A user in unfinished onboarding associated with a 2fa enforced group can cause endless redirects

Summary

When a user was invited to a group that enforces 2FA for their users - this leads to a redirection loop after the user signs in between the wizard and the 2FA sign-up page which ends in a redirected you too many times error in the browser.

Steps to reproduce

• sign up for a new account and follow the selection My company or team and Create a new project
• add the user to a group which enforces 2FA
• sign in as that user

Workaround

1. remove the user from the group that has 2FA enforced.
2. have user finish the onboarding process(wizard)
3. re-add the user to the group

Solution

• Skip onboarding redirections when 2fa path is used. Once that is done they will re-enter onboarding if eligible(welcome step not completed).
• Finish onboarding when:
  • A user is added as a member of a group or project(same as invite flow) after they registered.
  • They have finished the first welcome step

/cc @dstull