From 90466e7009e5c1791de07590055db35921ac30c5 Mon Sep 17 00:00:00 2001
From: Fabio Pitino <fpitino@gitlab.com>
Date: Fri, 13 Sep 2019 07:40:00 +0100
Subject: Cancel all running CI jobs when user is blocked

This prevents a MITM attack where attacker could
still access Git repository if any jobs were
running long enough.
---
 app/services/ci/cancel_user_pipelines_service.rb | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 app/services/ci/cancel_user_pipelines_service.rb

(limited to 'app/services')

diff --git a/app/services/ci/cancel_user_pipelines_service.rb b/app/services/ci/cancel_user_pipelines_service.rb
new file mode 100644
index 00000000000..bcafb6b4a35
--- /dev/null
+++ b/app/services/ci/cancel_user_pipelines_service.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Ci
+  class CancelUserPipelinesService
+    # rubocop: disable CodeReuse/ActiveRecord
+    # This is a bug with CodeReuse/ActiveRecord cop
+    # https://gitlab.com/gitlab-org/gitlab/issues/32332
+    def execute(user)
+      user.pipelines.cancelable.find_each(&:cancel_running)
+    end
+    # rubocop: enable CodeReuse/ActiveRecord
+  end
+end
-- 
cgit v1.2.1