|
|
公司使用gitlab作为项目版本管理工具,有同事经常忘记密码,输错5次密码后账户会自动锁定十分钟。
1
2
3
4
5
6
7
8
9
| # /config/initializers/devise.rb
config.unlock_strategy = :time
# Number of authentication tries before locking an account if lock_strategy
# is failed attempts.
config.maximum_attempts = 10
# Time interval to unlock the account if :time is enabled as unlock_strategy.
config.unlock_in = 10.minutes
|
为了方便,设置锁定一分钟也可以,修改/config/initializers/devise.rb,配置
config.unlock_in = 1.minutes
这样安全性有所降低,最好的办法就是为gitlab增加解锁功能。
修改以下文件
1、app/controllers/admin/users_controller.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| end
end
+ def unlock
+ if user.unlock_access!
+ redirect_to :back, alert: "Successfully unlocked"
+ else
+ redirect_to :back, alert: "Error occurred. User was not unlocked"
+ end
+ end
+
def create
opts = {
force_random_password: true,
|
2、app/views/admin/users/index.html.haml
1
2
3
4
5
6
7
8
| = link_to 'Unblock', unblock_admin_user_path(user), method: :put, class: "btn btn-xs btn-success"
- else
= link_to 'Block', block_admin_user_path(user), data: {confirm: 'USER WILL BE BLOCKED! Are you sure?'}, method: :put, class: "btn btn-xs btn-warning"
+ - if user.access_locked?
+ = link_to 'Unlock', unlock_admin_user_path(user), method: :put, class: "btn btn-xs btn-success", data: { confirm: 'Are you sure?' }
- if user.can_be_removed?
= link_to 'Destroy', [:admin, user], data: { confirm: "USER #{user.name} WILL BE REMOVED! All tickets linked to this user will also be removed! Maybe block the user instead? Are you sure?" }, method: :delete, class: "btn btn-xs btn-remove"
= paginate @users, theme: "gitlab"
|
3、app/views/admin/users/show.html.haml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| %li Owned groups will be left
%br
= link_to 'Block user', block_admin_user_path(@user), data: { confirm: 'USER WILL BE BLOCKED! Are you sure?' }, method: :put, class: "btn btn-warning"
+ - if @user.access_locked?
+ .panel.panel-info
+ .panel-heading
+ This account has been locked
+ .panel-body
+ %p This user has been temporarily locked due to excessive number of failed logins. You may manually unlock the account.
+ %br
+ = link_to 'Unlock user', unlock_admin_user_path(@user), method: :put, class: "btn btn-info", data: { confirm: 'Are you sure?' }
.panel.panel-danger
.panel-heading
|
4、config/routes.rb
1
2
3
4
5
6
7
| put :team_update
put :block
put :unblock
+ put :unlock
delete 'remove/:email_id', action: 'remove_email', as: 'remove_email'
end
end
|
5、spec/controllers/admin/users_controller_spec.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
| expect { User.find(user.id) }.to raise_exception(ActiveRecord::RecordNotFound)
end
end
+
+ describe 'PUT unlock/:id' do
+ let(:user) { create(:user) }
+
+ before do
+ request.env["HTTP_REFERER"] = "/"
+ user.lock_access!
+ end
+
+ it 'unlocks user' do
+ put :unlock, id: user.username
+ user.reload
+ expect(user.access_locked?).to be_falsey
+ end
+ end
end
|
+是增加的内容,修改完,重新加载配置即可:gitlab-ctl restart
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2015-11-13 09:35:14
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