[Captcha] Implement failed logins ceiling (#1870)

* [Hacker1] Failed Login Attempts Captcha

* [Captcha] Implement failed logins ceiling

* Formatting

* Updated approach after implementation talks with Kyle

* Updated email templates // Updated calling arch for failed attempts

* Formatting

* Updated 2fa email links

* Renamed baserequest methods to better match their actions

* EF migrations/scripts

* Updated with requested changes

* Defaults for MaxiumumFailedLoginAttempts

src/Core/Services/Implementations/HCaptchaValidationService.cs

@@ -83,8 +83,19 @@ namespace Bit.Core.Services
             return root.GetProperty("success").GetBoolean();
         }
 
-        public bool RequireCaptchaValidation(ICurrentContext currentContext) =>
-            currentContext.IsBot || _globalSettings.Captcha.ForceCaptchaRequired;
+        public bool RequireCaptchaValidation(ICurrentContext currentContext, int? failedLoginCount = null)
+        {
+            var failedLoginCeiling = _globalSettings.Captcha.MaximumFailedLoginAttempts.GetValueOrDefault();
+            return currentContext.IsBot ||
+                   _globalSettings.Captcha.ForceCaptchaRequired ||
+                   failedLoginCeiling > 0 && failedLoginCount.GetValueOrDefault() >= failedLoginCeiling;
+        }
+
+        public bool ValidateFailedAuthEmailConditions(bool unknownDevice, int failedLoginCount)
+        {
+            var failedLoginCeiling = _globalSettings.Captcha.MaximumFailedLoginAttempts.GetValueOrDefault();
+            return unknownDevice && failedLoginCeiling > 0 && failedLoginCount == failedLoginCeiling;
+        }
 
         private static bool TokenIsApiKey(string bypassToken, User user) =>
             !string.IsNullOrWhiteSpace(bypassToken) && user != null && user.ApiKey == bypassToken;