From 5cbdaeb79ac70954d76d3385296dc5f1404a4d02 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Sun, 16 Apr 2017 12:03:30 +0300
Subject: Start on get_scopes

---
 distixapi/__init__.py    |  7 ++++++-
 distixapi/authn.py       |  4 ++++
 distixapi/authn_tests.py | 22 +++++++++++++++++++---
 3 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/distixapi/__init__.py b/distixapi/__init__.py
index 07d5833..a562614 100644
--- a/distixapi/__init__.py
+++ b/distixapi/__init__.py
@@ -1,2 +1,7 @@
 from .version import __version__, __version_info__
-from .authn import AuthenticationError, get_credentials, encrypt_password
+from .authn import (
+    AuthenticationError,
+    get_credentials,
+    encrypt_password,
+    get_scopes,
+)
diff --git a/distixapi/authn.py b/distixapi/authn.py
index f95f74d..9875929 100644
--- a/distixapi/authn.py
+++ b/distixapi/authn.py
@@ -36,3 +36,7 @@ class AuthenticationError(Exception):
 
 def encrypt_password(salt, password):
     return scrypt.hash(password, salt)
+
+
+def get_scopes(users, request):
+    raise AuthenticationError('foo')
diff --git a/distixapi/authn_tests.py b/distixapi/authn_tests.py
index 329eac6..f9e2e15 100644
--- a/distixapi/authn_tests.py
+++ b/distixapi/authn_tests.py
@@ -30,11 +30,9 @@ class GetCredentialsTests(unittest.TestCase):
             distixapi.get_credentials(request)
 
     def test_returns_username_password(self):
-        request = DummyRequest()
         username = 'fooser'
         password = 'secret'
-        value = base64.b64encode('{}:{}'.format(username, password))
-        request.add_header('Authorization', 'Basic {}'.format(value))
+        request = make_request(username, password)
         u, p = distixapi.get_credentials(request)
         self.assertEqual(username, u)
         self.assertEqual(password, p)
@@ -57,6 +55,17 @@ class EncryptPasswordTests(unittest.TestCase):
         self.assertNotEqual(encrypted_1, encrypted_2)
 
 
+class PasswordCheckingTests(unittest.TestCase):
+
+    def test_raises_exception_if_user_not_known(self):
+        users = {
+            'users': [],
+        }
+        request = make_request('unknown', 'password')
+        with self.assertRaises(distixapi.AuthenticationError):
+            distixapi.get_scopes(users, request)
+
+
 class DummyRequest(object):
 
     def __init__(self):
@@ -67,3 +76,10 @@ class DummyRequest(object):
 
     def get_header(self, header):
         return self._headers.get(header)
+
+
+def make_request(username, password):
+    value = base64.b64encode('{}:{}'.format(username, password))
+    request = DummyRequest()
+    request.add_header('Authorization', 'Basic {}'.format(value))
+    return request
-- 
cgit v1.2.1