Commits

Seb Ruiz committed a312094

Better error logging

  • Participants
  • Parent commits dbf3d07

Comments (0)

Files changed (1)

lib/middleware/authentication.js

             var expectedHash = jwt.createQueryStringHash(request, false);
             var signatureHashVerified = verifiedClaims.qsh === expectedHash;
             if (!signatureHashVerified) {
+                // Send the error message for the first verification - it's 90% more likely to be the one we want.
+                var error = 'Auth failure: Query hash mismatch: Received: "' + verifiedClaims.qsh + '" but calculated "' + expectedHash + '". ' +
+                                                   'Canonical query was: "' + jwt.createCanonicalRequest(request);
                 // If that didn't verify, it might be a post/put - check the request body too
                 expectedHash = jwt.createQueryStringHash(request, true);
                 signatureHashVerified = verifiedClaims.qsh === expectedHash;
                 if (!signatureHashVerified) {
-                    sendError(401, 'Query hash does not match. Received: "' + verifiedClaims.qsh + '" but calculated "' + expectedHash + '". ' +
-                                   'Canonical query was: "' + jwt.createCanonicalRequest(request) + '".');
+                    addon.logger.error(error);
+                    sendError(401, 'Authentication failed: query hash does not match.');
                     return;
                 }
             }