fix: tweak email flow, change homepage

Author: balazsorban44

packages/next-auth/package.json

@@ -2,7 +2,7 @@
   "name": "next-auth",
   "version": "4.24.7",
   "description": "Authentication for Next.js",
-  "homepage": "https://next-auth.js.org",
+  "homepage": "https://authjs.dev",
   "repository": "https://github.com/nextauthjs/next-auth.git",
   "author": "Iain Collins <[email protected]>",
   "contributors": [

packages/next-auth/src/core/routes/callback.ts

@@ -199,27 +199,30 @@ export default async function callback(params: {
     }
   } else if (provider.type === "email") {
     try {
-      const token = query?.token as string | undefined
-      const identifier = query?.email as string | undefined
+      const paramToken = query?.token as string | undefined
+      const paramIdentifier = query?.email as string | undefined
 
       // If these are missing, the sign-in URL was manually opened without these params or the `sendVerificationRequest` method did not send the link correctly in the email.
-      if (!token || !identifier) {
+      if (!paramToken || !paramIdentifier) {
         return { redirect: `${url}/error?error=configuration`, cookies }
       }
 
       // @ts-expect-error -- Verified in `assertConfig`. adapter: Adapter<true>
       const invite = await adapter.useVerificationToken({
-        identifier,
-        token: hashToken(token, options),
+        identifier: paramIdentifier,
+        token: hashToken(paramToken, options),
       })
 
-      const invalidInvite = !invite || invite.expires.valueOf() < Date.now()
+      const invalidInvite =
+        !invite ||
+        invite.identifier !== paramIdentifier ||
+        invite.expires.valueOf() < Date.now()
       if (invalidInvite) {
         return { redirect: `${url}/error?error=Verification`, cookies }
       }
 
       const profile = await getAdapterUserFromEmail({
-        email: identifier,
+        email: invite.identifier,
         adapter,
       })