Merge "Expose token expiration time in tempauth auth response"

swift/common/middleware/tempauth.py

@@ -38,6 +38,9 @@ from swift.common.utils import config_read_reseller_options
 from swift.proxy.controllers.base import get_account_info
 
 
+DEFAULT_TOKEN_LIFE = 86400
+
+
 class TempAuth(object):
     """
     Test authentication and authorization system.
@@ -181,7 +184,7 @@ class TempAuth(object):
             self.auth_prefix = '/' + self.auth_prefix
         if not self.auth_prefix.endswith('/'):
             self.auth_prefix += '/'
-        self.token_life = int(conf.get('token_life', 86400))
+        self.token_life = int(conf.get('token_life', DEFAULT_TOKEN_LIFE))
         self.allow_overrides = config_true_value(
             conf.get('allow_overrides', 't'))
         self.storage_url_scheme = conf.get('storage_url_scheme', 'default')
@@ -766,7 +769,8 @@ class TempAuth(object):
             memcache_client.set(memcache_user_key, token,
                                 time=float(expires - time()))
         resp = Response(request=req, headers={
-            'x-auth-token': token, 'x-storage-token': token})
+            'x-auth-token': token, 'x-storage-token': token,
+            'x-auth-token-expires': str(int(expires - time()))})
         url = self.users[account_user]['url'].replace('$HOST', resp.host_url)
         if self.storage_url_scheme != 'default':
             url = self.storage_url_scheme + ':' + url.split(':', 1)[1]

test/unit/common/middleware/test_tempauth.py

@@ -515,7 +515,11 @@ class TestAuth(unittest.TestCase):
         self.assertEqual(resp.status_int, 200)
         self.assertTrue(resp.headers['x-storage-url'].endswith('/v1/AUTH_ac'))
         self.assertTrue(resp.headers['x-auth-token'].startswith('AUTH_'))
-        self.assertTrue(len(resp.headers['x-auth-token']) > 10)
+        self.assertEqual(resp.headers['x-auth-token'],
+                         resp.headers['x-storage-token'])
+        self.assertAlmostEqual(int(resp.headers['x-auth-token-expires']),
+                               auth.DEFAULT_TOKEN_LIFE - 0.5, delta=0.5)
+        self.assertGreater(len(resp.headers['x-auth-token']), 10)
 
     def test_get_token_success_other_auth_prefix(self):
         test_auth = auth.filter_factory({'user_ac_user': 'testing',
@@ -653,11 +657,16 @@ class TestAuth(unittest.TestCase):
         req.environ['SERVER_NAME'] = 'bob'
         req.environ['SERVER_PORT'] = '1234'
         req.environ['swift.cache'].set('AUTH_/user/test:tester', 'uuid_token')
+        expires = time() + 180
         req.environ['swift.cache'].set('AUTH_/token/uuid_token',
-                                       (time() + 180, 'test,test:tester'))
+                                       (expires, 'test,test:tester'))
         resp = req.get_response(self.test_auth)
         self.assertEqual(resp.status_int, 200)
         self.assertEqual(resp.headers['x-auth-token'], 'uuid_token')
+        self.assertEqual(resp.headers['x-auth-token'],
+                         resp.headers['x-storage-token'])
+        self.assertAlmostEqual(int(resp.headers['x-auth-token-expires']),
+                               179.5, delta=0.5)
 
     def test_old_token_overdate(self):
         self.test_auth = \
@@ -676,6 +685,8 @@ class TestAuth(unittest.TestCase):
         self.assertEqual(resp.status_int, 200)
         self.assertNotEqual(resp.headers['x-auth-token'], 'uuid_token')
         self.assertEqual(resp.headers['x-auth-token'][:7], 'AUTH_tk')
+        self.assertAlmostEqual(int(resp.headers['x-auth-token-expires']),
+                               auth.DEFAULT_TOKEN_LIFE - 0.5, delta=0.5)
 
     def test_old_token_with_old_data(self):
         self.test_auth = \
@@ -694,6 +705,8 @@ class TestAuth(unittest.TestCase):
         self.assertEqual(resp.status_int, 200)
         self.assertNotEqual(resp.headers['x-auth-token'], 'uuid_token')
         self.assertEqual(resp.headers['x-auth-token'][:7], 'AUTH_tk')
+        self.assertAlmostEqual(int(resp.headers['x-auth-token-expires']),
+                               auth.DEFAULT_TOKEN_LIFE - 0.5, delta=0.5)
 
     def test_reseller_admin_is_owner(self):
         orig_authorize = self.test_auth.authorize