// authenticatorForTag returns the authenticator appropriate
// to use for a login with the given possibly-nil tag.
func (ctxt *authContext) authenticatorForTag(tag names.Tag) (authentication.EntityAuthenticator, error) {
if tag == nil {
auth, err := ctxt.macaroonAuth()
if errors.Cause(err) == errMacaroonAuthNotConfigured {
// Make a friendlier error message.
err = errors.New("no credentials provided")
}
if err != nil {
return nil, errors.Trace(err)
}
return auth, nil
}
switch tag.Kind() {
case names.UnitTagKind, names.MachineTagKind:
return &ctxt.agentAuth, nil
case names.UserTagKind:
return &ctxt.userAuth, nil
default:
return nil, errors.Annotatef(common.ErrBadRequest, "unexpected login entity tag")
}
}
// Authenticate authenticates the provided entity and returns an error on authentication failure.
func (u *UserAuthenticator) Authenticate(entityFinder EntityFinder, tag names.Tag, req params.LoginRequest) (state.Entity, error) {
if tag.Kind() != names.UserTagKind {
return nil, errors.Errorf("invalid request")
}
return u.AgentAuthenticator.Authenticate(entityFinder, tag, req)
}
func (m *mockState) FindEntity(tag names.Tag) (state.Entity, error) {
if tag.Kind() == names.ModelTagKind && tag.Id() == m.env.UUID() {
return m.env, nil
}
return nil, errors.NotFoundf("entity with tag %q", tag.String())
}
