What does this MR do?
The suggested change allows a user to use the site without the hard requirement to confirm her email address after signing up when the
send_user_confirmation_email application setting is set to true.
Before this change, a user would land on an "Almost there" page, preventing her to use the site until a confirmation link sent to her email address was followed.
The time a user can use the site without confirming her email address is set to 30 days through Devise's
allow_unconfirmed_access_for setting. When the user has not yet confirmed her email address before this time, she will not be able to login anymore and will see the flash alert 'You have to confirm your email address before continuing'.
When a user logs in during the 'grace period', she will see a flash warning on every visited page. This is set in the
This feature is behind the feature flag
Does this MR meet the acceptance criteria?
Changelog entry for user-facing changes, or community contribution. Check the link for other scenarios.
Documentation created/updated or follow-up review issue created
Code review guidelines
Merge request performance guidelines
Separation of EE specific content
Performance and testing
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
Tested in all supported browsers
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
Label as security and @ mention
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
Security reports checked/validated by a reviewer from the AppSec team
Closes #47003 (closed)