Allow account unlock via email

CHANGELOG

@@ -19,6 +19,7 @@ v 8.3.0 (unreleased)
   - Recognize issue/MR/snippet/commit links as references
   - Add ignore whitespace change option to commit view
   - Fire update hook from GitLab
+  - Allow account unlock via email
   - Style warning about mentioning many people in a comment
   - Fix: sort milestones by due date once again (Greg Smethells)
   - Migrate all CI::Services and CI::WebHooks to Services and WebHooks

app/models/user.rb

@@ -26,6 +26,7 @@
 #  bio                        :string(255)
 #  failed_attempts            :integer          default(0)
 #  locked_at                  :datetime
+#  unlock_token               :string(255)
 #  username                   :string(255)
 #  can_create_group           :boolean          default(TRUE), not null
 #  can_create_team            :boolean          default(TRUE), not null

app/views/devise/mailer/unlock_instructions.html.erb

-<p>Hello <%= @resource.email %>!</p>
-
-<p>Your account has been locked due to an excessive amount of unsuccessful sign in attempts.</p>
-
-<p>Click the link below to unlock your account:</p>
-
-<p><%= link_to 'Unlock your account', unlock_url(@resource, unlock_token: @token) %></p>

app/views/devise/mailer/unlock_instructions.html.haml

+%p
+Hello #{@resource.name}!
+
+%p
+  Your GitLab account has been locked due to an excessive amount of unsuccessful
+  sign in attempts. Your account will automatically unlock in
+  = time_ago_in_words(Devise.unlock_in.from_now)
+  or you may click the link below to unlock now.
+
+%p= link_to 'Unlock your account', unlock_url(@resource, unlock_token: @token)

app/views/devise/unlocks/new.html.erb

-<h2>Resend unlock instructions</h2>
-
-<%= form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f| %>
-  <%= devise_error_messages! %>
-
-  <div><%= f.label :email %><br />
-  <%= f.email_field :email %></div>
-
-  <div><%= f.submit "Resend unlock instructions" %></div>
-<% end %>
-
-<%= render partial: "devise/shared/links" %>

app/views/devise/unlocks/new.html.haml

+.login-box
+  .login-heading
+    %h3 Resend unlock email
+  .login-body
+    = form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f|
+      .devise-errors
+        = devise_error_messages!
+      .clearfix.append-bottom-20
+        = f.email_field :email, class: 'form-control', placeholder: 'Email', autofocus: 'autofocus', autocapitalize: 'off', autocorrect: 'off'
+      .clearfix
+        = f.submit 'Resend unlock instructions', class: 'btn btn-success'
+
+.clearfix.prepend-top-20
+  = render 'devise/shared/sign_in_link'

config/initializers/devise.rb

@@ -121,14 +121,14 @@ Devise.setup do |config|
   config.lock_strategy = :failed_attempts
 
   # Defines which key will be used when locking and unlocking an account
-  # config.unlock_keys = [ :email ]
+  config.unlock_keys = [ :email ]
 
   # Defines which strategy will be used to unlock an account.
   # :email = Sends an unlock link to the user email
   # :time  = Re-enables login after a certain amount of time (see :unlock_in below)
   # :both  = Enables both strategies
   # :none  = No unlock strategy. You should handle unlocking by yourself.
-  config.unlock_strategy = :time
+  config.unlock_strategy = :both
 
   # Number of authentication tries before locking an account if lock_strategy
   # is failed attempts.

db/migrate/20151210030143_add_unlock_token_to_user.rb

+class AddUnlockTokenToUser < ActiveRecord::Migration
+  def change
+    add_column :users, :unlock_token, :string
+  end
+end

db/schema.rb

@@ -837,6 +837,7 @@ ActiveRecord::Schema.define(version: 20151210125932) do
     t.integer  "consumed_timestep"
     t.integer  "layout",                     default: 0
     t.boolean  "hide_project_limit",         default: false
+    t.string   "unlock_token"
   end
 
   add_index "users", ["admin"], name: "index_users_on_admin", using: :btree

spec/models/user_spec.rb

@@ -26,6 +26,7 @@
 #  bio                        :string(255)
 #  failed_attempts            :integer          default(0)
 #  locked_at                  :datetime
+#  unlock_token               :string(255)
 #  username                   :string(255)
 #  can_create_group           :boolean          default(TRUE), not null
 #  can_create_team            :boolean          default(TRUE), not null