#455 hhu_theme Brute force protection

[JessicaBachmann]

Pull request fixes hhucn/adhocracy.hhu_theme#455 from hhu_theme

Creates a new table for logging each Login attempt. It stores username, ip and a timestamp.
After 5 unsuccessful attempts for an hour the next Login is delayed according to the amount of unsuccessful logins. This should harden an automated bruteforce attack on a users account.

Changes/ adds:

model/login.py: new class for managing logging table function
def count_logs returns amount of unsuccessful logins for past hour;
def create creates a new table entry into loginlog to log each login;

migration/versions/080_login_store.py: new class for adding
loginlog table to database

/model/init.py: mapper for new table created

/lib/auth/authentication.py: call of logging function added, sleep
functionality added (sleeps if more than 5 unsuccessful login for
past hour)

[xi]

I have the feeling that this might be a privacy issue. I believe we are not allowed to store the IP address for an unspecified period of time. I am not sure however. What are your thoughts on that?