From 146e88ac4121461b1d0c625c2f6b16c84b9f7e85 Mon Sep 17 00:00:00 2001
From: Thierry Parmentelat <thierry.parmentelat@inria.fr>
Date: Wed, 14 May 2014 13:54:41 +0200
Subject: [PATCH] cosmetic

---
 sfa/client/sfi.py | 12 ++++++------
 sfa/trust/auth.py |  3 ++-
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/sfa/client/sfi.py b/sfa/client/sfi.py
index b2ba2a07..49156ec2 100644
--- a/sfa/client/sfi.py
+++ b/sfa/client/sfi.py
@@ -500,9 +500,9 @@ class Sfi:
                              metavar="slice_hrn", help="delegate cred. for slice HRN")
            parser.add_option("-a", "--auths", dest='delegate_auths',action='append',default=[],
                              metavar='auth_hrn', help="delegate cred for auth HRN")
-           # this primarily is a shorthand for -a my_hrn
+           # this primarily is a shorthand for -A my_hrn^
            parser.add_option("-p", "--pi", dest='delegate_pi', default=None, action='store_true',
-                             help="delegate your PI credentials, so s.t. like -a your_hrn^")
+                             help="delegate your PI credentials, so s.t. like -A your_hrn^")
            parser.add_option("-A","--to-authority",dest='delegate_to_authority',action='store_true',default=False,
                              help="""by default the mandatory argument is expected to be a user, 
 use this if you mean an authority instead""")
@@ -1031,12 +1031,12 @@ use this if you mean an authority instead""")
 
         # don't translate into an object, as this would possibly distort
         # user-provided data; e.g. add an 'email' field to Users
-        if record_dict['type'] == "user":
+        if record_dict['type'] in ['user']:
             if record_dict['hrn'] == self.user:
                 cred = self.my_credential_string
             else:
                 cred = self.my_authority_credential_string()
-        elif record_dict['type'] in ["slice"]:
+        elif record_dict['type'] in ['slice']:
             try:
                 cred = self.slice_credential_string(record_dict['hrn'])
             except ServerException, e:
@@ -1046,9 +1046,9 @@ use this if you mean an authority instead""")
                    cred = self.my_authority_credential_string()
                else:
                    raise
-        elif record_dict['type'] in ["authority"]:
+        elif record_dict['type'] in ['authority']:
             cred = self.my_authority_credential_string()
-        elif record_dict['type'] == 'node':
+        elif record_dict['type'] in ['node']:
             cred = self.my_authority_credential_string()
         else:
             raise "unknown record type" + record_dict['type']
diff --git a/sfa/trust/auth.py b/sfa/trust/auth.py
index 39e77e94..18c3d615 100644
--- a/sfa/trust/auth.py
+++ b/sfa/trust/auth.py
@@ -67,6 +67,7 @@ class Auth:
         # won't work if either creds or hrns is empty - let's make it more explicit
         if not creds: raise Forbidden("no credential provided")
         if not hrns: hrns = [None]
+        error=[None,None]
         for cred in creds:
             for hrn in hrns:
                 try:
@@ -93,7 +94,7 @@ class Auth:
             check_sliver_callback(valid, sliver_xrns)
                 
         if not len(valid):
-            raise Forbidden("Invalid credential")
+            raise Forbidden("Invalid credential %s -- %s"%(error[0],error[1]))
         
         if speaking_for_hrn and not speaks_for_cred:
             raise InsufficientRights('Access denied: "geni_speaking_for" option specified but no valid speaks for credential found: %s -- %s' % (error[0],error[1]))
-- 
2.43.0