diff --git a/__tests__/auth/__snapshots__/confirmverification.test.js.snap b/__tests__/auth/__snapshots__/confirmverification.test.js.snap
index 74d300f8a4959cafc1a4ed709ced55971cbf4b31..db3af420ecac073b51b86a11ee1785b2777ab2d0 100644
--- a/__tests__/auth/__snapshots__/confirmverification.test.js.snap
+++ b/__tests__/auth/__snapshots__/confirmverification.test.js.snap
@@ -1,20 +1,5 @@
 // Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
 
-exports[`user verify registration token > given required fields are missing > should respond with a proper body 1`] = `
-{
-  "message": "Validation errors. Please check the error messages.",
-  "validationErrors": {
-    "email": "Required",
-  },
-}
-`;
-
-exports[`user verify registration token > given the email is unknown > should respond with a proper body 1`] = `
-{
-  "message": "Unknown eMail address",
-}
-`;
-
 exports[`user verify registration token > given the inputs are valid > should respond with a proper body 1`] = `
 {
   "message": "Account successfully verified. You can now login.",
@@ -25,7 +10,6 @@ exports[`user verify registration token > given the request body is empty > shou
 {
   "message": "Validation errors. Please check the error messages.",
   "validationErrors": {
-    "email": "Required",
     "token": "Required",
   },
 }
diff --git a/__tests__/auth/confirmverification.test.js b/__tests__/auth/confirmverification.test.js
index c97f68577b17b3476f8c1798721d23f2e8ba546e..bfa6ad390c01476a4a1930f32b299bdbe5347837 100644
--- a/__tests__/auth/confirmverification.test.js
+++ b/__tests__/auth/confirmverification.test.js
@@ -27,7 +27,6 @@ const mockedVals = vi.hoisted(() => {
       id: '66a29da2942b3ebcaf047f07'
     },
     validInput: {
-      email: 'user@mail.local',
       token: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbGIBBERISHTl9.lxQ5ZqO8qWJt15bbnSa4wrPQ02_7fvY4CgN1ZRM'
     },
     jwtPayload: {
@@ -55,7 +54,7 @@ vi.mock('../../utils/handleDB.js', async (importOriginal) => {
     ...await importOriginal(),
     dbConnection: vi.fn(() => 'mocked'),
     findOneRecord: vi.fn(() => mockedVals.foundUser),
-    updateOneRecord: vi.fn(() => mockedVals.foundUser)
+    findOneAndUpdate: vi.fn(() => mockedVals.foundUser)
   };
 });
 // import Token Service
@@ -90,24 +89,6 @@ describe('user verify registration token', () => {
     });
   });
 
-  // ############################
-
-  describe('given the email is unknown', async () => {
-    // set response by running route
-    beforeAll(async ({ expect, task }) => {
-      dbService.findOneRecord.mockImplementationOnce(() => null);
-
-      response = await supertest(app)
-        .patch(ROUTE)
-        .send(mockedVals.validInput);
-    });
-    it('should return a proper status code', () => {
-      expect(response.status).toBe(404);
-    });
-    it('should respond with a proper body', () => {
-      expect(response.body).toMatchSnapshot();
-    });
-  });
 
   // ############################
 
@@ -149,24 +130,4 @@ describe('user verify registration token', () => {
       expect(response.body).toMatchSnapshot();
     });
   });
-
-  // ############################
-
-  describe('given required fields are missing', () => {
-    beforeAll(async () => {
-      const { email, ...input } = mockedVals.validInput;
-
-      response = await supertest(app)
-        .post(ROUTE)
-        .send(input);
-    });
-
-    it('should return a proper status code status', () => {
-      expect(response.status).toBe(400);
-    });
-    it('should respond with a proper body', () => {
-      expect(response.body).toMatchSnapshot();
-    });
-  });
-
 });
\ No newline at end of file
diff --git a/controllers/Auth.js b/controllers/Auth.js
index c3b00913c7ed9c18ffa7c438cf438f686d365b23..2226855201a0bba422bc127460c1773512a44a1e 100644
--- a/controllers/Auth.js
+++ b/controllers/Auth.js
@@ -1,6 +1,6 @@
 import { createAccessToken, createPasswordToken, createRefreshToken, createVerificationToken, deleteRefreshToken, verifyRefreshToken } from "../utils/handleTokens.js";
 import { sendEmail } from "../utils/handleMailer.js";
-import { findOneRecord, updateOneRecord } from "../utils/handleDB.js";
+import { findOneAndUpdate, findOneRecord, updateOneRecord } from "../utils/handleDB.js";
 import User from "../models/User.js";
 import bcrypt from 'bcrypt';
 import { hideConfidentialFields } from "../utils/handleSchemes.js";
@@ -15,8 +15,10 @@ export const sendVerificationEmail = async (req, res, next) => {
 
