Merge pull request #14 from Metaswitch/serde-auth

Add metadata about auth to Authorization
Metaswitch · Sep 6, 2017 · 07d460b · 07d460b
2 parents 76d7621 + 807294f
commit 07d460b
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 1 deletion.
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "swagger"
-version = "0.3.0"
+version = "0.4.0"
 authors = ["Metaswitch Networks Ltd"]
 license = "Apache-2.0"
 description = "A set of common utilities for Rust code generated by swagger-codegen"
@@ -23,3 +23,4 @@ serde_derive = { version = "1.0", optional = true }
 hyper = "0.10"
 base64 = "0.5"
 iron = "0.5"
+chrono = "0.4"
diff --git a/src/auth.rs b/src/auth.rs
@@ -1,6 +1,7 @@
 //! Authentication and authorization data structures
 
 use std::collections::BTreeSet;
+use chrono::{DateTime, Utc};
 use iron;
 use hyper;
 
@@ -17,8 +18,34 @@ pub enum Scopes {
 /// REST API authorization.
 #[derive(Clone, Debug, PartialEq)]
 pub struct Authorization {
+    /// Subject of the request.
     pub subject: String,
+
+    /// Authorization scopes available to the subject.
     pub scopes: Scopes,
+
+    /// The authentication mechanism that provided this authorization data.
+    ///
+    /// In cases where authentication is delegated to other microservices via
+    /// assertion headers, this field stores the original authentication
+    /// mechanism that initially authenticated the subject.
+    pub auth_type: String,
+
+    /// Issuer of this request.
+    ///
+    /// When a system is operating on behalf of a subject, the subject field
+    /// contains the subject of the request, while the issuer field contains
+    /// the system that issued the request.
+    pub issuer: Option<String>,
+
+    /// Expiry deadline for this authorization data.
+    ///
+    /// This is used when the authorization data is cached, used to start a
+    /// session, or is used to construct a token passed back to the client.
+    ///
+    /// A `None` indicates that this authorization data must not be cached, and
+    /// is considered only valid for the current request.
+    pub expiry_deadline: Option<DateTime<Utc>>,
 }
 impl iron::typemap::Key for Authorization {
     type Value = Authorization;
@@ -56,6 +83,9 @@ impl iron::middleware::BeforeMiddleware for AllowAllMiddleware {
         req.extensions.insert::<Authorization>(Authorization {
             subject: self.0.clone(),
             scopes: Scopes::All,
+            auth_type: "bypass".to_string(),
+            issuer: None,
+            expiry_deadline: None,
         });
         Ok(())
     }

diff --git a/src/lib.rs b/src/lib.rs
@@ -9,6 +9,7 @@ extern crate serde_json;
 #[macro_use]
 extern crate serde_derive;
 extern crate base64;
+extern crate chrono;
 
 #[macro_use]
 extern crate hyper;