This commit will add a time waste function if the username is not
present in the database. This is done to prevent the data extraction, in
this case the presence or not, of a username based upon the execution
time for the login process.

In the configuration file, the 'fake_hash' variable is computed with the
input data "fake_data" and the salt "fake_salt" to be transparent about
the data used as input for the hashing function.

The comparison with the 'verify()' function is a boolean (always True in
this case), and is not used in any useful way in the login process.

This waste of time is done even if the risk factor is very small (not to
say inexistent).

The location of this function call is designed to be only present if the
username provided as input does not exists in the database. This is done
to not impact real users.

This will trigger a rate limitation when the username does not exists or
if the password is not the correct one. The time to wait is exponential
(base 2) after the 5 first attempts.

This reverts commit b19f99ae.

This will ensure that the cache for functions is invalidated on
application update.

This is done by splitting the original function in an inner function
that manage the creation of the image in a PIL format. This inner
function is decorated with the redis cache function.

Because of a bug in the PIL library, we can not unPickle a tiff image.
The workaround is to use the following code:

    if isinstance( img, TiffImageFile ):
        if not hasattr( img, "use_load_libtiff" ):
            img.use_load_libtiff = True

Source: https://github.com/python-pillow/Pillow/pull/4565/files

This being patched in the current versions of PIL, we should be use this
monkey-patch for new version of Python.

In some cases, the python object can not be pickled; if so, the function
will crash and not return the data. With this patch, on error, the cache
will be be populated but the inputted value will still be returned to
the calling function.

Since the variable is global anyway, we don't need to pass it as
parameter.

The fetch of the data don't need to be done in an ajax query once the
page is loaded. This will directly populate the "secret" javascript
variable and the 'input' field.