This will only be displayed if `X-GitLab-Show-Login-Captcha` is set as an HTTP
header.

`InternalRedirect` prevents Open redirect issues by only allowing
redirection to paths on the same host.

It cleans up any unwanted strings from the path that could point to
another host (fe. //about.gitlab.com/hello). While preserving the
querystring and fragment of the uri.

It is already used by:

- `TermsController`
- `ContinueParams`
  - `ImportsController`
  - `ForksController`
- `SessionsController`: Only for verifying the host in CE. EE allows
   redirecting to a different instance using Geo.

In GitLab EE, a GitLab instance can be read-only (e.g. when it's a Geo
secondary node). But in GitLab CE it also might be useful to have the
"read-only" idea around. So port it back to GitLab CE.

Also having the principle of read-only in GitLab CE would hopefully
lead to less errors introduced, doing write operations when there
aren't allowed for read-only calls.

Closes gitlab-org/gitlab-ce#37534.

# This is the 1st commit message:
Add logging for all web authentication events

# This is the commit message #2:

Re-add underscore to after_inactive_sign_up_path_for

# This is the commit message #3:

Standardize on username=

# This is the commit message #4:

after_filter -> after_action, _resource -> resource

# This is the commit message #5:

Add two-factor login failures and account lockouts

# This is the commit message #6:

Move logging from two-factor concern to user model

# This is the commit message #7:

Add spaces around default parameter assignments

# This is the commit message #8:

Move logs out of user model

# This is the commit message #9:

Replace filtered_params with user_params

# This is the commit message #10:

Standardize case

# This is the commit message #1:

Fixes for username and AppLogger.info

This avoids loading the `OmniAuthCallbacksController` at boot time so
it doesn't mess up the `before_action`-chain

Otherwise the token might be cleared before authentication is
done, causing the authentication itself to fail

When sign-in is disabled:
 - skip password expiration checks
 - prevent password reset requests
 - don’t show Password tab in User Settings
 - don’t allow login with username/password for Git over HTTP requests
 - render 404 on requests to Profiles::PasswordsController

This commit lets a user bypass the automatic signin on the login form,
in order to login with a technical (admin, etc) account

Closes #3786
Signed-off-by: NRémy Coutable <remy@rymai.me>

+ Use NullMetrics to mock metrics when unused
+ Use method_missing in NullMetrics mocking
+ Update prometheus gem to version that correctly uses transitive dependencies
+ Ensure correct folders are used in Multiprocess prometheus client tests.
+ rename Sessions controller's metric

 + remove unecessarey require
 + fix small formatiing issues

Prometheus requires a trailing newline in its response.

+ cleanup

This is a step for #29118.

Add a single metric to count successful logins.

Summary types are not supported so remove Collector.  Either
we need to support the summary type or we need to create a
multiprocess-friendly Collector.

Add config to load prometheus and set up the Collector and the
Exporter.

Fix `Gemfile` as current prometheus-client gemspec is missing the
`mmap2` dependency.

It uses a user activity table instead of a column in users.
Tested with mySQL and postgreSQL

 - cleanup formating in haml
 - clarify time window is in seconds
 - cleanup straneous chunks in db/schema
 - rename count_uniqe_ips to update_and_return_ips_count
 - other

This reverts commit cb10b725c8929b8b4460f89c9d96c773af39ba6b.

test: replaced signed_out message check with check for sign_in button

fixes #25294

After this change the sign-in-success flash message will not be shown

refactor: set flash message to be nil while signing in

test: changed tests to reflect removal of sign-in message

refactor: adding signed_in message back

See Merge Request !7837

issue#24982