Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(429)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: server/auth/auth.go

Issue 2951393002: [errors] de-specialize Transient in favor of Tags. (Closed)
Patch Set: more refactor Created 3 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« grpc/grpcutil/errors.go ('K') | « server/auth/actor.go ('k') | server/auth/auth_test.go » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The LUCI Authors. All rights reserved. 1 // Copyright 2015 The LUCI Authors. All rights reserved.
2 // Use of this source code is governed under the Apache License, Version 2.0 2 // Use of this source code is governed under the Apache License, Version 2.0
3 // that can be found in the LICENSE file. 3 // that can be found in the LICENSE file.
4 4
5 package auth 5 package auth
6 6
7 import ( 7 import (
8 "fmt" 8 "fmt"
9 "net/http" 9 "net/http"
10 10
11 "golang.org/x/net/context" 11 "golang.org/x/net/context"
12 12
13 "github.com/luci/luci-go/common/errors" 13 "github.com/luci/luci-go/common/errors"
14 "github.com/luci/luci-go/common/logging" 14 "github.com/luci/luci-go/common/logging"
15 "github.com/luci/luci-go/common/retry/transient"
15 16
16 "github.com/luci/luci-go/server/auth/delegation" 17 "github.com/luci/luci-go/server/auth/delegation"
17 "github.com/luci/luci-go/server/auth/identity" 18 "github.com/luci/luci-go/server/auth/identity"
18 "github.com/luci/luci-go/server/auth/signing" 19 "github.com/luci/luci-go/server/auth/signing"
19 "github.com/luci/luci-go/server/router" 20 "github.com/luci/luci-go/server/router"
20 ) 21 )
21 22
22 var ( 23 var (
23 // ErrNotConfigured is returned by Authenticate if auth library wasn't 24 // ErrNotConfigured is returned by Authenticate if auth library wasn't
24 // properly initialized (see SetConfig). 25 // properly initialized (see SetConfig).
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after
110 } 111 }
111 112
112 // GetMiddleware returns a middleware that uses this Authenticator for 113 // GetMiddleware returns a middleware that uses this Authenticator for
113 // authentication. 114 // authentication.
114 // 115 //
115 // It uses a.Authenticate internally and handles errors appropriately. 116 // It uses a.Authenticate internally and handles errors appropriately.
116 func (a *Authenticator) GetMiddleware() router.Middleware { 117 func (a *Authenticator) GetMiddleware() router.Middleware {
117 return func(c *router.Context, next router.Handler) { 118 return func(c *router.Context, next router.Handler) {
118 ctx, err := a.Authenticate(c.Context, c.Request) 119 ctx, err := a.Authenticate(c.Context, c.Request)
119 switch { 120 switch {
120 » » case errors.IsTransient(err): 121 » » case transient.Tag.In(err):
121 replyError(c.Context, c.Writer, 500, "Transient error du ring authentication", err) 122 replyError(c.Context, c.Writer, 500, "Transient error du ring authentication", err)
122 case err != nil: 123 case err != nil:
123 replyError(c.Context, c.Writer, 401, "Authentication err or", err) 124 replyError(c.Context, c.Writer, 401, "Authentication err or", err)
124 default: 125 default:
125 c.Context = ctx 126 c.Context = ctx
126 next(c) 127 next(c)
127 } 128 }
128 } 129 }
129 } 130 }
130 131
(...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after
237 return nil, err 238 return nil, err
238 } 239 }
239 delegatedIdentity, err := delegation.CheckToken(c, delegation.Ch eckTokenParams{ 240 delegatedIdentity, err := delegation.CheckToken(c, delegation.Ch eckTokenParams{
240 Token: delegationTok, 241 Token: delegationTok,
241 PeerID: s.peerIdent, 242 PeerID: s.peerIdent,
242 CertificatesProvider: s.db, 243 CertificatesProvider: s.db,
243 GroupsChecker: s.db, 244 GroupsChecker: s.db,
244 OwnServiceIdentity: ownServiceIdentity, 245 OwnServiceIdentity: ownServiceIdentity,
245 }) 246 })
246 if err != nil { 247 if err != nil {
247 » » » if errors.IsTransient(err) { 248 » » » if transient.Tag.In(err) {
248 report(err, "ERROR_TRANSIENT_IN_TOKEN_CHECK") 249 report(err, "ERROR_TRANSIENT_IN_TOKEN_CHECK")
249 } else { 250 } else {
250 report(err, "ERROR_BAD_DELEGATION_TOKEN") 251 report(err, "ERROR_BAD_DELEGATION_TOKEN")
251 } 252 }
252 return nil, err 253 return nil, err
253 } 254 }
254 255
255 // User profile information is not available when using delegati on, so just 256 // User profile information is not available when using delegati on, so just
256 // wipe it. 257 // wipe it.
257 s.user = &User{Identity: delegatedIdentity} 258 s.user = &User{Identity: delegatedIdentity}
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after
317 func getOwnServiceIdentity(c context.Context, signer signing.Signer) (identity.I dentity, error) { 318 func getOwnServiceIdentity(c context.Context, signer signing.Signer) (identity.I dentity, error) {
318 if signer == nil { 319 if signer == nil {
319 return "", ErrNotConfigured 320 return "", ErrNotConfigured
320 } 321 }
321 serviceInfo, err := signer.ServiceInfo(c) 322 serviceInfo, err := signer.ServiceInfo(c)
322 if err != nil { 323 if err != nil {
323 return "", err 324 return "", err
324 } 325 }
325 return identity.MakeIdentity("service:" + serviceInfo.AppID) 326 return identity.MakeIdentity("service:" + serviceInfo.AppID)
326 } 327 }
OLDNEW
« grpc/grpcutil/errors.go ('K') | « server/auth/actor.go ('k') | server/auth/auth_test.go » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698