def auth(uid, tok, perms=None): id, _, pw = tok.partition("$") p = sess.query(Person).get(uid) a = Auth(p) a.neverusethisinsecuremethod_set(id,pw) a.perms = p.perms if perms is None else perms sess.add(a) return a