add more claims to pandata_token

closes CORE-1478 test plan: no regressions with the pandata_token endpoint Change-Id: I4e75bdd724418d2b40131df153d7d2df80d075cb Reviewed-on: https://gerrit.instructure.com/152119 Reviewed-by: Cameron Sutter <csutter@instructure.com> Tested-by: Jenkins Product-Review: Simon Williams <simon@instructure.com> QA-Review: Simon Williams <simon@instructure.com>
2018-05-31 16:00:55 -06:00 · 2018-05-31 16:00:55 -06:00 · e5414f7d23
parent a84ad6bd80
commit e5414f7d23
2 changed files with 22 additions and 7 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -2206,7 +2206,8 @@ class UsersController < ApplicationController

  # @API Get a Pandata jwt token and its expiration date
  #
-  # Returns a jwt token that can be used to send events to Pandata.
+  # Returns a jwt auth and props token that can be used to send events to
+  # Pandata.
  #
  # NOTE: This is currently only available to the mobile developer keys.
  #
@ -2221,7 +2222,8 @@ class UsersController < ApplicationController
  #
  # @example_response
  #   {
-  #     "token": "wek23klsdnsoieioeoi3of9deeo8r8eo8fdn",
+  #     "auth_token": "wek23klsdnsoieioeoi3of9deeo8r8eo8fdn",
+  #     "props_token": "paowinefopwienpfiownepfiownepfownef",
  #     "expires_at": 1521667783000,
  #   }
  def pandata_token
@ -2247,15 +2249,27 @@ class UsersController < ApplicationController
    end

    expires_at = Time.zone.now + 1.day.to_i
-    body = {
+    auth_body = {
      iss: key,
      exp: expires_at.to_i,
      aud: 'PANDATA',
-      sub: @current_user.global_id
+      sub: @current_user.global_id,
    }

-    token = Canvas::Security.create_jwt(body, expires_at, sekrit)
-    render json: { token: token, expires_at: expires_at.to_f * 1000 }
+    props_body = {
+      user_id: @current_user.global_id,
+      shard: @domain_root_account.shard.id,
+      root_account_id: @domain_root_account.local_id,
+      root_account_uuid: @domain_root_account.uuid
+    }
+
+    auth_token = Canvas::Security.create_jwt(auth_body, expires_at, sekrit)
+    props_token = Canvas::Security.create_jwt(props_body, nil, sekrit)
+    render json: {
+      auth_token: auth_token,
+      props_token: props_token,
+      expires_at: expires_at.to_f * 1000
+    }
  end

  protected
--- a/spec/apis/v1/users_api_spec.rb
+++ b/spec/apis/v1/users_api_spec.rb
@ -2111,7 +2111,8 @@ describe "Users API", type: :request do
          { controller: 'users', action: 'pandata_token', format:'json', id: @user.to_param },
          { app_key: 'IOS_pandata_key'}
      )
-      expect(json['token']).to be_present
+      expect(json['auth_token']).to be_present
+      expect(json['props_token']).to be_present
      expect(json['expires_at']).to be_present
    end