Fix: fix a server error that shows in logs for invalid /auth/failure calls

- The route for /auth/failure was attempting to incorrectly set the redirect path a second time, which was causign express to complain with an error in the server logs. The fix is to just return the route at the first assignment.
- Added test cases to verify that GET calls to core routes are not causing server-side errors.
- Removed /api test case in app.test.js to have the test focus on the core functions.  /api route is mostlikey going to be removed from the app during app customization.

Author: YasharF

app.js

@@ -320,7 +320,7 @@ app.get('/auth/failure', (req, res) => {
   const redirectTarget = baseReturnTo || returnTo;
 
   if (!redirectTarget || !isSafeRedirect(redirectTarget) || redirectTarget === req.originalUrl || redirectTarget.startsWith('/auth/')) {
-    res.redirect('/');
+    return res.redirect('/');
   }
   res.redirect(redirectTarget);
 });

test/app.test.js

@@ -46,12 +46,6 @@ describe('GET /forgot', () => {
   });
 });
 
-describe('GET /api', () => {
-  it('should return 200 OK', (done) => {
-    request(app).get('/api').expect(200, done);
-  });
-});
-
 describe('GET /contact', () => {
   it('should return 200 OK', (done) => {
     request(app).get('/contact').expect(200, done);
@@ -63,3 +57,31 @@ describe('GET /random-url', () => {
     request(app).get('/reset').expect(404, done);
   });
 });
+
+describe('core GET routes do not throw', () => {
+  const routes = [
+    '/',
+    '/login',
+    '/logout',
+    '/signup',
+    '/forgot',
+    '/contact',
+    '/login/2fa',
+    '/login/2fa/totp',
+    '/login/webauthn-start',
+    '/login/verify/testtoken',
+    '/reset/testtoken',
+    '/account',
+    '/account/verify',
+    '/account/verify/testtoken',
+    '/account/2fa/totp/setup',
+    '/account/webauthn/register',
+    '/auth/failure',
+  ];
+
+  routes.forEach((route) => {
+    it(`GET ${route}`, async () => {
+      await request(app).get(route);
+    });
+  });
+});