1 files changed, 22 insertions, 20 deletions

diff --git a/macaroonbakery/checker.py b/macaroonbakery/checker.py
index b73c92f..568fd7c 100644
--- a/macaroonbakery/checker.py
+++ b/macaroonbakery/checker.py
@@ -6,7 +6,7 @@ from threading import Lock
 
 import pyrfc3339
 
-import macaroonbakery
+import macaroonbakery as bakery
 import macaroonbakery.checkers as checkers
 
 
@@ -38,7 +38,7 @@ class Checker(object):
     See the Oven type (TODO) for one way of doing that.
     '''
     def __init__(self, checker=checkers.Checker(),
-                 authorizer=macaroonbakery.ClosedAuthorizer(),
+                 authorizer=bakery.ClosedAuthorizer(),
                  identity_client=None,
                  macaroon_opstore=None):
         '''
@@ -57,7 +57,7 @@ class Checker(object):
         self._first_party_caveat_checker = checker
         self._authorizer = authorizer
         if identity_client is None:
-            identity_client = macaroonbakery.NoIdentities()
+            identity_client = bakery.NoIdentities()
         self._identity_client = identity_client
         self._macaroon_opstore = macaroon_opstore
 
@@ -106,16 +106,18 @@ class AuthChecker(object):
                 self._init_once(ctx)
                 self._executed = True
         if self._init_errors is not None and len(self._init_errors) > 0:
-            raise macaroonbakery.AuthInitError(self._init_errors[0])
+            raise bakery.AuthInitError(self._init_errors[0])
 
     def _init_once(self, ctx):
         self._auth_indexes = {}
-        self._conditions = [None]*len(self._macaroons)
+        self._conditions = [None] * len(self._macaroons)
         for i, ms in enumerate(self._macaroons):
             try:
                 ops, conditions = self.parent._macaroon_opstore.macaroon_ops(
                     ms)
-            except macaroonbakery.VerificationError as exc:
+            except bakery.VerificationError:
+                raise
+            except Exception as exc:
                 self._init_errors.append(exc.args[0])
                 continue
 
@@ -155,7 +157,7 @@ class AuthChecker(object):
             try:
                 identity = self.parent._identity_client.declared_identity(
                     ctx, declared)
-            except macaroonbakery.IdentityError as exc:
+            except bakery.IdentityError as exc:
                 self._init_errors.append(
                     'cannot decode declared identity: {}'.format(exc.args[0]))
                 continue
@@ -169,7 +171,7 @@ class AuthChecker(object):
             try:
                 identity, cavs = self.parent.\
                     _identity_client.identity_from_context(ctx)
-            except macaroonbakery.IdentityError:
+            except bakery.IdentityError:
                 self._init_errors.append('could not determine identity')
             if cavs is None:
                 cavs = []
@@ -195,8 +197,8 @@ class AuthChecker(object):
         If an operation was not allowed, an exception will be raised which may
         be DischargeRequiredError holding the operations that remain to
         be authorized in order to allow authorization to proceed.
-        :param: ctx AuthContext
-        :param: ops an array of Op
+        @param ctx AuthContext
+        @param ops an array of Op
         :return: an AuthInfo object.
         '''
         auth_info, _ = self.allow_any(ctx, ops)
@@ -217,8 +219,8 @@ class AuthChecker(object):
 
         The LOGIN_OP operation is treated specially - it is always required if
         present in ops.
-        :param: ctx AuthContext
-        :param: ops an array of Op
+        @param ctx AuthContext
+        @param ops an array of Op
         :return: an AuthInfo object and the auth used as an array of int.
         '''
         authed, used = self._allow_any(ctx, ops)
@@ -233,8 +235,8 @@ class AuthChecker(object):
 
     def _allow_any(self, ctx, ops):
         self._init(ctx)
-        used = [False]*len(self._macaroons)
-        authed = [False]*len(ops)
+        used = [False] * len(self._macaroons)
+        authed = [False] * len(ops)
         num_authed = 0
         errors = []
         for i, op in enumerate(ops):
@@ -269,7 +271,7 @@ class AuthChecker(object):
             return authed, used
         # There are some unauthorized operations.
         need = []
-        need_index = [0]*(len(ops)-num_authed)
+        need_index = [0] * (len(ops) - num_authed)
         for i, ok in enumerate(authed):
             if not ok:
                 need_index[len(need)] = i
@@ -290,7 +292,7 @@ class AuthChecker(object):
             # no caveats to be discharged.
             return authed, used
         if self._identity is None and len(self._identity_caveats) > 0:
-            raise macaroonbakery.DischargeRequiredError(
+            raise bakery.DischargeRequiredError(
                 msg='authentication required',
                 ops=[LOGIN_OP],
                 cavs=self._identity_caveats)
@@ -301,8 +303,8 @@ class AuthChecker(object):
             err = ''
             if len(all_errors) > 0:
                 err = all_errors[0]
-            raise macaroonbakery.PermissionDenied(err)
-        raise macaroonbakery.DischargeRequiredError(
+            raise bakery.PermissionDenied(err)
+        raise bakery.DischargeRequiredError(
             msg='some operations have extra caveats', ops=ops, cavs=caveats)
 
     def allow_capability(self, ctx, ops):
@@ -352,11 +354,11 @@ class AuthChecker(object):
 class AuthInfo(namedtuple('AuthInfo', 'identity macaroons')):
     '''AuthInfo information about an authorization decision.
 
-    :param: identity: holds information on the authenticated user as
+    @param identity: holds information on the authenticated user as
     returned identity_client. It may be None after a successful
     authorization if LOGIN_OP access was not required.
 
-    :param: macaroons: holds all the macaroons that were used for the
+    @param macaroons: holds all the macaroons that were used for the
     authorization. Macaroons that were invalid or unnecessary are
     not included.
     '''