Support Two-factor Authentication for LDAP users

Closes #12653

CHANGELOG

@@ -16,6 +16,7 @@ v 8.5.0 (unreleased)
   - Don't vendor minified JS
   - Display 404 error on group not found
   - Track project import failure
+  - Support Two-factor Authentication for LDAP users
   - Fix visibility level text in admin area (Zeger-Jan van de Weg)
   - Warn admin during OAuth of granting admin rights (Zeger-Jan van de Weg)
   - Update the ExternalIssue regex pattern (Blake Hitchcock)

app/controllers/omniauth_callbacks_controller.rb

@@ -1,4 +1,5 @@
 class OmniauthCallbacksController < Devise::OmniauthCallbacksController
+  include AuthenticatesWithTwoFactor
 
   protect_from_forgery except: [:kerberos, :saml, :cas3]
 
@@ -29,8 +30,12 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
 
     # Do additional LDAP checks for the user filter and EE features
     if ldap_user.allowed?
+      if @user.two_factor_enabled?
+        prompt_for_two_factor(@user)
+      else
         log_audit_event(@user, with: :ldap)
         sign_in_and_redirect(@user)
+      end
     else
       flash[:alert] = "Access denied for your LDAP account."
       redirect_to new_user_session_path

app/views/profiles/accounts/show.html.haml

@@ -31,7 +31,6 @@
           - else
             = f.submit 'Generate', class: "btn btn-default"
 
-  - unless current_user.ldap_user?
   .panel.panel-default
     .panel-heading
       Two-factor Authentication