Failed login attempts count not reset according to time settings

[jani]

Description:

Users who have failed logging in too many times, and have therefore been blocked, are perpetually blocked instead of actually reset after the block timeout.

Seems related to: https://forums.rocket.chat/t/ip-blocked-temporary/10932 and #20088

Steps to reproduce:

1. Ensure that there are limits per user and IP address, e.g. max 2 failed attempts and 1 minute lockout.
2. Enable two-factor via email
3. Log failed logins to a channel, so that you can see what happens (instead of the very noisy log function)
4. Create a user
5. Send them a password reset link
6. Fail logging in
7. Repeat
8. Watch them be blocked for every failed attempt after the second, even though they wait more than 1 minute.

Expected behavior:

Failed login count for both IP address and user should be reset to zero when the blocking time has timed out.

Actual behavior:

User gets locked out, either by IP or username, every time.

Work-around:

Disable two-factor authentication via email.

Server Setup Information:

• Version of Rocket.Chat Server: 4.8.3
• Operating System: Debian Bullseye
• Deployment Method: snap
• Number of Running Instances: 1
• NodeJS Version: v14.18.3
• MongoDB Version: 4.2.17 / wiredTiger (oplog Enabled)

Client Setup Information

• Desktop App or Browser Version: Firefox 104.1, Chrome 105
• Operating System: Linux, Windows, MacOS

Relevant logs: