diff --git a/app.py b/app.py
index bfecce7..8cd7bd1 100644
--- a/app.py
+++ b/app.py
@@ -234,6 +234,20 @@ class Receipt(db.Model):
     shopping_list = db.relationship("ShoppingList", back_populates="receipts")
 
 
+def hash_password(password):
+    pepper = app.config["BCRYPT_PEPPER"]
+    peppered = (password + pepper).encode("utf-8")
+    salt = bcrypt.gensalt()
+    hashed = bcrypt.hashpw(peppered, salt)
+    return hashed.decode("utf-8")
+
+
+def check_password(stored_hash, password_input):
+    pepper = app.config["BCRYPT_PEPPER"]
+    peppered = (password_input + pepper).encode("utf-8")
+    return bcrypt.checkpw(peppered, stored_hash.encode("utf-8"))
+
+
 if app.config["SQLALCHEMY_DATABASE_URI"].startswith("sqlite:///"):
     db_path = app.config["SQLALCHEMY_DATABASE_URI"].replace("sqlite:///", "", 1)
     db_dir = os.path.dirname(db_path)
@@ -305,19 +319,6 @@ def serve_css_lib(filename):
 app.register_blueprint(static_bp)
 
 
-def hash_password(password):
-    pepper = app.config["BCRYPT_PEPPER"]
-    peppered = (password + pepper).encode("utf-8")
-    salt = bcrypt.gensalt()
-    hashed = bcrypt.hashpw(peppered, salt)
-    return hashed.decode("utf-8")
-
-
-def check_password(stored_hash, password_input):
-    pepper = app.config["BCRYPT_PEPPER"]
-    peppered = (password_input + pepper).encode("utf-8")
-    return bcrypt.checkpw(peppered, stored_hash.encode("utf-8"))
-
 
 def allowed_file(filename):
     return "." in filename and filename.rsplit(".", 1)[1].lower() in ALLOWED_EXTENSIONS