issue2550949: Rate limit password guesses/login attempts. Generic rate limit mechanism added. Deployed for web page logins. Default is 3 login attempts/minute for a user. After which one login attempt every 20 seconds can be done. Uses gcra algorithm so all I need to store is a username and timestamp in the one time key database. This does mean I don't have a list of all failed login attempts as part of the rate limiter. Set up config setting as well so admin can tune the rate. Maybe 1 every 10 seconds is ok at a site with poor typists who need 6 attempts to get the password right 8-). The gcra method can also be used to limit the rest and xmlrpc interfaces if needed. The mechanism I added also supplies a status method that calculates the expected values for http headers returned as part of rate limiting. Also tests added to test all code paths I hope.

Debugging Aids
--------------

Try turning on logging of DEBUG level messages. This may be done a number
of ways, depending on what it is you're testing:

1. If you're testing the database unit tests, then set the environment
   variable ``LOGGING_LEVEL=DEBUG``. This may be done like so:

    LOGGING_LEVEL=DEBUG python run_tests.py

   This variable replaces the older HYPERDBDEBUG environment var.

2. If you're testing a particular tracker, then set the logging level in
   your tracker's ``config.ini``.

SENDMAILDEBUG
=============

Set to a filename and roundup will write each email message
that it sends to that file instead to the internet. 
This environment variable is independent of the python -O flag.