def verify_password(username_or_token, password): # first try to authenticate by token user = Users.verify_auth_token(username_or_token) if not user: # try to authenticate with username/password try: user = Users.get(Users.username == username_or_token) except: user = None if not user or not user.verify_password(password): return False g.user = user return True
def verify_token(token): user = Users.verify_auth_token(token) if user: g.user = user return True return False