Too many redirects when user needs to set a new password and enable 2FA at the same time
Zendesk: https://gitlab.zendesk.com/agent/tickets/81400
If a user is required to enable 2FA (a group has required it for all users) and also needs to set a new password, too many redirects occur. It seems like each requirement is vying for priority.
Steps to reproduce
- Create a group and choose 'Require all users in this group to setup Two-factor authentication'
- Create a new user and set an initial password
- Add the new user as a member of the group created previously.
- Attempt to sign in as the user.
- Observe that too many redirects occur.
To 'fix' this:
- Sign in as another user/admin again and temporarily disable the group's 'Require all users...' configuration.
- Sign in as the user again, setting a new password.
- Enable the 'Require all users...' configuration again
- Note that the user is prompted to enable 2FA.