fix: Fix bugs with account locking (#2580)

* fix(security): reset login attempts after successful login

Enforce a maximum number of consecutive failed logins. Successfully logging in should reset the
count.

#2569

* fix(security): fix when user is unlocked

The user should be unlocked when locked_at is set, but the lock has expired.

#2569

mealie/core/security/security.py

@@ -72,7 +72,9 @@ def authenticate_user(session, email: str, password: str) -> PrivateUser | bool:
             user_service.lock_user(user)
 
         return False
-    return user
+
+    user.login_attemps = 0
+    return db.users.update(user.id, user)
 
 
 def verify_password(plain_password: str, hashed_password: str) -> bool: