issue2550949: Rate limit password guesses/login attempts. Generic rate limit mechanism added. Deployed for web page logins. Default is 3 login attempts/minute for a user. After which one login attempt every 20 seconds can be done. Uses gcra algorithm so all I need to store is a username and timestamp in the one time key database. This does mean I don't have a list of all failed login attempts as part of the rate limiter. Set up config setting as well so admin can tune the rate. Maybe 1 every 10 seconds is ok at a site with poor typists who need 6 attempts to get the password right 8-). The gcra method can also be used to limit the rest and xmlrpc interfaces if needed. The mechanism I added also supplies a status method that calculates the expected values for http headers returned as part of rate limiting. Also tests added to test all code paths I hope.

<tal:block metal:use-macro="templates/page/macros/icing">
<title metal:fill-slot="head_title" i18n:translate="">List of classes - <span
 i18n:name="tracker" tal:replace="config/TRACKER_NAME" /></title>
<span metal:fill-slot="body_title" tal:omit-tag="python:1"
 i18n:translate="">List of classes</span>
<td class="content" metal:fill-slot="content">
<table class="classlist">

<tal:block tal:repeat="cl db/classes">
 <tr>
  <th class="header" colspan="2" align="left">
   <a tal:attributes="href string:${cl/classname}"
      tal:content="python:cl.classname.capitalize()">classname</a>
  </th>
 </tr>
 <tr tal:repeat="prop cl/properties">
  <th tal:content="prop/_name">name</th>
  <td tal:content="prop/_prop">type</td>
 </tr>
</tal:block>

</table>
</td>

</tal:block>