From 41eb965350851b192bbe2e9c4444c8b4afd437de Mon Sep 17 00:00:00 2001 From: "gcp-cherry-pick-bot[bot]" <98988430+gcp-cherry-pick-bot[bot]@users.noreply.github.com> Date: Wed, 15 Nov 2023 21:57:05 +0100 Subject: [PATCH] stages/email: use uuid for email confirmation token instead of username (cherry-pick #7581) (#7584) stages/email: use uuid for email confirmation token instead of username (#7581) Signed-off-by: Jens Langhammer Co-authored-by: Jens L --- authentik/stages/email/stage.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/authentik/stages/email/stage.py b/authentik/stages/email/stage.py index 1d8250274..0b92173d5 100644 --- a/authentik/stages/email/stage.py +++ b/authentik/stages/email/stage.py @@ -1,5 +1,6 @@ """authentik multi-stage authentication engine""" from datetime import timedelta +from uuid import uuid4 from django.contrib import messages from django.http import HttpRequest, HttpResponse @@ -71,7 +72,7 @@ class EmailStageView(ChallengeStageView): valid_delta = timedelta( minutes=current_stage.token_expiry + 1 ) # + 1 because django timesince always rounds down - identifier = slugify(f"ak-email-stage-{current_stage.name}-{pending_user}") + identifier = slugify(f"ak-email-stage-{current_stage.name}-{str(uuid4())}") # Don't check for validity here, we only care if the token exists tokens = FlowToken.objects.filter(identifier=identifier) if not tokens.exists():