mandatory2fa: fix workflow when using external LDAP

* Always allow the mandatory 2fa setting to be saved
* Show warning for user if they have no 2fa setup and if not external 2fa
* If they get locked out anyway, they have to use CLI tool
* redirect for mandatory 2fa only if not external 2fa as well

src/routes/test/common.js

@@ -94,7 +94,7 @@ async function setup() {
     expect(response.status).to.equal(201);
     admin.id = response.body.id;
     // HACK to get a token for second user (passwords are generated and the user should have gotten a password setup link...)
-    const token1 = await tokens.add({ identifier: admin.id, clientId: 'test-client-id', expires: Date.now() + (60 * 60 * 1000), name: 'fromtest' });
+    const token1 = await tokens.add({ identifier: admin.id, clientId: tokens.ID_WEBADMIN, expires: Date.now() + (60 * 60 * 1000), name: 'fromtest' });
     admin.token = token1.accessToken;
 
     // create user
@@ -104,7 +104,7 @@ async function setup() {
     expect(response.status).to.equal(201);
     user.id = response.body.id;
     // HACK to get a token for second user (passwords are generated and the user should have gotten a password setup link...)
-    const token2 = await tokens.add({ identifier: user.id, clientId: 'test-client-id', expires: Date.now() + (60 * 60 * 1000), name: 'fromtest' });
+    const token2 = await tokens.add({ identifier: user.id, clientId: tokens.ID_WEBADMIN, expires: Date.now() + (60 * 60 * 1000), name: 'fromtest' });
     user.token = token2.accessToken;
 
     await settings._set(settings.APPSTORE_API_TOKEN_KEY, exports.appstoreToken); // appstore token