Removed unnecessary service for user retrieval and improved API error message.

app/services/user_retrieval_service.rb

-class UserRetrievalService
-  attr_accessor :login, :password
-
-  def initialize(login, password)
-    @login = login
-    @password = password
-  end
-
-  def execute
-    user = Gitlab::Auth.find_with_user_password(login, password)
-    user unless user.two_factor_enabled?
-  end
-end

config/initializers/doorkeeper.rb

@@ -12,7 +12,8 @@ Doorkeeper.configure do
   end
 
   resource_owner_from_credentials do |routes|
-    UserRetrievalService.new(params[:username], params[:password]).execute
+    user = Gitlab::Auth.find_with_user_password(params[:username], params[:password])
+    user unless user && user.two_factor_enabled?
   end
 
   # If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below.

lib/api/helpers.rb

@@ -276,7 +276,7 @@ module API
     end
 
     def render_2fa_error!
-      render_api_error!('401 You have 2FA enabled. Please use a personal access token to access the API', 401)
+      render_api_error!('401 Unauthorized. You have 2FA enabled. Please use a personal access token to access the API', 401)
     end
 
     def render_api_error!(message, status)

spec/services/user_retrieval_service_spec.rb

-require 'spec_helper'
-
-describe UserRetrievalService, services: true do
-  context 'user retrieval' do
-    it 'retrieves the correct user' do
-      user = create(:user)
-      retrieved_user = described_class.new(user.username, user.password).execute
-
-      expect(retrieved_user).to eq(user)
-    end
-
-    it 'returns nil when 2FA is enabled' do
-      user = create(:user, :two_factor)
-      retrieved_user = described_class.new(user.username, user.password).execute
-
-      expect(retrieved_user).to be_nil
-    end
-  end
-end