From 7e216109dc0e824bfb78619c006912390d59d848 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom.moor@gmail.com>
Date: Wed, 16 Feb 2022 13:15:06 -0800
Subject: [PATCH] fix: Remove single-usage restriction on magic link tokens as
 these were consumed by link scanning software

---
 server/utils/jwt.ts | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/server/utils/jwt.ts b/server/utils/jwt.ts
index 497ceab3d..d78c3b418 100644
--- a/server/utils/jwt.ts
+++ b/server/utils/jwt.ts
@@ -92,16 +92,6 @@ export async function getUserForEmailSigninToken(token: string): Promise<User> {
   });
   invariant(user, "User not found");
 
-  // if user has signed in at all since the token was created then
-  // it's no longer valid, they'll need a new one.
-  if (
-    user.lastSignedInAt &&
-    payload.createdAt &&
-    user.lastSignedInAt > new Date(payload.createdAt)
-  ) {
-    throw AuthenticationError("Token has already been used");
-  }
-
   try {
     JWT.verify(token, user.jwtSecret);
   } catch (err) {