def verify_password(email_or_token, password): user_id = User.verify_auth_token(email_or_token) if user_id: user = session.query(User).filter_by(id=user_id).one() else: user = session.query(User).filter_by(email=email_or_token).first() if not user or not user.verify_password(password): return False g.user = user return True