Error 500 after disabling 2FA in account while trying to reenable 2FA but global 2FA Requirement on Sign-In is active

Summary

I've updated my phone and the 2FA was gone. I was still logged-in so it was easy to disable 2FA for my account completely. As soon as i wanted to reenable it, i've scanned the barcode and typed the 6-digit pin into the field and pressed the green button. A 500 was thrown. I tried several times. I wasn't able to reenable 2FA.

In the end i was able to do so after disabling "Require all users to setup Two-factor authentication" from the Global Settings "Sign-In" part. I was able to reenable the Authenticator App and my Yubikey and was able to reenable the global setting.

I think this is a bug!

Steps to reproduce

Enable 2FA for your account (you should be admin for the next steps), enable "Require all users to setup Two-factor authentication" in the Global settings. Maybe relogin. Then disable 2FA in your account and try to reenable 2FA. You should see the 500.

Expected behavior

I expect 2FA to be enable-able after disabling it dispite the global setting

Actual behavior

See description.

Relevant logs and/or screenshots

From Gitlab-Workhorse Log: (The part when entering the PIN from the generated barcode in the App and pressing the green button): "POST /profile/two_factor_auth HTTP/1.1" 500

Output of checks

gitlab-ctl gitlab:check is all green. Using Gitlab 8.15.0 with PG 9.6.1 Omnibus on Debian Wheezy

Results of GitLab environment info

System information System: Debian 7.11 Current User: git Using RVM: no Ruby Version: 2.3.3p222 Gem Version: 2.6.6 Bundler Version:1.13.6 Rake Version: 10.5.0 Sidekiq Version:4.2.7

GitLab information Version: 8.15.0-ee Revision: c9da9f4a Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: PostgreSQL DB Version: 9.6.1 URL: https://example.com HTTP Clone URL: https://example.com/some-group/some-project.git SSH Clone URL: git@example.com:some-group/some-project.git Elasticsearch: no Geo: no Using LDAP: yes Using Omniauth: no

GitLab Shell Version: 4.1.1 Repository storage paths:

  • default: /var/opt/gitlab/git-data/repositories Hooks: /opt/gitlab/embedded/service/gitlab-shell/hooks/ Git: /opt/gitlab/embedded/bin/git