From 62c5df8172c9f2e26f1d871060fa480d5b6c40a1 Mon Sep 17 00:00:00 2001
From: snaerseljan <snaerth@gmail.com>
Date: Mon, 16 Dec 2024 15:33:09 +0000
Subject: [PATCH] refactor(auth): improve cache handling and documentation

Enhance the cache retrieval logic in the AuthController test to
improve readability. Update the documentation in AuthService to
provide clearer explanations of scenarios where a login attempt
cache entry may not be found. This includes specifying the
conditions for cache expiration and the recovery process for
login attempts, ensuring better understanding for future
developers.
---
 .../app/modules/auth/auth.controller.spec.ts  |  5 +++-
 .../bff/src/app/modules/auth/auth.service.ts  | 23 ++++++++++---------
 2 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/apps/services/bff/src/app/modules/auth/auth.controller.spec.ts b/apps/services/bff/src/app/modules/auth/auth.controller.spec.ts
index 924cbb415cdb..123ce44ac1ec 100644
--- a/apps/services/bff/src/app/modules/auth/auth.controller.spec.ts
+++ b/apps/services/bff/src/app/modules/auth/auth.controller.spec.ts
@@ -561,7 +561,10 @@ describe('AuthController', () => {
       mockCacheManagerValue.set(currentKey, cachedData)
 
       getCacheSpy.mockImplementation((key) => {
-        if (key === currentKey) return Promise.resolve(cachedData)
+        if (key === currentKey) {
+          return Promise.resolve(cachedData)
+        }
+
         return Promise.resolve(null)
       })
 
diff --git a/apps/services/bff/src/app/modules/auth/auth.service.ts b/apps/services/bff/src/app/modules/auth/auth.service.ts
index a714b87a8875..47a3b7e4cb05 100644
--- a/apps/services/bff/src/app/modules/auth/auth.service.ts
+++ b/apps/services/bff/src/app/modules/auth/auth.service.ts
@@ -243,18 +243,19 @@ export class AuthService {
   }
 
   /**
-   * Handles cases where a login attempt is no longer available in the cache.
-   * This can happen in atleast three scenarios:
-   * 1. The cache key has expired
-   * 2. The cache key has been deleted
-   * 3. User pressed the back button and the cache key has already been deleted. TODO make better explanation
+   * Handles cases where a login attempt cache entry is not found during the callback phase.
+   * This typically occurs in one of these scenarios:
    *
-   * The method attempts to recover by:
-   * 1. Checking if there's an active possible older session
-   * 2. If found, looking up the original login attempt data from the current session
-   * 3. Redirecting the user to either:
-   *    - The original target URL if the login attempt data is found
-   *    - An error page if no recovery is possible
+   * 1. The login attempt cache has expired (TTL exceeded).
+   * 2. The cache entry was deleted.
+   * 3. The user attempted to reuse a callback URL after a successful login
+   *    (e.g., by using browser back button after logging in)
+   *
+   * Recovery process:
+   * 1. Checks if there's an existing active session (via session cookie)
+   * 2. If a session exists, looks for the original login attempt data in that session
+   * 3. If found, returns a 409 Conflict indicating multiple session attempt
+   * 4. If no recovery is possible, redirects to error page
    */
   private async handleMissingLoginAttempt({
     req,