fix: Remove single-usage restriction on magic link tokens as these were consumed by link scanning software

server/utils/jwt.ts

@@ -92,16 +92,6 @@ export async function getUserForEmailSigninToken(token: string): Promise<User> {
   });
   invariant(user, "User not found");
 
-  // if user has signed in at all since the token was created then
-  // it's no longer valid, they'll need a new one.
-  if (
-    user.lastSignedInAt &&
-    payload.createdAt &&
-    user.lastSignedInAt > new Date(payload.createdAt)
-  ) {
-    throw AuthenticationError("Token has already been used");
-  }
-
   try {
     JWT.verify(token, user.jwtSecret);
   } catch (err) {