Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1602367

Description of problem:
When we do brute force password attack via hammer (min. 30 trying), it returns the message "Invalid username or password."
After that we put a correct credential, but hammer/API still return the same message "Invalid username or password.". It is little confusing.

Version-Release number of selected component (if applicable):
Sat6.4#11

How reproducible:
100%

Steps to Reproduce:
1. We have got Sat6.4 and client machine.
2. We register the client machine to Satellite 6.4 repo and install hammer (standalone)
> yum install -y tfm-rubygem-hammer_cli_katello
> hammer --fetch-ca-cert https://satellite.example.com/
> install /root/.hammer/certs/satellite.example.com_443.pem /etc/pki/ca-trust/source/anchors/
> update-ca-trust

3. Check hammer

hammer -u admin -p correct_password user list

...

4. Brute force password attack

for i in {1..30}; do hammer -u admin -p bad_password user list; done

Invalid username or password.
Invalid username or password.
...
Invalid username or password.
Invalid username or password.

5. Check hammer with the correct password

hammer -u admin -p correct_password user list

Actual results:
we get the message "Invalid username or password."

Expected results:
We should get the message "Too many tries, please try again in a few minutes.". The same as via WebUI.

Additional info:

hammer -d -u admin -p correct_password user list

...
[DEBUG 2018-07-18T04:58:00 API] Using authenticator: HammerCLIForeman::Api::InteractiveBasicAuth
[ERROR 2018-07-18T04:58:00 API] 401 Unauthorized
[DEBUG 2018-07-18T04:58:00 API] {
"error" => {
"message" => "Unable to authenticate user "
}
}
[DEBUG 2018-07-18T04:58:00 Exception] Using exception handler HammerCLIForeman::ExceptionHandler#handle_foreman_unauthorized
[ERROR 2018-07-18T04:58:00 Exception] Invalid username or password.
Invalid username or password.
[ERROR 2018-07-18T04:58:00 Exception]

HammerCLIForeman::Api::UnauthorizedError (Invalid username or password.):
...