Error 500 after disabling 2FA in account while trying to reenable 2FA but global 2FA Requirement on Sign-In is active
Summary
I've updated my phone and the 2FA was gone. I was still logged-in so it was easy to disable 2FA for my account completely. As soon as i wanted to reenable it, i've scanned the barcode and typed the 6-digit pin into the field and pressed the green button. A 500 was thrown. I tried several times. I wasn't able to reenable 2FA.
In the end i was able to do so after disabling "Require all users to setup Two-factor authentication" from the Global Settings "Sign-In" part. I was able to reenable the Authenticator App and my Yubikey and was able to reenable the global setting.
I think this is a bug!
Steps to reproduce
Enable 2FA for your account (you should be admin for the next steps), enable "Require all users to setup Two-factor authentication" in the Global settings. Maybe relogin. Then disable 2FA in your account and try to reenable 2FA. You should see the 500.
Expected behavior
I expect 2FA to be enable-able after disabling it dispite the global setting
Actual behavior
See description.
Relevant logs and/or screenshots
From Gitlab-Workhorse Log: (The part when entering the PIN from the generated barcode in the App and pressing the green button):
"POST /profile/two_factor_auth HTTP/1.1" 500
Output of checks
gitlab-ctl gitlab:check is all green. Using Gitlab 8.15.0 with PG 9.6.1 Omnibus on Debian Wheezy
Results of GitLab environment info
System information System: Debian 7.11 Current User: git Using RVM: no Ruby Version: 2.3.3p222 Gem Version: 2.6.6 Bundler Version:1.13.6 Rake Version: 10.5.0 Sidekiq Version:4.2.7
GitLab information Version: 8.15.0-ee Revision: c9da9f4a Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: PostgreSQL DB Version: 9.6.1 URL: https://example.com HTTP Clone URL: https://example.com/some-group/some-project.git SSH Clone URL: git@example.com:some-group/some-project.git Elasticsearch: no Geo: no Using LDAP: yes Using Omniauth: no
GitLab Shell Version: 4.1.1 Repository storage paths:
- default: /var/opt/gitlab/git-data/repositories Hooks: /opt/gitlab/embedded/service/gitlab-shell/hooks/ Git: /opt/gitlab/embedded/bin/git