Add latest changes from gitlab-org/security/gitlab@13-3-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-09-01 19:52:41 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-09-01 19:52:41 +0300
commit: a986819a7bce2002018dfafed3900dc3f2e8fb81 (patch)
tree: 15c063738d999a0aff035c4842885276a9ab6ac4 /app/models
parent: 92d5172ad42ebc62eb78cac21b1e236ad6ace580 (diff)
4 files changed, 23 insertions, 1 deletions
diff --git a/app/models/active_session.rb b/app/models/active_session.rb
index be07c221f32..4908290e06b 100644
--- a/app/models/active_session.rb
+++ b/app/models/active_session.rb
@@ -105,6 +105,19 @@ class ActiveSession
     end
   end
 
+  def self.destroy_all_but_current(user, current_session)
+    session_ids = not_impersonated(user)
+    session_ids.reject! { |session| session.current?(current_session) } if current_session
+
+    Gitlab::Redis::SharedState.with do |redis|
+      destroy_sessions(redis, user, session_ids.map(&:session_id)) if session_ids.any?
+    end
+  end
+
+  def self.not_impersonated(user)
+    list(user).reject(&:is_impersonated)
+  end
+
   def self.key_name(user_id, session_id = '*')
     "#{Gitlab::Redis::SharedState::USER_SESSIONS_NAMESPACE}:#{user_id}:#{session_id}"
   end
diff --git a/app/models/clusters/applications/runner.rb b/app/models/clusters/applications/runner.rb
index c041f605e6c..e99ed03852a 100644
--- a/app/models/clusters/applications/runner.rb
+++ b/app/models/clusters/applications/runner.rb
@@ -3,7 +3,7 @@
 module Clusters
   module Applications
     class Runner < ApplicationRecord
-      VERSION = '0.19.2'
+      VERSION = '0.19.3'
 
       self.table_name = 'clusters_applications_runners'
 
diff --git a/app/models/member.rb b/app/models/member.rb
index 2c62ea55785..bbc5d638637 100644
--- a/app/models/member.rb
+++ b/app/models/member.rb
@@ -76,6 +76,8 @@ class Member < ApplicationRecord
   scope :request, -> { where.not(requested_at: nil) }
   scope :non_request, -> { where(requested_at: nil) }
 
+  scope :not_accepted_invitations_by_user, -> (user) { invite.where(invite_accepted_at: nil, created_by: user) }
+
   scope :has_access, -> { active.where('access_level > 0') }
 
   scope :guests, -> { active.where(access_level: GUEST) }
diff --git a/app/models/user.rb b/app/models/user.rb
index 1a67116c1f2..f31a6823657 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -363,6 +363,7 @@ class User < ApplicationRecord
   scope :order_oldest_sign_in, -> { reorder(Gitlab::Database.nulls_last_order('current_sign_in_at', 'ASC')) }
   scope :order_recent_last_activity, -> { reorder(Gitlab::Database.nulls_last_order('last_activity_on', 'DESC')) }
   scope :order_oldest_last_activity, -> { reorder(Gitlab::Database.nulls_first_order('last_activity_on', 'ASC')) }
+  scope :by_id_and_login, ->(id, login) { where(id: id).where('username = LOWER(:login) OR email = LOWER(:login)', login: login) }
 
   def preferred_language
     read_attribute('preferred_language') ||
@@ -886,6 +887,12 @@ class User < ApplicationRecord
     all_expanded_groups.where(require_two_factor_authentication: true)
   end
 
+  def source_groups_of_two_factor_authentication_requirement
+    Gitlab::ObjectHierarchy.new(expanded_groups_requiring_two_factor_authentication)
+      .all_objects
+      .where(id: groups)
+  end
+
   # rubocop: disable CodeReuse/ServiceClass
   def refresh_authorized_projects
     Users::RefreshAuthorizedProjectsService.new(self).execute
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-09-01 19:52:41 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-09-01 19:52:41 +0300
commit	a986819a7bce2002018dfafed3900dc3f2e8fb81 (patch)
tree	15c063738d999a0aff035c4842885276a9ab6ac4 /app/models
parent	92d5172ad42ebc62eb78cac21b1e236ad6ace580 (diff)