1 files changed, 18 insertions, 1 deletions

diff --git a/qvisqve/auth_router.py b/qvisqve/auth_router.py
index 717e46f..378a995 100644
--- a/qvisqve/auth_router.py
+++ b/qvisqve/auth_router.py
@@ -17,14 +17,18 @@
 import urllib.parse
 
 
+import bottle
+
+
 import qvisqve
 
 
 class AuthRouter(qvisqve.Router):
 
-    def __init__(self, apps):
+    def __init__(self, apps, users):
         super().__init__()
         self._apps = apps
+        self._users = users
 
     def get_routes(self):
         return [
@@ -44,6 +48,12 @@ class AuthRouter(qvisqve.Router):
         if content_type != 'application/x-www-form-urlencoded':
             return qvisqve.bad_request_response('Wrong content type')
 
+        params = self._get_form_params(body)
+        username = self._get_param(params, 'username')
+        password = self._get_param(params, 'password')
+        if not self._users.is_valid_secret(username, password):
+            return qvisqve.unauthorized_response('Access denied')
+
         # TODO:
         # - perform actual auth
         # - create and store auth code
@@ -59,3 +69,10 @@ class AuthRouter(qvisqve.Router):
         qvisqve.log.log('xxx', msg_text='Returning redirect', url=url)
 
         return qvisqve.found_response('Redirect to callback url', url)
+
+    def _get_param(self, params, name):
+        return params[name][0]
+
+    def _get_form_params(self, body):
+        body = body.decode('UTF-8')
+        return urllib.parse.parse_qs(body)