refactor(auth): improve cache handling and documentation

Enhance the cache retrieval logic in the AuthController test to improve readability. Update the documentation in AuthService to provide clearer explanations of scenarios where a login attempt cache entry may not be found. This includes specifying the conditions for cache expiration and the recovery process for login attempts, ensuring better understanding for future developers.
island-is · Dec 16, 2024 · 62c5df8 · 62c5df8
1 parent 287b83e
commit 62c5df8
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 12 deletions.
diff --git a/apps/services/bff/src/app/modules/auth/auth.controller.spec.ts b/apps/services/bff/src/app/modules/auth/auth.controller.spec.ts
@@ -561,7 +561,10 @@ describe('AuthController', () => {
       mockCacheManagerValue.set(currentKey, cachedData)
 
       getCacheSpy.mockImplementation((key) => {
-        if (key === currentKey) return Promise.resolve(cachedData)
+        if (key === currentKey) {
+          return Promise.resolve(cachedData)
+        }
+
         return Promise.resolve(null)
       })
 

diff --git a/apps/services/bff/src/app/modules/auth/auth.service.ts b/apps/services/bff/src/app/modules/auth/auth.service.ts
@@ -243,18 +243,19 @@ export class AuthService {
   }
 
   /**
-   * Handles cases where a login attempt is no longer available in the cache.
-   * This can happen in atleast three scenarios:
-   * 1. The cache key has expired
-   * 2. The cache key has been deleted
-   * 3. User pressed the back button and the cache key has already been deleted. TODO make better explanation
+   * Handles cases where a login attempt cache entry is not found during the callback phase.
+   * This typically occurs in one of these scenarios:
    *
-   * The method attempts to recover by:
-   * 1. Checking if there's an active possible older session
-   * 2. If found, looking up the original login attempt data from the current session
-   * 3. Redirecting the user to either:
-   *    - The original target URL if the login attempt data is found
-   *    - An error page if no recovery is possible
+   * 1. The login attempt cache has expired (TTL exceeded).
+   * 2. The cache entry was deleted.
+   * 3. The user attempted to reuse a callback URL after a successful login
+   *    (e.g., by using browser back button after logging in)
+   *
+   * Recovery process:
+   * 1. Checks if there's an existing active session (via session cookie)
+   * 2. If a session exists, looks for the original login attempt data in that session
+   * 3. If found, returns a 409 Conflict indicating multiple session attempt
+   * 4. If no recovery is possible, redirects to error page
    */
   private async handleMissingLoginAttempt({
     req,