     let subject = "[RagChat] Account Verification";
     let to = req.document.email;
-    let link = `${process.env.FRONTEND_URL}/verification/${verificationToken}`;
-    let html = `<p>Hi<p><br><p>Please click on the following <a href="${link}">link</a> to process the password reset. This Token is valid for ${process.env.PASSWORD_TOKEN_TTL}.</p>
+    let link = `${process.env.FRONTEND_URL}/signup/${verificationToken}`;
+    let html = `<p>Hi<p><br><p>Please click on the following <a href="${link}">link</a> to process the password reset. 
+    This Token is valid for ${process.env.PASSWORD_TOKEN_TTL}.</p>
+    <p>${link}</p>
     <p>${verificationToken}</p>
          <br><p>If you did not request this, please ignore this email.</p>`;
     await sendEmail({ to, subject, html });
@@ -33,8 +35,9 @@ export const sendVerificationEmail = async (req, res, next) => {
  */
 export const confirmVerification = async (req, res, next) => {
   try {
-    req.document.verified = true;
-    const updatedUser = await updateOneRecord(req.document);
+    // req.document.verified = true;
+    // const updatedUser = await updateOneRecord(req.document);
+    const updatedUser = await findOneAndUpdate(User, { email: req.body.email }, { verified: true });
     // remember document but remove confidential info
     const document = hideConfidentialFields(User, updatedUser);
     return res.json({ message: 'Account successfully verified. You can now login.' });
diff --git a/routes/auth.js b/routes/auth.js
index 5b47862ff4508ed4f214a18fc4937b72cf743210..c527528512e9e96390bedd6d89c001a4f97745a7 100644
--- a/routes/auth.js
+++ b/routes/auth.js
@@ -31,7 +31,7 @@ router.post('/verification',
  */
 router.patch('/verification',
   validate(confirmVerificationSchema),
-  prefetchUserByEmail,
+  // prefetchUserByEmail,
   verifyVerificationToken,
   confirmVerification
 );
diff --git a/utils/handleTokens.js b/utils/handleTokens.js
index 794b2aebac73516bff5e6ec3818d5e32d03d1060..ff5a02fc940dacd9f4822ff646ece6e73c38ecb2 100644
--- a/utils/handleTokens.js
+++ b/utils/handleTokens.js
@@ -14,7 +14,7 @@ import { performance } from "node:perf_hooks";
  * @return  {token}
  */
 export const createVerificationToken = (payload) => {
-  return jwt.sign({ id: payload.id, email: payload.email }, process.env.VERIFICATION_TOKEN_KEY + payload.verified, { expiresIn: process.env.VERIFICATION_TOKEN_TTL });
+  return jwt.sign({ id: payload.id, email: payload.email }, process.env.VERIFICATION_TOKEN_KEY, { expiresIn: process.env.VERIFICATION_TOKEN_TTL });
 };
 
 /**
@@ -30,10 +30,11 @@ export const createVerificationToken = (payload) => {
  */
 export const verifyVerificationToken = async (req, res, next) => {
   // verify token
-  const valid = jwt.verify(req.body.token, process.env.VERIFICATION_TOKEN_KEY + req.document.verified, async (error, payload) => {
+  const valid = jwt.verify(req.body.token, process.env.VERIFICATION_TOKEN_KEY, async (error, payload) => {
     // if invalid
-    if (error) return res.status(403).json({ message: 'Token is no longer valid.' });
+    if (error) return res.status(498).json({ message: 'Token is no longer valid.' });
     // if valid
+    req.body.email = payload.email;
     next();
   });
 };
diff --git a/validationSchemes/Auth.js b/validationSchemes/Auth.js
index 89e49652a92fba9ac72b90836353b74d82d1ba84..ce62a2fb9496dc7fc3f7831f947ad67e5676ce79 100644
--- a/validationSchemes/Auth.js
+++ b/validationSchemes/Auth.js
@@ -8,7 +8,6 @@ export const requestVerificationSchema = z.object({
 
 // CONFIRM VERIFICATION
 export const confirmVerificationSchema = z.object({
-  email: z.string().email(),
   token: z.string().min(1),
 });