Better error message on unauthorized login attempts.

[lambdaTotoro]

Currently, if you create a new account through normal sign-up, and immediately try to log in, this will fail due to the account not being authorized yet, but the error message will read "Invalid username or password". That gives users an incorrect idea about why they are unable to login and may lead to frustration.

It would be better if failed login attempts would distinguish between "correct credentials but no authorization" and "wrong credentials" and displayed an appropriate error message.

[lambdaTotoro]

Some notes for future me:

• The error message comes from the upstream JupyterHub Login Manager, that will probably have to be overridden.
• It might be worth another think if this exposes (the correctness of) login credentials, maybe check for authorization before checking correctness.

[lambdaTotoro]

It might be worth another think if this exposes (the correctness of) login credentials, maybe check for authorization before checking correctness.

I've decided that this is a negligible concern, since this only has any effect if a would-be attacker knows or correctly guesses the user's password. Normally, that would just lead to login, which is equally unfortunate. If this is too risky for anyone, they can default to the n-attempts-to-ban mechanic.