diff --git a/kallithea/lib/auth.py b/kallithea/lib/auth.py
--- a/kallithea/lib/auth.py
+++ b/kallithea/lib/auth.py
@@ -503,11 +503,11 @@ class AuthUser(object):
             # Note: dbuser is allowed to be None.
             log.debug('Auth User lookup by database user %s', dbuser)
 
-        is_user_loaded = user_model.fill_data(self, dbuser)
+        is_user_loaded = self._fill_data(dbuser)
 
         # If user cannot be found, try falling back to anonymous.
         if not is_user_loaded:
-            is_user_loaded =  user_model.fill_data(self, self.anonymous_user)
+            is_user_loaded =  self._fill_data(self.anonymous_user)
 
         # The anonymous user is always "logged in".
         if self.user_id == self.anonymous_user.user_id:
@@ -518,6 +518,22 @@ class AuthUser(object):
 
         log.debug('Auth User is now %s' % self)
 
+    def _fill_data(self, dbuser):
+        """
+        Copies database fields from a `db.User` to this `AuthUser`. Does
+        not copy `api_keys` and `permissions` attributes.
+
+        Checks that `dbuser` is `active` (and not None) before copying;
+        returns True on success.
+        """
+        if dbuser is not None and dbuser.active:
+            log.debug('filling %s data', dbuser)
+            for k, v in dbuser.get_dict().iteritems():
+                if k not in ['api_keys', 'permissions']:
+                    setattr(self, k, v)
+            return True
+        return False
+
     @LazyProperty
     def permissions(self):
         return self.__get_perms(user=self, cache=False)
diff --git a/kallithea/model/user.py b/kallithea/model/user.py
--- a/kallithea/model/user.py
+++ b/kallithea/model/user.py
@@ -322,25 +322,6 @@ class UserModel(BaseModel):
 
         return True
 
-    def fill_data(self, auth_user, dbuser):
-        """
-        Copies database fields from a `db.User` to an `AuthUser`. Does
-        not copy `api_keys` and `permissions` attributes.
-
-        Checks that `dbuser` is `active` (and not None) before copying;
-        returns True on success.
-
-        :param auth_user: instance of user to set attributes
-        :param dbuser: `db.User` instance to copy from
-        """
-        if dbuser is not None and dbuser.active:
-            log.debug('filling %s data' % dbuser)
-            for k, v in dbuser.get_dict().iteritems():
-                if k not in ['api_keys', 'permissions']:
-                    setattr(auth_user, k, v)
-            return True
-        return False
-
     def has_perm(self, user, perm):
         perm = self._get_perm(perm)
         user = self._get_user(user)