Handle empty tags for userpass login provider

kian99 · kian99 · commit 60c5dafc12c0 · 2024-06-19T17:44:43.000+02:00
The user_pass login provider had some extra logic to handle cases of machine auth. Here we cover this edge case.
diff --git a/api/interface.go b/api/interface.go
@@ -140,6 +140,15 @@ type LoginResultParams struct {
 	serverVersion    version.Number
 }
 
+// EnsureTag should be used when a login provider needs to ensure
+// a login result has a tag set, particularly in cases where the
+// server doesn't return a user identity.
+func (l *LoginResultParams) EnsureTag(tag names.Tag) {
+	if l.tag == nil {
+		l.tag = tag
+	}
+}
+
 // NewLoginResultParams constructs a LoginResultParams from a Juju login response.
 func NewLoginResultParams(result params.LoginResult) (*LoginResultParams, error) {
 	var controllerAccess string
diff --git a/api/userpass_login_provider.go b/api/userpass_login_provider.go
@@ -171,6 +171,13 @@ func (p *userpassLoginProvider) Login(ctx context.Context, caller base.APICaller
 			return nil, errors.Errorf("login with discharged macaroons failed: %s", result.DischargeRequiredReason)
 		}
 	}
-
-	return NewLoginResultParams(result)
+	loginResult, err := NewLoginResultParams(result)
+	if err != nil {
+		return loginResult, err
+	}
+	// Edge case for username/password login. Ensure the result has a tag set.
+	// Currently no tag is returned when performing a login as a machine rather than a user.
+	// Ideally the server would respond with the tag used as part of the request.
+	loginResult.EnsureTag(p.tag)
+	return loginResult, nil
 }

Original file line number	Diff line number	Diff line change
`@@ -171,6 +171,13 @@ func (p *userpassLoginProvider) Login(ctx context.Context, caller base.APICaller`
`171`	`171`	`return nil, errors.Errorf("login with discharged macaroons failed: %s", result.DischargeRequiredReason)`
`172`	`172`	`}`
`173`	`173`	`}`
`174`		`-`
`175`		`- return NewLoginResultParams(result)`
	`174`	`+ loginResult, err := NewLoginResultParams(result)`
	`175`	`+ if err != nil {`
	`176`	`+ return loginResult, err`
	`177`	`+ }`
	`178`	`+ // Edge case for username/password login. Ensure the result has a tag set.`
	`179`	`+ // Currently no tag is returned when performing a login as a machine rather than a user.`
	`180`	`+ // Ideally the server would respond with the tag used as part of the request.`
	`181`	`+ loginResult.EnsureTag(p.tag)`
	`182`	`+ return loginResult, nil`
`176`	`183`	`}`