Merge pull request #18 from rogpeppe/020-bakery-provide-caveatid-to-c…

…hecker bakery: add caveat id to third party checker function
alesstimec · Oct 18, 2014 · d0a04be · d0a04be
2 parents e3afd38 + 53535b5
commit d0a04be
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 12 deletions.
diff --git a/bakery/discharge.go b/bakery/discharge.go
@@ -40,7 +40,7 @@ func (d *Discharger) Discharge(id string) (*macaroon.Macaroon, error) {
 	if err != nil {
 		return nil, fmt.Errorf("discharger cannot decode caveat id: %v", err)
 	}
-	caveats, err := d.Checker.CheckThirdPartyCaveat(condition)
+	caveats, err := d.Checker.CheckThirdPartyCaveat(id, condition)
 	if err != nil {
 		return nil, err
 	}

diff --git a/bakery/example/authservice.go b/bakery/example/authservice.go
@@ -28,7 +28,7 @@ func authService(endpoint string) (http.Handler, error) {
 //
 // Note how this function can return additional first- and third-party
 // caveats which will be added to the original macaroon's caveats.
-func thirdPartyChecker(req *http.Request, condition string) ([]bakery.Caveat, error) {
+func thirdPartyChecker(req *http.Request, cavId, condition string) ([]bakery.Caveat, error) {
 	if condition != "access-allowed" {
 		return nil, &bakery.CaveatNotRecognizedError{condition}
 	}

diff --git a/bakery/service.go b/bakery/service.go
@@ -269,21 +269,23 @@ func (e *VerificationError) Error() string {
 // checker does not return third-party caveats.
 
 // ThirdPartyChecker holds a function that checks
-// third party caveats for validity. It the
+// third party caveats for validity. If the
 // caveat is valid, it returns a nil error and
 // optionally a slice of extra caveats that
 // will be added to the discharge macaroon.
+// The caveatId parameter holds the still-encoded
+// id of the caveat.
 //
 // If the caveat kind was not recognised, the checker
 // should return ErrCaveatNotRecognised.
 type ThirdPartyChecker interface {
-	CheckThirdPartyCaveat(caveat string) ([]Caveat, error)
+	CheckThirdPartyCaveat(caveatId, caveat string) ([]Caveat, error)
 }
 
-type ThirdPartyCheckerFunc func(caveat string) ([]Caveat, error)
+type ThirdPartyCheckerFunc func(caveatId, caveat string) ([]Caveat, error)
 
-func (c ThirdPartyCheckerFunc) CheckThirdPartyCaveat(caveat string) ([]Caveat, error) {
-	return c(caveat)
+func (c ThirdPartyCheckerFunc) CheckThirdPartyCaveat(caveatId, caveat string) ([]Caveat, error) {
+	return c(caveatId, caveat)
 }
 
 // FirstPartyChecker holds a function that checks

diff --git a/bakery/storage_test.go b/bakery/storage_test.go
@@ -59,4 +59,4 @@ func (*StorageSuite) TestConcurrentMemStorage(c *gc.C) {
 	for i := 0; i < 3; i++ {
 		<-done
 	}
-}
+}
diff --git a/httpbakery/discharge.go b/httpbakery/discharge.go
@@ -17,7 +17,7 @@ import (
 type dischargeHandler struct {
 	key     *KeyPair
 	svc     *bakery.Service
-	checker func(req *http.Request, cav string) ([]bakery.Caveat, error)
+	checker func(req *http.Request, cavId, cav string) ([]bakery.Caveat, error)
 }
 
 // AddDischargeHandler handles adds handlers to the given ServeMux
@@ -60,7 +60,7 @@ type dischargeHandler struct {
 func (svc *Service) AddDischargeHandler(
 	root string,
 	mux *http.ServeMux,
-	checker func(req *http.Request, cav string) ([]bakery.Caveat, error),
+	checker func(req *http.Request, cavId, cav string) ([]bakery.Caveat, error),
 ) {
 	d := &dischargeHandler{
 		key:     &svc.key,
@@ -89,8 +89,8 @@ func (d *dischargeHandler) serveDischarge(w http.ResponseWriter, req *http.Reque
 		d.badRequest(w, "id attribute is empty")
 		return
 	}
-	checker := func(cav string) ([]bakery.Caveat, error) {
-		return d.checker(req, cav)
+	checker := func(cavId, cav string) ([]bakery.Caveat, error) {
+		return d.checker(req, cavId, cav)
 	}
 	discharger := &bakery.Discharger{
 		Checker: bakery.ThirdPartyCheckerFunc(checker),