feat(auth): tell user if they are locked out (new pr, had to switch up branches)

[amcsz]

Closes #1749

Proposed changes

• New state added to PamAuthenticationResult to indicate that the user is locked out.
• The authenticate method will update the session data, prompting the index view to show a message to the user, telling them they are locked out. The message goes away once the user reloads the page and will only appear when the user attempts to login while locked out.
• The authenticate method is called in the post_view and the request object is passed through so it is able to access the session data.

Brief description of rationale

The user will know that they are locked out instead of just knowing that the login did not work.

The specific PAM error message when a user is locked out is at line 65 at this link:
https://github.com/linux-pam/linux-pam/blob/master/libpam/pam_strerror.c

[coveralls]

coverage: 79.379% (-0.02%) from 79.398%
when pulling 78adf1d on amcsz:pamlockout
into 0d8ccc3 on tjcsl:dev.

[alanzhu0]

Hi Sam, sorry for the delayed review. This is a great start. Please see the comments.
I finally got a chance to check PAM on our systems, and unfortunately it doesn't return a special status code for locked out users by default. I need to modify the backend authentication mechanism on our servers for it to work. But I did get the modified version to work, which is good. Please make the following changes, which are specific to our configuration:

• Line 75: replace the existing line with this: result = pam_authenticator.authenticate(full_username, password, service="ion-login")
• The return code from pam_authenticator will be 6 for locked out users ("permission denied"). You can just check if pam_authenticator.code == 6: [do locked out users logic]

I can explain how I configured the PAM backend sometime if you want me to.

Thanks!

[amcsz]

Thanks for the review! I edited the code to how you configured it and I think everything should work now, hopefully. I also squashed all the commits.