Pick up a few regressions and enhance two-factor auth.
There were some behavior regressions in /login w.r.t. already authenticated users - this has been fixed and reverted to prior behavior.
Another bug in 2FA w.r.t. when to generate a new totp secret was fixed.
Added 2FA support into register and confirm - so now all features work well with 2FA.