Hello @executable .
I had exactly the same problem. I searched online and the only same issue i’ve found was yours You were everywhere: stackoverflow, server fault and here, on gitlab.
I am pretty sure this is a bug on gitlab-side.
My use-case is:
- deployed gitlab
- activated 2FA enforcement
- users activated 2FA
- added 2FA for root and few hours after desactivated it
- i did not activated root’s 2FA because i was waiting for a bitwarden deployment
- signed-in again on my gitlab instance, after the grace period of 48h to activate 2FA & bam. I was stuck on the activation page with invalid pin code.
I was about to remove 2FA for each user using: sudo gitlab-rake gitlab:two_factor:disable_for_all_users but i was pretty sure that would fail due to the enforcement.
So i upgraded gitlab to the latest version and started forensic in its database (postgresql).
sudo gitlab-rails dbconsole
gitlabhq_production=> \x on
Expanded display is on.
gitlabhq_production=> select * from application_settings;
require_two_factor_authentication | t
two_factor_grace_period | 48
This is what we are looking for. I tried:
UPDATE application_settings SET require_two_factor_authentication = 'f' WHERE id=1;
Restarted gitlab instance and it worked like a charm.
I was able to login, to navigate on my gitlab instance/administration, activate a 2FA login and reactivate/disable 2FA enforcement to be sure gitlab cleans any problem i would have created in the database.
And then i registered on this forum to help you because i saw you seems to be stuck on that since a long time. Please excuse my bad english, i’m pretty tired