Implement get_scopes

2 files changed, 31 insertions, 2 deletions

diff --git a/distixapi/authn.py b/distixapi/authn.py
index 9875929..8b7d00a 100644
--- a/distixapi/authn.py
+++ b/distixapi/authn.py
@@ -35,8 +35,17 @@ class AuthenticationError(Exception):
 
 
 def encrypt_password(salt, password):
-    return scrypt.hash(password, salt)
+    return scrypt.hash(password, salt).encode('hex')
 
 
 def get_scopes(users, request):
-    raise AuthenticationError('foo')
+    username, password = get_credentials(request)
+    if username not in users['users']:
+        raise AuthenticationError('Error authenticating')
+    user = users['users'][username]
+
+    encrypted = encrypt_password(user['salt'], password)
+    if encrypted != user['password']:
+        raise AuthenticationError('Error authenticating')
+
+    return user['scopes']
diff --git a/distixapi/authn_tests.py b/distixapi/authn_tests.py
index 7a150b5..2d3720a 100644
--- a/distixapi/authn_tests.py
+++ b/distixapi/authn_tests.py
@@ -87,6 +87,26 @@ class PasswordCheckingTests(unittest.TestCase):
         with self.assertRaises(distixapi.AuthenticationError):
             distixapi.get_scopes(users, request)
 
+    def test_returns_scopes_for_correct_creds(self):
+        username = 'fooser'
+        salt = 'nacl'
+        password = 'passwooooord'
+        scopes = ['get', 'put']
+
+        users = {
+            'users': {
+                username: {
+                    'salt': salt,
+                    'password': distixapi.encrypt_password(salt, password),
+                    'name': 'J. Random User',
+                    'scopes': scopes,
+                }
+            },
+        }
+
+        request = make_request(username, password)
+        self.assertEqual(distixapi.get_scopes(users, request), scopes)
+
 
 class DummyRequest(object):