credentials.totpSecret as array and update credentials scenario test (#186)

Co-authored-by: Michael Hoennig <michael@hoennig.de>
Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/186
Reviewed-by: Marc Sandlus <marc.sandlus@hostsharing.net>

src/main/resources/api-definition/accounts/credentials-schemas.yaml

@@ -14,9 +14,11 @@ components:
                 nickname:
                     type: string
                     pattern: '^[a-z][a-z0-9]{1,8}-[a-z0-9]{1,10}$' # TODO.spec: pattern for login nickname
-                totpSecret:
-                    type: string
-                telephonePassword:
+                totpSecrets:
+                    type: array
+                    items:
+                        type: string
+                phonePassword:
                     type: string
                 emailAddress:
                     type: string
@@ -46,9 +48,10 @@ components:
         CredentialsPatch:
             type: object
             properties:
-                totpSecret:
-                    type: string
-                    nullable: true
+                totpSecrets:
+                    type: array
+                    items:
+                        type: string
                 phonePassword:
                     type: string
                     nullable: true
@@ -75,9 +78,11 @@ components:
                 nickname:
                     type: string
                     pattern: '^[a-z][a-z0-9]{1,8}-[a-z0-9]{1,10}$' # TODO.spec: pattern for login nickname
-                totpSecret:
-                    type: string
-                telephonePassword:
+                totpSecrets:
+                    type: array
+                    items:
+                        type: string
+                phonePassword:
                     type: string
                 emailAddress:
                     type: string

src/main/resources/db/changelog/9-hs-global/950-accounts/9510-hs-accounts.sql

@@ -18,7 +18,7 @@ create table hs_accounts.credentials
     global_gid       int unique,     -- w/o
     onboarding_token text,           -- w/o, but can be set to null to invalidate
 
-    totp_secret      text,
+    totp_secrets     text[],
     phone_password   text,
     email_address    text,
     sms_number       text

src/main/resources/db/changelog/9-hs-global/950-accounts/9519-hs-accounts-test-data.sql

@@ -51,9 +51,9 @@ begin
 --     call rbac.grantRoleToRole(hs_accounts.context_REFERRER(context_MATRIX_internal), rbac.global_ADMIN());
 
     -- Add test credentials (linking to assumed rbac.subject UUIDs)
-    INSERT INTO hs_accounts.credentials (uuid, version, person_uuid, active, global_uid, global_gid, onboarding_token, totp_secret, phone_password, email_address, sms_number) VALUES
-        ( superuserAlexSubjectUuid, 0, personAlexUuid, true, 1001, 1001, 'token-abc', 'otp-secret-1', 'phone-pw-1', 'alex@example.com', '111-222-3333'),
-        ( superuserFranSubjectUuid, 0, personFranUuid, true, 1002, 1002, 'token-def', 'otp-secret-2', 'phone-pw-2', 'fran@example.com', '444-555-6666');
+    INSERT INTO hs_accounts.credentials (uuid, version, person_uuid, active, global_uid, global_gid, onboarding_token, totp_secrets, phone_password, email_address, sms_number) VALUES
+        ( superuserAlexSubjectUuid, 0, personAlexUuid, true, 1001, 1001, 'token-abc', ARRAY['otp-secret-1a', 'otp-secret-1b'], 'phone-pw-1', 'alex@example.com', '111-222-3333'),
+        ( superuserFranSubjectUuid, 0, personFranUuid, true, 1002, 1002, 'token-def', ARRAY['otp-secret-2'], 'phone-pw-2', 'fran@example.com', '444-555-6666');
 
     -- Map credentials to contexts
     INSERT INTO hs_accounts.context_mapping (credentials_uuid, context_uuid) VALUES