Fix magic URL token length

app/controllers/api/account.php

@@ -2034,7 +2034,8 @@ App::post('/v1/account/tokens/magic-url')
             Authorization::skip(fn () => $dbForProject->createDocument('users', $user));
         }
 
-        $tokenSecret = $proofForToken->generate();
+        $proofsForTokenMagicUrl = new ProofsToken(TOKEN_LENGTH_MAGIC_URL);
+        $tokenSecret = $proofsForTokenMagicUrl->generate();
         $expire = DateTime::formatTz(DateTime::addSeconds(new \DateTime(), TOKEN_EXPIRATION_CONFIRM));
 
         $token = new Document([
@@ -2042,7 +2043,7 @@ App::post('/v1/account/tokens/magic-url')
             'userId' => $user->getId(),
             'userInternalId' => $user->getSequence(),
             'type' => TOKEN_TYPE_MAGIC_URL,
-            'secret' => $proofForToken->hash($tokenSecret), // One way hash encryption to protect DB leak
+            'secret' => $proofsForTokenMagicUrl->hash($tokenSecret), // One way hash encryption to protect DB leak
             'expire' => $expire,
             'userAgent' => $request->getUserAgent('UNKNOWN'),
             'ip' => $request->getIP(),

tests/e2e/Services/Account/AccountCustomClientTest.php

@@ -2698,7 +2698,7 @@ class AccountCustomClientTest extends Scope
         $this->assertStringContainsStringIgnoringCase('Sign in to '. $this->getProject()['name'] . ' with your secure link. Expires in 1 hour.', $lastEmail['text']);
         $this->assertStringNotContainsStringIgnoringCase('security phrase', $lastEmail['text']);
 
-        $token = substr($lastEmail['text'], strpos($lastEmail['text'], '&secret=', 0) + 8, 256);
+        $token = substr($lastEmail['text'], strpos($lastEmail['text'], '&secret=', 0) + 8, 64);
 
         $expireTime = strpos($lastEmail['text'], 'expire=' . urlencode($response['body']['expire']), 0);