From b73d9e38c10dec1bf7e721b4a3543a2f4c5df3a5 Mon Sep 17 00:00:00 2001
From: Roberto Tyley <52038+rtyley@users.noreply.github.com>
Date: Wed, 18 Sep 2024 17:05:47 +0100
Subject: [PATCH] Upgrade to Panda v7 - support key rotation

This upgrades Panda from v5 to v7, allowing us to use key rotation as
introduced with guardian/pan-domain-authentication#150.
---
 build.sbt                                                       | 2 +-
 .../lib/guardian/auth/PandaAuthenticationProvider.scala         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.sbt b/build.sbt
index 2063bd41bc..e1c6a9006f 100644
--- a/build.sbt
+++ b/build.sbt
@@ -69,7 +69,7 @@ val maybeBBCLib: Option[sbt.ProjectReference] = if(bbcBuildProcess) Some(bbcProj
 lazy val commonLib = project("common-lib").settings(
   libraryDependencies ++= Seq(
     "com.gu" %% "editorial-permissions-client" % "3.0.0",
-    "com.gu" %% "pan-domain-auth-play_2-8" % "4.0.0",
+    "com.gu" %% "pan-domain-auth-play_2-8" % "7.0.0",
     "com.amazonaws" % "aws-java-sdk-iam" % awsSdkVersion,
     "com.amazonaws" % "aws-java-sdk-s3" % awsSdkVersion,
     "com.amazonaws" % "aws-java-sdk-ec2" % awsSdkVersion,
diff --git a/rest-lib/src/main/scala/com/gu/mediaservice/lib/guardian/auth/PandaAuthenticationProvider.scala b/rest-lib/src/main/scala/com/gu/mediaservice/lib/guardian/auth/PandaAuthenticationProvider.scala
index c45b575adc..f0f0e44d91 100644
--- a/rest-lib/src/main/scala/com/gu/mediaservice/lib/guardian/auth/PandaAuthenticationProvider.scala
+++ b/rest-lib/src/main/scala/com/gu/mediaservice/lib/guardian/auth/PandaAuthenticationProvider.scala
@@ -49,7 +49,7 @@ class PandaAuthenticationProvider(
     val pandaStatus = extractAuth(request)
     val providerStatus = pandaStatus match {
       case PandaNotAuthenticated => NotAuthenticated
-      case PandaInvalidCookie(e) => Invalid("error checking user's auth, clear cookie and re-auth", Some(e))
+      case PandaInvalidCookie(e) => Invalid(s"error checking user's auth, clear cookie and re-auth (${e.getClass.getSimpleName})")
       case PandaExpired(authedUser) => Expired(gridUserFrom(authedUser.user, request))
       case PandaGracePeriod(authedUser) => Authenticated(gridUserFrom(authedUser.user, request))
       case PandaNotAuthorised(authedUser) => NotAuthorised(s"${authedUser.user.email} not authorised to use application")