------------------
- Features:
``PrincipalMixIn`` got some new properties:
* ``passwordExpired``: to force the expiry of the password
* ``lockOutPeriod``: to enable automatic lock and unlock on too many bad tries
``IPasswordOptionsUtility`` to have global password options:
* ``changePasswordOnNextLogin``: not implemented here, use
PrincipalMixIn.passwordExpired
* ``lockOutPeriod``: global counterpart of the PrincipalMixIn property
* ``passwordExpiresAfter``: global counterpart of the PrincipalMixIn property
* ``maxFailedAttempts``: global counterpart of the PrincipalMixIn property
Password checking goes like this (on the high level):
1. raise AccountLocked if too many bad tries and account should be locked
2. raise PasswordExpired if expired AND password matches
3. raise TooManyLoginFailures if too many bad tries
4. return whether password matches
More details in ``principal.txt``
- Added Russian translation
- Refactor PrincipalMixIn now() into a separate method to facilitate
override and testing
- Changed the order the password is checked:
1. check password against stored
2. check maxFailedAttempts, raise TooManyLoginFailures if over
3. if password is OK, check expirationDate, raise PasswordExpired if over
4. return whether password matches
This is because I need to be sure that PasswordExpired is raised only if the
password *IS* valid. Entering an invalid password *MUST NOT* raise
PasswordExpired, because I want to use PasswordExpired to allow the user
to change it's password. This should not happen if the user did not enter a
valid password.