# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1667816502 0
# Node ID dda2af7ed02fbd7448cb7b6bdbc179628554b3c6
# Parent  4837232474ca05a045d44fbbe1367a04dce090b6
mod_sasl2_fast: Add more debug logging

diff -r 4837232474ca -r dda2af7ed02f mod_sasl2_fast/mod_sasl2_fast.lua
--- a/mod_sasl2_fast/mod_sasl2_fast.lua	Mon Nov 07 10:21:18 2022 +0000
+++ b/mod_sasl2_fast/mod_sasl2_fast.lua	Mon Nov 07 10:21:42 2022 +0000
@@ -47,6 +47,7 @@
 				if hash.equals(expected_hash, token_hash) then
 					local current_time = now();
 					if token.expires_at < current_time then
+						log("debug", "Token found, but it has expired (%ds ago). Cleaning up...", current_time - token.expires_at);
 						token_store:set(username, key, nil);
 						return nil, "credentials-expired";
 					end
@@ -61,6 +62,7 @@
 					if invalidate then
 						token_store:set(username, key, nil);
 					elseif current_time - token.issued_at > fast_token_min_ttl then
+						log("debug", "FAST token due for rotation (age: %d)", current_time - token.issued_at);
 						rotation_needed = true;
 					end
 					return true, username, hmac_f(token.secret, "Responder"..cb_data), rotation_needed;