Disallow legacy trigger without a owner

Feedback:
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/11910#note_31594492
https://gitlab.com/gitlab-org/gitlab-ce/issues/30634#note_31601001

app/services/ci/create_pipeline_service.rb

@@ -23,6 +23,10 @@ module Ci
         return error('Insufficient permissions to create a new pipeline')
       end
 
+      unless trigger_request && trigger_request.trigger.owner
+        return error('Legacy trigger without a owner is not allowed')
+      end
+
       unless branch? || tag?
         return error('Reference not found')
       end
@@ -59,9 +63,7 @@ module Ci
     def triggering_user_allowed_for_ref?(trigger_request, ref)
       triggering_user = current_user || trigger_request.trigger.owner
 
-      (triggering_user &&
-        Ci::Pipeline.allowed_to_create?(triggering_user, project, ref)) ||
-        !project.protected_for?(ref)
+      Ci::Pipeline.allowed_to_create?(triggering_user, project, ref)
     end
 
     def process!

spec/services/ci/create_pipeline_service_spec.rb

@@ -409,5 +409,18 @@ describe Ci::CreatePipelineService, services: true do
 
       it_behaves_like 'when ref is protected'
     end
+
+    context 'when ref is not protected' do
+      context 'when trigger belongs to no one' do
+        let(:user) {}
+        let(:trigger_request) { create(:ci_trigger_request) }
+
+        it 'does not create a pipeline' do
+          expect(execute_service(trigger_request: trigger_request))
+            .not_to be_persisted
+          expect(Ci::Pipeline.count).to eq(0)
+        end
+      end
+    end
   end
 end