Allow admins to prevent password reuse

[signebedi]

This probably entails a new table, PasswordReuse or something like that.

class PasswordReuse(db.Model):
    __tablename__ = 'password_reuse'
    id = db.Column(db.Integer, primary_key=True)
    user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False)
    password = db.Column(db.String(120), nullable=False)
    timestamp = db.Column(db.DateTime, nullable=False, default=tz_aware_datetime)

    user = db.relationship('User', backref=db.backref('password_reuse', lazy=True))

And we set some application configs like LIMIT_PASSWORD_REUSE: bool and PASSWORD_REUSE_PERIOD: int. The latter config should be construed as a timedelta in days, with 120 days as the default and, if set to 0, then password reuse is never permitted. Then, when users change their passwords (using the change_password or forgot_password options), we can query this table where user=current_user and timestamp is within the PASSWORD_REUSE_PERIOD and, if the current hashed password matches any that are in the table, then we return an error.

I think the errors can be descriptive ("You have tried to change your password to a value that you have used within the last {PASSWORD_REUSE_PERIOD} days. Please try a different password.") because there are two instances where a user will be changing their password: first, when they are logged in already and using the change_password route; second, when they have used the forgot_password option but have already verified access to their email on file.

We should write to this table in five instances: first, when a user is initially created, with their starting password; second, when admins create a user; third when they users change their password; fourth, when users forgot their password and need to reset; fifth, when admins reset the user's password.

We should also be sure to propagate this logic to the CLI.