Password reset links expire after single-click without password reset

[jvendetti]

The expiry for password reset links was recently changed (see #133), and part of the new behavior feels somewhat confusing. The link to reset a password can only be clicked once without generating an error, regardless of whether a user actually resets their password. Consider the following steps:

• Request a password reset email
• Open the email and click the password reset link
• Don't take any action in the resulting BioPortal form for updating passwords
• Click the password reset link again

The second click on the reset link results in a 401 Password reset not authorized with this token error. My expectation is that subsequent clicks on the link should be allowed, and that the link wouldn't be expired until the user actually resets their password, or the one-hour time limit to reset has been exceeded.