Skip to content

It is not possible to force user confirmation from Admin Area if confirmation was expired

Summary

It is not possible to force user confirmation from Admin Area if confirmation was expired: after clicking Confirm user one sees the message Successfully confirmed but user remains unconfirmed.

Steps to reproduce

  • make sure that Send confirmation email on sign-up and Sign-up enabled options are enabled in Admin Area > Settings > General > Sign-up restrictions.

  • register a new user in your GitLab instance and wait for the confirmation e-mail to expire. Judging by https://gitlab.com/gitlab-org/gitlab/-/blob/master/config/initializers/8_devise.rb#L92, it is hardcoded to 1 day, but to emulate expiration one can change the value of confirmation_sent_at:

    u = User.find(<USER_ID>)
u.confirmation_sent_at = <SOME_DATE_IN_THE_PAST>
u.save

  • go to the Admin Area > Users, click this user and click Confirm user.

  • you will get a confirmation prompt and the message Successfully confirmed but in fact the user will remain unconfirmed, and Confirm user block will be still shown.

What is the current bug behavior?

The user remains unconfirmed after clicking Confirm user, no errors are shown.

What is the expected correct behavior?

The user should be confirmed successfully after clicking Confirm user.

Relevant logs and/or screenshots

  • no errors are shown in UI:

    confirm_user

  • production_json.log also looks good:

    {"method":"PUT","path":"/admin/users/test10u10/confirm","format":"html","controller":"Admin::UsersController","action":"confirm","status":302,"duration":178.76,"view":0.0,"db":34.16,"location":"https://atatahost.ml/admin/users/test10u10","time":"2020-03-26T09:42:41.174Z","params":[{"key":"_method","value":"put"},{"key":"authenticity_token","value":"[FILTERED]"},{"key":"id","value":"test10u10"}],"remote_ip":"94.180.110.46","user_id":1,"username":"root","ua":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36","queue_duration":179.51,"correlation_id":"l7fUJx8epB6","cpu_s":0.32313987400000005
{"method":"GET","path":"/admin/users/test10u10","format":"html","controller":"Admin::UsersController","action":"show","status":200,"duration":858.26,"view":789.4,"db":41.39,"time":"2020-03-26T09:42:42.478Z","params":[{"key":"id","value":"test10u10"}],"remote_ip":"94.180.110.46","user_id":1,"username":"root","ua":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36","queue_duration":15.8,"correlation_id":"Cf6sEDqItG8","cpu_s":0.8313956560000001}

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info 

System information
System:     Ubuntu 16.04
Proxy:      no
Current User:   git
Using RVM:  no
Ruby Version:   2.6.5p114
Gem Version:    2.7.10
Bundler Version:1.17.3
Rake Version:   12.3.3
Redis Version:  5.0.7
Git Version:    2.24.1
Sidekiq Version:5.2.7
Go Version: unknown

GitLab information
Version:    12.9.0-ee
Revision:   073a4ba8016
Directory:  /opt/gitlab/embedded/service/gitlab-rails
DB Adapter: PostgreSQL
DB Version: 10.12
URL:        https://gitlabdomain.tld
HTTP Clone URL: https://gitlabdomain.tld/some-group/some-project.git
SSH Clone URL:  git@gitlabdomain.tld:some-group/some-project.git
Elasticsearch:  no
Geo:        no
Using LDAP: no
Using Omniauth: yes
Omniauth Providers:

GitLab Shell
Version:    12.0.0
Repository storage paths:
- default:  /var/opt/gitlab/git-data/repositories
GitLab Shell path:      /opt/gitlab/embedded/service/gitlab-shell
Git:        /opt/gitlab/embedded/bin/git

Results of GitLab application Check

Expand for output related to the GitLab application check 
Checking GitLab subtasks ...


Checking GitLab Shell ...


GitLab Shell: ... GitLab Shell version >= 12.0.0 ? ... OK (12.0.0)
Running /opt/gitlab/embedded/service/gitlab-shell/bin/check
Internal API available: OK
Redis available via internal API: OK
gitlab-shell self-check successful


Checking GitLab Shell ... Finished


Checking Gitaly ...


Gitaly: ... default ... OK


Checking Gitaly ... Finished


Checking Sidekiq ...


Sidekiq: ... Running? ... yes
Number of Sidekiq processes ... 1


Checking Sidekiq ... Finished


Checking Incoming Email ...


Incoming Email: ... Reply by email is disabled in config/gitlab.yml


Checking Incoming Email ... Finished


Checking LDAP ...


LDAP: ... LDAP is disabled in config/gitlab.yml


Checking LDAP ... Finished


Checking GitLab App ...


Git configured correctly? ... yes
Database config exists? ... yes
All migrations up? ... yes
Database contains orphaned GroupMembers? ... no
GitLab config exists? ... yes
GitLab config up to date? ... yes
Log directory writable? ... yes
Tmp directory writable? ... yes
Uploads directory exists? ... yes
Uploads directory has correct permissions? ... yes
Uploads directory tmp has correct permissions? ... yes
Init script exists? ... skipped (omnibus-gitlab has no init script)
Init script up-to-date? ... skipped (omnibus-gitlab has no init script)
Projects have namespace: ...
...
1/130 ... yes
Redis version >= 2.8.0? ... yes
Ruby version >= 2.5.3 ? ... yes (2.6.5)
Git version >= 2.22.0 ? ... yes (2.24.1)
Git user has default SSH configuration? ... yes
Active users: ... 41
Is authorized keys file accessible? ... yes
Elasticsearch version 5.6 - 6.x? ... skipped (elasticsearch is disabled)


Checking GitLab App ... Finished


Checking GitLab subtasks ... Finished

Notes:

Workaround:

Found two of them:

  1. run User.find(<USER_ID>).send_confirmation_instructions via the rails console. Then confirm user via one of the three options: via confirmation e-mail, via Confirm user in Admin Area, or by running User.find(<USER_ID>).confirm in the console.

  2. run User.find(<USER_ID>).skip_confirmation! in the console for the affected user.

To activate all users on your instance, you may run:

User.where(confirmed_at: nil).update_all(confirmed_at: Time.now)

Zendesk Reports (GitLab Internal)

Edited by Tristan