2FA secret does not re-generate when encrypted_otp_secret is set to empty string
When running a command recommended in https://gitlab.com/gitlab-org/gitlab-ce/issues/1960 to reset the encrypted_otp_secret
to an empty string.
e.g.
sudo gitlab-rails runner 'User.update_all(otp_required_for_login: false, encrypted_otp_secret: "")'
I encountered a scenario in which the secret was never generated again for the users and they got stuck in a state where they could never re-enable two factor auth.
Setting the encrypted_otp_secret
to nil
fixed this problem.
e.g.
sudo gitlab-rails runner 'User.update_all(otp_required_for_login: false, encrypted_otp_secret: nil)'
But it would make sense if GitLab would automatically handle an empty string state as well and re-generate the secret.
Edited by 🤖 GitLab Bot 🤖