Start on get_scopes

3 files changed, 29 insertions, 4 deletions

diff --git a/distixapi/__init__.py b/distixapi/__init__.py
index 07d5833..a562614 100644
--- a/distixapi/__init__.py
+++ b/distixapi/__init__.py
@@ -1,2 +1,7 @@
 from .version import __version__, __version_info__
-from .authn import AuthenticationError, get_credentials, encrypt_password
+from .authn import (
+    AuthenticationError,
+    get_credentials,
+    encrypt_password,
+    get_scopes,
+)
diff --git a/distixapi/authn.py b/distixapi/authn.py
index f95f74d..9875929 100644
--- a/distixapi/authn.py
+++ b/distixapi/authn.py
@@ -36,3 +36,7 @@ class AuthenticationError(Exception):
 
 def encrypt_password(salt, password):
     return scrypt.hash(password, salt)
+
+
+def get_scopes(users, request):
+    raise AuthenticationError('foo')
diff --git a/distixapi/authn_tests.py b/distixapi/authn_tests.py
index 329eac6..f9e2e15 100644
--- a/distixapi/authn_tests.py
+++ b/distixapi/authn_tests.py
@@ -30,11 +30,9 @@ class GetCredentialsTests(unittest.TestCase):
             distixapi.get_credentials(request)
 
     def test_returns_username_password(self):
-        request = DummyRequest()
         username = 'fooser'
         password = 'secret'
-        value = base64.b64encode('{}:{}'.format(username, password))
-        request.add_header('Authorization', 'Basic {}'.format(value))
+        request = make_request(username, password)
         u, p = distixapi.get_credentials(request)
         self.assertEqual(username, u)
         self.assertEqual(password, p)
@@ -57,6 +55,17 @@ class EncryptPasswordTests(unittest.TestCase):
         self.assertNotEqual(encrypted_1, encrypted_2)
 
 
+class PasswordCheckingTests(unittest.TestCase):
+
+    def test_raises_exception_if_user_not_known(self):
+        users = {
+            'users': [],
+        }
+        request = make_request('unknown', 'password')
+        with self.assertRaises(distixapi.AuthenticationError):
+            distixapi.get_scopes(users, request)
+
+
 class DummyRequest(object):
 
     def __init__(self):
@@ -67,3 +76,10 @@ class DummyRequest(object):
 
     def get_header(self, header):
         return self._headers.get(header)
+
+
+def make_request(username, password):
+    value = base64.b64encode('{}:{}'.format(username, password))
+    request = DummyRequest()
+    request.add_header('Authorization', 'Basic {}'.format(value))
+    return request