coolify

rosslh/coolify

Fork 0

Commit graph

Author	SHA1	Message	Date
Andras Bacsai	cd06e10b1b	fix(auth): bind magic links to their invitation Include the invitation UUID in generated magic link tokens and validate the matching stored invitation link before logging the user in, preventing stale or same-email invitations from being reused.	2026-06-02 12:57:30 +02:00
Andras Bacsai	40d570f195	chore: update team invitation handling	2026-06-02 12:22:27 +02:00
Andras Bacsai	9b37a1a7eb	refactor(auth): drop implicit email verification on invitation link login The invitation-link login path previously marked the account as email-verified as a side effect of authenticating, without the user ever proving control of the mailbox. Remove that branch so every account goes through the standard signed-URL verification flow. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-20 12:09:48 +02:00

Author

SHA1

Message

Date

Andras Bacsai

cd06e10b1b

fix(auth): bind magic links to their invitation

Include the invitation UUID in generated magic link tokens and validate the
matching stored invitation link before logging the user in, preventing stale
or same-email invitations from being reused.

2026-06-02 12:57:30 +02:00

Andras Bacsai

40d570f195

chore: update team invitation handling

2026-06-02 12:22:27 +02:00

Andras Bacsai

9b37a1a7eb

refactor(auth): drop implicit email verification on invitation link login

The invitation-link login path previously marked the account as
email-verified as a side effect of authenticating, without the user ever
proving control of the mailbox. Remove that branch so every account
goes through the standard signed-URL verification flow.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-04-20 12:09:48 +02:00

3 commits