SECURITY UPDATE

* Handle failed login attempts via Telnet
* New lockout features for >= N failed attempts
* New auto-unlock over email feature
* New auto-unlock after N minutes feature
* Code cleanup in users
* Add user_property.js - start using consts for user properties. Clean up over time.
* Update email docs

core/user_property.js

@@ -0,0 +1,25 @@
+/* jslint node: true */
+'use strict';
+
+//
+//  Common user properties used throughout the system.
+//
+//  This IS NOT a full list. For example, custom modules
+//  can utilize their own properties as well!
+//
+module.exports = {
+    PassPbkdf2Salt          : 'pw_pbkdf2_salt',
+    PassPbkdf2Dk            : 'pw_pbkdf2_dk',
+
+    AccountStatus           : 'account_status',
+
+    Birthdate               : 'birthdate',
+
+    FailedLoginAttempts     : 'failed_login_attempts',
+    AccountLockedTs         : 'account_locked_timestamp',
+    AccountLockedPrevStatus : 'account_locked_prev_status', //  previous account status
+
+    EmailPwResetToken       : 'email_password_reset_token',
+    EmailPwResetTokenTs     : 'email_password_reset_token_ts',
+};
+