#2783 limit number of failed login and reset password requests

[OskarKocjan]

Changes:

• added single window (IP) rate limiters to sign-in, sign-up, reset password request
• added a new collection "failed_attempts" which holds states how many attempts were made for each of the previously mentioned endpoints from different IPs
• added function which controls how many attempts were made to the sign-in and reset password request endpoints and blocks it when the number of failed requests exceeds set amount

[codecov-commenter]

Codecov Report

Merging #2791 (5a7ad5b) into main (a9b141e) will decrease coverage by 4.14%.
The diff coverage is 41.66%.

@@            Coverage Diff             @@
##             main    #2791      +/-   ##
==========================================
- Coverage   63.01%   58.87%   -4.15%     
==========================================
  Files          18      114      +96     
  Lines        1214     4532    +3318     
  Branches      187     1227    +1040     
==========================================
+ Hits          765     2668    +1903     
- Misses        449     1864    +1415     

Impacted Files	Coverage Δ
.../components/AcknowledgmentsPage/helperFunctions.ts	0.00% <0.00%> (ø)
...cation/curator-service/api/src/controllers/auth.ts	45.73% <14.28%> (-2.92%)	⬇️
...ervice/api/src/util/single-window-rate-limiters.ts	37.50% <37.50%> (ø)
...n/curator-service/api/src/model/failed_attempts.ts	53.84% <53.84%> (ø)
...tion/curator-service/ui/src/components/Profile.tsx	88.88% <100.00%> (ø)
...src/components/landing-page/ChangePasswordForm.tsx	80.00% <100.00%> (ø)
...vice/ui/src/components/landing-page/SignUpForm.tsx	74.62% <100.00%> (ø)
...fication/curator-service/ui/src/redux/app/slice.ts	75.86% <0.00%> (ø)
...ce/ui/src/components/landing-page/PartnerLogos.tsx	100.00% <0.00%> (ø)
... and 91 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[maciej-zarzeczny]

Everything works fine, the messages telling about going over the requests limit are showing fine on the frontend. I left some comments about code

[maciej-zarzeczny]

Great work! 💯

[abhidg]

Looks good, not sure about some of the enums -- and the time limit windows vary

[abhidg]

should be ForgotPassword

[abhidg]

ResetPassword? not clear what's the difference

[OskarKocjan]

Thank you for your input! Of course, I made a mistake and assigned the wrong AttemptNames in sections of code that you highlighted but to answer your question I named them (AttemptName) accordingly:

• Login - counter for login
• ResetPassword - counter for resetting a password in a user's profile (already logged in)
• ForgotPassword - counter for requesting a reset password link that is located on the landing page of the curator portal
• ResetPasswordWithToken - counter for resetting the password through a form to which the user has access by an email link

[abhidg]

Better to put the unit in the property name like timeWindowForFailedLoginsMinutes

[abhidg]

Should this be 60 minutes? It's different from numberTimeLimiters

[abhidg]

same here, different from numberTimeLimiters