From 807294fd35aa91d5a0828e41797aa1505e202726 Mon Sep 17 00:00:00 2001
From: Robin McCorkell <robin.mccorkell@metaswitch.com>
Date: Thu, 31 Aug 2017 10:44:26 +0100
Subject: [PATCH] Add metadata about auth to Authorization

---
 Cargo.toml  |  3 ++-
 src/auth.rs | 30 ++++++++++++++++++++++++++++++
 src/lib.rs  |  1 +
 3 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/Cargo.toml b/Cargo.toml
index 948e53dfeb..86e80d0839 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "swagger"
-version = "0.3.0"
+version = "0.4.0"
 authors = ["Metaswitch Networks Ltd"]
 license = "Apache-2.0"
 description = "A set of common utilities for Rust code generated by swagger-codegen"
@@ -23,3 +23,4 @@ serde_derive = { version = "1.0", optional = true }
 hyper = "0.10"
 base64 = "0.5"
 iron = "0.5"
+chrono = "0.4"
diff --git a/src/auth.rs b/src/auth.rs
index 898acb8a36..b99ac21ec7 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -1,6 +1,7 @@
 //! Authentication and authorization data structures
 
 use std::collections::BTreeSet;
+use chrono::{DateTime, Utc};
 use iron;
 use hyper;
 
@@ -17,8 +18,34 @@ pub enum Scopes {
 /// REST API authorization.
 #[derive(Clone, Debug, PartialEq)]
 pub struct Authorization {
+    /// Subject of the request.
     pub subject: String,
+
+    /// Authorization scopes available to the subject.
     pub scopes: Scopes,
+
+    /// The authentication mechanism that provided this authorization data.
+    ///
+    /// In cases where authentication is delegated to other microservices via
+    /// assertion headers, this field stores the original authentication
+    /// mechanism that initially authenticated the subject.
+    pub auth_type: String,
+
+    /// Issuer of this request.
+    ///
+    /// When a system is operating on behalf of a subject, the subject field
+    /// contains the subject of the request, while the issuer field contains
+    /// the system that issued the request.
+    pub issuer: Option<String>,
+
+    /// Expiry deadline for this authorization data.
+    ///
+    /// This is used when the authorization data is cached, used to start a
+    /// session, or is used to construct a token passed back to the client.
+    ///
+    /// A `None` indicates that this authorization data must not be cached, and
+    /// is considered only valid for the current request.
+    pub expiry_deadline: Option<DateTime<Utc>>,
 }
 impl iron::typemap::Key for Authorization {
     type Value = Authorization;
@@ -56,6 +83,9 @@ impl iron::middleware::BeforeMiddleware for AllowAllMiddleware {
         req.extensions.insert::<Authorization>(Authorization {
             subject: self.0.clone(),
             scopes: Scopes::All,
+            auth_type: "bypass".to_string(),
+            issuer: None,
+            expiry_deadline: None,
         });
         Ok(())
     }
diff --git a/src/lib.rs b/src/lib.rs
index 77cc1be5b1..7b90174e92 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -9,6 +9,7 @@ extern crate serde_json;
 #[macro_use]
 extern crate serde_derive;
 extern crate base64;
+extern crate chrono;
 
 #[macro_use]
 extern crate hyper;