diff options
author | Lars Wirzenius <liw@liw.fi> | 2017-04-16 12:14:43 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2017-04-16 12:14:43 +0300 |
commit | 42d43bd0b67492032000b9ea89848397e8abf1e9 (patch) | |
tree | 91169d2fb8d80d640e9e61f5502ddb20714a506d | |
parent | ee772866dae9cb2a66006a8e931e5bab6eb5db77 (diff) | |
download | distixapi-42d43bd0b67492032000b9ea89848397e8abf1e9.tar.gz |
Implement get_scopes
-rw-r--r-- | distixapi/authn.py | 13 | ||||
-rw-r--r-- | distixapi/authn_tests.py | 20 |
2 files changed, 31 insertions, 2 deletions
diff --git a/distixapi/authn.py b/distixapi/authn.py index 9875929..8b7d00a 100644 --- a/distixapi/authn.py +++ b/distixapi/authn.py @@ -35,8 +35,17 @@ class AuthenticationError(Exception): def encrypt_password(salt, password): - return scrypt.hash(password, salt) + return scrypt.hash(password, salt).encode('hex') def get_scopes(users, request): - raise AuthenticationError('foo') + username, password = get_credentials(request) + if username not in users['users']: + raise AuthenticationError('Error authenticating') + user = users['users'][username] + + encrypted = encrypt_password(user['salt'], password) + if encrypted != user['password']: + raise AuthenticationError('Error authenticating') + + return user['scopes'] diff --git a/distixapi/authn_tests.py b/distixapi/authn_tests.py index 7a150b5..2d3720a 100644 --- a/distixapi/authn_tests.py +++ b/distixapi/authn_tests.py @@ -87,6 +87,26 @@ class PasswordCheckingTests(unittest.TestCase): with self.assertRaises(distixapi.AuthenticationError): distixapi.get_scopes(users, request) + def test_returns_scopes_for_correct_creds(self): + username = 'fooser' + salt = 'nacl' + password = 'passwooooord' + scopes = ['get', 'put'] + + users = { + 'users': { + username: { + 'salt': salt, + 'password': distixapi.encrypt_password(salt, password), + 'name': 'J. Random User', + 'scopes': scopes, + } + }, + } + + request = make_request(username, password) + self.assertEqual(distixapi.get_scopes(users, request), scopes) + class DummyRequest(object): |