Added documentation and CHANGELOG item

CHANGELOG

@@ -51,6 +51,7 @@ v 8.11.0 (unreleased)
   - Get issue and merge request description templates from repositories
   - Add hover state to todos !5361 (winniehell)
   - Fix icon alignment of star and fork buttons !5451 (winniehell)
+  - Enforce 2FA restrictions on API authentication endpoints !5820
   - Limit git rev-list output count to one in forced push check
   - Show deployment status on merge requests with external URLs
   - Clean up unused routes (Josef Strzibny)

app/services/user_retrieval_service.rb

@@ -10,4 +10,4 @@ class UserRetrievalService
     user = Gitlab::Auth.find_with_user_password(login, password)
     user unless user.two_factor_enabled?
   end
-end
+end

doc/api/oauth2.md

@@ -90,7 +90,7 @@ curl --header "Authorization: Bearer OAUTH-TOKEN" https://localhost:3000/api/v3/
 
 ## Deprecation Notice
 
-1. Starting in GitLab 9.0, the Resource Owner Password Credentials will be *disabled* for users with two-factor authentication turned on.
+1. Starting in GitLab 8.11, the Resource Owner Password Credentials has been *disabled* for users with two-factor authentication turned on.
 2. These users can access the API using [personal access tokens] instead.
 
 ---

doc/api/session.md

@@ -2,7 +2,7 @@
 
 ## Deprecation Notice
 
-1. Starting in GitLab 9.0, this feature will be *disabled* for users with two-factor authentication turned on.
+1. Starting in GitLab 8.11, this feature has been *disabled* for users with two-factor authentication turned on.
 2. These users can access the API using [personal access tokens] instead.
 
 ---

spec/requests/api/oauth_tokens_spec.rb

@@ -28,4 +28,4 @@ describe API::API, api: true  do
       end
     end
   end
-end
+end

spec/services/user_retrieval_service_spec.rb

@@ -16,4 +16,4 @@ describe UserRetrievalService, services: true do
       expect(retrieved_user).to be_nil
     end
   end
-end
+end