Add method to store session ids by ip

Add new specs for storing session ids

Add cleaning up records after login

Add retrieving anonymous sessions

Add login recaptcha setting

Add new setting to sessions controller

Add conditions for showing captcha

Add sessions controller specs

Add admin settings specs for login protection

Add new settings to api

Add stub to devise spec

Add new translation key

Add cr remarks

Rename class call

Add cr remarks

Change if-clause for consistency

Add cr remarks

Add code review remarks

Refactor AnonymousSession class

Add changelog entry

Move AnonymousSession class to lib

Move store unauthenticated sessions to sessions controller

Move link to recaptcha info

Regenerate text file

Improve copy on the spam page

Change action filter for storing anonymous sessions

Fix rubocop offences

Add code review remarks

Adds frozen string to the following:

* spec/bin/**/*.rb
* spec/config/**/*.rb
* spec/controllers/**/*.rb

xref https://gitlab.com/gitlab-org/gitlab-ce/issues/59758

Updates specs to use new rails5 format.

The old format:
`get :show, { some: params }, { some: headers }`

The new format:
`get :show, params: { some: params }, headers: { some: headers }`

This will only be displayed if `X-GitLab-Show-Login-Captcha` is set as an HTTP
header.

Refactor sessions_controller_spec to work both in rails4 and rails5.
Remove the stubbed `request.referer` method, set real header instead.

`InternalRedirect` prevents Open redirect issues by only allowing
redirection to paths on the same host.

It cleans up any unwanted strings from the path that could point to
another host (fe. //about.gitlab.com/hello). While preserving the
querystring and fragment of the uri.

It is already used by:

- `TermsController`
- `ContinueParams`
  - `ImportsController`
  - `ForksController`
- `SessionsController`: Only for verifying the host in CE. EE allows
   redirecting to a different instance using Geo.

Extracted `@request.env['devise.mapping'] = Devise.mappings[:user]` and `Rails.application.env_config['devise.mapping'] = Devise.mappings[:user]`
in our tests into the helper method `set_devise_mapping`

This commit lets a user bypass the automatic signin on the login form,
in order to login with a technical (admin, etc) account

Closes #3786

Signed-off-by: Rémy Coutable <remy@rymai.me>

This new class uses a Redis Hash instead of a Sorted Set.

Signed-off-by: Rémy Coutable <remy@rymai.me>

Refactored specs and added a post deployment migration to remove the activity users table.

It uses a user activity table instead of a column in users.
Tested with mySQL and postgreSQL

 + rename shared context

 - cleanup formating in haml
 - clarify time window is in seconds
 - cleanup straneous chunks in db/schema
 - rename count_uniqe_ips to update_and_return_ips_count
 - other

This reverts commit e00fb2bdc2090e9cabeb1eb35a2672a882cc96e9.

# Conflicts:
#	.rubocop.yml
#	.rubocop_todo.yml
#	lib/gitlab/ci/config/entry/global.rb
#	lib/gitlab/ci/config/entry/jobs.rb
#	spec/lib/gitlab/ci/config/entry/factory_spec.rb
#	spec/lib/gitlab/ci/config/entry/global_spec.rb
#	spec/lib/gitlab/ci/config/entry/job_spec.rb
#	spec/lib/gitlab/ci/status/build/factory_spec.rb
#	spec/lib/gitlab/incoming_email_spec.rb

This reverts commit cb10b725c8929b8b4460f89c9d96c773af39ba6b.

After this change the sign-in-success flash message will not be shown

refactor: set flash message to be nil while signing in

test: changed tests to reflect removal of sign-in message

refactor: adding signed_in message back

See Merge Request !7837

issue#24982

Copy logic from `Devise::Models::Lockable#valid_for_authentication?`, as
our custom login flow with two pages doesn't call this method. This will
increment the failed login counter, and lock the user's account once
they exceed the number of failed attempts.

Also ensure that users who are locked can't continue to submit 2FA
codes.

Matches the changes done for non-u2f two-factor auth

- "two-factor" for OTP-based 2FA
- "two-factor-via-u2f-device" for U2F-based 2FA
- "standard" for non-2FA login

This reverts commit 3e991230.