Skip to content

Comments

Lockable follow-ups: warnings, messages, specs, and CSS fix#1152

Merged
maebeale merged 6 commits intomainfrom
maebeale/fix-lockable
Feb 22, 2026
Merged

Lockable follow-ups: warnings, messages, specs, and CSS fix#1152
maebeale merged 6 commits intomainfrom
maebeale/fix-lockable

Conversation

@maebeale
Copy link
Collaborator

@maebeale maebeale commented Feb 22, 2026
edited
Loading

Summary

Follow-up to #1069 (which added :lockable to the User model). This PR adds the remaining lockable-related changes:

  • Change confirmed user icon from green to gray on User. index
  • Add login system spec covering locked, inactive, failed attempts, and success flows
  • Enable last_attempt_warning in Devise config (warns on 9th attempt before 10th locks)
  • Update Devise failure messages to use generic language that doesn't reveal account status
  • Fix Safari CSS issue where password field stars weren't displaying

Test plan

  • Verify login spec passes (rspec spec/system/login_spec.rb)
  • Verify 9th failed login attempt shows last-attempt warning
  • Verify 10th failed attempt locks the account
  • Verify error messages don't reveal whether an account exists, is locked, or is inactive
  • Verify password stars display correctly in Safari

🤖 Generated with Claude Code

@maebeale maebeale merged commit 40bd208 into main Feb 22, 2026
3 checks passed
@maebeale maebeale deleted the maebeale/fix-lockable branch February 22, 2026 02:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@maebeale