Decouple the db user from the flask login user.

app.py

@@ -1,9 +1,9 @@
 import logging
 
-from flask import (Flask, make_response, request, abort, render_template,
+from flask import (Flask, make_response, request, abort, send_file,
                    redirect, url_for)
 from flask.ext.principal import Principal
-from flask.ext.login import login_user, LoginManager
+from flask.ext.login import login_user, LoginManager, UserMixin
 
 import model
 
@@ -19,14 +19,29 @@ login_manager.init_app(app)
 login_manager.login_view = 'signin'
 
 
+class _LoginWrappedDBUser(UserMixin):
+  def __init__(self, db_user):
+    self._db_user = db_user
+
+  def is_active(self):
+    return self._db_user.verified
+
+  def get_id(self):
+    return unicode(self._db_user.username)
+
+
 @login_manager.user_loader
 def load_user(username):
-  return model.get_user(username)
+  db_user = model.get_user(username)
+  if db_user:
+    return _LoginWrappedDBUser(db_user)
+  else:
+    return None
 
 
 @app.route('/', methods=['GET'])
 def index():
-  return render_template('index.html')
+  return send_file('templates/index.html')
 
 
 @app.route('/signin', methods=['POST'])
@@ -39,7 +54,7 @@ def signin():
   if verified:
     logger.debug('Successfully signed in as: %s' % username)
 
-    login_user(verified)
+    login_user(_LoginWrappedDBUser(verified))
     return redirect(request.args.get('next') or url_for('index'))
 
   abort(403)
@@ -47,7 +62,7 @@ def signin():
 
 @app.route('/signin', methods=['GET'])
 def render_signin_page():
-  return render_template('signin.html')
+  return send_file('templates/signin.html')
 
 
 @app.route('/_ping')

database.py

@@ -20,18 +20,6 @@ class User(BaseModel):
   email = CharField(unique=True)
   verified = BooleanField(default=False)
 
-  def is_active(self):
-    return self.verified
-
-  def is_authenticated(self):
-    return True
-
-  def is_anonymous(self):
-    return False
-
-  def get_id(self):
-    return unicode(self.username)
-
 
 class Visibility(BaseModel):
   name = CharField()