fix: Correct redirects in auth flow; check for undefined paths

src/server.js

@@ -53,24 +53,24 @@ app
     server.use(cookieParser());
 
     server.get("/signin", (req, res, next) => {
-      if (!req.user) req.session.redirectTo = req.get("Referer");
+      req.session.redirectTo = req.get("Referer");
       next(); // eslint-disable-line promise/no-callback-in-promise
     }, passport.authenticate("oauth2", { loginAction: "signin" }));
 
     server.get("/signup", (req, res, next) => {
-      if (!req.user) req.session.redirectTo = req.get("Referer");
+      req.session.redirectTo = req.get("Referer");
       next(); // eslint-disable-line promise/no-callback-in-promise
     }, passport.authenticate("oauth2", { loginAction: "signup" }));
 
     // This endpoint handles OAuth2 requests (exchanges code for token)
     server.get("/callback", passport.authenticate("oauth2"), (req, res) => {
       // After success, redirect to the page we came from originally
-      res.redirect(req.session.redirectTo);
+      res.redirect(req.session.redirectTo || "/");
     });
 
     server.get("/logout", (req, res) => {
       req.logout();
-      res.redirect(req.get("Referer"));
+      res.redirect(req.get("Referer") || "/");
     });
 
     // Setup next routes