Update doorkeeper to 4.2.0

Changelog: https://git.io/v6PnV

See merge request !5881

2FA checks for Git over HTTP

## What does this MR do?

This MR allows the use of `PersonalAccessTokens` to access Git over HTTP and makes that the only allowed method if the user has 2FA enabled. If a user with 2FA enabled tries to access Git over HTTP using his username and password the request will be denied and the user will be presented with the following message:

```
remote: HTTP Basic: Access denied
remote: You have 2FA enabled, please use a personal access token for Git over HTTP.
remote: You can generate one at http://localhost:3000/profile/personal_access_tokens
fatal: Authentication failed for 'http://localhost:3000/documentcloud/underscore.git/'
```

## What are the relevant issue numbers?

Fixes #13568 

See merge request !5764

Changelog: https://git.io/v6PnV

Handle legacy sort order values

Convert the legacy sort order values id_asc / id_desc into the ones we use now, created_at / created_desc, to stop the dropdown being blank.

Closes #21028.

See merge request !5880

2FA checks for API workflows

## What does this MR do?

It adds a check to the API `/session` endpoint that will deny authentication requests to users that have 2FA enabled. In the error message it will instruct them to use a Personal Access Token instead.

It adds a check to the `/oauth/token` endpoint, when `grant_type: 'password'` is used, so that no OAuth2 access token can be generated if the user has 2FA enabled. This endpoint should not be used by OAuth applications, anyway. OAuth apps should follow the flow of redirecting the user to GitLab, where 2FA access restrictions apply and logging them in there. Once successfully authenticated, the OAuth token is passed to the client.

## Why was this MR needed?

No 2FA check on API endpoints.

## What are the relevant issue numbers?

Fixes #2979

See merge request !5820

Update Hamlit to 2.6.1

Fixes gitlab-org/gitlab-ce#21025 and gitlab-org/gitlab-ce#21017

See merge request !5873

The sort orders used to be id_asc / id_desc, and are now created_asc /
created_desc. Users can still have cookies containing the old sort
orders, or bookmarks to links specifying them, so convert these to the
new versions quietly.

Added checks for 2FA to the API `/sessions` endpoint and the Resource Owner Password Credentials flow.

Support slash commands in issues / MR description & comments

See merge request !5021

Merge branch '3225-ace-editor-causing-404-errors-every-time-you-try-to-edit-a-file-in-the-webui' into 'master'

Fix Ace syntax highlighting with compiled assets

## What does this MR do?

Update ACE to 4.1.0 to allow modes (syntax highlighting files for particular languages) to be lazily loaded.

## Are there points in the code the reviewer needs to double check?

Don't think so.

## Why was this MR needed?

Syntax highlighting in the file editor only worked in development and test modes, not in production!

## What are the relevant issue numbers?

Closes #3225.

## Screenshots (if relevant)

First, the test setup - add these lines to `development.rb`:
```ruby
  config.assets.debug = false
  config.assets.compile = false
  config.assets.digest = true
```

Then, before starting the server, run `bundle exec rake assets:clobber assets:precompile`.

Before:

![image](/uploads/486198e273019f8969d2e90560d82928/image.png)

There is an error in the console because `/assets/ace/mode-ruby.js` was not found (it's only available when assets are compiled on demand).

After:

![image](/uploads/6aa0d69b7efdfd6fe6aa22b9a49e9716/image.png)

This loads `/assets/ace/mode-ruby-3915f95a6cc47306b1305e4dcb7aca25b2ef9c49b18ec6011707135b6575d8f3.js`, which works because the precompile step included it and told ACE where to find it.

## Does this MR meet the acceptance criteria?

- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- ~~[Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)~~
- ~~API support added~~
- Tests
  - ~~Added for this feature/bug~~
  - [x] All builds are passing
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

See merge request !5501

Abuse Reports message truncation

## What does this MR do?

Adds dynamic message truncation to abuse reports

## Are there points in the code the reviewer needs to double check?

Is the new UI OK?

## Why was this MR needed?

Admin UX

## What are the relevant issue numbers?

Closes #13664.

