summaryrefslogtreecommitdiff
path: root/macaroonbakery/bakery
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2018-10-12 13:08:30 +0100
committerColin Watson <cjwatson@debian.org>2018-10-12 13:08:30 +0100
commit883e591e1e08c13d1a8e909a113a621552ae4b55 (patch)
tree1614dd704afdac172759441ec055a393d5b51bf2 /macaroonbakery/bakery
parent2105a515d749b74eef9a6bb6af008aa6a842e313 (diff)
New upstream version 1.2.0
Diffstat (limited to 'macaroonbakery/bakery')
-rw-r--r--macaroonbakery/bakery/_checker.py25
-rw-r--r--macaroonbakery/bakery/_internal/id.proto14
2 files changed, 13 insertions, 26 deletions
diff --git a/macaroonbakery/bakery/_checker.py b/macaroonbakery/bakery/_checker.py
index b796502..88560cc 100644
--- a/macaroonbakery/bakery/_checker.py
+++ b/macaroonbakery/bakery/_checker.py
@@ -111,21 +111,18 @@ class AuthChecker(object):
if not self._executed:
self._init_once(ctx)
self._executed = True
- if self._init_errors:
- raise AuthInitError(self._init_errors[0])
def _init_once(self, ctx):
self._auth_indexes = {}
self._conditions = [None] * len(self._macaroons)
for i, ms in enumerate(self._macaroons):
try:
- ops, conditions = self.parent._macaroon_opstore.macaroon_ops(
- ms)
- except VerificationError:
- raise
- except Exception as exc:
- self._init_errors.append(exc.args[0])
+ ops, conditions = self.parent._macaroon_opstore.macaroon_ops(ms)
+ except VerificationError as e:
+ self._init_errors.append(str(e))
continue
+ except Exception as exc:
+ raise AuthInitError(str(exc))
# It's a valid macaroon (in principle - we haven't checked first
# party caveats).
@@ -152,8 +149,7 @@ class AuthChecker(object):
# other operations if the conditions succeed for those.
declared, err = self._check_conditions(ctx, LOGIN_OP, conditions)
if err is not None:
- self._init_errors.append('cannot authorize login macaroon: ' +
- err)
+ self._init_errors.append('cannot authorize login macaroon: ' + err)
continue
if self._identity is not None:
# We've already found a login macaroon so ignore this one
@@ -201,8 +197,13 @@ class AuthChecker(object):
authorization requests.
If an operation was not allowed, an exception will be raised which may
- be DischargeRequiredError holding the operations that remain to
- be authorized in order to allow authorization to proceed.
+ be:
+
+ - DischargeRequiredError holding the operations that remain to
+ be authorized in order to allow authorization to proceed
+ - PermissionDenied when no operations can be authorized and there's
+ no third party to discharge macaroons for.
+
@param ctx AuthContext
@param ops an array of Op
:return: an AuthInfo object.
diff --git a/macaroonbakery/bakery/_internal/id.proto b/macaroonbakery/bakery/_internal/id.proto
deleted file mode 100644
index eb3d614..0000000
--- a/macaroonbakery/bakery/_internal/id.proto
+++ /dev/null
@@ -1,14 +0,0 @@
-syntax="proto3";
-
-option go_package = "macaroonpb";
-
-message MacaroonId {
- bytes nonce = 1;
- bytes storageId = 2;
- repeated Op ops = 3;
-}
-
-message Op {
- string entity = 1;
- repeated string actions = 2;
-}