It is not possible to force user confirmation from Admin Area if confirmation was expired

Summary

It is not possible to force user confirmation from Admin Area if confirmation was expired: after clicking Confirm user one sees the message Successfully confirmed but user remains unconfirmed.

Steps to reproduce

  • make sure that Send confirmation email on sign-up and Sign-up enabled options are enabled in Admin Area > Settings > General > Sign-up restrictions.

  • register a new user in your GitLab instance and wait for the confirmation e-mail to expire. Judging by https://gitlab.com/gitlab-org/gitlab/-/blob/master/config/initializers/8_devise.rb#L92, it is hardcoded to 1 day, but to emulate expiration one can change the value of confirmation_sent_at:

    u = User.find(<USER_ID>)
    u.confirmation_sent_at = <SOME_DATE_IN_THE_PAST>
    u.save
  • go to the Admin Area > Users, click this user and click Confirm user.

  • you will get a confirmation prompt and the message Successfully confirmed but in fact the user will remain unconfirmed, and Confirm user block will be still shown.

What is the current bug behavior?

The user remains unconfirmed after clicking Confirm user, no errors are shown.

What is the expected correct behavior?

The user should be confirmed successfully after clicking Confirm user.

Relevant logs and/or screenshots

  • no errors are shown in UI:

    confirm_user

  • production_json.log also looks good:

    {"method":"PUT","path":"/admin/users/test10u10/confirm","format":"html","controller":"Admin::UsersController","action":"confirm","status":302,"duration":178.76,"view":0.0,"db":34.16,"location":"https://atatahost.ml/admin/users/test10u10","time":"2020-03-26T09:42:41.174Z","params":[{"key":"_method","value":"put"},{"key":"authenticity_token","value":"[FILTERED]"},{"key":"id","value":"test10u10"}],"remote_ip":"94.180.110.46","user_id":1,"username":"root","ua":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36","queue_duration":179.51,"correlation_id":"l7fUJx8epB6","cpu_s":0.32313987400000005
    {"method":"GET","path":"/admin/users/test10u10","format":"html","controller":"Admin::UsersController","action":"show","status":200,"duration":858.26,"view":789.4,"db":41.39,"time":"2020-03-26T09:42:42.478Z","params":[{"key":"id","value":"test10u10"}],"remote_ip":"94.180.110.46","user_id":1,"username":"root","ua":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36","queue_duration":15.8,"correlation_id":"Cf6sEDqItG8","cpu_s":0.8313956560000001}

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info
System information
System:     Ubuntu 16.04
Proxy:      no
Current User:   git
Using RVM:  no
Ruby Version:   2.6.5p114
Gem Version:    2.7.10
Bundler Version:1.17.3
Rake Version:   12.3.3
Redis Version:  5.0.7
Git Version:    2.24.1
Sidekiq Version:5.2.7
Go Version: unknown

GitLab information
Version:    12.9.0-ee
Revision:   073a4ba8016
Directory:  /opt/gitlab/embedded/service/gitlab-rails
DB Adapter: PostgreSQL
DB Version: 10.12
URL:        https://gitlabdomain.tld
HTTP Clone URL: https://gitlabdomain.tld/some-group/some-project.git
SSH Clone URL:  git@gitlabdomain.tld:some-group/some-project.git
Elasticsearch:  no
Geo:        no
Using LDAP: no
Using Omniauth: yes
Omniauth Providers:

GitLab Shell
Version:    12.0.0
Repository storage paths:
- default:  /var/opt/gitlab/git-data/repositories
GitLab Shell path:      /opt/gitlab/embedded/service/gitlab-shell
Git:        /opt/gitlab/embedded/bin/git

Results of GitLab application Check

Expand for output related to the GitLab application check

Checking GitLab subtasks ...

Checking GitLab Shell ...

GitLab Shell: ... GitLab Shell version >= 12.0.0 ? ... OK (12.0.0) Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Internal API available: OK Redis available via internal API: OK gitlab-shell self-check successful

Checking GitLab Shell ... Finished

Checking Gitaly ...

Gitaly: ... default ... OK

Checking Gitaly ... Finished

Checking Sidekiq ...

Sidekiq: ... Running? ... yes Number of Sidekiq processes ... 1

Checking Sidekiq ... Finished

Checking Incoming Email ...

Incoming Email: ... Reply by email is disabled in config/gitlab.yml

Checking Incoming Email ... Finished

Checking LDAP ...

LDAP: ... LDAP is disabled in config/gitlab.yml

Checking LDAP ... Finished

Checking GitLab App ...

Git configured correctly? ... yes Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... yes Init script exists? ... skipped (omnibus-gitlab has no init script) Init script up-to-date? ... skipped (omnibus-gitlab has no init script) Projects have namespace: ... ... 1/130 ... yes Redis version >= 2.8.0? ... yes Ruby version >= 2.5.3 ? ... yes (2.6.5) Git version >= 2.22.0 ? ... yes (2.24.1) Git user has default SSH configuration? ... yes Active users: ... 41 Is authorized keys file accessible? ... yes Elasticsearch version 5.6 - 6.x? ... skipped (elasticsearch is disabled)

Checking GitLab App ... Finished

Checking GitLab subtasks ... Finished

Notes:

Workaround:

Found two of them:

  1. run User.find(<USER_ID>).send_confirmation_instructions via the rails console. Then confirm user via one of the three options: via confirmation e-mail, via Confirm user in Admin Area, or by running User.find(<USER_ID>).confirm in the console.

  2. run User.find(<USER_ID>).skip_confirmation! in the console for the affected user.

To activate all users on your instance, you may run:

User.where(confirmed_at: nil).update_all(confirmed_at: Time.now)

Zendesk Reports (GitLab Internal)

Edited by Tristan Williams