Use unique key in account activation link and reset password link (#234)

* Use unique key for email activation and password reset

* Renamed old variable from hash to key

* Check for null before setting email key for backward compatibility. Removed comment about old behaviour.

* Send password_change_invalid_key message instead of password_change_not_pending on key mismatch.

webapp/src/main/webapp/templates/freemarker/body/accounts/userAccounts-createPassword.ftl

@@ -26,7 +26,7 @@
 
     <form method="POST" action="${formUrls.createPassword}" class="customForm" role="create password">
         <input type="hidden" name="user" value="${userAccount.emailAddress}" role="input" />
-        <input type="hidden" name="key"  value="${userAccount.passwordLinkExpiresHash}" role="input" />
+        <input type="hidden" name="key"  value="${userAccount.emailKey}" role="input" />
 
         <label for="new-password">${strings.new_password}<span class="requiredHint"> *</span></label>
         <input type="password" name="newPassword" value="${newPassword}" id="new-password" role="input" />

webapp/src/main/webapp/templates/freemarker/body/accounts/userAccounts-resetPassword.ftl

@@ -26,7 +26,7 @@
 <section id="reset-password" role="region">
     <form method="POST" action="${formUrls.resetPassword}" class="customForm" role="create password">
         <input type="hidden" name="user" value="${userAccount.emailAddress}" />
-        <input type="hidden" name="key"  value="${userAccount.passwordLinkExpiresHash}" />
+        <input type="hidden" name="key"  value="${userAccount.emailKey}" />
 
         <label for="new-password">${strings.new_password}<span class="requiredHint"> *</span></label>
         <input type="password" name="newPassword" value="${newPassword}" id="new-password" role="input" />