TASK : run check on excessive login/logouts

[orubel]

people may attempt login/logout to attempt to bypass functionality

This is an immediate flag for attempted hacking.

If we add a ratelimit to login attempts this will help reduce attempts.

for example:

• 3+ login/logouts in 5 minute earns a temporary lock; first time = 30 mnnutes
• locktime is then calculated as currentlocktime X badSessionOccurences

so ...

• 1st time = 30 minutes (30 x 1) (default for 'lockTime' on all accts)
• 2nd time = 1 HR (30 x 2) (change numberofoccurences)
• 3rd time = 3 hrs (60 x 3) (change locktime for acct & badSessionOccurences)
• 4th time = 12 hrs (180x4) (change locktime for acct & badSessionOccurences)
• etc

We store 'lockTime' & 'numberofoccurencesas with User domain
We can add ROLES that bypass the check(ie ROLE_TEST, ROLE_ADMIN)

[orubel]

Also we have to

• change User domains/services for these variables
• add getters/setters for the variables
• add endpoints to User controller
• change IO state for User and limit who can access these endpoints

[orubel]

Been thinking about this more and this actually would lend itself WELL as form of 'dynamic rate limiting' where we scale down the rate for requests if they login/logout several times

• scale down the amount of requests they can make
• scale down the time in which they can make these requests.
• scale up lockout time.