diff --git a/CHANGELOG b/CHANGELOG index 1c16ff728a55b1f3e3e694895cbc5e97e8638e17..ec28ffac92f1c7a39906d491b6c2ea671f47bf06 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -3,6 +3,7 @@ Please view this file on the master branch, on stable branches it's out of date. v 7.13.0 (unreleased) - Fix external issue tracker hook/test for HTTPS URLs (Daniel Gerhardt) - Remove link leading to a 404 error in Deploy Keys page (Stan Hu) + - Add support for unlocking users in admin settings (Stan Hu) - Fix order of issues imported form GitHub (Hiroyuki Sato) - Bump rugments to 1.0.0beta8 to fix C prototype function highlighting (Jonathon Reinhart) - Fix Merge Request webhook to properly fire "merge" action when accepted from the web UI diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb index ec29c32065423d819f0562f81677a9c8e39ba29a..7a683098df3c00d17d648c2f423b36d2e2101db6 100644 --- a/app/controllers/admin/users_controller.rb +++ b/app/controllers/admin/users_controller.rb @@ -47,6 +47,14 @@ class Admin::UsersController < Admin::ApplicationController end end + def unlock + if user.unlock_access! + redirect_to :back, alert: "Successfully unlocked" + else + redirect_to :back, alert: "Error occurred. User was not unlocked" + end + end + def create opts = { force_random_password: true, diff --git a/app/views/admin/users/index.html.haml b/app/views/admin/users/index.html.haml index 9c1bec7c84dfd4e76c657d5628bbb910ed8900ef..b0d31170704adb0052dd94e95c765f9f4c58b373 100644 --- a/app/views/admin/users/index.html.haml +++ b/app/views/admin/users/index.html.haml @@ -93,6 +93,8 @@ = link_to 'Unblock', unblock_admin_user_path(user), method: :put, class: "btn btn-xs btn-success" - else = link_to 'Block', block_admin_user_path(user), data: {confirm: 'USER WILL BE BLOCKED! Are you sure?'}, method: :put, class: "btn btn-xs btn-warning" + - if user.access_locked? + = link_to 'Unlock', unlock_admin_user_path(user), method: :put, class: "btn btn-xs btn-success", data: { confirm: 'Are you sure?' } - if user.can_be_removed? = link_to 'Destroy', [:admin, user], data: { confirm: "USER #{user.name} WILL BE REMOVED! All tickets linked to this user will also be removed! Maybe block the user instead? Are you sure?" }, method: :delete, class: "btn btn-xs btn-remove" = paginate @users, theme: "gitlab" diff --git a/app/views/admin/users/show.html.haml b/app/views/admin/users/show.html.haml index 2662b3569ec22fa3181aef61554a56939d166065..8c6b8e851c479da424e0afea019fdf2ebc27d749 100644 --- a/app/views/admin/users/show.html.haml +++ b/app/views/admin/users/show.html.haml @@ -131,6 +131,14 @@ %li Owned groups will be left %br = link_to 'Block user', block_admin_user_path(@user), data: { confirm: 'USER WILL BE BLOCKED! Are you sure?' }, method: :put, class: "btn btn-warning" + - if @user.access_locked? + .panel.panel-info + .panel-heading + This account has been locked + .panel-body + %p This user has been temporarily locked due to excessive number of failed logins. You may manually unlock the account. + %br + = link_to 'Unlock user', unlock_admin_user_path(@user), method: :put, class: "btn btn-info", data: { confirm: 'Are you sure?' } .panel.panel-danger .panel-heading diff --git a/config/routes.rb b/config/routes.rb index 33f55dde476f5953138b7679219bbeacffb44e60..f904c975733f9730fa2bd4f5f1e240005aca9d97 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -158,6 +158,7 @@ Gitlab::Application.routes.draw do put :team_update put :block put :unblock + put :unlock delete 'remove/:email_id', action: 'remove_email', as: 'remove_email' end end diff --git a/spec/controllers/admin/users_controller_spec.rb b/spec/controllers/admin/users_controller_spec.rb index f27e861e1754a889515804a367f5ada53402de47..550a91a79e2496d3e61cc0e85f7a8857050be1d8 100644 --- a/spec/controllers/admin/users_controller_spec.rb +++ b/spec/controllers/admin/users_controller_spec.rb @@ -21,4 +21,19 @@ describe Admin::UsersController do expect { User.find(user.id) }.to raise_exception(ActiveRecord::RecordNotFound) end end + + describe 'PUT unlock/:id' do + let(:user) { create(:user) } + + before do + request.env["HTTP_REFERER"] = "/" + user.lock_access! + end + + it 'unlocks user' do + put :unlock, id: user.username + user.reload + expect(user.access_locked?).to be_falsey + end + end end