Merge pull request #171 from scitokens/copilot/fix-07c9230f-8c76-419b-8142-c13e76deeec2

Fix float time claims handling and improve error messages in scitoken_get_expiration

Author: djw8605

src/scitokens.cpp

@@ -217,6 +217,18 @@ void scitoken_free_string_list(char **value) {
 
 int scitoken_get_expiration(const SciToken token, long long *expiry,
                             char **err_msg) {
+    if (!token) {
+        if (err_msg) {
+            *err_msg = strdup("Token cannot be NULL");
+        }
+        return -1;
+    }
+    if (!expiry) {
+        if (err_msg) {
+            *err_msg = strdup("Expiry output parameter cannot be NULL");
+        }
+        return -1;
+    }
     scitokens::SciToken *real_token =
         reinterpret_cast<scitokens::SciToken *>(token);
     if (!real_token->has_claim("exp")) {
@@ -226,7 +238,21 @@ int scitoken_get_expiration(const SciToken token, long long *expiry,
 
     long long result;
     try {
-        result = real_token->get_claim("exp").to_json().get<int64_t>();
+        auto claim_value = real_token->get_claim("exp").to_json();
+        if (claim_value.is<int64_t>()) {
+            // Integer value
+            result = claim_value.get<int64_t>();
+        } else if (claim_value.is<double>()) {
+            // Float value - convert to integer (truncate)
+            // Float value - convert to integer using std::floor().
+            // This ensures expiration is not extended by fractional seconds.
+            result = static_cast<long long>(std::floor(claim_value.get<double>()));
+        } else {
+            if (err_msg) {
+                *err_msg = strdup("'exp' claim must be a number (integer or float)");
+            }
+            return -1;
+        }
     } catch (std::exception &exc) {
         if (err_msg) {
             *err_msg = strdup(exc.what());

test/main.cpp

@@ -502,6 +502,41 @@ TEST_F(SerializeTest, ExplicitTime) {
     enforcer_destroy(enforcer);
 }
 
+TEST_F(SerializeTest, GetExpirationErrorHandling) {
+    char *err_msg = nullptr;
+    
+    // Test NULL token handling
+    long long expiry;
+    auto rv = scitoken_get_expiration(nullptr, &expiry, &err_msg);
+    ASSERT_FALSE(rv == 0);
+    ASSERT_TRUE(err_msg != nullptr);
+    EXPECT_STREQ(err_msg, "Token cannot be NULL");
+    free(err_msg);
+    err_msg = nullptr;
+    
+    // Test NULL expiry parameter handling  
+    rv = scitoken_get_expiration(m_token.get(), nullptr, &err_msg);
+    ASSERT_FALSE(rv == 0);
+    ASSERT_TRUE(err_msg != nullptr);
+    EXPECT_STREQ(err_msg, "Expiry output parameter cannot be NULL");
+    free(err_msg);
+    err_msg = nullptr;
+    
+    // Test normal operation works
+    char *token_value = nullptr;
+    rv = scitoken_serialize(m_token.get(), &token_value, &err_msg);
+    ASSERT_TRUE(rv == 0) << err_msg;
+    
+    rv = scitoken_deserialize_v2(token_value, m_read_token.get(), nullptr, &err_msg);
+    ASSERT_TRUE(rv == 0) << err_msg;
+    
+    rv = scitoken_get_expiration(m_read_token.get(), &expiry, &err_msg);
+    ASSERT_TRUE(rv == 0) << err_msg;
+    ASSERT_TRUE(expiry > 0);
+    
+    free(token_value);
+}
+
 class SerializeNoKidTest : public ::testing::Test {
   protected:
     void SetUp() override {