From 61c51b14560fab1b670a588ac1b85cb201d36992 Mon Sep 17 00:00:00 2001
From: Roberto Tyley <52038+rtyley@users.noreply.github.com>
Date: Wed, 18 Sep 2024 17:05:47 +0100
Subject: [PATCH] Upgrade to Panda v7 - support key rotation

This upgrades Panda from v5 to v7, allowing us to use key rotation as
introduced with guardian/pan-domain-authentication#150.
---
 build.sbt                                                  | 7 +++----
 .../lib/guardian/auth/PandaAuthenticationProvider.scala    | 2 +-
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/build.sbt b/build.sbt
index 8b4748f518..899e8b801f 100644
--- a/build.sbt
+++ b/build.sbt
@@ -69,7 +69,7 @@ val maybeBBCLib: Option[sbt.ProjectReference] = if(bbcBuildProcess) Some(bbcProj
 lazy val commonLib = project("common-lib").settings(
   libraryDependencies ++= Seq(
     "com.gu" %% "editorial-permissions-client" % "3.0.0",
-    "com.gu" %% "pan-domain-auth-play_2-8" % "4.0.0",
+    "com.gu" %% "pan-domain-auth-play_2-8" % "7.0.0",
     "com.amazonaws" % "aws-java-sdk-iam" % awsSdkVersion,
     "com.amazonaws" % "aws-java-sdk-s3" % awsSdkVersion,
     "com.amazonaws" % "aws-java-sdk-ec2" % awsSdkVersion,
@@ -244,9 +244,8 @@ def playProject(projectName: String, port: Int, path: Option[String] = None): Pr
         "-Dpidfile.path=/dev/null",
         s"-Dconfig.file=/usr/share/$projectName/conf/application.conf",
         s"-Dlogger.file=/usr/share/$projectName/conf/logback.xml",
-        "-J-XX:+PrintGCDetails",
-        "-J-XX:+PrintGCDateStamps",
-        s"-J-Xloggc:/var/log/$projectName/gc.log",
+        "-J-Xlog:gc*",
+        s"-J-Xlog:gc:/var/log/$projectName/gc.log",
         "-J-XX:+UseGCLogFileRotation",
         "-J-XX:NumberOfGCLogFiles=5",
         "-J-XX:GCLogFileSize=2M"
diff --git a/rest-lib/src/main/scala/com/gu/mediaservice/lib/guardian/auth/PandaAuthenticationProvider.scala b/rest-lib/src/main/scala/com/gu/mediaservice/lib/guardian/auth/PandaAuthenticationProvider.scala
index c45b575adc..f0f0e44d91 100644
--- a/rest-lib/src/main/scala/com/gu/mediaservice/lib/guardian/auth/PandaAuthenticationProvider.scala
+++ b/rest-lib/src/main/scala/com/gu/mediaservice/lib/guardian/auth/PandaAuthenticationProvider.scala
@@ -49,7 +49,7 @@ class PandaAuthenticationProvider(
     val pandaStatus = extractAuth(request)
     val providerStatus = pandaStatus match {
       case PandaNotAuthenticated => NotAuthenticated
-      case PandaInvalidCookie(e) => Invalid("error checking user's auth, clear cookie and re-auth", Some(e))
+      case PandaInvalidCookie(e) => Invalid(s"error checking user's auth, clear cookie and re-auth (${e.getClass.getSimpleName})")
       case PandaExpired(authedUser) => Expired(gridUserFrom(authedUser.user, request))
       case PandaGracePeriod(authedUser) => Authenticated(gridUserFrom(authedUser.user, request))
       case PandaNotAuthorised(authedUser) => NotAuthorised(s"${authedUser.user.email} not authorised to use application")