Skip to content

API: Expose access locked state of users

Eugie Limpin requested to merge el-expose-user-access-locked into master

What does this MR do and why?

Resolves #402992 (closed)

Add locked (boolean) field to user JSON returned from the API. The value comes from access_locked? method which is updated when the user's access is locked (e.g. failing to successfully login N times, logging in from an unknown IP, etc.).

The field is exposed to admins and normal users as requested (see #402992 (closed)).

How to set up and validate locally

  1. Login with root and create a personal access token with api scope

  2. Run the following command on your terminal

    curl -s --request GET --header "PRIVATE-TOKEN: <ROOT_PAT>" "http://localhost:3000/api/v4/users/1" | jq '.locked'
  3. Validate that you get false (or true if user with ID 1 is access locked) as the result

    If you don't have jq installed remove the | jq '.locked' part and the output will look like:

    {"id":1,"username":"root","name":"Administrator","state":"active","locked":false  ... }

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Eugie Limpin

Merge request reports

Loading