How to disable the Two-factor authentication in GitLab?

Question

i changed the gitlab server. On the old i had created a backup and now i had imported the backup into the new system. Everyting works!

Now i have the issue, that i can't login because of the Two-factor authentication. I think, that the secret salt changend.

This is the log:

Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "user"=>{"otp_attempt"=>"[FILTERED]"}}

Completed 500 Internal Server Error in 10ms (ActiveRecord: 0.9ms)

OpenSSL::Cipher::CipherError (bad decrypt):
app/controllers/sessions_controller.rb:95:in valid_otp_attempt?'
app/controllers/sessions_controller.rb:63:in authenticate_with_two_factor'

How can i disable the Two-factor authentication for one user?

greetings

Answer 1

Gitlab has updated the command to disable two-factor authentication for all users to this:

sudo gitlab-rails runner 'User.find_each(&:disable_two_factor!)'

@poldixd's answer should still work. If it doesn't try setting encrypted_opt_secret to nil instead of "".

Found this here: https://gitlab.com/gitlab-org/gitlab-ce/issues/1960