Add latest changes from gitlab-org/gitlab@13-8-stable-eev13.8.0-rc42

4 files changed, 46 insertions, 28 deletions

diff --git a/doc/user/profile/account/two_factor_authentication.md b/doc/user/profile/account/two_factor_authentication.md
index c25535cbf65..6cdd2d6f161 100644
--- a/doc/user/profile/account/two_factor_authentication.md
+++ b/doc/user/profile/account/two_factor_authentication.md
@@ -245,7 +245,7 @@ Search for `security.webauth.u2f` and double click on it to toggle to `true`.
 
 To set up 2FA with a U2F device:
 
-1. Log in to your GitLab account.
+1. Sign in to your GitLab account.
 1. Go to your [**Profile settings**](../index.md#profile-settings).
 1. Go to **Account**.
 1. Click **Enable Two-Factor Authentication**.
@@ -298,11 +298,11 @@ NOTE:
 Recovery codes are not generated for U2F / WebAuthn devices.
 
 WARNING:
-Each code can be used only once to log in to your account.
+Each code can be used only once to sign in to your account.
 
 Immediately after successfully enabling two-factor authentication, you're
 prompted to download a set of generated recovery codes. Should you ever lose access
-to your one-time password authenticator, you can use one of these recovery codes to log in to
+to your one-time password authenticator, you can use one of these recovery codes to sign in to
 your account. We suggest copying and printing them, or downloading them using
 the **Download codes** button for storage in a safe place. If you choose to
 download them, the file is called `gitlab-recovery-codes.txt`.
@@ -314,41 +314,41 @@ If you lose the recovery codes or just want to generate new ones, you can do so
 from the [two-factor authentication account settings page](#regenerate-2fa-recovery-codes) or
 [using SSH](#generate-new-recovery-codes-using-ssh).
 
-## Logging in with 2FA Enabled
+## Signing in with 2FA Enabled
 
-Logging in with 2FA enabled is only slightly different than a normal login.
+Signing in with 2FA enabled is only slightly different than the normal sign-in process.
 Enter your username and password credentials as you normally would, and you're
 presented with a second prompt, depending on which type of 2FA you've enabled.
 
-### Log in via a one-time password
+### Sign in by using a one-time password
 
 When asked, enter the pin from your one time password authenticator's application or a
-recovery code to log in.
+recovery code to sign in.
 
-### Log in via U2F device
+### Sign in by using a U2F device
 
-To log in via a U2F device:
+To sign in by using a U2F device:
 
 1. Click **Login via U2F Device**.
 1. A light begins blinking on your device. Activate it by touching/pressing
    its button.
 
 A message displays, indicating that your device responded to the authentication
-request, and you're automatically logged in.
+request, and you're automatically signed in.
 
-### Log in via WebAuthn device
+### Sign in by using a WebAuthn device
 
 In supported browsers you should be automatically prompted to activate your WebAuthn device
 (e.g. by touching/pressing its button) after entering your credentials.
 
 A message displays, indicating that your device responded to the authentication
-request and you're automatically logged in.
+request and you're automatically signed in.
 
 ## Disabling 2FA
 
 If you ever need to disable 2FA:
 
-1. Log in to your GitLab account.
+1. Sign in to your GitLab account.
 1. Go to your [**Profile settings**](../index.md#profile-settings).
 1. Go to **Account**.
 1. Click **Disable**, under **Two-Factor Authentication**.
@@ -356,6 +356,9 @@ If you ever need to disable 2FA:
 This clears all your two-factor authentication registrations, including mobile
 applications and U2F / WebAuthn devices.
 
+Support for disabling 2FA is limited, depending on your subscription level. For more information, see the
+[Account Recovery](https://about.gitlab.com/support/#account-recovery) section of our website.
+
 ## Personal access tokens
 
 When 2FA is enabled, you can no longer use your normal account password to
@@ -393,9 +396,13 @@ a new set of recovery codes with SSH:
 1. Run:
 
    ```shell
-   ssh git@gitlab.example.com 2fa_recovery_codes
+   ssh git@gitlab.com 2fa_recovery_codes
    ```
 
+   NOTE:
+   On self-managed instances, replace **`gitlab.com`** in the command above
+   with the GitLab server hostname (`gitlab.example.com`).
+
 1. You are prompted to confirm that you want to generate new codes.
    Continuing this process invalidates previously saved codes:
 
@@ -465,9 +472,9 @@ Sign in and re-enable two-factor authentication as soon as possible.
 
   For example, if a user is trying to access a GitLab instance from `first.host.xyz` and `second.host.xyz`:
 
-  - The user logs in via `first.host.xyz` and registers their U2F key.
-  - The user logs out and attempts to log in via `first.host.xyz` - U2F authentication succeeds.
-  - The user logs out and attempts to log in via `second.host.xyz` - U2F authentication fails, because
+  - The user signs in by using `first.host.xyz` and registers their U2F key.
+  - The user signs out and attempts to sign in by using `first.host.xyz` - U2F authentication succeeds.
+  - The user signs out and attempts to sign in by using `second.host.xyz` - U2F authentication fails, because
     the U2F key has only been registered on `first.host.xyz`.
 
