Add password encryption

3 files changed, 24 insertions, 1 deletions

diff --git a/distixapi/__init__.py b/distixapi/__init__.py
index d860521..07d5833 100644
--- a/distixapi/__init__.py
+++ b/distixapi/__init__.py
@@ -1,2 +1,2 @@
 from .version import __version__, __version_info__
-from .authn import AuthenticationError, get_credentials
+from .authn import AuthenticationError, get_credentials, encrypt_password
diff --git a/distixapi/authn.py b/distixapi/authn.py
index a7fbbcf..f95f74d 100644
--- a/distixapi/authn.py
+++ b/distixapi/authn.py
@@ -2,6 +2,7 @@
 
 
 import base64
+import scrypt
 
 
 def get_credentials(request):
@@ -30,3 +31,8 @@ def get_credentials(request):
 class AuthenticationError(Exception):
 
     pass
+
+
+
+def encrypt_password(salt, password):
+    return scrypt.hash(password, salt)
diff --git a/distixapi/authn_tests.py b/distixapi/authn_tests.py
index 063b400..329eac6 100644
--- a/distixapi/authn_tests.py
+++ b/distixapi/authn_tests.py
@@ -40,6 +40,23 @@ class GetCredentialsTests(unittest.TestCase):
         self.assertEqual(password, p)
 
 
+class EncryptPasswordTests(unittest.TestCase):
+
+    def test_returns_value_not_containing_cleartext_password(self):
+        cleartext = 'secret'
+        salt = 'salt'
+        encrypted = distixapi.encrypt_password(salt, cleartext)
+        self.assertFalse(cleartext in encrypted)
+
+    def test_returns_different_values_with_different_salt(self):
+        cleartext = 'secret'
+        salt_1 = 'salt'
+        salt_2 = 'salt2'
+        encrypted_1 = distixapi.encrypt_password(salt_1, cleartext)
+        encrypted_2 = distixapi.encrypt_password(salt_2, cleartext)
+        self.assertNotEqual(encrypted_1, encrypted_2)
+
+
 class DummyRequest(object):
 
     def __init__(self):