security: implement user lockout (#1552)

* add data-types required for login security

* implement user lockout checking at login

* cleanup legacy patterns

* expose passwords in test_user

* test user lockout after bad attempts

* test user service

* bump alembic version

* save increment to database

* add locked_at to datetime transformer on import

* do proper test cleanup

* implement scheduled task

* spelling

* document env variables

* implement context manager for session

* use context manager

* implement reset script

* cleanup generator

* run generator

* implement API endpoint for resetting locked users

* add button to reset all locked users

* add info when account is locked

* use ignore instead of expect-error

mealie/services/scheduler/tasks/__init__.py

@@ -2,12 +2,14 @@ from .post_webhooks import post_group_webhooks
 from .purge_group_exports import purge_group_data_exports
 from .purge_password_reset import purge_password_reset_tokens
 from .purge_registration import purge_group_registration
+from .reset_locked_users import locked_user_reset
 
 __all__ = [
     "post_group_webhooks",
     "purge_password_reset_tokens",
     "purge_group_data_exports",
     "purge_group_registration",
+    "locked_user_reset",
 ]
 
 """

mealie/services/scheduler/tasks/reset_locked_users.py

@@ -0,0 +1,17 @@
+from mealie.core import root_logger
+from mealie.db.db_setup import with_session
+from mealie.repos.repository_factory import AllRepositories
+from mealie.services.user_services.user_service import UserService
+
+
+def locked_user_reset():
+    logger = root_logger.get_logger()
+    logger.info("resetting locked users")
+
+    with with_session() as session:
+        repos = AllRepositories(session)
+        user_service = UserService(repos)
+
+        unlocked = user_service.reset_locked_users()
+        logger.info(f"scheduled task unlocked {unlocked} users in the database")
+        logger.info("locked users reset")