d6bd00b5eb
Embed the sender's account identifier into the token. If a user is not correctly signed in to Gerrit Code Review when they try to verify the token the address will not be verified. This may be useful in web authentication cases where the user signed out of the sending account in order to sign in to read the email of the destination account. Also decrease the default token age from 5 days to 12 hours. If a user doesn't validate the link quickly, it isn't really useful to allow it to remain out there. Email address may change hands within 5 days (e.g. domain re-register or site admin shifting users around) but they are less likely to shfit hands in 12 hours. Change-Id: I36fe2bdf8fbe0afec1c80f129c598a1f47d537dc