def test_password_not_plaintext():
user = User('user', 'pass')
assert user.pw_hash != 'pass'
assert not user.valid_password(user.pw_hash)
user.set_password('anotherpass')
assert user.pw_hash != 'anotherpass'
assert not user.valid_password(user.pw_hash)
def test_password_verify():
user = User('user', 'pass')
assert user.valid_password('pass')
assert not user.valid_password('anotherpass')
user.set_password('anotherpass')
assert user.valid_password('anotherpass')
assert not user.valid_password('pass')