- Adds CSS classes to represent browser & platform
- Adds JS flags to `gl` object to represent
browser & platform

Alex Buijs authored 5 years ago and Mayra Cabrera committed 5 years ago

This link is shown when a user tries to login with an unconfirmed
email address and the grace period has expired

Imre (Admin) authored 5 years ago and James Lopez committed 5 years ago

By not triggering the callback:
- ActiveSession lookup keys are not cleaned
- Devise also misses its hook related to session cleanup

Using the sed script from
https://gitlab.com/gitlab-org/gitlab-ce/issues/59758

This spec would start to fail on the first of the month because the
generated text would have a zero-padded day (e.g. 01 vs 1), whereas the
expected text check used an unpadded day via the `-d` parameter in
strftime (https://apidock.com/ruby/Date/strftime). To fix this, we
use use the `d` parameter to pad zeros.

This spec was introduced recently in
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/25731.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/59731

This prevents a redirect loop when a user has to enable 2FA and accept
the terms.

Now they will need to accept the terms, then enable 2FA, or any other requirements.

This enforces the terms in the web application. These cases are
specced:

- Logging in: When terms are enforced, and a user logs in that has not
  accepted the terms, they are presented with the screen. They get
  directed to their customized root path afterwards.
- Signing up: After signing up, the first screen the user is presented
  with the screen to accept the terms. After they accept they are
  directed to the dashboard.
- While a session is active:
  - For a GET: The user will be directed to the terms page first,
    after they accept the terms, they will be directed to the page
    they were going to
  - For any other request: They are directed to the terms, after they
    accept the terms, they are directed back to the page they came
    from to retry the request. Any information entered would be
    persisted in localstorage and available on the page.

Ensure that OTP backup codes are always invalidated - 10.5 port

See merge request gitlab/gitlabhq!2324

Signed-off-by: Rémy Coutable <remy@rymai.me>

Replaces all the explicit include metadata syntax in the specs (tag:
true) into the implicit one (:tag).
Added a cop to prevent future errors and handle autocorrection.

Signed-off-by: Rémy Coutable <remy@rymai.me>

If internal auth is disabled and user is not an LDAP user, present
the user with an alert to create a personal access token if he does
not have one already.

Change single `login_via` use to `gitlab_sign_in_via`

The specs that rely on a correct value of the trackable attributes, should
include the `:redis` keyword in the spec to ensure the state is reset between
various specs.

The trackable attributes being:

- sign_in_count      : Increased every time a sign in is made (by form, openid, oauth)
- current_sign_in_at : A timestamp updated when the user signs in
- last_sign_in_at    : Holds the timestamp of the previous sign in
- current_sign_in_ip : The remote ip updated when the user sign in
- last_sign_in_ip    : Holds the remote ip of the previous sign in

The limiting of writing trackable attributes was introduced in
gitlab-org/gitlab-ce!11053.

This reverts commit cb10b725c8929b8b4460f89c9d96c773af39ba6b.