def verify_password(username_or_token, password): user_id = User.verify_auth_token(username_or_token) if user_id: user = session.query(User).filter_by(id=user_id).first() if not user: return False else: user = session.query(User).filter_by(name=username_or_token).first() if not user or not user.verify_password(password): return False g.user = user return True