Merge branch 'add-unlock-access' into 'master'

Add support for unlocking users in admin settings ### What does this MR do? This MR gives the ability to unlock a user from the Admin panel. ### Why was this MR needed? If a user fails to login a certain number of times, Devise locks the user out for a certain amount of time (e.g. 10 minutes). There is no way for an admin to unlock a user if this happens (aside from editing the `locked_at` field entirely). ### Screenshots #### Admin index page ![image](https://gitlab.com/gitlab-org/gitlab-ce/uploads/14c661d1d1f026770997b19af714c514/image.png) #### Admin edit user page ![image](https://gitlab.com/gitlab-org/gitlab-ce/uploads/0c6f795757e5f03eeb923d818b7d6a96/image.png) ### What are the relevant issue numbers? This replaces !288. Closes https://github.com/gitlabhq/gitlabhq/issues/9381 See merge request !922

Merge branch 'add-unlock-access' into 'master'
Add support for unlocking users in admin settings ### What does this MR do? This MR gives the ability to unlock a user from the Admin panel. ### Why was this MR needed? If a user fails to login a certain number of times, Devise locks the user out for a certain amount of time (e.g. 10 minutes). There is no way for an admin to unlock a user if this happens (aside from editing the `locked_at` field entirely). ### Screenshots #### Admin index page ![image](https://gitlab.com/gitlab-org/gitlab-ce/uploads/14c661d1d1f026770997b19af714c514/image.png) #### Admin edit user page ![image](https://gitlab.com/gitlab-org/gitlab-ce/uploads/0c6f795757e5f03eeb923d818b7d6a96/image.png) ### What are the relevant issue numbers? This replaces !288. Closes https://github.com/gitlabhq/gitlabhq/issues/9381 See merge request !922
7081ab1e · Dmitriy Zaporozhets · d2f903c2 · 3e738e3b · 7081ab1e · 7081ab1e
Commit 7081ab1e authored Jul 02, 2015 by Dmitriy Zaporozhets
6 changed files
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -3,6 +3,7 @@ Please view this file on the master branch, on stable branches it's out of date.
 v 7.13.0 (unreleased)
  - Fix external issue tracker hook/test for HTTPS URLs (Daniel Gerhardt)
  - Remove link leading to a 404 error in Deploy Keys page (Stan Hu)
+  - Add support for unlocking users in admin settings (Stan Hu)
  - Fix order of issues imported form GitHub (Hiroyuki Sato)
  - Bump rugments to 1.0.0beta8 to fix C prototype function highlighting (Jonathon Reinhart)
  - Fix Merge Request webhook to properly fire "merge" action when accepted from the web UI

--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -47,6 +47,14 @@ class Admin::UsersController < Admin::ApplicationController
    end
  end

+  def unlock
+    if user.unlock_access!
+      redirect_to :back, alert: "Successfully unlocked"
+    else
+      redirect_to :back, alert: "Error occurred. User was not unlocked"
+    end
+  end
+
  def create
    opts = {
      force_random_password: true,

--- a/app/views/admin/users/index.html.haml
+++ b/app/views/admin/users/index.html.haml
@@ -93,6 +93,8 @@
                  = link_to 'Unblock', unblock_admin_user_path(user), method: :put, class: "btn btn-xs btn-success"
                - else
                  = link_to 'Block', block_admin_user_path(user), data: {confirm: 'USER WILL BE BLOCKED! Are you sure?'}, method: :put, class: "btn btn-xs btn-warning"
+                - if user.access_locked?
+                  = link_to 'Unlock', unlock_admin_user_path(user), method: :put, class: "btn btn-xs btn-success", data: { confirm: 'Are you sure?' }
                - if user.can_be_removed?
                  = link_to 'Destroy', [:admin, user], data: { confirm: "USER #{user.name} WILL BE REMOVED! All tickets linked to this user will also be removed! Maybe block the user instead? Are you sure?" }, method: :delete, class: "btn btn-xs btn-remove"
    = paginate @users, theme: "gitlab"
--- a/app/views/admin/users/show.html.haml
+++ b/app/views/admin/users/show.html.haml
@@ -131,6 +131,14 @@
              %li Owned groups will be left
            %br
            = link_to 'Block user', block_admin_user_path(@user), data: { confirm: 'USER WILL BE BLOCKED! Are you sure?' }, method: :put, class: "btn btn-warning"
+      - if @user.access_locked?
+        .panel.panel-info
+          .panel-heading
+            This account has been locked
+          .panel-body
+            %p This user has been temporarily locked due to excessive number of failed logins. You may manually unlock the account.
+            %br
+            = link_to 'Unlock user', unlock_admin_user_path(@user), method: :put, class: "btn btn-info", data: { confirm: 'Are you sure?' }

      .panel.panel-danger
        .panel-heading

--- a/config/routes.rb
+++ b/config/routes.rb
@@ -158,6 +158,7 @@ Gitlab::Application.routes.draw do
        put :team_update
        put :block
        put :unblock
+        put :unlock
        delete 'remove/:email_id', action: 'remove_email', as: 'remove_email'
      end
    end

--- a/spec/controllers/admin/users_controller_spec.rb
+++ b/spec/controllers/admin/users_controller_spec.rb
@@ -21,4 +21,19 @@ describe Admin::UsersController do
      expect { User.find(user.id) }.to raise_exception(ActiveRecord::RecordNotFound)
    end
  end
+
+  describe 'PUT unlock/:id' do
+    let(:user) { create(:user) }
+
+    before do
+      request.env["HTTP_REFERER"] = "/"
+      user.lock_access!
+    end
+
+    it 'unlocks user' do
+      put :unlock, id: user.username
+      user.reload
+      expect(user.access_locked?).to be_falsey
+    end
+  end
 end