Update based on PR review

supertokens · May 22, 2023 · 0f1e9d9 · 0f1e9d9
1 parent ba9608b
commit 0f1e9d9
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 0 deletions.
diff --git a/recipe/session/accessToken.go b/recipe/session/accessToken.go
@@ -178,41 +178,55 @@ func ValidateAccessTokenStructure(payload map[string]interface{}, version int) e
 	err := errors.New("Access token does not contain all the information. Maybe the structure has changed?")
 
 	if version >= 3 {
+		supertokens.LogDebugMessage("ValidateAccessTokenStructure: Access token is using version >= 3")
 		if _, ok := payload["sessionHandle"].(string); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: sessionHandle not found in JWT payload")
 			return err
 		}
 		if _, ok := payload["sub"].(string); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: sub claim not found in JWT payload")
 			return err
 		}
 		if _, ok := payload["refreshTokenHash1"].(string); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: refreshTokenHash1 not found in JWT payload")
 			return err
 		}
 		if _, ok := payload["exp"].(float64); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: exp claim not found in JWT payload")
 			return err
 		}
 		if _, ok := payload["iat"].(float64); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: iat claim not found in JWT payload")
 			return err
 		}
 	} else {
+		supertokens.LogDebugMessage("ValidateAccessTokenStructure: Access token is using version < 3")
 		if _, ok := payload["sessionHandle"].(string); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: sessionHandle not found in JWT payload")
 			return err
 		}
 		if _, ok := payload["userId"].(string); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: userId not found in JWT payload")
 			return err
 		}
 		if _, ok := payload["refreshTokenHash1"].(string); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: refreshTokenHash1 not found in JWT payload")
 			return err
 		}
 		if payload["userData"] == nil {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: userData not found in JWT payload")
 			return err
 		}
 		if _, ok := payload["userData"].(map[string]interface{}); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: userData is invalid in JWT payload")
 			return err
 		}
 		if _, ok := payload["expiryTime"].(float64); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: expiryTime not found in JWT payload")
 			return err
 		}
 		if _, ok := payload["timeCreated"].(float64); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: timeCreated not found in JWT payload")
 			return err
 		}
 	}

diff --git a/recipe/session/recipeImplementation.go b/recipe/session/recipeImplementation.go
@@ -176,6 +176,7 @@ func MakeRecipeImplementation(querier supertokens.Querier, config sessmodels.Typ
 
 	refreshSession := func(refreshToken string, antiCsrfToken *string, disableAntiCsrf bool, userContext supertokens.UserContext) (sessmodels.SessionContainer, error) {
 		if disableAntiCsrf != true && config.AntiCsrf == AntiCSRF_VIA_CUSTOM_HEADER {
+			supertokens.LogDebugMessage("refreshSession: Since the anti-csrf mode is VIA_CUSTOM_HEADER getSession can't check the CSRF token. Please either use VIA_TOKEN or set antiCsrfCheck to false")
 			return nil, defaultErrors.New("Since the anti-csrf mode is VIA_CUSTOM_HEADER getSession can't check the CSRF token. Please either use VIA_TOKEN or set antiCsrfCheck to false")
 		}
 
@@ -189,6 +190,7 @@ func MakeRecipeImplementation(querier supertokens.Querier, config sessmodels.Typ
 
 		responseToken, parseErr := ParseJWTWithoutSignatureVerification(response.AccessToken.Token)
 		if parseErr != nil {
+			supertokens.LogDebugMessage("refreshSession: Failed to parse access token")
 			return nil, err
 		}
 

diff --git a/recipe/session/sessionFunctions.go b/recipe/session/sessionFunctions.go
@@ -236,17 +236,20 @@ func refreshSessionHelper(config sessmodels.TypeNormalisedInput, querier superto
 
 	response, err := querier.SendPostRequest("/recipe/session/refresh", requestBody)
 	if err != nil {
+		supertokens.LogDebugMessage("refreshSessionHelper: Call to /recipe/session/refresh API failed")
 		return sessmodels.CreateOrRefreshAPIResponse{}, err
 	}
 	if response["status"] == "OK" {
 		delete(response, "status")
 		responseByte, err := json.Marshal(response)
 		if err != nil {
+			supertokens.LogDebugMessage("refreshSessionHelper: Could not parse response from /recipe/session/refresh API")
 			return sessmodels.CreateOrRefreshAPIResponse{}, err
 		}
 		var result sessmodels.CreateOrRefreshAPIResponse
 		err = json.Unmarshal(responseByte, &result)
 		if err != nil {
+			supertokens.LogDebugMessage("refreshSessionHelper: Could not decode response from /recipe/session/refresh API")
 			return sessmodels.CreateOrRefreshAPIResponse{}, err
 		}
 		return result, nil
@@ -379,18 +382,21 @@ func regenerateAccessTokenHelper(querier supertokens.Querier, newAccessTokenPayl
 		"userDataInJWT": newAccessTokenPayload,
 	})
 	if err != nil {
+		supertokens.LogDebugMessage("regenerateAccessTokenHelper: Call to /recipe/session/regenerate failed")
 		return nil, err
 	}
 	if response["status"].(string) == errors.UnauthorizedErrorStr {
 		return nil, nil
 	}
 	responseByte, err := json.Marshal(response)
 	if err != nil {
+		supertokens.LogDebugMessage("regenerateAccessTokenHelper: Failed to parse response from core")
 		return nil, err
 	}
 	var resp sessmodels.RegenerateAccessTokenResponse
 	err = json.Unmarshal(responseByte, &resp)
 	if err != nil {
+		supertokens.LogDebugMessage("regenerateAccessTokenHelper: Failed to decode response from core")
 		return nil, err
 	}
 	return &resp, nil