From be4d76e4f18cec51743cc31565e90092152c5bb3 Mon Sep 17 00:00:00 2001
From: Florian <florian.zechmeister@digitalservice.bund.de>
Date: Wed, 30 Oct 2024 01:46:59 +0100
Subject: [PATCH] Add logging for invalid callbacks

---
 .../service/subscriber/CallbackVerificationFilter.java   | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/main/java/de/bund/digitalservice/a2j/service/subscriber/CallbackVerificationFilter.java b/src/main/java/de/bund/digitalservice/a2j/service/subscriber/CallbackVerificationFilter.java
index 0c61669..8dd1ffb 100644
--- a/src/main/java/de/bund/digitalservice/a2j/service/subscriber/CallbackVerificationFilter.java
+++ b/src/main/java/de/bund/digitalservice/a2j/service/subscriber/CallbackVerificationFilter.java
@@ -1,5 +1,6 @@
 package de.bund.digitalservice.a2j.service.subscriber;
 
+import dev.fitko.fitconnect.api.domain.validation.ValidationResult;
 import dev.fitko.fitconnect.client.SenderClient;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
@@ -42,15 +43,17 @@ protected void doFilterInternal(
     String requestBody =
         new String(wrappedRequest.getContentAsByteArray(), request.getCharacterEncoding());
 
-    if (!senderClient
+    ValidationResult result = senderClient
         .validateCallback(
             request.getHeader("callback-authentication"),
             Long.parseLong(request.getHeader("callback-timestamp")),
             requestBody,
-            callbackSecret)
-        .isValid()) {
+            callbackSecret);
 
+    if (!result.isValid()) {
       logger.info("Received invalid fit-connect callback");
+      logger.info(result.getProblems().toString());
+      logger.info(result.getError().getMessage());
       response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
       return;
     }