added service in the rest of controllers and classes

app/controllers/profiles/avatars_controller.rb

@@ -3,7 +3,7 @@ class Profiles::AvatarsController < Profiles::ApplicationController
     @user = current_user
     @user.remove_avatar!
 
-    @user.save
+    Users::UpdateService.new(@user, @user).execute
 
     redirect_to profile_path, status: 302
   end

app/controllers/profiles/two_factor_auths_controller.rb

@@ -10,7 +10,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
       current_user.otp_grace_period_started_at = Time.current
     end
 
-    current_user.save! if current_user.changed?
+    Users::UpdateService.new(current_user, current_user).execute!
 
     if two_factor_authentication_required? && !current_user.two_factor_enabled?
       two_factor_authentication_reason(
@@ -43,7 +43,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
     if current_user.validate_and_consume_otp!(params[:pin_code])
       current_user.otp_required_for_login = true
       @codes = current_user.generate_otp_backup_codes!
-      current_user.save!
+      Users::UpdateService.new(current_user, current_user).execute!
 
       render 'create'
     else
@@ -71,7 +71,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
 
   def codes
     @codes = current_user.generate_otp_backup_codes!
-    current_user.save!
+    Users::UpdateService.new(current_user, current_user).execute!
   end
 
   def destroy

app/controllers/sessions_controller.rb

@@ -61,7 +61,7 @@ class SessionsController < Devise::SessionsController
     return unless user && user.require_password?
 
     token = user.generate_reset_token
-    user.save
+    Users::UpdateService.new(user, user).execute
 
     redirect_to edit_user_password_path(reset_password_token: token),
       notice: "Please create a password for your new account."

app/services/users/update_service.rb

 module Users
-  # Service for creating a new user.
+  # Service for updating a user.
   class UpdateService < BaseService
     def initialize(current_user, user, params = {})
       @current_user = current_user
@@ -7,10 +7,10 @@ module Users
       @params = params.dup
     end
 
-    def execute(skip_authorization: false, &block)
+    def execute(skip_authorization: false, validate: true, &block)
       assign_attributes(skip_authorization, &block)
 
-      if @user.save || !@user.changed? && @user.errors.empty?
+      if @user.save(validate: validate) || !@user.changed? && @user.errors.empty?
         success
       else
         error(@user.errors.full_messages.uniq.join('. '))

lib/api/internal.rb

@@ -133,7 +133,7 @@ module API
         end
 
         codes = user.generate_otp_backup_codes!
-        user.save!
+        ::Users::UpdateService.new(user, user).execute!
 
         { success: true, recovery_codes: codes }
       end

lib/api/users.rb

@@ -278,7 +278,7 @@ module API
 
         email.destroy
 
-        Users::UpdateService.new(current_user, user).execute do |user|
+        ::Users::UpdateService.new(current_user, user).execute do |user|
           user.update_secondary_emails!
         end
       end
@@ -511,7 +511,7 @@ module API
         not_found!('Email') unless email
 
         email.destroy
-        Users::UpdateService.new(current_user, user).execute  do |user|
+        ::Users::UpdateService.new(current_user, user).execute  do |user|
           user.update_secondary_emails!
         end
       end

lib/gitlab/ldap/access.rb

@@ -17,7 +17,8 @@ module Gitlab
         self.open(user) do |access|
           if access.allowed?
             user.last_credential_check_at = Time.now
-            user.save
+            Users::UpdateService.new(user, user).execute
+
             true
           else
             false