From 35f8e6bfdecf3cab67409c3d71b703fe8f20bd74 Mon Sep 17 00:00:00 2001
From: jasquat <jasquat@users.noreply.github.com>
Date: Tue, 14 Feb 2023 09:59:29 -0500
Subject: [PATCH] add in debug logging when failing to login to help debug auth
 failures

---
 .../realm_exports/spiffworkflow-realm.json        |  2 +-
 .../routes/process_instances_controller.py        |  1 -
 .../src/spiffworkflow_backend/routes/user.py      |  4 ++--
 .../services/authentication_service.py            | 15 ++++++++++-----
 4 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/spiffworkflow-backend/keycloak/realm_exports/spiffworkflow-realm.json b/spiffworkflow-backend/keycloak/realm_exports/spiffworkflow-realm.json
index ddc8eefb2..4e3a82b78 100644
--- a/spiffworkflow-backend/keycloak/realm_exports/spiffworkflow-realm.json
+++ b/spiffworkflow-backend/keycloak/realm_exports/spiffworkflow-realm.json
@@ -3670,4 +3670,4 @@
   "clientPolicies" : {
     "policies" : [ ]
   }
-}
\ No newline at end of file
+}
diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/routes/process_instances_controller.py b/spiffworkflow-backend/src/spiffworkflow_backend/routes/process_instances_controller.py
index 61d3eb597..c085c9e99 100644
--- a/spiffworkflow-backend/src/spiffworkflow_backend/routes/process_instances_controller.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/routes/process_instances_controller.py
@@ -577,7 +577,6 @@ def process_instance_task_list(
     subprocess_state_overrides = {}
     for step_detail in step_details:
         if step_detail.task_id in tasks:
-            # task_ids_in_use.append(step_detail.task_id)
             task_data = (
                 step_detail.task_json["task_data"] | step_detail.task_json["python_env"]
             )
diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py b/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py
index a86e48bea..08727bdd8 100644
--- a/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py
@@ -1,7 +1,5 @@
 """User."""
 import ast
-from flask import make_response
-from flask import jsonify
 import base64
 import json
 import re
@@ -14,6 +12,8 @@ import flask
 import jwt
 from flask import current_app
 from flask import g
+from flask import jsonify
+from flask import make_response
 from flask import redirect
 from flask import request
 from werkzeug.wrappers import Response
diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py
index 5c9c47082..1e54bdfd3 100644
--- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py
@@ -175,13 +175,18 @@ class AuthenticationService:
         elif now < decoded_token["iat"]:
             valid = False
 
-        if not valid:
-            return False
-
-        if now > decoded_token["exp"]:
+        if valid and now > decoded_token["exp"]:
             raise TokenExpiredError("Your token is expired. Please Login")
+        else:
+            current_app.logger.error(
+                "TOKEN INVALID: details: "
+                f"DECODED_TOKEN: {decoded_token} "
+                f"SERVER_URL: {cls.server_url()} "
+                f"CLIENT_ID: {cls.client_id()} "
+                f"NOW: {now}"
+            )
 
-        return True
+        return valid
 
     @staticmethod
     def store_refresh_token(user_id: int, refresh_token: str) -> None: