Commit fe77eb4d authored by Stan Hu's avatar Stan Hu

Merge branch 'dz-fix-sql-error-admin-users-2fa' into 'master'

Fix SQL error when sorting 2FA-enabled users by name in admin area

See merge request gitlab-org/gitlab-ce!21324
parents def895c5 4dd883ee
...@@ -103,7 +103,7 @@ class Member < ActiveRecord::Base ...@@ -103,7 +103,7 @@ class Member < ActiveRecord::Base
def filter_by_2fa(value) def filter_by_2fa(value)
case value case value
when 'enabled' when 'enabled'
left_join_users.merge(User.with_two_factor_indistinct) left_join_users.merge(User.with_two_factor)
when 'disabled' when 'disabled'
left_join_users.merge(User.without_two_factor) left_join_users.merge(User.without_two_factor)
else else
......
...@@ -289,13 +289,16 @@ class User < ActiveRecord::Base ...@@ -289,13 +289,16 @@ class User < ActiveRecord::Base
end end
end end
def self.with_two_factor_indistinct
joins("LEFT OUTER JOIN u2f_registrations AS u2f ON u2f.user_id = users.id")
.where("u2f.id IS NOT NULL OR users.otp_required_for_login = ?", true)
end
def self.with_two_factor def self.with_two_factor
with_two_factor_indistinct.distinct(arel_table[:id]) with_u2f_registrations = <<-SQL
EXISTS (
SELECT *
FROM u2f_registrations AS u2f
WHERE u2f.user_id = users.id
) OR users.otp_required_for_login = ?
SQL
where(with_u2f_registrations, true)
end end
def self.without_two_factor def self.without_two_factor
......
---
title: Fix SQL error when sorting 2FA-enabled users by name in admin area
merge_request: 21324
author:
type: fixed
...@@ -315,6 +315,14 @@ describe User do ...@@ -315,6 +315,14 @@ describe User do
expect(users_with_two_factor).to eq([user_with_2fa.id]) expect(users_with_two_factor).to eq([user_with_2fa.id])
expect(users_with_two_factor).not_to include(user_without_2fa.id) expect(users_with_two_factor).not_to include(user_without_2fa.id)
end end
it 'works with ORDER BY' do
user_with_2fa = create(:user, :two_factor_via_otp, :two_factor_via_u2f)
expect(described_class
.with_two_factor
.reorder_by_name).to eq([user_with_2fa])
end
end end
describe ".without_two_factor" do describe ".without_two_factor" do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment