feat: Persist OTPs in keystore and prevent reuse of OTPs

[sitaram-kalluri]

- What I did

• Store OTPs in the Hive keystore along with a "TTL" (Time To Live) value, representing the OTP's expiration time.
• The OTPs are stored in the format - private:< OTP >atsign. The "private:" ensure that keys are not synced to the client and keys are not returned in the scan verb.
• By default, the "TTL" is set to 5 minutes but can be overridden by the client by specifying the expiry time in milliseconds when using the "OTP" verb.
• In abstract_verb_handler.dart, "isOTPValid" function which verifies if the OTP is valid and removes the OTP from the keystore to prevent reuse. The otp_verb_handler and enroll_verb_handler will invoke the function.
• Replace the use deprecated constants with "AtConstants"

- How to verify it

• Following are the unit tests:

  • A test to verify otp:get with TTL set is active before TTL is met
  • A test to verify otp:get with TTL set expires after the TTL is met
  • A test to verify "isOTPValid" returns false if OTP is not available in the keystore.
  • A test to verify otp:validate invalidates an OTP after it is used

• Following are the functional tests:

  • A test to generate OTP and returns valid before OTP is not expired
  • A test to generate OTP and returns invalid when TTL is met
  • Because the OTPs cannot be reused, updated the functional tests in enroll_verb_test.dart to fetch otp for each request

- Description for the changelog

• Enable client to set the OTP expiry duration.

[gkc]

I don't like the idea of verb handlers using internal functionality of other verb handlers. Is there a better / cleaner way of making that validation functionality more explicitly available?

[gkc]

I've merged the at_commons PR so please publish at_commons 3.0.57 and remove this dependency override

[sitaram-kalluri]

Sure Gary, Thank you.

[sitaram-kalluri]

Updated the at_commons version to 3.0.57.

[gkc]

Should be command.startsWith('otp:get')

[gkc]

or command == 'otp:get'