Skip to content

User admin approval - Email admin the access request

Serena Fang requested to merge 257879-user-admin-approval-admin-email-notification into master

What does this MR do?

Send an email to up to the first 10 active instance admins when a user makes an account request.

Sanity testing:

  • Enable 'Require admin approval for new sign-ups' in Admin > Settings > General > Sign-up restrictions
  • Log out of root
  • Make sure rails-background-jobs and rails-web aren't stale-- could be good to do a gdk restart rails here just to be safe
  • Click 'Register now' and sign up with a new fake user. You'll see the notice "You have signed up successfully. However, we could not sign you in because your account is awaiting approval from your GitLab administrator"
  • You'll see the job enqueued at http://127.0.0.1:3000/admin/sidekiq/queues/mailers, and after a few seconds it'll show up in http://localhost:3000/rails/letter_opener/
  • Check that the html and plaintext emails have the correct information

Screenshots (strongly suggested)

Sends an email to each of the first 10 active admins.

There are 13 admins, but NotificationService only sent 10 jobs to Sidekiq and 10 emails to LetterOpener:

image

image

image

Email format-

Root:

HTML:

image

Plaintext:

image

Other admin:

image

image

This admin has a weird name/email combo, but it is them:

image

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team

Related to #257879 (closed)

Edited by Serena Fang

Merge request reports