From 95c71016ae32ba24d2675cdaa428630d9e9c55eb Mon Sep 17 00:00:00 2001
From: Jens L <jens@goauthentik.io>
Date: Wed, 15 Nov 2023 21:13:53 +0100
Subject: [PATCH] stages/email: use uuid for email confirmation token instead
 of username (#7581)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---
 authentik/stages/email/stage.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/authentik/stages/email/stage.py b/authentik/stages/email/stage.py
index 1d8250274..0b92173d5 100644
--- a/authentik/stages/email/stage.py
+++ b/authentik/stages/email/stage.py
@@ -1,5 +1,6 @@
 """authentik multi-stage authentication engine"""
 from datetime import timedelta
+from uuid import uuid4
 
 from django.contrib import messages
 from django.http import HttpRequest, HttpResponse
@@ -71,7 +72,7 @@ class EmailStageView(ChallengeStageView):
         valid_delta = timedelta(
             minutes=current_stage.token_expiry + 1
         )  # + 1 because django timesince always rounds down
-        identifier = slugify(f"ak-email-stage-{current_stage.name}-{pending_user}")
+        identifier = slugify(f"ak-email-stage-{current_stage.name}-{str(uuid4())}")
         # Don't check for validity here, we only care if the token exists
         tokens = FlowToken.objects.filter(identifier=identifier)
         if not tokens.exists():