Email verification and forgot password verification tokens should expire

[Christopher Allan Webber]

Email verification should expire after 30 days and forgot password
verification should expire after 7.

Things that should be done:


-  These fields should be added but not required
-  Views should be modified to add these expiration fields when
   adding the tokens
-  Views should be modified to check the expiration fields before
   using
-  A migration should be added...
   
   -  fields without verification keys should just have the
      email\_verification\_expires and/or fp\_verification\_expires set
      to None
   -  fields with verification keys should set them to a timedelta
      from today


You can set these fields via a timedelta:

::

    >>> import datetime
    >>> datetime.datetime.now() + datetime.timedelta(days=10)
    datetime.datetime(2011, 7, 4, 8, 41, 8, 502139)

[Christopher Allan Webber]

This issue is blocked by and follows
`http://bugs.foocorp.net/issues/357 <http://bugs.foocorp.net/issues/357>`_,
marked that appropriately.

[Elrond]

If email verification expires, the account should be deleted.
Either automatically, or by some "gmg cleanup" command or so.
But this is maybe a new ticket. I just wanted to note this down
somewhere.

[Christopher Allan Webber]

Hm, is that something we really want to do? I'm not sure that too
many projects do that. I think that users should be able to
re-request email authorization, maybe?

[Will Kahn-Greene]

The original url for this bug was ​http://bugs.foocorp.net/issues/394 .
Relations:
#72: blocked

[Christopher Allan Webber]

I think that auto-expiry should definitely happen via a plugin, if people want it. I'm wary of that happening on its own.

As for the rest of this, someone just needs to pick up the ticket.

[Christopher Allan Webber]

Relatedly, #668 should help us solve this. itsdangerous would be perfect for this.

[Christopher Allan Webber]

And with rodney's branch on #624 done, this is accomplished!