added new AuthenticationToken factory, as well as new tests to check if access is denied when the token is expired, smaller optimalization changes to the user_mailer_spec and authentication_spec

spec/factories/authentication_token.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+FactoryBot.define do
+  factory :authentication_token, class: 'AuthenticationToken' do
+    created_by_external_user
+    shared_secret { SecureRandom.hex(32) }
+    expire_at { 7.days.from_now }
+
+    trait :invalid do
+      expire_at { 8.days.ago }
+    end
+  end
+end