// newDischargeRequiredError returns a discharge-required error holding
// a newly minted macaroon referencing the original check error
// checkErr. If hp.authLocation is non-empty, the issued macaroon will
// contain an "is-ok" third party caveat addressed to that location.
//
// If req is non-nil, it will be used to pass to NewDischargeRequiredErrorForRequest,
// otherwise the old protocol (triggered by NewDischargeRequiredError) will be used.
func newDischargeRequiredError(hp serverHandlerParams, checkErr error, req *http.Request) error {
	var caveats []checkers.Caveat
	if hp.authLocation != "" {
		caveats = []checkers.Caveat{{
			Location:  hp.authLocation,
			Condition: "is-ok",
		}}
	}
	if hp.caveats != nil {
		caveats = append(caveats, hp.caveats()...)
	}
	m, err := hp.service.NewMacaroon("", nil, caveats)
	if err != nil {
		panic(fmt.Errorf("cannot make new macaroon: %v", err))
	}
	if req != nil {
		err = httpbakery.NewDischargeRequiredErrorForRequest(m, "", checkErr, req)
	} else {
		err = httpbakery.NewDischargeRequiredError(m, "", checkErr)
	}
	if hp.mutateError != nil {
		hp.mutateError(err.(*httpbakery.Error))
	}
	return err
}
Exemple #2
0
// newDischargeRequiredError returns a discharge-required error holding
// a newly minted macaroon referencing the original check error
// checkErr. If authLocation is non-empty, the issued macaroon will
// contain an "is-ok" third party caveat addressed to that location.
//
// If cookiePath is not nil, it will be called to find the cookie path
// to put in the response.
//
// If req is non-nil, it will be used to pass to NewDischargeRequiredErrorForRequest,
// otherwise the old protocol (triggered by NewDischargeRequiredError) will be used.
func newDischargeRequiredError(svc *bakery.Service, authLocation string, cookiePath func() string, checkErr error, req *http.Request) error {
	var caveats []checkers.Caveat
	if authLocation != "" {
		caveats = []checkers.Caveat{{
			Location:  authLocation,
			Condition: "is-ok",
		}}
	}
	m, err := svc.NewMacaroon("", nil, caveats)
	if err != nil {
		panic(fmt.Errorf("cannot make new macaroon: %v", err))
	}
	path := ""
	if cookiePath != nil {
		path = cookiePath()
	}
	if req != nil {
		return httpbakery.NewDischargeRequiredErrorForRequest(m, path, checkErr, req)
	}
	return httpbakery.NewDischargeRequiredError(m, path, checkErr)
}