Content
Updated by Klaus Zanders 8 months ago
### Steps to reproduce
1. Be a user that has **more than one** a two factor authentication method set up.
2. Try to log in as that user
3. On user, stop at the screen where the 2FA options are shown, switch you have to another method, don't do anything further select a two factor auth method
4. 3. As an administrator, delete **all** the users two factor account methods
5. 4. As the user, try to sign in again, enter email cancel the started login process and password and try to sign in again
### What is the buggy behavior?
* Instead of successfully logging in it shows a 500 error
This behavior showed up, when my old community account was reactivated and I do not have access to the old two factor code anymore. So I tried to sign in, an administrator deleted my 2fa methods and then I tried to sign in again.
The fix was deleting my session cookie and then logging in again.
Reason for this is that the session has the currently selected 2fa device stored in a session variable and when trying to find this device it throws the error because it cannot be found anymore
### What is the expected behavior?
1. The user should be able to sign in, eventhough the session currently has a non existant 2fa device stored.
### Screenshots and other files
_If you have screenshots of the application's bug behavior or other relevant files, please drag them into this place or attach them using the "Files" section._
### Environment information
_Community_
**OpenProject version**
_15.0.1_
**Browser**
* [ ] Chrome
* [x] Firefox
* [ ] Safari
* [ ] Mobile Safari
* [ ] Other (please specify)
**Operating System**
* [ ] Windows
* [x] Mac OS X
* [ ] Mobile iOS
* [ ] Mobile Android
* [ ] Linux (please specify distro)
* [ ] Chrome OS
* [ ] Other (please specify)
**Language**
_German_
1. Be a user that has **more than one**
2. Try to log in as that user
3. On
4.
5.
### What is the buggy behavior?
* Instead of successfully logging in it shows a 500 error
This behavior showed up, when my old community account was reactivated and I do not have access to the old two factor code anymore. So I tried to sign in, an administrator deleted my 2fa methods and then I tried to sign in again.
The fix was deleting my session cookie and then logging in again.
Reason for this is that the session has the currently selected 2fa device stored in a session variable and when trying to find this device it throws the error because it cannot be found anymore
### What is the expected behavior?
1. The user should be able to sign in, eventhough the session currently has a non existant 2fa device stored.
### Screenshots and other files
_If you have screenshots of the application's bug behavior or other relevant files, please drag them into this place or attach them using the "Files" section._
### Environment information
_Community_
**OpenProject version**
_15.0.1_
**Browser**
* [ ] Chrome
* [x] Firefox
* [ ] Safari
* [ ] Mobile Safari
* [ ] Other (please specify)
**Operating System**
* [ ] Windows
* [x] Mac OS X
* [ ] Mobile iOS
* [ ] Mobile Android
* [ ] Linux (please specify distro)
* [ ] Chrome OS
* [ ] Other (please specify)
**Language**
_German_