simanacci/gist:128fd94729bb8394b41c9c374ea6da1e

## gistfile1.py
def generate_password_reset_token(self, expires_in=3600):
    s = URLSafeTimedSerializer(current_app.config['SECRET_KEY'], expires_in)
    return s.dumps(self.email, salt='password-recovery')

@staticmethod
def reset_password(token, new_password):
    s = URLSafeTimedSerializer(current_app.config['SECRET_KEY'])
    try:
        email = s.loads(token, max_age=3600, salt='password-recovery')
    except SignatureExpired:
        return False
    user = User.query.filter_by(email=email).first()
    if user is None:
        return False
    user.password = new_password
    db.session.commit()
    return True

#conftest
@pytest.fixture(scope='session')
def app(postgresql):
    app = create_app('testing')
    app.config['SQLALCHEMY_DATABASE_URI'] = postgresql
    app.config['WTF_CSRF_ENABLED'] = False
    app.app_context().push()
    db_.create_all()
    yield app

#test
def test_expired_password_reset_token(test_user):
    u = test_user
    token = u.generate_password_reset_token(1)
    time.sleep(2)
    u.reset_password(token, 'new')
    assert not u.verify_password('new')


#error
test_user = <User 15>

    def test_expired_password_reset_token(test_user):
        u = test_user
        token = u.generate_password_reset_token(1)
        time.sleep(2)
        u.reset_password(token, 'new')
>       assert not u.verify_password('new')
E       AssertionError: assert not True
E        +  where True = <bound method User.verify_password of <User 15>>('new')
E        +    where <bound method User.verify_password of <User 15>> = <User 15>.verify_password

tests/test_models.py:63: AssertionError
	def generate_password_reset_token(self, expires_in=3600):
	s = URLSafeTimedSerializer(current_app.config['SECRET_KEY'], expires_in)
	return s.dumps(self.email, salt='password-recovery')

	@staticmethod
	def reset_password(token, new_password):
	s = URLSafeTimedSerializer(current_app.config['SECRET_KEY'])
	try:
	email = s.loads(token, max_age=3600, salt='password-recovery')
	except SignatureExpired:
	return False
	user = User.query.filter_by(email=email).first()
	if user is None:
	return False
	user.password = new_password
	db.session.commit()
	return True

	#conftest
	@pytest.fixture(scope='session')
	def app(postgresql):
	app = create_app('testing')
	app.config['SQLALCHEMY_DATABASE_URI'] = postgresql
	app.config['WTF_CSRF_ENABLED'] = False
	app.app_context().push()
	db_.create_all()
	yield app

	#test
	def test_expired_password_reset_token(test_user):
	u = test_user
	token = u.generate_password_reset_token(1)
	time.sleep(2)
	u.reset_password(token, 'new')
	assert not u.verify_password('new')


	#error
	test_user = <User 15>

	def test_expired_password_reset_token(test_user):
	u = test_user
	token = u.generate_password_reset_token(1)
	time.sleep(2)
	u.reset_password(token, 'new')
	> assert not u.verify_password('new')
	E AssertionError: assert not True
	E + where True = <bound method User.verify_password of <User 15>>('new')
	E + where <bound method User.verify_password of <User 15>> = <User 15>.verify_password

	tests/test_models.py:63: AssertionError