公司使用gitlab作为项目版本管理工具,有同事经常忘记密码,输错5次密码后账户会自动锁定十分钟。

  1.  # /config/initializers/devise.rb
  2.   config.unlock_strategy = :time
  3.   # Number of authentication tries before locking an account if lock_strategy
  4.   # is failed attempts.
  5.   config.maximum_attempts = 10
  6.   # Time interval to unlock the account if :time is enabled as unlock_strategy.
  7.   config.unlock_in = 10.minutes

为了方便,设置锁定一分钟也可以,修改/config/initializers/devise.rb,配置

config.unlock_in = 1.minutes

这样安全性有所降低,最好的办法就是为gitlab增加解锁功能。

修改以下文件

1、app/controllers/admin/users_controller.rb 

  1.    end
  2.    end
  3.  
  4. +  def unlock
  5. +    if user.unlock_access!
  6. +      redirect_to :back, alert: "Successfully unlocked"
  7. +    else
  8. +      redirect_to :back, alert: "Error occurred. User was not unlocked"
  9. +    end
  10. +  end
  11. +
  12.    def create
  13.      opts = {
  14.        force_random_password: true,

2、app/views/admin/users/index.html.haml

  1.                    = link_to 'Unblock', unblock_admin_user_path(user), method: :put, class"btn btn-xs btn-success"
  2.                  - else
  3.                    = link_to 'Block', block_admin_user_path(user), data: {confirm: 'USER WILL BE BLOCKED! Are you sure?'}, method: :put, class"btn btn-xs btn-warning"
  4. +                - if user.access_locked?
  5. +                  = link_to 'Unlock', unlock_admin_user_path(user), method: :put, class"btn btn-xs btn-success", data: { confirm: 'Are you sure?' }
  6.                  - if user.can_be_removed?
  7.                    = link_to 'Destroy', [:admin, user], data: { confirm: "USER #{user.name} WILL BE REMOVED! All tickets linked to this user will also be removed! Maybe block the user instead? Are you sure?" }, method: :delete, class"btn btn-xs btn-remove"
  8.      = paginate @users, theme: "gitlab"

3、app/views/admin/users/show.html.haml

  1.                %li Owned groups will be left
  2.              %br
  3.              = link_to 'Block user', block_admin_user_path(@user), data: { confirm: 'USER WILL BE BLOCKED! Are you sure?' }, method: :put, class"btn btn-warning"
  4. +      - if @user.access_locked?
  5. +        .panel.panel-info
  6. +          .panel-heading
  7. +            This account has been locked
  8. +          .panel-body
  9. +            %p This user has been temporarily locked due to excessive number of failed logins. You may manually unlock the account.
  10. +            %br
  11. +            = link_to 'Unlock user', unlock_admin_user_path(@user), method: :put, class"btn btn-info", data: { confirm: 'Are you sure?' }
  12.  
  13.        .panel.panel-danger
  14.          .panel-heading

4、config/routes.rb

  1.          put :team_update
  2.          put :block
  3.          put :unblock
  4. +         put :unlock
  5.          delete 'remove/:email_id', action: 'remove_email'as'remove_email'
  6.        end
  7.      end

5、spec/controllers/admin/users_controller_spec.rb

  1.        expect { User.find(user.id) }.to raise_exception(ActiveRecord::RecordNotFound)
  2.      end
  3.    end
  4. +
  5. +  describe 'PUT unlock/:id' do
  6. +    let(:user) { create(:user) }
  7. +
  8. +    before do
  9. +      request.env["HTTP_REFERER"] = "/"
  10. +      user.lock_access!
  11. +    end
  12. +
  13. +    it 'unlocks user' do
  14. +      put :unlock, id: user.username
  15. +      user.reload
  16. +      expect(user.access_locked?).to be_falsey
  17. +    end
  18. +  end
  19.  end


+是增加的内容,修改完,重新加载配置即可:gitlab-ctl restart