"Forgot your password" does not indicate that the user is blocked
Summary
When a user is blocked in GitLab and forgets their password there is no way of knowing for them that they are blocked, since when you click "forgot your password" it does not indicate that the user is blocked.
Scenario - user forgot their password and is blocked in GitLab:
- User attempts to login with the incorrect password. Message displayed "Invalid password"
- User clicks "Forgot your password" and enters the email address to reset the password and clicks "reset password". Message displayed "if your email address exists in our database, you will receive a password recovery link at your email address in a few minutes". And user does not receive an email since they are blocked.
There is no way for a user to know that they have been blocked in GitLab apart from contacting admin.
Steps to reproduce
- Create a user in GitLab
- Block this user in GitLab
- Try to login or reset password.
What is the current bug behavior?
No message is displayed that the user is blocked in GitLab if the user forgets their password.
What is the expected correct behavior?
User should see some indication that they are blocked. Perhaps when they try to reset the password send an email to their inbox saying that they are blocked.
Results of GitLab environment info
GitLab:latest
GitLab internal ZD
Edited by Julius Kvedaras