aleph-im · nesitor · Apr 8, 2025 · Mar 28, 2025
diff --git a/src/aleph/vm/orchestrator/views/authentication.py b/src/aleph/vm/orchestrator/views/authentication.py
@@ -234,13 +234,19 @@
     signed_operation = get_signed_operation(request)
     if signed_operation.content.domain != settings.DOMAIN_NAME:
         logger.debug(f"Invalid domain '{signed_operation.content.domain}' != '{settings.DOMAIN_NAME}'")
-        raise web.HTTPUnauthorized(reason="Invalid domain")
+        raise web.HTTPUnauthorized(
+            reason=f"Invalid domain: Signed: '{signed_operation.content.domain}' != Request: '{settings.DOMAIN_NAME}'"
+        )
     if signed_operation.content.path != request.path:
         logger.debug(f"Invalid path '{signed_operation.content.path}' != '{request.path}'")
-        raise web.HTTPUnauthorized(reason="Invalid path")
+        raise web.HTTPUnauthorized(
+            reason=f"Invalid path. Signed: '{signed_operation.content.path}' !=  requested path: '{request.path}'"
+        )
     if signed_operation.content.method != request.method:
         logger.debug(f"Invalid method '{signed_operation.content.method}' != '{request.method}'")
-        raise web.HTTPUnauthorized(reason="Invalid method")
+        raise web.HTTPUnauthorized(
+            reason=f"Invalid method. Signed: '{signed_operation.content.method}' !=  request:'{request.method}"
+        )
     return verify_signed_operation(signed_operation, signed_pubkey)
 
 

diff --git a/tests/supervisor/test_authentication.py b/tests/supervisor/test_authentication.py
@@ -194,7 +194,7 @@ async def view(request, authenticated_sender):
     assert resp.status == 401, await resp.text()
 
     r = await resp.json()
-    assert {"error": "Invalid domain"} == r
+    assert {"error": "Invalid domain: Signed: 'baddomain' != Request: 'localhost'"} == r
 
 
 @pytest.mark.asyncio