refactor: improve error handling and user message integration in 2FA code resend

pcrespov · pcrespov · commit 3d0dffc665e6 · 2025-07-18T19:19:36.000+02:00
diff --git a/services/web/server/src/simcore_service_webserver/login/_controller/rest/twofa.py b/services/web/server/src/simcore_service_webserver/login/_controller/rest/twofa.py
@@ -2,9 +2,9 @@
 
 from aiohttp import web
 from aiohttp.web import RouteTableDef
+from common_library.user_messages import user_message
 from servicelib.aiohttp import status
 from servicelib.aiohttp.requests_validation import parse_request_body_as
-from servicelib.mimetype_constants import MIMETYPE_APPLICATION_JSON
 
 from ....products import products_web
 from ....products.models import Product
@@ -44,14 +44,11 @@ async def resend_2fa_code(request: web.Request):
 
     user = await _auth_service.get_user_or_none(request.app, email=resend_2fa_.email)
     if not user:
-        raise web.HTTPUnauthorized(
-            text=MSG_UNKNOWN_EMAIL, content_type=MIMETYPE_APPLICATION_JSON
-        )
+        raise web.HTTPUnauthorized(text=MSG_UNKNOWN_EMAIL)
 
     if not settings.LOGIN_2FA_REQUIRED:
         raise web.HTTPServiceUnavailable(
-            text="2FA login is not available",
-            content_type=MIMETYPE_APPLICATION_JSON,
+            text=user_message("2FA login is not available")
         )
 
     # Already a code?
@@ -75,8 +72,14 @@ async def resend_2fa_code(request: web.Request):
 
     # sends via SMS
     if resend_2fa_.via == "SMS":
+        user_phone_number = user.get("phone")
+        if not user_phone_number:
+            raise web.HTTPBadRequest(
+                text=user_message("User does not have a phone number registered")
+            )
+
         await _twofa_service.send_sms_code(
-            phone_number=user["phone"],
+            phone_number=user_phone_number,
             code=code,
             twilio_auth=settings.LOGIN_TWILIO,
             twilio_messaging_sid=product.twilio_messaging_sid,
@@ -90,7 +93,7 @@ async def resend_2fa_code(request: web.Request):
                 "name": CODE_2FA_SMS_CODE_REQUIRED,
                 "parameters": {
                     "message": MSG_2FA_CODE_SENT.format(
-                        phone_number=_twofa_service.mask_phone_number(user["phone"])
+                        phone_number=_twofa_service.mask_phone_number(user_phone_number)
                     ),
                     "expiration_2fa": settings.LOGIN_2FA_CODE_EXPIRATION_SEC,
                 },
