ERR_TOO_MANY_REDIRECTS if a user's Two-factor uthentication is disabled

Suppose the global option Require all users to setup Two-factor authentication in Sign-in Restrictions => Two-factor authentication in http://gitlab.intra.arpanet/admin/application_settings is checked, and user thepoorguy is already setup his Two-factor authentication. But one day, unfortunately he lost his Two-factor authentication key and also the code. We have to disable his Two-factor Authentication in http://gitlab.intra.arpanet/admin/users/thepoorguy.

Next time when thepoorguy login, it's expected for he to reset his Two-factor authentication. But actually, there's a loop between http://gitlab.intra.arpanet/profile/password/new and http://gitlab.intra.arpanet/profile/two_factor_auth after he logged-in.

Screenshot_2016-07-08_23.14.29

The only terrible solution I know is to disable the global option Require all users to setup Two-factor authentication temporally.