def verify_password(username, password):
global current_user
user = User.verify_auth_token(password)
# Todo review -- Is verifying user part of auth token sufficient? Seems to me we should also be verifying the generated token?
if not user:
return False
current_user = user
return True
