fix(auth): exclude returnTo from passport reset

We patch passport with the code from https://github
.com/jaredhanson/passport/pull/941,
which excludes session.returnTo from reset on login.

Fixes https://github.com/hedgedoc/hedgedoc/issues/4466

Co-authored-by: Graham White <graham_alton@hotmail.com>
Signed-off-by: David Mehren <git@herrmehren.de>

.yarn/patches/passport-npm-0.7.0-df02531736.patch

@@ -0,0 +1,15 @@
+diff --git a/lib/sessionmanager.js b/lib/sessionmanager.js
+index 81b59b1d155314e90f3b59a0528d27d71c08e20d..db98d487b720b2d6528ed00b098f373ec636173e 100644
+--- a/lib/sessionmanager.js
++++ b/lib/sessionmanager.js
+@@ -36,7 +36,9 @@ SessionManager.prototype.logIn = function(req, user, options, cb) {
+       }
+       if (options.keepSessionInfo) {
+         merge(req.session, prevSession);
+-      }
++      } else if (options.successReturnToOrRedirect && prevSession.returnTo) {
++        req.session.returnTo = prevSession.returnTo;
++      }      
+       if (!req.session[self._key]) {
+         req.session[self._key] = {};
+       }

package.json

@@ -71,7 +71,7 @@
     "morgan": "1.10.0",
     "mysql2": "3.11.0",
     "node-fetch": "2.7.0",
-    "passport": "0.7.0",
+    "passport": "patch:passport@npm%3A0.7.0#~/.yarn/patches/passport-npm-0.7.0-df02531736.patch",
     "passport-dropbox-oauth2": "1.1.0",
     "passport-facebook": "3.0.0",
     "passport-github": "1.1.0",