Resend email verification code if the current code has expired
What does this MR do and why?
Related to https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/855
Resend an email verification code if the current code has expired. There have been several support cases where users have claimed not receiving an email verification code. It seems, by examining the logs, some users have expired tokens and have not requested a new token be sent. This MR should help with these cases by automatically sending a new unlock token if the current unlock token has expired.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- In rails console enable email verification
Feature.enable(:require_email_verification)
- Lock the account of a user.
service = Users::EmailVerification::GenerateTokenService.new(attr: :unlock_token, user: user) raw_token, encrypted_token = service.execute user.unlock_token = encrypted_token user.lock_access!({ send_instructions: false }) Notify.verification_instructions_email(user.email, token: raw_token).deliver_later
- Check the mail box (
http://gdk.test:3000/rails/letter_opener/
). An unlock token should have been delivered. - Log in with the user that you locked. You should be prompted for a verification token. Check the mailbox again and verify that only one email verification message has been received.
- Expire the token for the user
user.update!(locked_at: 3.hours.ago)
- Log in again with the user account. A new token should have been delivered and you should be able to successfully verify the new token.
Edited by Ian Anderson