 - To enforce 2FA at the system or group levels see [Enforce Two-factor Authentication](../../../security/two_factor_authentication.md).
diff --git a/doc/user/profile/index.md b/doc/user/profile/index.md
index d60fb528499..a96975fea92 100644
--- a/doc/user/profile/index.md
+++ b/doc/user/profile/index.md
@@ -203,11 +203,12 @@ If you previously selected the "Busy" checkbox, remember to deselect it when you
 
 ## Busy status indicator
 
-> - Introduced in GitLab 13.6.
-> - It's [deployed behind a feature flag](../feature_flags.md), disabled by default.
-> - It's disabled on GitLab.com.
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/259649) in GitLab 13.6.
+> - It was [deployed behind a feature flag](../feature_flags.md), disabled by default.
+> - [Became enabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/281073) in GitLab 13.8.
+> - It's enabled on GitLab.com.
 > - It's not recommended for production use.
-> - To use it in GitLab self-managed instances, ask a GitLab administrator to [enable it](#enable-busy-status-feature).
+> - For GitLab self-managed instances, GitLab administrators can opt to [disable it](#disable-busy-status-feature).
 
 To indicate to others that you are busy, you can set an indicator
 
@@ -228,10 +229,16 @@ To set the busy status indicator, either:
   1. Click **Edit profile** (**{pencil}**).
   1. Select the **Busy** checkbox
 
-### Enable busy status feature
+### Disable busy status feature
 
-The busy status feature is deployed behind a feature flag and is **disabled by default**.
-[GitLab administrators with access to the GitLab Rails console](../../administration/feature_flags.md) can enable it for your instance from the [rails console](../../administration/feature_flags.md#start-the-gitlab-rails-console).
+The busy status feature is deployed behind a feature flag and is **enabled by default**.
+[GitLab administrators with access to the GitLab Rails console](../../administration/feature_flags.md) can disable it for your instance from the [rails console](../../administration/feature_flags.md#start-the-gitlab-rails-console).
+
+To disable it:
+
+```ruby
+Feature.disable(:set_user_availability_status)
+```
 
 To enable it:
 
@@ -288,7 +295,7 @@ git config --global user.email <your email address>
 When signing in to the main GitLab application, a `_gitlab_session` cookie is
 set. `_gitlab_session` is cleared client-side when you close your browser
 and expires after "Application settings -> Session duration (minutes)"/`session_expire_delay`
-(defaults to `10080` minutes = 7 days).
+(defaults to `10080` minutes = 7 days) of no activity.
 
 When signing in to the main GitLab application, you can also check the
 "Remember me" option which sets the `remember_user_token`
@@ -316,7 +323,9 @@ The `remember_user_token` lifetime of a cookie can now extend beyond the deadlin
 
 GitLab uses both session and persistent cookies:
 
-- Session cookie: Session cookies are normally removed at the end of the browser session when the browser is closed. The `_gitlab_session` cookie has no expiration date.
+- Session cookie: Session cookies are normally removed at the end of the browser session when
+  the browser is closed. The `_gitlab_session` cookie has no fixed expiration date. However,
+  it expires based on its [`session_expire_delay`](#why-do-i-keep-getting-signed-out).
 - Persistent cookie: The `remember_user_token` is a cookie with an expiration date of two weeks. GitLab activates this cookie if you click Remember Me when you sign in.
 
 By default, the server sets a time-to-live (TTL) of 1-week on any session that is used.
diff --git a/doc/user/profile/notifications.md b/doc/user/profile/notifications.md
index 8974505cf02..38ef01b7537 100644
--- a/doc/user/profile/notifications.md
+++ b/doc/user/profile/notifications.md
@@ -146,13 +146,15 @@ Users are notified of the following events:
 | New email added              | User                | Security email, always sent. |
 | Email changed                | User                | Security email, always sent. |
 | Password changed             | User                | Security email, always sent when user changes their own password |
-| Password changed by administrator | User | Security email, always sent when an administrator changes the password of another user |
+| Password changed by administrator | User           | Security email, always sent when an administrator changes the password of another user |
 | Two-factor authentication disabled | User          | Security email, always sent. |
 | New user created             | User                | Sent on user creation, except for OmniAuth (LDAP)|
 | User added to project        | User                | Sent when user is added to project |
 | Project access level changed | User                | Sent when user project access level is changed |
 | User added to group          | User                | Sent when user is added to group |
 | Group access level changed   | User                | Sent when user group access level is changed |
+| Personal Access Tokens expiring soon <!-- Do not delete or lint this instance of future tense --> | User          | Security email, always sent. |
+| Personal Access Tokens have expired | User         | Security email, always sent. |
 | Project moved                | Project members (1) | (1) not disabled             |
 | New release                  | Project members     | Custom notification          |
 
diff --git a/doc/user/profile/personal_access_tokens.md b/doc/user/profile/personal_access_tokens.md
index cfc70c5a6f0..49889cd3017 100644
--- a/doc/user/profile/personal_access_tokens.md
+++ b/doc/user/profile/personal_access_tokens.md
@@ -112,7 +112,7 @@ token = PersonalAccessToken.find_by_token('token-string-here123')
 token.revoke!
 ```
 
-This can be shorted into a single-line shell command using the
+This can be shortened into a single-line shell command using the
 [Rails runner](../../administration/troubleshooting/debug.md#using-the-rails-runner):
 
 ```shell