def verify_password(username, password): global current_user user = User.verify_auth_token(password) # Todo review -- Is verifying user part of auth token sufficient? Seems to me we should also be verifying the generated token? if not user: return False current_user = user return True