Merge branch '335032-document-user-lock-due-to-failed-sign-in-attempts' into 'master'

Indicate locked users in Admin Area See merge request gitlab-org/gitlab!77729

Merge branch '335032-document-user-lock-due-to-failed-sign-in-attempts' into 'master'
Indicate locked users in Admin Area See merge request gitlab-org/gitlab!77729
a933ce46 · Paul Slaughter · f8538269 · ecb69f22 · a933ce46 · a933ce46
Commit a933ce46 authored Jan 12, 2022 by Paul Slaughter
5 changed files
--- a/app/views/admin/users/_head.html.haml
+++ b/app/views/admin/users/_head.html.haml
@@ -3,23 +3,26 @@
    %h3.page-title.gl-m-0
      = @user.name
      - if @user.blocked_pending_approval?
-        %span.cred
+        %span.gl-text-red-500
          = s_('AdminUsers|(Pending approval)')
      - elsif @user.banned?
-        %span.cred
+        %span.gl-text-red-500
          = s_('AdminUsers|(Banned)')
      - elsif @user.blocked?
-        %span.cred
+        %span.gl-text-red-500
          = s_('AdminUsers|(Blocked)')
      - if @user.internal?
-        %span.cred
+        %span.gl-text-red-500
          = s_('AdminUsers|(Internal)')
      - if @user.admin
-        %span.cred
+        %span.gl-text-red-500
          = s_('AdminUsers|(Admin)')
      - if @user.deactivated?
-        %span.cred
+        %span.gl-text-red-500
          = s_('AdminUsers|(Deactivated)')
+      - if @user.access_locked?
+        %span.gl-text-red-500
+          = s_('AdminUsers|(Locked)')
      = render_if_exists 'admin/users/auditor_user_badge'
      = render_if_exists 'admin/users/gma_user_badge'


--- a/doc/security/img/unlock_user_v14_7.png
+++ b/doc/security/img/unlock_user_v14_7.png
--- a/doc/security/unlock_user.md
+++ b/doc/security/unlock_user.md
@@ -5,9 +5,23 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 type: howto
 ---

-# How to unlock a locked user from the command line **(FREE SELF)**
+# Locked users **(FREE SELF)**

-After ten failed login attempts a user gets in a locked state.
+Users are locked after ten failed sign-in attempts. These users remain locked:
+
+- For 10 minutes, after which time they are automatically unlocked.
+- Until an admin unlocks them from the [Admin Area](../user/admin_area/index.md) or the command line in under 10 minutes.
+
+## Unlock a user from the Admin Area
+
+1. On the top bar, select **Menu > Admin**.
+1. On the left sidebar, select **Overview > Users**.
+1. Use the search bar to find the locked user.
+1. From the **User administration** dropdown select **Unlock**.
+
+![Unlock a user from the Admin Area](img/unlock_user_v14_7.png)
+
+## Unlock a user from the command line

 To unlock a locked user:


--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -2648,6 +2648,9 @@ msgstr ""
 msgid "AdminUsers|(Internal)"
 msgstr ""

+msgid "AdminUsers|(Locked)"
+msgstr ""
+
 msgid "AdminUsers|(Pending approval)"
 msgstr ""


--- a/spec/features/admin/users/user_spec.rb
+++ b/spec/features/admin/users/user_spec.rb
@@ -125,6 +125,26 @@ RSpec.describe 'Admin::Users::User' do
      end
    end

+    context 'when a user is locked', time_travel_to: '2020-02-02 10:30:45 -0700' do
+      let_it_be(:locked_user) { create(:user, locked_at: DateTime.parse('2020-02-02 10:30:00 -0700')) }
+
+      before do
+        visit admin_user_path(locked_user)
+      end
+
+      it "displays `(Locked)` next to user's name" do
+        expect(page).to have_content("#{locked_user.name} (Locked)")
+      end
+
+      it 'allows a user to be unlocked from the `User administration dropdown', :js do
+        accept_gl_confirm("Unlock user #{locked_user.name}?", button_text: 'Unlock') do
+          click_action_in_user_dropdown(locked_user.id, 'Unlock')
+        end
+
+        expect(page).not_to have_content("#{locked_user.name} (Locked)")
+      end
+    end
+
    describe 'Impersonation' do
      let_it_be(:another_user) { create(:user) }