Add doc for UP, reports interface and security model (#233)

Add documentation about user presence, reports interface and our
security model.

Author: Corentin Mors

documentation/pages/_meta.json

@@ -35,6 +35,7 @@
         "type": "separator"
     },
     "troubleshooting": "Troubleshooting",
+    "security": "Security",
     "help_center": {
         "title": "Dashlane Help Center ↗",
         "href": "https://support.dashlane.com/",

documentation/pages/business/reports.mdx

@@ -4,7 +4,11 @@ import { Callout } from 'nextra/components';
 
 <Callout emoji="💡">Needs team credentials to use this command.</Callout>
 
-You can get reports on your team about the number of seats provisioned, used and pending. You can also get reports on the aggregated password health history of your team.
+You can get reports on your team containing:
+
+-   number of seats provisioned, used and pending
+-   current password health score
+-   aggregated password health score history
 
 ## Fetch reports
 
@@ -14,6 +18,21 @@ The following commands take in input the number of days to look back for the pas
 dcli t report 30
 ```
 
+Here is the structure of the report:
+
+| Output Interface               | Description                                                     | Type     |
+| ------------------------------ | --------------------------------------------------------------- | -------- |
+| `seats.provisioned`            | The total number of seats that are paid                         | `number` |
+| `seats.used`                   | The number of used seats (active, pending)                      | `number` |
+| `seats.pending`                | The number of pending invitations                               | `number` |
+| `passwordHealthHistory`        | Array containing objects with date and securityIndex properties | `array`  |
+| `passwordHealth.securityIndex` | The aggregated security index of the team                       | `number` |
+| `passwordHealth.passwords`     | The total number of passwords in this team                      | `number` |
+| `passwordHealth.safe`          | The total number of safe passwords in this team                 | `number` |
+| `passwordHealth.weak`          | The total number of weak passwords in this team                 | `number` |
+| `passwordHealth.reused`        | The total number of reused passwords in this team               | `number` |
+| `passwordHealth.compromised`   | The total number of compromised passwords in this team          | `number` |
+
 ## Generate graphics from reports
 
 One way to consume password health history reports is to generate graphics from them.

documentation/pages/personal/authentication.mdx

@@ -1,6 +1,6 @@
 import { Callout } from 'nextra/components';
 
-# Authentication
+# Authentication (Login)
 
 To start with launch a first manual sync:
 
@@ -39,11 +39,37 @@ The CLI will open a new **incognito** tab to authenticate you to your SSO provid
 
 By completing the device registration process, you'll be now asked to enter your Master Password.
 
+## Lock the CLI
+
+You can lock the CLI at any time by running:
+
+```sh copy
+dcli lock
+```
+
+This will require you to enter your Master Password again to unlock the CLI.
+
 ## Options
 
+### Save Master Password
+
 By default your Master Password will be saved locally in the OS keychain so you don't have to enter it every time.
 You can disable this behavior with the following command:
 
 ```sh copy
 dcli configure save-master-password false
 ```
+
+### Unlock with Biometrics
+
+You can unlock the CLI with your biometrics (Touch ID, Face ID) if your machine supports it (only macOS for now).
+
+```sh copy
+dcli configure user-presence --method biometric
+```
+
+And to disable it:
+
+```sh copy
+dcli configure user-presence --method none
+```

src/modules/crypto/README.md documentation/pages/security.mdx

@@ -1,7 +1,13 @@
-# How private data is stored
+# Security
 
-## Goals
+Here are some details about how the security is managed in the application. To read more about our security model, please
+refer to the [security whitepaper](https://www.dashlane.com/download/whitepaper-en.pdf).
 
+## How private data is stored by CLI
+
+### Goals
+
+-   Data is stored encrypted on disk.
 -   Store the master password, so it is possible to decrypt the transactions whatever derivation method is used.
 -   Store the device secret key, so it is possible to synchronize the transactions.
 -   Don't store the above secrets unencrypted, so if the computer/disk is stolen it is impossible to retrieve them.
@@ -10,7 +16,7 @@
 -   The two above cases are the same because, if the master password is required to get access to the local key, it is
     useless to store the master password encrypted by the local key.
 
-## Solution used
+### Solution used
 
 -   The OS password management system (Keychain for macOS, Credential Vault for Windows and libsecret for Linux) is used
     to store the randomly generated _local key_. It is then the responsibility of the OS keychain to encrypt
@@ -23,3 +29,10 @@
 -   To encrypt the local key using the master password a derivate has to be generated. However, at this point no
     derivation settings are known, so it is hard-coded via a fake transaction generated by
     `getDerivationParametersForLocalKey` in [keychainManager.ts](keychainManager.ts).
+
+### Other considerations
+
+-   You can disable the use of the OS keychain by using the command `dcli configure save-master-password false`. In this case,
+    you will be asked for the master password every time you start the application.
+-   You can enable biometrics unlock by using the command `dcli configure user-presence --method biometric`. In this case, you will be
+    asked for a user presence check (e.g. fingerprint) every time you start the application before the OS password management system is requested.