Add logging to login and email confirmation modules

[riverrun]

Add log messages to Login, OnetimePass, ConfirmEmail and ResetPassword modules.

Rationale

This is so that all activity related to these modules, particularly malicious or suspicious activity, is easier to monitor.

Outline

The need for logs is quite clear, but many of the details are up for discussion. The current plan is outlined below.

Use Logger.

Log the following cases:

• failed login
• failed login with one-time password
• successful email confirmation
• failed email confirmation
• successful password reset
• failed password reset

and to include the following information in these messages:

• path
• user identifier, if present
• authenticated user identifier
• query string in the case of an invalid link for email confirmation
• incorrect user identifier when logging in

[mutablestate]

@riverrun log messages should be friendly to devs visually debugging or grepping.

I've been using the key value logging convention logfmt and most of the popular services seem to support it. Codeship have a nice blog post about it a log format that's easy to read and write.

[riverrun]

I like the look of logfmt, and I think JSON would also be a viable alternative. Not only are they easy to read, but there are also many useful tools for both of them.

[riverrun]

In addition to the cases outlined above, there are now info logs for successful logins (both normal logins and with one-time passwords).

Also, the log level at which logging starts (just for Openmaize) can now be configured with the log_level value in the Config module.