User patch max login failswith notifications

[farkwun]

Implemented the following features -

• Maximum login attempts before timeout (configurable)
• Email notifications on each failed login and/or on max logins reached (configurable)
• Additional password rules (configurable)

I extended the mailer and added (as well as wrapped) methods in the User and AccountController classes.

Blank passwords on the login page weren't triggering the check_password method, which is where I have my increment logic. This is because the try_to_login method returns immediately if the password is blank, in order to subvert this, if a blank password is passed in, I call the try_to_login method with a random base64 string to simulate a 'wrong' password.

I also changed the settings view, added mailer templates, and added labels in en.yml

All testing done in Redmine 3.1.2.stable

[go2null]

• Split into two branches for each feature

  • 3 - the password complexity rules,

  • 4 - invalid login timeout

• Move display text (from views/mailer/) into config/locales/en.yml.
• Make display text generic.