(MAINT) Add token authenticate endpoint (#87)

puppetlabs · Jun 16, 2023 · c5ba452 · c5ba452
1 parent be082e2
commit c5ba452
Show file tree

Hide file tree

Showing 4 changed files with 68 additions and 1 deletion.
diff --git a/pkg/rbac/testdata/apidocs/AuthenticateRBACToken-request.json b/pkg/rbac/testdata/apidocs/AuthenticateRBACToken-request.json
@@ -0,0 +1,4 @@
+{
+  "token": "blah",
+  "update_last_activity?":false
+}
diff --git a/pkg/rbac/testdata/apidocs/AuthenticateRBACToken-response.json b/pkg/rbac/testdata/apidocs/AuthenticateRBACToken-response.json
@@ -0,0 +1,5 @@
+{
+  "description": "abc",
+  "role_ids": [1,2,3],
+  "user_id": "abc"
+}
diff --git a/pkg/rbac/token.go b/pkg/rbac/token.go
@@ -1,7 +1,8 @@
 package rbac
 
 const (
-	requestAuthTokenURI = "/rbac-api/v1/auth/token" // #nosec - this is the uri to get RBAC tokens
+	requestAuthTokenURI  = "/rbac-api/v1/auth/token"              // #nosec - this is the uri to g et RBAC tokens
+	tokenAuthenticateURI = "/rbac-api/v2/auth/token/authenticate" // #nosec - this is the uri to authenticate RBAC tokens
 )
 
 // GetRBACToken returns an auth token given user/password information
@@ -23,6 +24,27 @@ func (c *Client) GetRBACToken(authRequest *RequestKeys) (*Token, error) {
 	return &payload, nil
 }
 
+// AuthenticateRBACToken returns a response with the token details or errors otherwise.
+func (c *Client) AuthenticateRBACToken(token string) (*AuthenticateResponse, error) {
+	authenticateRequest := &AuthenticateRequest{Token: token}
+
+	payload := AuthenticateResponse{}
+	r, err := c.resty.R().
+		SetResult(&payload).
+		SetBody(authenticateRequest).
+		Post(tokenAuthenticateURI)
+	if err != nil {
+		return nil, FormatError(r, err.Error())
+	}
+	if r.IsError() {
+		if r.Error() != nil {
+			return nil, FormatError(r)
+		}
+		return nil, FormatError(r)
+	}
+	return &payload, nil
+}
+
 // Token is the returned auth token
 type Token struct {
 	Token string `json:"token"`
@@ -37,3 +59,18 @@ type RequestKeys struct {
 	Client      string `json:"client,omitempty"`
 	Label       string `json:"label,omitempty"`
 }
+
+// AuthenticateRequest will hold the request needed for an authenticate.
+type AuthenticateRequest struct {
+	Token              string `json:"token"`
+	UpdateLastActivity bool   `json:"update_last_activity?"`
+}
+
+// AuthenticateResponse will hold the response from an authenticate.
+type AuthenticateResponse struct {
+	Description string `json:"description"`
+	Login       string `json:"login"`
+	RoleIDs     []int  `json:"role_ids"`
+	UserID      string `json:"user_id"`
+	DisplayName string `json:"display_name"`
+}
diff --git a/pkg/rbac/token_test.go b/pkg/rbac/token_test.go
@@ -28,3 +28,24 @@ func TestGetRBACToken(t *testing.T) {
 	require.Nil(t, actual)
 	require.Equal(t, expectedError, err)
 }
+
+func TestAuthenticateRBACToken(t *testing.T) {
+	// Test success
+	setupPostResponder(t, tokenAuthenticateURI, "AuthenticateRBACToken-request.json",
+		"AuthenticateRBACToken-response.json")
+
+	expectedResponse := &AuthenticateResponse{
+		UserID:      "abc",
+		Description: "abc",
+		RoleIDs:     []int{1, 2, 3},
+	}
+	actual, err := rbacClient.AuthenticateRBACToken("blah")
+	require.Nil(t, err)
+	require.Equal(t, expectedResponse, actual)
+
+	// Test error
+	setUpBadRequestResponder(t, http.MethodPost, tokenAuthenticateURI)
+	actual, err = rbacClient.AuthenticateRBACToken("blah")
+	require.Nil(t, actual)
+	require.Equal(t, expectedError, err)
+}