draft implementation

Author: pcrespov

services/web/server/src/simcore_service_webserver/users/_controller/rest/users_rest.py

@@ -2,6 +2,7 @@
 from contextlib import suppress
 
 from aiohttp import web
+from common_library.user_messages import user_message
 from models_library.api_schemas_webserver.users import (
     MyPhoneConfirm,
     MyPhoneRegister,
@@ -25,13 +26,19 @@
 from ....products import products_web
 from ....products.models import Product
 from ....security.decorators import permission_required
+from ....session.api import get_session
 from ....utils_aiohttp import envelope_json_response
 from ... import _users_service
 from ._rest_exceptions import handle_rest_requests_exceptions
 from ._rest_schemas import UsersRequestContext
 
 _logger = logging.getLogger(__name__)
 
+# Phone registration session keys
+_PHONE_REGISTRATION_KEY = "phone_registration"
+_PHONE_PENDING_KEY = "phone_pending"
+_PHONE_CODE_KEY = "phone_code"
+_PHONE_CODE_VALUE_FAKE = "123456"
 
 routes = web.RouteTableDef()
 
@@ -104,9 +111,21 @@ async def my_phone_register(request: web.Request) -> web.Response:
     req_ctx = UsersRequestContext.model_validate(request)
     phone_register = await parse_request_body_as(MyPhoneRegister, request)
 
-    # NOTE: Implementation will be added in next PR
-    msg = "Phone registration not yet implemented"
-    raise NotImplementedError(msg)
+    session = await get_session(request)
+
+    # Store phone registration state in session
+    session[_PHONE_REGISTRATION_KEY] = {
+        "user_id": req_ctx.user_id,
+        "phone": phone_register.phone,
+        "status": "pending_confirmation",
+    }
+
+    # NOTE: In real implementation, generate and send SMS code here
+    # For testing, we'll use a fixed code
+    session[_PHONE_CODE_KEY] = _PHONE_CODE_VALUE_FAKE
+    session[_PHONE_PENDING_KEY] = True
+
+    return web.json_response(status=status.HTTP_202_ACCEPTED)
 
 
 @routes.post(f"/{API_VTAG}/me/phone:resend", name="my_phone_resend")
@@ -116,10 +135,25 @@ async def my_phone_register(request: web.Request) -> web.Response:
 @handle_rest_requests_exceptions
 async def my_phone_resend(request: web.Request) -> web.Response:
     req_ctx = UsersRequestContext.model_validate(request)
+    session = await get_session(request)
+
+    # Check if there's a pending phone registration
+    if not session.get(_PHONE_PENDING_KEY):
+        raise web.HTTPBadRequest(
+            text=user_message("No pending phone registration found"),
+        )
+
+    phone_registration = session.get(_PHONE_REGISTRATION_KEY)
+    if not phone_registration or phone_registration["user_id"] != req_ctx.user_id:
+        raise web.HTTPBadRequest(
+            text=user_message("Invalid phone registration session")
+        )
 
-    # NOTE: Implementation will be added in next PR
-    msg = "Phone code resend not yet implemented"
-    raise NotImplementedError(msg)
+    # NOTE: In real implementation, regenerate and resend SMS code here
+    # For testing, we'll use the same fixed code
+    session[_PHONE_CODE_KEY] = _PHONE_CODE_VALUE_FAKE
+
+    return web.json_response(status=status.HTTP_202_ACCEPTED)
 
 
 @routes.post(f"/{API_VTAG}/me/phone:confirm", name="my_phone_confirm")
@@ -130,10 +164,40 @@ async def my_phone_resend(request: web.Request) -> web.Response:
 async def my_phone_confirm(request: web.Request) -> web.Response:
     req_ctx = UsersRequestContext.model_validate(request)
     phone_confirm = await parse_request_body_as(MyPhoneConfirm, request)
+    session = await get_session(request)
+
+    # Check if there's a pending phone registration
+    if not session.get(_PHONE_PENDING_KEY):
+        raise web.HTTPBadRequest(
+            text=user_message("No pending phone registration found"),
+        )
+
+    phone_registration = session.get(_PHONE_REGISTRATION_KEY)
+    if not phone_registration or phone_registration["user_id"] != req_ctx.user_id:
+        raise web.HTTPBadRequest(
+            text=user_message("Invalid phone registration session"),
+        )
+
+    # Verify the confirmation code
+    expected_code = session.get(_PHONE_CODE_KEY)
+    if not expected_code or phone_confirm.code != expected_code:
+        raise web.HTTPBadRequest(
+            text=user_message("Invalid confirmation code"),
+        )
+
+    # Update user's phone number in the database
+    await _users_service.update_user_phone(
+        request.app,
+        user_id=req_ctx.user_id,
+        phone=phone_registration["phone"],
+    )
 
-    # NOTE: Implementation will be added in next PR
-    msg = "Phone confirmation not yet implemented"
-    raise NotImplementedError(msg)
+    # Clear session data
+    session.pop(_PHONE_REGISTRATION_KEY, None)
+    session.pop(_PHONE_PENDING_KEY, None)
+    session.pop(_PHONE_CODE_KEY, None)
+
+    return web.json_response(status=status.HTTP_204_NO_CONTENT)
 
 
 #

services/web/server/src/simcore_service_webserver/users/_users_service.py

@@ -285,3 +285,23 @@ async def update_my_profile(
         user_id=user_id,
         updated_values=UserModelAdapter.from_rest_schema_model(update).to_db_values(),
     )
+
+
+async def update_user_phone(
+    app: web.Application,
+    *,
+    user_id: UserID,
+    phone: str,
+) -> None:
+    """Update user's phone number after successful verification
+
+    Args:
+        app: Web application instance
+        user_id: ID of the user whose phone to update
+        phone: Verified phone number to set
+    """
+    await _users_repository.update_user_profile(
+        app,
+        user_id=user_id,
+        updated_values={"phone": phone},
+    )