- To hold registrations from U2F devices, and to authenticate them.
- Previously, `User#two_factor_enabled` was aliased to the
`otp_required_for_login` column on `users`.
- This commit changes things a bit:
- `User#two_factor_enabled` is not a method anymore
- `User#two_factor_enabled?` checks both the
`otp_required_for_login` column, as well as `U2fRegistration`s
- Change all instances of `User#two_factor_enabled` to
`User#two_factor_enabled?`
- Add the `u2f` gem, and implement registration/authentication at the
model level.
We were doing all kinds of code gymnastics to "enable" Crowd in the
feature spec and this would sometimes cause a transient failure.
Really what it's testing is if the Crowd login form shows when Crowd's
enabled, so this is much better suited to a view spec.
There is no Kerberos auth in gitlab-ce, so it shouldn't be noted
as a form-driven auth mechanism in app/helpers/auth_helper.rb.
This breaks using Kerberos as a custom omniauth provider.
See issue #2510
