This reverts commit 13e37a3e.

- Extract a duplicated `redirect_to`
- Fix a typo: "token", not "certificate"
- Have the "Expires at" datepicker be attached to a text field, not inline
- Have both private tokens and personal access tokens verified in a
  single "authenticate_from_private_token" method, both in the
  application and API. Move relevant logic to
  `User#find_by_personal_access_token`
- Remove unnecessary constants relating to API auth. We don't need a
  separate constant for personal access tokens since the param is the
  same as for private tokens.

- No hardcoded colors in any SCSS file except `variables.scss`
- Don't allow choosing a date in the past
- Use the same table as in the "Applications" tab
- The button should say "Create Personal Access Token"
- Float the revoke button to the right of the table cell
- Change the revocation message to be more explicit.
- Date shouldn't look selected on page load
- Don't use a panel for the created token
    - Use a normal flash for "Your new personal access token has been created"
    - Show the input (with the token) below it full width.
    - Put the "Make sure you save it - you won't be able to access it again." message near the input
- Have the created token's input highlight all on single click

- Move the `TwoFactorAuthsController`'s `new` action to `show`, since
  the page is not used to create a single "two factor auth" anymore. We
  can have a single 2FA authenticator app, along with any number of U2F
  devices, in any combination, so the page will be accessed after the
  first "two factor auth" is created.
- Add the `u2f` javascript library, which provides an API to the
  browser's U2F implementation.
- Add tests for the JS components

This reverts commit 3e991230.

# Conflicts:
#	app/models/project.rb

- Use the `:personal_access_token` param root instead of
  `personal_access_token_params`, because we aren't using the
  `personal_access_token` param for authentication anymore (we're using
  `private_token` instead).
- Use `build` to instantiate a `PersonalAccessToken`
- Use better-formatted dates

- Can't use `personal_access_token` anymore, because the contents
  of that param are assumed to be a token string, and authenticated
  against.

- Show the count for each section in parens
- Remove the `revoked?` check, because everything in the
  active section is guaranteed to not be revoked.

Report: https://github.com/gitlabhq/gitlabhq/issues/10138



Signed-off-by: Rémy Coutable <remy@rymai.me>

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

* visiting project will create notification setting if missing
* change notification setting per project even without membership
* use notification settings instead of membership on profile page

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

`render nothing: true` has been deprecated.
For more information see [pr](https://github.com/rails/rails/pull/20336)

Added in disable button for 2fa

Closes #13854

Phil Hughes authored 9 years ago and Robert Speicher committed 9 years ago

Closes #13860

Prior, if the user had enabled and then disabled 2FA, they would be
shown a "You must enable Two-factor Authentication for your account."
message when going back to re-activate it, even if 2FA enforcement was
disabled.

simplified code and fixed stuffs

Safari 9.0 does not yet honor the HTML5 `origin-when-cross-origin` mode,
and it's possible load balancers/proxies strip the HTTP_REFERER from
the request header. In these cases, default to some default path.

Closes #3122

Closes https://github.com/gitlabhq/gitlabhq/issues/9731