Clear OTP after initial run. Fixes #1244

[yossizahn]

When --persistent=>0 the OTP should be cleared from the configuration, because it's a one-time password as the name suggests and is probably not valid anymore.

Should there be an option to keep the OTP valid until a certain amount of time has lapsed, since TOTPs may still be valid?

[DimitriPapadopoulos]

An OTP should not appear in the configuration file in the first place.

[yossizahn]

@DimitriPapadopoulos I was not referring to the configuration file but to the struct vpn_config structure that is passed around

[yossizahn]

See also discussion in #1244 for more background on the issue this PR is trying to solve

Basically, when --perpertual is set to more than 0, and the fortigate server is set to ask for OTP, subsequent attempts to connect will just keep using the OTP that was supplied for the 1st connection, whether by --otp flag, or interactively, since both the flag and interactive input will populate the otp field of struct vpn_config and once it's populated, openfortivpn doesn't prompt the user for another OTP

See relevant code:

openfortivpn/src/http.c

Lines 748 to 756 in 1d28e63

	if (cfg->otp[0] == '\0') {
	// Interactively ask user for 2FA token
	char hint[USERNAME_SIZE + 1 + REALM_SIZE + 1 + GATEWAY_HOST_SIZE + 5];
	sprintf(hint, "%s_%s_%s_2fa",
	cfg->username, cfg->realm, cfg->gateway_host);
	read_password(cfg->pinentry, hint,
	"Two-factor authentication token: ",
	cfg->otp, OTP_SIZE);