GitHub User: ineu
Authorization doesn't really depend on authentication. For example, I use Ryan's CanCan gem with simple http auth.
It can have unpredictable behaviour. What if send_password_reset first sets attribute value and then does something longer than a second due to high system load? What if send_password_reset doesn't really set attribute value but some previous test does and tests are not fully isolated? You'll have test that breaks from time to time in random manner.