Skip to content

Put offer to reset email behind a feature flag

Alex Buijsrequested to merge
add-feature-flag-for-offer-email-reset into master

What does this MR do and why?

Put the one-time offer to update an email during email verification behind a by-default disabled feature flag.

References

Issue: https://gitlab.com/gitlab-sirt/shared-incidents/incident_6749/-/work_items/14

Screenshots or screen recordings

Before After
Screenshot_2025-06-11_at_13.51.05 Screenshot_2025-06-11_at_13.51.46

How to set up and validate locally

  1. Login as admin and visit the sign in settings
  2. Verify Require email verification when account is locked. is checked
  3. Find a test user
  4. Verify in console the user has email_reset_offered_at set to nil
  5. Try to sign in the user with a wrong password 3 times
  6. Try to sign in the user with a correct password
  7. Verify the Update email button is not shown
  8. Enable the offer_email_reset feature flag
  9. Refresh and verify the Update email button is now shown again

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Alex Buijs

Merge request reports