Commit 3091a767 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Fix SQL error when sorting 2FA-enabled users by name in admin area

Signed-off-by: default avatarDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
parent b755753c
...@@ -103,7 +103,7 @@ class Member < ActiveRecord::Base ...@@ -103,7 +103,7 @@ class Member < ActiveRecord::Base
def filter_by_2fa(value) def filter_by_2fa(value)
case value case value
when 'enabled' when 'enabled'
left_join_users.merge(User.with_two_factor_indistinct) left_join_users.merge(User.with_two_factor)
when 'disabled' when 'disabled'
left_join_users.merge(User.without_two_factor) left_join_users.merge(User.without_two_factor)
else else
......
...@@ -289,13 +289,16 @@ class User < ActiveRecord::Base ...@@ -289,13 +289,16 @@ class User < ActiveRecord::Base
end end
end end
def self.with_two_factor_indistinct
joins("LEFT OUTER JOIN u2f_registrations AS u2f ON u2f.user_id = users.id")
.where("u2f.id IS NOT NULL OR users.otp_required_for_login = ?", true)
end
def self.with_two_factor def self.with_two_factor
with_two_factor_indistinct.distinct(arel_table[:id]) with_u2f_registrations = <<-SQL
EXISTS (
SELECT *
FROM u2f_registrations AS u2f
WHERE u2f.user_id = users.id
) OR users.otp_required_for_login = ?
SQL
where(with_u2f_registrations, true)
end end
def self.without_two_factor def self.without_two_factor
......
...@@ -315,6 +315,14 @@ describe User do ...@@ -315,6 +315,14 @@ describe User do
expect(users_with_two_factor).to eq([user_with_2fa.id]) expect(users_with_two_factor).to eq([user_with_2fa.id])
expect(users_with_two_factor).not_to include(user_without_2fa.id) expect(users_with_two_factor).not_to include(user_without_2fa.id)
end end
it 'works with ORDER BY' do
user_with_2fa = create(:user, :two_factor_via_otp, :two_factor_via_u2f)
expect(described_class
.with_two_factor
.reorder_by_name).to eq([user_with_2fa])
end
end end
describe ".without_two_factor" do describe ".without_two_factor" do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment