication.
* or through an external ID provider (such as Oauth2 or Sage ID). In this case, the password is never sent from or to the authentication provider.

An expected feature for some regulations (such as CFR 21-11 in pharmaceutical industry) is to force in some cases an authentication (in order to secure some modifications).

As the password is no more stored by the platform, it is impossible to do it that way. So another mechanism has been implemented:
* if an authentication based on an external provider is used, it is possible to enter for every user an additional password (called signing code) . In basic and LDAP authentication, the password and the signing code are the same.
* application rules may, in some cases, require from the user to enter this signing code (in an application script).
* the following API (that can be called only if the user is authenticated) can check if the code entered corresponds to this secondary password.

This gives a second level of security to the system.

Subprogram definition

The API is called with the corresponding funprog:

Func ASYRFNC.ACHECKCONNECT(ACTX,PASSWORD,MESSAGE)

The parameters are the following:
* ACTX is the current context.
* PASSWORD is the signing code value for the current user.
* MESSAGE is a string that contains the error message if there is any.

The value returned is one of the following: [V]CST_AOK, [V]CST_AINFO, [V]CST_AWARNING, [V]CST_AERROR, or [V]CST_AFATAL. Any error code has to be considered as a password entry failure.

Example:

# Code associated to a representation that enters a value.
# If the value is modified, the signing code must have been entered
#
$CONTROL_STATUS
local Char MSG(200)
  If this.STATUS<>this.snapshot.STATUS
    OK=func ASYRFNC.ACHECKCONNECT(this.ACTX, this.CONFCODE,MSG)
    If OK>=[V]CST_AERROR
      ASTATUS=fmet this.ASETERROR("CONFCODE","This modification is prohibited:"-MSG,OK)
      this.STATUS=this.snapshot.STATUS
    Endif
  Endif
Return