Indicate locked users in Admin Area (!77729) · Merge requests · GitLab.org / GitLab

Peter Hegman requested to merge 335032-document-user-lock-due-to-failed-sign-in-attempts into master Jan 07, 2022

What does this MR do and why?

A user is locked after 10 failed login attempts. The lock expires after 10 minutes. An Admin can unlock a user from the Rails console or the Admin Area.

Previously there was no indication in the UI that a user is locked. This MR adds (Locked) after the user's name in the Admin Area.

This MR also documents the following:

That a lock on a user expires after 10 minutes.
How to unlock a user from the Admin Area.

There is a follow-up to add a Locked badge to the list view.

Screenshots or screen recordings

Before	After

How to set up and validate locally

Sign in as an Admin.
Navigate to /admin/users.
Click on a user and make note of their username.
In the Rails console (bin/rails console) run User.find_by_username(<Username from step 3>).update_column(:locked_at, DateTime.current).
Refresh the page opened in step 3

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Jan 10, 2022 by Peter Hegman

Indicate locked users in Admin Area

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports