Cleanup of selfservice token code
Best described by an example:
expired_tokens = PasswordToken.query.filter(PasswordToken.created < (datetime.datetime.now() - datetime.timedelta(days=2))).all()
duplicate_tokens = PasswordToken.query.filter(PasswordToken.loginname == user.loginname).all()
for i in expired_tokens + duplicate_tokens:
db.session.delete(i)
Better:
PasswordToken.query.filter(db._or(PasswordToken.created < (datetime.datetime.now() - datetime.timedelta(days=2)), PasswordToken.loginname == user.loginname).delete()