From 87fd9dd00066535189cc4beef5861932fc37e185 Mon Sep 17 00:00:00 2001
From: sbwalker <shaun.walker@siliqon.com>
Date: Mon, 15 Dec 2025 10:43:11 -0500
Subject: [PATCH] use EmailConfirmationToken (which is valid for 10 minutes)

---
 Oqtane.Server/Managers/UserManager.cs   | 4 ----
 Oqtane.Server/Pages/LoginLink.cshtml.cs | 8 +++-----
 2 files changed, 3 insertions(+), 9 deletions(-)

diff --git a/Oqtane.Server/Managers/UserManager.cs b/Oqtane.Server/Managers/UserManager.cs
index a9c2d5e0..5a1a9d01 100644
--- a/Oqtane.Server/Managers/UserManager.cs
+++ b/Oqtane.Server/Managers/UserManager.cs
@@ -973,10 +973,6 @@ namespace Oqtane.Managers
 
                         var alias = _tenantManager.GetAlias();
                         var user = GetUser(identityuser.UserName, alias.SiteId);
-                        user.TwoFactorCode = token;
-                        user.TwoFactorExpiry = DateTime.UtcNow.AddMinutes(10);
-                        _users.UpdateUser(user);
-
                         string url = alias.Protocol + alias.Name + "/pages/loginlink?name=" + user.Username + "&token=" + WebUtility.UrlEncode(token);
                         string siteName = _sites.GetSite(alias.SiteId).Name;
                         string subject = _localizer["LoginLinkEmailSubject"];
diff --git a/Oqtane.Server/Pages/LoginLink.cshtml.cs b/Oqtane.Server/Pages/LoginLink.cshtml.cs
index 01748f38..d090c7ed 100644
--- a/Oqtane.Server/Pages/LoginLink.cshtml.cs
+++ b/Oqtane.Server/Pages/LoginLink.cshtml.cs
@@ -18,14 +18,12 @@ namespace Oqtane.Pages
     {
         private readonly UserManager<IdentityUser> _identityUserManager;
         private readonly SignInManager<IdentityUser> _identitySignInManager;
-        private readonly IUserManager _userManager;
         private readonly ILogManager _logger;
 
-        public LoginLinkModel(UserManager<IdentityUser> identityUserManager, SignInManager<IdentityUser> identitySignInManager, IUserManager userManager, ILogManager logger)
+        public LoginLinkModel(UserManager<IdentityUser> identityUserManager, SignInManager<IdentityUser> identitySignInManager, ILogManager logger)
         {
             _identityUserManager = identityUserManager;
             _identitySignInManager = identitySignInManager;
-            _userManager = userManager;
             _logger = logger;
         }
 
@@ -41,8 +39,8 @@ namespace Oqtane.Pages
                 IdentityUser identityuser = await _identityUserManager.FindByNameAsync(name);
                 if (identityuser != null)
                 {
-                    var user = _userManager.GetUser(identityuser.UserName, HttpContext.GetAlias().SiteId);
-                    if (user != null && user.TwoFactorCode == token && DateTime.UtcNow < user.TwoFactorExpiry)
+                    var result = await _identityUserManager.ConfirmEmailAsync(identityuser, token);
+                    if (result.Succeeded)
                     {
                         await _identitySignInManager.SignInAsync(identityuser, false);
                         _logger.Log(LogLevel.Information, this, LogFunction.Security, "Login Link Successful For User {Username}", name);