From 42d43bd0b67492032000b9ea89848397e8abf1e9 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sun, 16 Apr 2017 12:14:43 +0300 Subject: Implement get_scopes --- distixapi/authn.py | 13 +++++++++++-- distixapi/authn_tests.py | 20 ++++++++++++++++++++ 2 files changed, 31 insertions(+), 2 deletions(-) diff --git a/distixapi/authn.py b/distixapi/authn.py index 9875929..8b7d00a 100644 --- a/distixapi/authn.py +++ b/distixapi/authn.py @@ -35,8 +35,17 @@ class AuthenticationError(Exception): def encrypt_password(salt, password): - return scrypt.hash(password, salt) + return scrypt.hash(password, salt).encode('hex') def get_scopes(users, request): - raise AuthenticationError('foo') + username, password = get_credentials(request) + if username not in users['users']: + raise AuthenticationError('Error authenticating') + user = users['users'][username] + + encrypted = encrypt_password(user['salt'], password) + if encrypted != user['password']: + raise AuthenticationError('Error authenticating') + + return user['scopes'] diff --git a/distixapi/authn_tests.py b/distixapi/authn_tests.py index 7a150b5..2d3720a 100644 --- a/distixapi/authn_tests.py +++ b/distixapi/authn_tests.py @@ -87,6 +87,26 @@ class PasswordCheckingTests(unittest.TestCase): with self.assertRaises(distixapi.AuthenticationError): distixapi.get_scopes(users, request) + def test_returns_scopes_for_correct_creds(self): + username = 'fooser' + salt = 'nacl' + password = 'passwooooord' + scopes = ['get', 'put'] + + users = { + 'users': { + username: { + 'salt': salt, + 'password': distixapi.encrypt_password(salt, password), + 'name': 'J. Random User', + 'scopes': scopes, + } + }, + } + + request = make_request(username, password) + self.assertEqual(distixapi.get_scopes(users, request), scopes) + class DummyRequest(object): -- cgit v1.2.1