customizing auth view tests should be easier #179
Description
A few items are configurable, but many are not:
- flashes used in attempt/locking tests are inconsistently configurable
- flashes in general should be lambdas/methods which take a user instance
- password generation makes assumptions that could be broken by app password policy
- attempt framework is scoped out for when apps don't have it. The same should be possible if various crud views are not used, etc.