diff options
author | Douwe Maan <douwe@selenight.nl> | 2017-12-11 11:10:15 +0100 |
---|---|---|
committer | Douwe Maan <douwe@selenight.nl> | 2017-12-11 11:10:15 +0100 |
commit | f71e48a0d09597e19aa629e4c7d42035ca08d852 (patch) | |
tree | 9da648022f79d5369515ee063b1447e85232b8c7 | |
parent | 0f811675706ad79129eb8251983de073e190f55a (diff) | |
download | gitlab-ce-f71e48a0d09597e19aa629e4c7d42035ca08d852.tar.gz |
Resolve conflicts in app/models/user.rbmk-pick-10-2-4-security-fixes
-rw-r--r-- | app/models/user.rb | 34 |
1 files changed, 7 insertions, 27 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index 7dc18c351e6..ccf0e043aed 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -315,13 +315,8 @@ class User < ActiveRecord::Base # # Returns an ActiveRecord::Relation. def search(query) -<<<<<<< HEAD -======= - table = arel_table query = query.downcase - pattern = User.to_pattern(query) ->>>>>>> f45fc58d84... Merge branch 'bvl-10-2-email-disclosure' into 'security-10-2' order = <<~SQL CASE WHEN users.name = %{query} THEN 0 @@ -331,16 +326,11 @@ class User < ActiveRecord::Base END SQL -<<<<<<< HEAD - fuzzy_search(query, [:name, :email, :username]) - .reorder(order % { query: ActiveRecord::Base.connection.quote(query) }, :name) -======= where( - table[:name].matches(pattern) - .or(table[:email].eq(query)) - .or(table[:username].matches(pattern)) + fuzzy_arel_match(:name, query) + .or(fuzzy_arel_match(:username, query)) + .or(arel_table[:email].eq(query)) ).reorder(order % { query: ActiveRecord::Base.connection.quote(query) }, :name) ->>>>>>> f45fc58d84... Merge branch 'bvl-10-2-email-disclosure' into 'security-10-2' end # searches user by given pattern @@ -348,28 +338,18 @@ class User < ActiveRecord::Base # This method uses ILIKE on PostgreSQL and LIKE on MySQL. def search_with_secondary_emails(query) + query = query.downcase + email_table = Email.arel_table -<<<<<<< HEAD matched_by_emails_user_ids = email_table .project(email_table[:user_id]) - .where(Email.fuzzy_arel_match(:email, query)) + .where(email_table[:email].eq(query)) where( fuzzy_arel_match(:name, query) - .or(fuzzy_arel_match(:email, query)) .or(fuzzy_arel_match(:username, query)) + .or(arel_table[:email].eq(query)) .or(arel_table[:id].in(matched_by_emails_user_ids)) -======= - query = query.downcase - pattern = User.to_pattern(query) - matched_by_emails_user_ids = email_table.project(email_table[:user_id]).where(email_table[:email].eq(query)) - - where( - table[:name].matches(pattern) - .or(table[:email].eq(query)) - .or(table[:username].matches(pattern)) - .or(table[:id].in(matched_by_emails_user_ids)) ->>>>>>> f45fc58d84... Merge branch 'bvl-10-2-email-disclosure' into 'security-10-2' ) end |