problem

We need a fix appToken authentication.

Reason:

1. needed for CSRF fix feature TRANSLATE-3048
2. Needed for Integration of task import callback (MITTAGQI-174)

solution

• Add a new table containing the appTokens
  • id - autoinc
  • userId - fk to usertable
  • description - textfield so that user knows for what the token was created
  • token - text field containing the token - encrypted as the user passwords
  • created - datetime
  • expires - datetime, nullable not implemented in this issue, but field could be created
• For MITTAGQI-174 usage a simple CLI (auth:apptoken:add with arg login desc) tool to create tokens for a specific user is enough - the token should be shown once on creation - then its stored encrypted - where the shown authtoken should be prefixed with the "TOKEN_ID:" - then on usage the token and user could be find easily in DB.
• check usage of sessionToken - authtoken can be implemented similar, but:
  • for token comparsion password enc functions must be used - rename current handleAuthToken to handleSessionToken
  • add an additional handleAppToken for the new feature
  • only POST should be allowed
  • if appToken is given in POST / HTTP header the user should be directly be authenticated like it is done in LoginController
• An integration in SessionApiTest.php is not needed, since with CSRF fix the appToken is needed for running the tests themself - so enough tested then