* Add a spec for signing out

* Add spec showing that suspended user gets a 403 forbidden on sign out

* Allow suspended account users to sign out

* disable Bundler/OrderedGems

* fix rubocop Lint/UselessAssignment

* fix rubocop Style/BlockDelimiters

* fix rubocop Style/AlignHash

* fix rubocop Style/AlignParameters, Style/EachWithObject

* fix rubocop Style/SpaceInLambdaLiteral

An attempt to open a brand new Mastodon instance configured
as SINGLE_USER_MODE=true will cause an exception.

Enable temporary registration if we have no users in the database

Fixes #1817

* Add recovery code support for two-factor auth

When users enable two-factor auth, the app now generates ten
single-use recovery codes. Users are encouraged to print the codes
and store them in a safe place.

The two-factor prompt during login now accepts both OTP codes and
recovery codes.

The two-factor settings UI allows users to regenerated lost
recovery codes. Users who have set up two-factor auth prior to
this feature being added can use it to generate recovery codes
for the first time.

Fixes #563 and fixes #987

* Set OTP_SECRET in test enviroment

* add missing .html to view file names

to sign in page after sign up instead of root path which redirects to /about

registration API

behaviour with Turbolinks enabled, optimizing Rabl for production