Merge branch '335032-document-user-lock-due-to-failed-sign-in-attempts' into 'master'

Indicate locked users in Admin Area

See merge request gitlab-org/gitlab!77729

app/views/admin/users/_head.html.haml

@@ -3,23 +3,26 @@
     %h3.page-title.gl-m-0
       = @user.name
       - if @user.blocked_pending_approval?
-        %span.cred
+        %span.gl-text-red-500
           = s_('AdminUsers|(Pending approval)')
       - elsif @user.banned?
-        %span.cred
+        %span.gl-text-red-500
           = s_('AdminUsers|(Banned)')
       - elsif @user.blocked?
-        %span.cred
+        %span.gl-text-red-500
           = s_('AdminUsers|(Blocked)')
       - if @user.internal?
-        %span.cred
+        %span.gl-text-red-500
           = s_('AdminUsers|(Internal)')
       - if @user.admin
-        %span.cred
+        %span.gl-text-red-500
           = s_('AdminUsers|(Admin)')
       - if @user.deactivated?
-        %span.cred
+        %span.gl-text-red-500
           = s_('AdminUsers|(Deactivated)')
+      - if @user.access_locked?
+        %span.gl-text-red-500
+          = s_('AdminUsers|(Locked)')
       = render_if_exists 'admin/users/auditor_user_badge'
       = render_if_exists 'admin/users/gma_user_badge'
 

doc/security/unlock_user.md

@@ -5,9 +5,23 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 type: howto
 ---
 
-# How to unlock a locked user from the command line **(FREE SELF)**
+# Locked users **(FREE SELF)**
 
-After ten failed login attempts a user gets in a locked state.
+Users are locked after ten failed sign-in attempts. These users remain locked:
+
+- For 10 minutes, after which time they are automatically unlocked.
+- Until an admin unlocks them from the [Admin Area](../user/admin_area/index.md) or the command line in under 10 minutes.
+
+## Unlock a user from the Admin Area
+
+1. On the top bar, select **Menu > Admin**.
+1. On the left sidebar, select **Overview > Users**.
+1. Use the search bar to find the locked user.
+1. From the **User administration** dropdown select **Unlock**.
+
+![Unlock a user from the Admin Area](img/unlock_user_v14_7.png)
+
+## Unlock a user from the command line
 
 To unlock a locked user:
 

locale/gitlab.pot

@@ -2648,6 +2648,9 @@ msgstr ""
 msgid "AdminUsers|(Internal)"
 msgstr ""
 
+msgid "AdminUsers|(Locked)"
+msgstr ""
+
 msgid "AdminUsers|(Pending approval)"
 msgstr ""
 

spec/features/admin/users/user_spec.rb

@@ -125,6 +125,26 @@ RSpec.describe 'Admin::Users::User' do
       end
     end
 
+    context 'when a user is locked', time_travel_to: '2020-02-02 10:30:45 -0700' do
+      let_it_be(:locked_user) { create(:user, locked_at: DateTime.parse('2020-02-02 10:30:00 -0700')) }
+
+      before do
+        visit admin_user_path(locked_user)
+      end
+
+      it "displays `(Locked)` next to user's name" do
+        expect(page).to have_content("#{locked_user.name} (Locked)")
+      end
+
+      it 'allows a user to be unlocked from the `User administration dropdown', :js do
+        accept_gl_confirm("Unlock user #{locked_user.name}?", button_text: 'Unlock') do
+          click_action_in_user_dropdown(locked_user.id, 'Unlock')
+        end
+
+        expect(page).not_to have_content("#{locked_user.name} (Locked)")
+      end
+    end
+
     describe 'Impersonation' do
       let_it_be(:another_user) { create(:user) }