From b28788d708c74ef8e4c568420196327f76ca4391 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Sat, 14 Aug 2021 21:23:53 +0200
Subject: [PATCH] Improve logging when failing to authenticate ssowat cookies

---
 helpers.lua | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/helpers.lua b/helpers.lua
index 0ae6d33..349f3e1 100644
--- a/helpers.lua
+++ b/helpers.lua
@@ -237,15 +237,23 @@ function refresh_logged_in()
                             "|"..expireTime..
                             "|"..session_key)
                     is_logged_in = hash == authHash
-                    if not is_logged_in then
-                        logger.info("Hash "..authHash.." rejected for "..user.."@"..ngx.var.remote_addr)
-                    else
+                    if is_logged_in then
                         authUser = user
+                        return true
+                    else
+                        failReason = "Hash not matching"
                     end
-                    return is_logged_in
+                else
+                    failReason = "No {user}-password entry in cache"
                 end
+            else
+                failReason = "No session key"
             end
+        else
+            failReason = "Cookie expired"
         end
+        logger.debug("SSOwat cookies rejected for "..user.."@"..ngx.var.remote_addr.." : "..failReason)
+        return false
     end
 
     -- If client set the `Proxy-Authorization` header before reaching the SSO,