API: Expose access locked state of users (!132518) · Merge requests · GitLab.org / GitLab

Eugie Limpin requested to merge el-expose-user-access-locked into master Sep 25, 2023

What does this MR do and why?

Add locked (boolean) field to user JSON returned from the API. The value comes from access_locked? method which is updated when the user's access is locked (e.g. failing to successfully login N times, logging in from an unknown IP, etc.).

The field is exposed to admins and normal users as requested (see #402992 (closed)).

How to set up and validate locally

Run the following command on your terminal

curl -s --request GET --header "PRIVATE-TOKEN: <ROOT_PAT>" "http://localhost:3000/api/v4/users/1" | jq '.locked'

Validate that you get false (or true if user with ID 1 is access locked) as the result

If you don't have jq installed remove the | jq '.locked' part and the output will look like:
```
{"id":1,"username":"root","name":"Administrator","state":"active","locked":false  ... }
```

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Oct 05, 2023 by Eugie Limpin

API: Expose access locked state of users

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports