Skip to content

This user cannot be unlocked manually from gitlab is an unhelpful message. Make it better.

Summary

We have an seen accounts suddenly become "blocked" on Gitlab CE 8.14.x. No email is generated. No error was located by us in the logs.

We can not unblock the blocked account even from the admin console, unblocking results in this error banner:

This user cannot be unlocked manually from GitLab .

What is missing above is how you can unlock it even more manually than manually. The English above makes no sense. The behaviour of the system above makes no sense. As a user I am sad. Here is the ugly way I have to unblock even more manually than manually:

Commands we type are preceded by > or # below, # is bash, > is the rails prompt.

# sudo bash
# gitlab-rails console
  Loading production environment (Rails 4.2.7.1)

  irb(main):001:0> user = User.find_by_email("email@something.com")

  => .... output snipped ...

irb(main):002:0> user.state = "active"
=> "active"
irb(main):003:0> user.save
=> true
irb(main):004:0> exit

I believe the original cause was some momentary LDAP glitch, but it appears that the Rails side disables/blocks the account permanently in the database. This is not desirable behaviour, nor is the workaround above desirable.

As system administrator though, I should say, I expect to be able to override ALL lockouts. If this is really some OTHER issue, then I expect some additional information on why it's like this and why the RAILS app makes itself useless to me in this case.

Steps to reproduce

  • Somehow get the account to be blocked. Maybe disable some account in LDAP server side temporarily, then re-enable, then wait.

  • Try to unlock from https://yourgitlab/admin/users/

Expected behavior

  • Should always allow me to unlock the account OR should give some useful information on how to do it manually OR should prompt me "Are you really sure" if there's a reason why this shouldn't always just work?

Actual behavior

  • Won't unlock, no useful information on what's wrong. Pile of googling later, you find rails console hacks, and get user back online.

Relevant logs and/or screenshots

No errors in gitlab-ctl tail that I can see. Nothing interesting in gitlab-rails\production log

Output of checks

(If you are reporting a bug on GitLab.com, write: This bug happens on GitLab.com)

Results of GitLab application Check

gitlab 8.14.x latest. n/a

Results of GitLab environment info

n/a

Possible fixes

Workaround above in issue description, is not a fix, but a good fix might be to just LET USERS UNLOCK the account without doing any Gitlab Rake Dances. Since I'm not aware of why this validation logic exists, this requires feedback from the people who put this block in place.