`User#starred_projects` doesn't perform any visibility checks. This has
a couple of problems:

1. It assumes a user can always view all of their starred projects in
   perpetuity (project not changed to private, access revoked, etc.).
2. It assumes that we'll only ever allow a user to star a project they
   can view. This is currently the case, but bugs happen.

Add `User#viewable_starred_projects` to filter the starred projects by
those the user either has explicit access to, or are public or
internal. Then use that in all places where we list the user's starred
projects.

In 8278b763 the default behaviour of annotation
has changes, which was causing a lot of noise in diffs. We decided in #17382
that it is better to get rid of the whole annotate gem, and instead let people
look at schema.rb for the columns in a table.

Fixes: #17382

Variable `Gitlab::Application.config.secret_key_base` is set in
config/initializers/secret_token.rb. It's very bad practice to use
hard-coded paths inside an application and really unnecessary in this
case.

This reverts commit 1cc614f2.

It was causing the ActiveJob integration to fail, so unfortunately we'll have to add the gem again.

The extra gem isn’t necessary anymore since Rails 4.2 has ActiveJob integration.

Resolves #15575.

Signed-off-by: Rémy Coutable <remy@rymai.me>

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

* visiting project will create notification setting if missing
* change notification setting per project even without membership
* use notification settings instead of membership on profile page
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Fixes #14585.

This also refactores ProjectSelect adding some decorator-like functions.

This reverts commit 01160fc0, reversing
changes made to 4bff9daf.

Also incorporates the review into this, mainly spec changes.

The user has the rights of a public user execpt it can never create a project,
 group, or team. Also it cant view internal projects.

GitLab EE adds an extra relation that selects a "project_id" column
instead of an "id" column, making it very hard for this method to be
re-used in EE. Since using User#authorized_groups in
ProjectsFinder#all_groups apparently has no performance impact we can
just use it and keep everything compatible with EE.

We can just use "arel_table" in these cases instead of
"SomeClass.arel_table".

We don't need the extra layer of nesting of UNION queries here (as
User#authorized_projects already returns a UNION'd query).

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Closes #13905

Rails adds an empty error to the Errors object even if you just call
`#[]` on it:

```
[1] pry(main)> u = User.last
[2] pry(main)> u.errors.keys
=> []
[3] pry(main)> u.errors[:username].present?
=> false
[4] pry(main)> u.errors.keys
=> [:username]
```

Prior, if the user enabled 2FA, then disabled it and came back some time
after the grace period expired, they would be forced to enable 2FA
immediately.

- Avoid multiple calls to `validates` for the avatar attributes.
- In a cropping process, don't check if the model inherits `User`, check if it responds to `:avatar_crop_size`.

Also:
- Get rid of legacy :strict_mode
- Get rid of custom :email validator
- Add some shared examples to spec emails validation