With a time treshold of 4 seconds
and a firstname and lastname honeypot
input fields when signing up

Don't redirect to the Almost there page after registration
and after resending confirmation instructions

Closes #55564
This is first discovered in #54739 (comment 122609857) that if both if: and only:
are used in a before_action or after_action or alike, if: is completely ignored.

Ash McKenzie authored 5 years ago and Thong Kuah committed 5 years ago

RecaptchaExperimentHelper contains helper methods
to assist in the controller and view layers.

Allows instance owners to toggle the recaptcha requirement
on the user registration page by feature flag.
Allows GitLab Growth team to measure
reCAPTCHA's impact on registrations.

- Externalize strings in controllers
- Update PO file

Enables frozen string for the following:

* app/controllers/*.rb
* app/controllers/admin/**/*.rb
* app/controllers/boards/**/*.rb
* app/controllers/ci/**/*.rb
* app/controllers/concerns/**/*.rb

Partially addresses #47424.

When a user checks the `accept` checkbox, we will track that
acceptance as usual. That way they don't need to accept again after
they complete the registration.

When an unauthenticated user visits the `/-/users/terms` page, there
is no button to accept, decline or continue. The 'current-user menu'
is also hidden from the top bar.

This ensures that we have more visibility in the number of SQL queries
that are executed in web requests. The current threshold is hardcoded to
100 as we will rarely (maybe once or twice) change it.

In production and development we use Sentry if enabled, in the test
environment we raise an error. This feature is also only enabled in
production/staging when running on GitLab.com as it's not very useful to
other users.

# This is the 1st commit message:
Add logging for all web authentication events

# This is the commit message #2:

Re-add underscore to after_inactive_sign_up_path_for

# This is the commit message #3:

Standardize on username=

# This is the commit message #4:

after_filter -> after_action, _resource -> resource

# This is the commit message #5:

Add two-factor login failures and account lockouts

# This is the commit message #6:

Move logging from two-factor concern to user model

# This is the commit message #7:

Add spaces around default parameter assignments

# This is the commit message #8:

Move logs out of user model

# This is the commit message #9:

Replace filtered_params with user_params

# This is the commit message #10:

Standardize case

# This is the commit message #1:

Fixes for username and AppLogger.info

Add a rubocop rule to check if a method 'redirect_to' is used without explicitly set 'status' in 'destroy' actions of controllers

* Changed name of delete_user_service and worker to destroy
* Move and change delete_group_service to Groups::DestroyService
* Rename Notes::DeleteService to Notes::DestroyService

If a user presses the 'Register' button too quickly after attempting
to solve the reCAPTCHA, or the reCAPTCHA is not solved at all, the
user would experience a 500 error. Now, the case is properly
handled and the user will be sent back to the registration page
with a clear error message and can try again.

It's too easy to mistype an email or password when signing up.
The support team is receiving an increasing number of requests
because users mistype their email. We can eliminate this problem
by requiring users to confirm the email before registering. The
same issue can occur for the password field so we should add
this, too. We should note that password confirmation is part
of the default Devise forms. I don't know why/when GitLab
removed it.

Destroy a user session when they delete their own account via browser

This patch destroys a user's session when they delete their own account
using a browser. A new session is created as they are redirected to the
sign_in page.

Issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/25015

See merge request !2042

This reverts commit 3e991230.

# Conflicts:
#	app/models/project.rb

Closes #4228