From 83079555fbcf9081632fb6a7f5d95d5f77fd3f01 Mon Sep 17 00:00:00 2001
From: JR Conlin <jconlin+git@mozilla.com>
Date: Wed, 8 May 2024 18:47:33 -0700
Subject: [PATCH] feat/SYNC-4244_stale (#1546)

* feat: log bad client state to stderr & metrics

Closes: SYNC-4244
---
 syncserver/src/tokenserver/extractors.rs | 1 +
 tokenserver-common/src/error.rs          | 8 ++++++++
 tokenserver-db/src/lib.rs                | 2 ++
 tokenserver-db/src/models.rs             | 8 ++++++--
 4 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/syncserver/src/tokenserver/extractors.rs b/syncserver/src/tokenserver/extractors.rs
index a250812aff..385f5f3828 100644
--- a/syncserver/src/tokenserver/extractors.rs
+++ b/syncserver/src/tokenserver/extractors.rs
@@ -113,6 +113,7 @@ impl TokenserverRequest {
             .contains(&self.auth_data.client_state)
         {
             let error_message = "Unacceptable client-state value stale value".to_owned();
+            warn!("Client attempted stale value"; "uid"=> self.user.uid, "client_state"=> self.user.client_state.clone());
             return Err(TokenserverError::invalid_client_state(error_message));
         }
 
diff --git a/tokenserver-common/src/error.rs b/tokenserver-common/src/error.rs
index 1f7dcf31ff..67c0586252 100644
--- a/tokenserver-common/src/error.rs
+++ b/tokenserver-common/src/error.rs
@@ -271,6 +271,14 @@ impl ReportableError for TokenserverError {
                 TokenType::BrowserId => Some("request.error.browser_id".to_owned()),
                 TokenType::Oauth => Some("request.error.oauth".to_owned()),
             }
+        } else if matches!(
+            self,
+            TokenserverError {
+                status: "invalid-client-state",
+                ..
+            }
+        ) {
+            Some("request.error.invalid_client_state".to_owned())
         } else {
             None
         }
diff --git a/tokenserver-db/src/lib.rs b/tokenserver-db/src/lib.rs
index 1b9f86c623..34447c3d59 100644
--- a/tokenserver-db/src/lib.rs
+++ b/tokenserver-db/src/lib.rs
@@ -1,6 +1,8 @@
 extern crate diesel;
 #[macro_use]
 extern crate diesel_migrations;
+#[macro_use]
+extern crate slog_scope;
 
 mod error;
 pub mod mock;
diff --git a/tokenserver-db/src/models.rs b/tokenserver-db/src/models.rs
index e78328319a..44817f1031 100644
--- a/tokenserver-db/src/models.rs
+++ b/tokenserver-db/src/models.rs
@@ -389,7 +389,7 @@ impl TokenserverDb {
             let raw_user = raw_users[0].clone();
 
             // Collect any old client states that differ from the current client state
-            let old_client_states = {
+            let old_client_states: Vec<String> = {
                 raw_users[1..]
                     .iter()
                     .map(|user| user.client_state.clone())
@@ -463,7 +463,11 @@ impl TokenserverDb {
                 // The most up-to-date user doesn't have a node and is retired. This is an internal
                 // service error for compatibility reasons (the legacy Tokenserver returned an
                 // internal service error in this situation).
-                (_, None) => Err(DbError::internal("Tokenserver user retired".to_owned())),
+                (_, None) => {
+                    let uid = raw_user.uid;
+                    warn!("Tokenserver user retired"; "uid" => &uid);
+                    Err(DbError::internal("Tokenserver user retired".to_owned()))
+                }
             }
         }
     }