// newAuthContext creates a new authentication context for st.
func newAuthContext(st *state.State) (*authContext, error) {
ctxt := &authContext{
st: st,
// TODO(fwereade) 2016-07-21 there should be a clock parameter
clock: clock.WallClock,
localUserInteractions: authentication.NewInteractions(),
}
// Create a bakery service for discharging third-party caveats for
// local user authentication. This service does not persist keys;
// its macaroons should be very short-lived.
localUserThirdPartyBakeryService, _, err := newBakeryService(st, nil, nil)
if err != nil {
return nil, errors.Trace(err)
}
ctxt.localUserThirdPartyBakeryService = localUserThirdPartyBakeryService
// Create a bakery service for local user authentication. This service
// persists keys into MongoDB in a TTL collection.
store, err := st.NewBakeryStorage()
if err != nil {
return nil, errors.Trace(err)
}
locator := bakeryServicePublicKeyLocator{ctxt.localUserThirdPartyBakeryService}
localUserBakeryService, localUserBakeryServiceKey, err := newBakeryService(
st, store, locator,
)
if err != nil {
return nil, errors.Trace(err)
}
ctxt.localUserBakeryService = &expirableStorageBakeryService{
localUserBakeryService, localUserBakeryServiceKey, store, locator,
}
return ctxt, nil
}
// newAuthContext creates a new authentication context for st.
func newAuthContext(st *state.State) (*authContext, error) {
ctxt := &authContext{st: st}
store, err := st.NewBakeryStorage()
if err != nil {
return nil, errors.Trace(err)
}
// We use a non-nil, but empty key, because we don't use the
// key, and don't want to incur the overhead of generating one
// each time we create a service.
bakeryService, key, err := newBakeryService(st, store, nil)
if err != nil {
return nil, errors.Trace(err)
}
ctxt.userAuth.Service = &expirableStorageBakeryService{bakeryService, key, store, nil}
// TODO(fwereade): 2016-03-17 lp:1558657
ctxt.userAuth.Clock = state.GetClock()
return ctxt, nil
}