Untie password confirmation from email verification

[kevinetienne]

A user can validate its email in two different ways:

• before being able to log in
• after having logged in

The project uses django.contrib.auth.tokens.default_token_generator for both resetting and validating emails.

When the user needs or validates its email before logging in, everything work as expected however once the user is logged in the validation is failing as PasswordResetTokenGenerator checks the token against the user last login.

I think it will be probably better to use something else to check the user emai like django signing.

[coveralls]

Coverage remained the same at 100.0% when pulling c223532d9068b01d7fbc92e19eef97e30ab0c6e5 on email-verification into 852451a654f8e3c4f0651f67c4c90c694de03220 on master.

[kevinetienne]

@Ian-Foote @meshy @adam-incuna can you review/merge please?

[kevinetienne]

Thank you!