2FA cannot be disabled using 'limit to groups'

[StuartVR]

Steps to reproduce

1. Set up new user
2. Enforced 2FA >> Administration >> Security >> "limit to groups"

Expected behaviour

Tell us what should happen
Correct functionality of 2FA, and if a user had not set this up, they would be prompted to set up on login

Actual behaviour

Tell us what happens instead
User was prompted to enter 2FA code, but user had not set up 2FA. Administrator reversed "Enforced 2FA >> Administration >> Security >> "limit to groups"" but user still prompted to enter 2FA code, despite being out of the 2FA group. I had to delete the user and add again to allow access to his portal,

Server configuration

Operating system:
Linux 5.4.0-137-generic x86_64

Web server:

Database:

PHP version:

Version: (see admin page)

Updated from an older version or fresh install:

List of activated apps:

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your server installation folder

The content of config/config.php:

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your Nextcloud installation folder

or

Insert your config.php content here
Make sure to remove all sensitive content such as passwords. (e.g. database password, passwordsalt, secret, smtp password, …)

Client configuration

Browser:

Operating system:

Logs

Web server error log

Insert your webserver log here

Server log (data/nextcloud.log)

Insert your server log here

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log

[ChristophWurst]

Please report at https://github.com/nextcloud/server/issues/new/choose. This app has no control over 2FA enforcement.

[ChristophWurst]

By omitting any kind of version numbers you make it practically impossible to reproduce the bug. Fill in the full issue template next time, pleaes.