## Screenshots (if relevant)

**UPDATED:**

![Screen_Shot_2016-07-07_at_03.02.43](/uploads/2e1a1122e0194f8ffa48054c18523ccd/Screen_Shot_2016-07-07_at_03.02.43.png)

## Does this MR meet the acceptance criteria?

- [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [ ] API support added
- Tests
  - [ ] Added for this feature/bug
  - [ ] All builds are passing
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
Closes #13664

See merge request !5032

Truncated long user lists in award emoji tooltips

## What does this MR do?
Truncates award emoji tooltips so that they only show 10 users maximum.

Further users are indicated by appending "and X more."

## Are there points in the code the reviewer needs to double check?
Is 10 too little, should it be raised?

My test cases rely on join() to build the expected output.
This feels a little iffy is it alright?

## Why was this MR needed?
Some issues have a large number of thumbs causing tooltips to be very large.

## What are the relevant issue numbers?
closes #18334, closes #19542

## Screenshots (if relevant)
##### Before
![Screenshot_from_2016-06-20_19-49-12](/uploads/d7a14dd87bb3da2acd7c0818de99852b/Screenshot_from_2016-06-20_19-49-12.png)

##### After
![Screenshot_from_2016-06-20_19-50-58](/uploads/f7f05c44594bfe8cec7dfd48802753a6/Screenshot_from_2016-06-20_19-50-58.png)

Truncation point modified for purposes of screenshot

## Does this MR meet the acceptance criteria?

- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [x] API support added
- [x] Tests
  - [x] Added for this feature/bug
  - [x] All builds are passing
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

See merge request !4780

Deployment and Play endpoints

See merge request !5825

Attempted improvement to stop boards spec failing



See merge request !5869

Allow naming (and deleting) U2F devices.

## What does this MR do?

- Allow giving each U2F device a name (at the time of registration).
- Allow deleting individual U2F devices.
- Display a list of registered U2F devices.

## What are the relevant issue numbers?

- Closes #17334 
- Closes #17335 

See merge request !5833

Fixes gitlab-org/gitlab-ce#21025 and gitlab-org/gitlab-ce#21017

edit_blob_link can receive the blob to avoid access to the repository

## What does this MR do?

Avoid access to the repository to get the blob when can be passed on context

## Are there points in the code the reviewer needs to double check?

## Why was this MR needed?

#20454 to try to speed up the diff pages

## What are the relevant issue numbers?

Relates #20454 probably we want and UI solution not just a backend solution

## Screenshots (if relevant)

## Does this MR meet the acceptance criteria?

- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- ~~[ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)~~
- ~~[ ] API support added~~
- Tests
  - [x] Added for this feature/bug
  - [ ] All builds are passing
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)


See merge request !5850

Add endpoints for pipelines

- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [x] API support added
- Tests
  - [x] Added for this feature/bug
  - [x] All builds are passing
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [ ] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

See merge request !5837

Add merge conflict resolution to CHANGELOG

😊 

See merge request !5863

Fix email line-height in Outlook

On Outlook.com:

![image](/uploads/4bfa8daacce39a640428dff6eec0c098/image.png)

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/19060.

See merge request !5843

Fix broken feature spec.

This older spec was failing: features/project/issues/issues.feature

Looks like before we were doing an exact match for queries, that's why
it was passing with this existing issue: https://gitlab.com/gitlab-org/gitlab-ce/blob/59fa031e6f7d5a1b658c370f581c4caaf4493150/features/project/issues/issues.feature#L128

Failed build: https://gitlab.com/gitlab-org/gitlab-ce/builds/3178231

See merge request !5857

Remove undefined word Corporation from CCLA

## What does this MR do?

Removes the (undefined) word "Corporation" from the CCLA, per advice from legal counsel.

## Why was this MR needed?

The word Corporation was undefined, while the word "You" already included "legal entities".

## What are the relevant issue numbers?

- https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3685
- https://gitlab.com/gitlab-org/gitlab-ce/issues/15156

\cc @pmachle

See merge request !5835

Simplify SQL queries of marking a todo as done

See merge request !5832

1. Remove an unnecessary (since we're fetching all the records anyway)
   `pluck` while fetching U2F registration records.

2. Align "Your device was successfully set up!" section with the "U2F
   Devices" table below.

1. Display a list of U2F devices on the `two_factor_auth` page.

2. Allow deleting individual U2F devices.

3. Allow setting a (optional) name for a device (during registration).