lib/conjur/base.rb in conjur-api-4.10.1 vs lib/conjur/base.rb in conjur-api-4.10.2

@@ -1,7 +1,7 @@
 #
-# Copyright (C) 2013 Conjur Inc
+# Copyright (C) 2013-2014 Conjur Inc
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy of
 # this software and associated documentation files (the "Software"), to deal in
 # the Software without restriction, including without limitation the rights to
 # use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
@@ -19,10 +19,11 @@
 # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 require 'rest-client'
 require 'json'
 require 'base64'
+require 'wrong'
 
 require 'conjur/exists'
 require 'conjur/has_attributes'
 require 'conjur/has_owner'
 require 'conjur/path_based'
@@ -36,11 +37,12 @@
   class API
     include Escape
     include LogSource
     include StandardMethods
     include Cast
-    
+    include Wrong
+
     class << self
       # Parse a role id into [ account, 'roles', kind, id ]
       def parse_role_id(id)
         id = id.role if id.respond_to?(:role)
         if id.is_a?(Role)
@@ -105,17 +107,32 @@
     end
     
     def host
       self.class.host
     end
-    
+
     def token
+      @token = nil unless token_valid?
+
       @token ||= Conjur::API.authenticate(@username, @api_key)
+
+      assert { token_valid? }
+      return @token
     end
     
     # Authenticate the username and api_key to obtain a request token.
     # Tokens are cached by username for a short period of time.
     def credentials
       { headers: { authorization: "Token token=\"#{Base64.strict_encode64 token.to_json}\"" }, username: username }
     end
+
+    private
+
+    def token_valid?
+      return false unless @token
+      
+      # Actual token expiration is 8 minutes, but why cut it so close
+      expiration = 5.minutes
+      Time.now - Time.parse(@token['timestamp']) < expiration
+    end
   end
-end
\ No newline at end of file
+end