Devise: Allow multiple maximum_attempts to be configured on based of some condition

Hello @ziaulrehman40, thanks for your request.

We don't have plans to support this for now, so although I know it's not ideal you probably will have to override this code in order to add your custom behavior (like the answer on stack overflow).
If this became a popular feature request we can think about supporting in a next major version.

Thank you!

Add my name to the petition to include this (along with the same for minimum password length). Both seem like obvious functions someone who is setting up Admin > User security control functionality would expect (similar to the timeout_in override ability).

Please add my name to the list as well. We are building a multi-tenant SaaS application, and as part of enterprise security requirements, each business customer's IT security typically has rules about what they want to see in terms of password complexity, failed login attempts, session timeout, etc. Rather than forcing everyone to the most strict requirements, we'd like to be able to delegate the configuration to the company level (which owns multiple users), rather than having the same value for all.

@rmorlok I'm wondering if you ended up by monkeypatching the gem or if you moved to some other option?

@rpbaltazar we ended up rolling our own capability. Our app is API based, so we were able to centralize the logic for tracking failed attempts in the controllers handling login and allowed them to delegate the restriction based on the user in question.