expose expiration time in response (#24)

* expose expiration time in response
proofpoint · Mar 28, 2018 · 4f830fd · 4f830fd
1 parent a47a4e7
commit 4f830fd
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 5 deletions.
diff --git a/auth/token_issuer.go b/auth/token_issuer.go
@@ -3,6 +3,7 @@ package auth
 import (
 	"net/http"
 
+	"encoding/json"
 	goldap "github.com/go-ldap/ldap"
 	"github.com/golang/glog"
 	"github.com/prometheus/client_golang/prometheus"
@@ -96,6 +97,24 @@ func (lti *LDAPTokenIssuer) ServeHTTP(resp http.ResponseWriter, req *http.Reques
 	}
 
 	successfulTokens.Inc()
+	if req.Header.Get("Accept") == "application/json" {
+		data := map[string]interface{}{
+			"token":               signedToken,
+			"expirationTimestamp": token.Expiration,
+		}
+
+		jsondata, err := json.Marshal(data)
+		if err != nil {
+			glog.Errorf("Error marshalling json %s", err.Error())
+			resp.WriteHeader(http.StatusInternalServerError)
+			return
+		}
+
+		resp.Header().Add("Content-Type", "application/json")
+		resp.Write(jsondata)
+		return
+	}
+
 	resp.Header().Add("Content-Type", "text/plain")
 	resp.Write([]byte(signedToken))
 }

diff --git a/auth/token_issuer_test.go b/auth/token_issuer_test.go
@@ -32,18 +32,28 @@ func (d dummySigner) Sign(token *token.AuthToken) (string, error) {
 
 func TestTokenIssuer(t *testing.T) {
 	cases := []struct {
-		basicAuth    bool
-		ldapEntry    *ldap.Entry
-		expectedCode int
-		ldapErr      error
-		signerErr    error
+		basicAuth           bool
+		ldapEntry           *ldap.Entry
+		expectedCode        int
+		ldapErr             error
+		signerErr           error
+		acceptHeader        string
+		expectedContentType string
 	}{
 		{
 			// Happy path, user was authenticated against LDAP server
 			basicAuth:    true,
 			ldapEntry:    &ldap.Entry{},
 			expectedCode: http.StatusOK,
 		},
+		{
+			// Accept header was application/json
+			basicAuth:           true,
+			ldapEntry:           &ldap.Entry{},
+			expectedCode:        http.StatusOK,
+			acceptHeader:        "application/json",
+			expectedContentType: "application/json",
+		},
 		{
 			// Invalid LDAP creds provided by user
 			basicAuth:    true,
@@ -79,6 +89,10 @@ func TestTokenIssuer(t *testing.T) {
 			req.SetBasicAuth("user", "password")
 		}
 
+		if c.acceptHeader != "" {
+			req.Header.Set("Accept", c.acceptHeader)
+		}
+
 		rec := httptest.NewRecorder()
 		lti.ServeHTTP(rec, req)
 
@@ -88,6 +102,14 @@ func TestTokenIssuer(t *testing.T) {
 		if !strings.Contains(rec.Body.String(), "signedToken") && c.expectedCode == http.StatusOK {
 			t.Errorf("Case: %d. body did not contain expected token. body contents: %q", i, rec.Body.String())
 		}
+
+		if c.acceptHeader != "" && rec.Header().Get("Content-Type") != c.expectedContentType {
+			t.Errorf("Case: %d. Content-Type expected: %q, got: %q", i, c.expectedContentType, rec.Header().Get("Content-Type"))
+		}
+
+		if c.acceptHeader != "" && !strings.Contains(rec.Body.String(), "expirationTimestamp") {
+			t.Errorf("Case: %d. body did not contain expirationTimestamp. body contents: %q", i, rec.Body.String())
+		}
 	}
 }