Exponential wait before retrying to login again

[zedtux]

One way to mitigate brute force attacks is to exponentially add a delay before a user can retry to login again, which is not supported by this gem so far.

There should be a configurable option which allow one to tell:

• how many requests can be performed without any wait delay (example: the 5 first attempts are free of any delay for retry, which will avoid to annoy most of the users)
• linear or exponential factor to calculate the delay, or a method that would allow one to customize the delay

A flash message explaining to the user that he reached a certain amount of login attempt failure and he has to wait for N seconds/minutes/hours before to retry should be added too.

This feature would be based on the failed_attempts value in order to calculate the delay to be waited.