The change email verification link is supposed to expire after an hour; it never expires. This PR addresses the issue.
Implementation notes:
When updating a user to have a pendingEmail and pendingEmailVerificationToken, we now also set a UTC pendingEmailVerificationTokenTimestamp. In verifyUserPendingEmailInteractor, we verify that the timestamp is within 1 hour of UTC now. When we reset pendingEmail and pendingEmailVerificationToken, we also reset pendingEmailVerificationTokenTimestamp.
The change email verification link is supposed to expire after an hour; it never expires. This PR addresses the issue.
Implementation notes:
pendingEmailandpendingEmailVerificationToken, we now also set a UTCpendingEmailVerificationTokenTimestamp. InverifyUserPendingEmailInteractor, we verify that the timestamp is within 1 hour of UTC now. When we resetpendingEmailandpendingEmailVerificationToken, we also resetpendingEmailVerificationTokenTimestamp.