FIX: Do not redirect to `/auth/*` urls after authentication

When using the login confirmation screen, the referrer URL is `/auth/{provider}`. That means that the user is redirected back to the confirmation screen after logging in, even though login was successful. This is very confusing. Instead, they should be redirected to the homepage.

app/controllers/users/omniauth_callbacks_controller.rb

@@ -53,7 +53,9 @@ class Users::OmniauthCallbacksController < ApplicationController
       rescue URI::Error
       end
 
-      if parsed && (parsed.host == nil || parsed.host == Discourse.current_hostname)
+      if parsed && # Valid
+         (parsed.host == nil || parsed.host == Discourse.current_hostname) && # Local
+         !parsed.path.starts_with?(Discourse.base_uri("/auth/")) # Not /auth URL
         @origin = +"#{parsed.path}"
         @origin << "?#{parsed.query}" if parsed.query
       end

spec/requests/omniauth_callbacks_controller_spec.rb

@@ -459,6 +459,17 @@ RSpec.describe Users::OmniauthCallbacksController do
           expect(cookie_data["destination_url"]).to eq('/t/123')
         end
 
+        it "never redirects to /auth/ origin" do
+          post "/auth/google_oauth2?origin=http://test.localhost/auth/google_oauth2"
+          get "/auth/google_oauth2/callback"
+
+          expect(response.status).to eq 302
+          expect(response.location).to eq "http://test.localhost/"
+
+          cookie_data = JSON.parse(response.cookies['authentication_data'])
+          expect(cookie_data["destination_url"]).to eq('/')
+        end
+
         it "redirects to relative origin" do
           post "/auth/google_oauth2?origin=/t/123"
           get "/auth/google_oauth2/callback"