Custom email confirmation by code verification
What does this MR do and why?
Replace Devise’s confirmation email and confirmation mechanism with our own custom implementation by verifying a 6-digit code.
This is the first phase of the barriers to entry epic and shown to users with a low risk profile.
Issue: https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/55
Screenshots or screen recordings
Click to expand
| State | Screen |
|---|---|
| Email sent after signing up. |  |
| Blank form shown directly after signing up. |  |
| When trying to submit without entering a code or after submitting and clearing the field. |  |
| When trying to submit an invalid code or after submitting and entering an invalid code. |  |
| When submitting an incorrect code |  |
| When having submitted more than 10 incorrect codes within 10 minutes |  |
| When submitting an expired code |  |
| When clicking the Resend code link |  |
| When an error occurs |  |
| When successfully verifying the code |  |
| After being redirected to the welcome page 3 seconds after having been on the successful verification page |  |
How to set up and validate locally
- In rails console enable the feature flag and disable the
require_admin_approval_after_user_signupand enable thesend_user_confirmation_emailapplication settings:Feature.enable(:identity_verification) ApplicationSetting.first.update(require_admin_approval_after_user_signup: false) ApplicationSetting.first.update(send_user_confirmation_email: true) - Visit
http://localhost:3000, logout and create a new user - Visit
http://localhost:3000/rails/letter_openerand copy the code from the email - Fill in the code on the code verification page
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Alex Buijs