# won't work if either creds or hrns is empty - let's make it more explicit
if not creds: raise Forbidden("no credential provided")
if not hrns: hrns = [None]
+ error=[None,None]
for cred in creds:
for hrn in hrns:
try:
valid.append(cred)
except:
if speaking_for_hrn:
- try:
- self.check(cred, operation, speaking_for_hrn)
- speaks_for_cred = cred
- valid.append(cred)
- except:
- error = log_invalid_cred(cred)
- else:
- error = log_invalid_cred(cred)
- continue
+ try:
+ self.check(cred, operation, speaking_for_hrn)
+ speaks_for_cred = cred
+ valid.append(cred)
+ except:
+ error = log_invalid_cred(cred)
+ else:
+ error = log_invalid_cred(cred)
+ continue
# make sure all sliver xrns are validated against the valid credentials
if sliver_xrns:
check_sliver_callback(valid, sliver_xrns)
if not len(valid):
- raise Forbidden("Invalid credential")
+ raise Forbidden("Invalid credential %s -- %s"%(error[0],error[1]))
if speaking_for_hrn and not speaks_for_cred:
raise InsufficientRights('Access denied: "geni_speaking_for" option specified but no valid speaks for credential found: %s -- %s' % (error[0],error[1]))