// stateForRequestAuthenticated returns a state instance appropriate for // using for the model implicit in the given request. // It also returns the authenticated entity. func (ctxt *httpContext) stateForRequestAuthenticated(r *http.Request) (*state.State, state.Entity, error) { st, err := ctxt.stateForRequestUnauthenticated(r) if err != nil { return nil, nil, errors.Trace(err) } req, err := ctxt.loginRequest(r) if err != nil { return nil, nil, errors.NewUnauthorized(err, "") } authenticator := ctxt.srv.authCtxt.authenticator(r.Host) entity, _, err := checkCreds(st, req, true, authenticator) if err != nil { if common.IsDischargeRequiredError(err) { return nil, nil, errors.Trace(err) } // Handle the special case of a worker on a controller machine // acting on behalf of a hosted model. if isMachineTag(req.AuthTag) { entity, err := checkControllerMachineCreds(ctxt.srv.state, req, authenticator) if err != nil { return nil, nil, errors.NewUnauthorized(err, "") } return st, entity, nil } // Any other error at this point should be treated as // "unauthorized". return nil, nil, errors.Trace(errors.NewUnauthorized(err, "")) } return st, entity, nil }
// stateForRequestAuthenticated returns a state instance appropriate for // using for the model implicit in the given request. // It also returns the authenticated entity. func (ctxt *httpContext) stateForRequestAuthenticated(r *http.Request) (*state.State, state.Entity, error) { st, err := ctxt.stateForRequestUnauthenticated(r) if err != nil { return nil, nil, errors.Trace(err) } req, err := ctxt.loginRequest(r) if err != nil { return nil, nil, errors.NewUnauthorized(err, "") } entity, _, err := checkCreds(st, req, true, ctxt.srv.authCtxt) if err != nil { // All errors other than a macaroon-discharge error count as // unauthorized at this point. if !common.IsDischargeRequiredError(err) { err = errors.NewUnauthorized(err, "") } return nil, nil, errors.Trace(err) } return st, entity, nil }