remove experiments for 2fa requirements and fix tests

3 files changed, 8 insertions, 4 deletions

diff --git a/app/models/group.rb b/app/models/group.rb
index dd8baddd789..5e58b48a366 100644
--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -423,7 +423,7 @@ class Group < Namespace
   def update_two_factor_requirement
     return unless saved_change_to_require_two_factor_authentication? || saved_change_to_two_factor_grace_period?
 
-    [users_with_descendants, project_users_with_descendants].each {|set| set.find_each(&:update_two_factor_requirement)}
+    User.from_union([users_with_descendants, project_users_with_descendants]).find_each(&:update_two_factor_requirement)
   end
 
   def path_changed_hook
diff --git a/app/models/user.rb b/app/models/user.rb
index f3deea75dbb..916a0aa74f0 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -728,8 +728,8 @@ class User < ApplicationRecord
   end
 
   def expanded_groups_requiring_two_factor_authentication
-    all_expanded_groups.where(require_two_factor_authentication: true).merge(
-      authorized_groups.where(require_two_factor_authentication: true))
+    Group.from_union([all_expanded_groups.where(require_two_factor_authentication: true),
+                      authorized_groups.where(require_two_factor_authentication: true)])
   end
 
   # rubocop: disable CodeReuse/ServiceClass
diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb
index 15ec672f165..7f0b1185ba4 100644
--- a/spec/models/group_spec.rb
+++ b/spec/models/group_spec.rb
@@ -633,7 +633,11 @@ describe Group do
 
       group.update!(require_two_factor_authentication: true, two_factor_grace_period: 23)
 
-      expect(calls).to eq 2
+      if Group.supports_nested_objects?
+        expect(calls).to eq 2
+      else
+        expect(calls).to eq 1
+      end
     end
 
     it 'calls #update_two_factor_requirement on each group member' do