refactor: clean up auth.py and move schemas to auth_schemas.py

pcrespov · pcrespov · commit 8ee786b9cbf0 · 2025-07-08T16:54:33.000+02:00
diff --git a/services/web/server/src/simcore_service_webserver/login/_controller/rest/auth.py b/services/web/server/src/simcore_service_webserver/login/_controller/rest/auth.py
@@ -3,8 +3,7 @@
 from aiohttp import web
 from aiohttp.web import RouteTableDef
 from models_library.authentification import TwoFactorAuthentificationMethod
-from models_library.emails import LowerCaseEmailStr
-from pydantic import BaseModel, Field, PositiveInt, SecretStr, TypeAdapter
+from pydantic import TypeAdapter
 from servicelib.aiohttp import status
 from servicelib.aiohttp.requests_validation import parse_request_body_as
 from servicelib.logging_utils import get_log_record_extra, log_context
@@ -21,10 +20,8 @@
     session_access_required,
 )
 from ....users import preferences_api as user_preferences_api
-from ....utils_aiohttp import NextPage
 from ....web_utils import envelope_response, flash_response
 from ... import _auth_service, _login_service, _security_service, _twofa_service
-from ..._models import InputSchema
 from ...constants import (
     CODE_2FA_EMAIL_CODE_REQUIRED,
     CODE_2FA_SMS_CODE_REQUIRED,
@@ -42,27 +39,14 @@
 from ...decorators import login_required
 from ...settings import LoginSettingsForProduct, get_plugin_settings
 from ._rest_exceptions import handle_rest_requests_exceptions
+from .auth_schemas import LoginBody, LoginTwoFactorAuthBody, LogoutBody
 
 log = logging.getLogger(__name__)
 
 
 routes = RouteTableDef()
 
 
-class LoginBody(InputSchema):
-    email: LowerCaseEmailStr
-    password: SecretStr
-
-
-class CodePageParams(BaseModel):
-    message: str
-    expiration_2fa: PositiveInt | None = None
-    next_url: str | None = None
-
-
-class LoginNextPage(NextPage[CodePageParams]): ...
-
-
 @routes.post(f"/{API_VTAG}/auth/login", name="auth_login")
 @on_success_grant_session_access_to(
     name="auth_register_phone",
@@ -209,11 +193,6 @@ async def login(request: web.Request):
     )
 
 
-class LoginTwoFactorAuthBody(InputSchema):
-    email: LowerCaseEmailStr
-    code: SecretStr
-
-
 @routes.post(f"/{API_VTAG}/auth/validate-code-login", name="auth_login_2fa")
 @session_access_required(
     "auth_login_2fa",
@@ -260,12 +239,6 @@ async def login_2fa(request: web.Request):
     return await _security_service.login_granted_response(request, user=dict(user))
 
 
-class LogoutBody(InputSchema):
-    client_session_id: str | None = Field(
-        None, examples=["5ac57685-c40f-448f-8711-70be1936fd63"]
-    )
-
-
 @routes.post(f"/{API_VTAG}/auth/logout", name="auth_logout")
 @login_required
 @handle_rest_requests_exceptions
diff --git a/services/web/server/src/simcore_service_webserver/login/_controller/rest/auth_schemas.py b/services/web/server/src/simcore_service_webserver/login/_controller/rest/auth_schemas.py
@@ -0,0 +1,33 @@
+from aiohttp.web import RouteTableDef
+from models_library.emails import LowerCaseEmailStr
+from pydantic import BaseModel, Field, PositiveInt, SecretStr
+
+from ....utils_aiohttp import NextPage
+from ..._models import InputSchema
+
+routes = RouteTableDef()
+
+
+class LoginBody(InputSchema):
+    email: LowerCaseEmailStr
+    password: SecretStr
+
+
+class CodePageParams(BaseModel):
+    message: str
+    expiration_2fa: PositiveInt | None = None
+    next_url: str | None = None
+
+
+class LoginNextPage(NextPage[CodePageParams]): ...
+
+
+class LoginTwoFactorAuthBody(InputSchema):
+    email: LowerCaseEmailStr
+    code: SecretStr
+
+
+class LogoutBody(InputSchema):
+    client_session_id: str | None = Field(
+        None, examples=["5ac57685-c40f-448f-8711-70be1936fd63"]
+    )
diff --git a/services/web/server/src/simcore_service_webserver/login/_controller/rest/change.py b/services/web/server/src/simcore_service_webserver/login/_controller/rest/change.py
@@ -2,8 +2,6 @@
 
 from aiohttp import web
 from aiohttp.web import RouteTableDef
-from models_library.emails import LowerCaseEmailStr
-from pydantic import SecretStr, field_validator
 from servicelib.aiohttp.requests_validation import parse_request_body_as
 from servicelib.logging_errors import create_troubleshootting_log_kwargs
 from servicelib.request_keys import RQT_USERID_KEY
@@ -27,7 +25,6 @@
     CHANGE_EMAIL,
     validate_user_status,
 )
-from ..._models import InputSchema, create_password_match_validator
 from ...constants import (
     MSG_CANT_SEND_MAIL,
     MSG_CHANGE_EMAIL_REQUESTED,
@@ -38,17 +35,14 @@
 )
 from ...decorators import login_required
 from ...settings import LoginOptions, get_plugin_options
+from .change_schemas import ChangeEmailBody, ChangePasswordBody, ResetPasswordBody
 
 _logger = logging.getLogger(__name__)
 
 
 routes = RouteTableDef()
 
 
-class ResetPasswordBody(InputSchema):
-    email: LowerCaseEmailStr
-
-
 @routes.post(f"/{API_VTAG}/auth/reset-password", name="initiate_reset_password")
 @global_rate_limit_route(
     number_of_requests=10, interval_seconds=HOUR, error_msg=MSG_OFTEN_RESET_PASSWORD
@@ -221,10 +215,6 @@ def _get_error_context(
     return flash_response(MSG_EMAIL_SENT.format(email=request_body.email), "INFO")
 
 
-class ChangeEmailBody(InputSchema):
-    email: LowerCaseEmailStr
-
-
 async def initiate_change_email(request: web.Request):
     # NOTE: This code have been intentially disabled in https://github.com/ITISFoundation/osparc-simcore/pull/5472
     db: AsyncpgStorage = get_plugin_storage(request.app)
@@ -272,16 +262,6 @@ async def initiate_change_email(request: web.Request):
     return flash_response(MSG_CHANGE_EMAIL_REQUESTED)
 
 
-class ChangePasswordBody(InputSchema):
-    current: SecretStr
-    new: SecretStr
-    confirm: SecretStr
-
-    _password_confirm_match = field_validator("confirm")(
-        create_password_match_validator(reference_field="new")
-    )
-
-
 @routes.post(f"/{API_VTAG}/auth/change-password", name="auth_change_password")
 @login_required
 async def change_password(request: web.Request):
diff --git a/services/web/server/src/simcore_service_webserver/login/_controller/rest/change_schemas.py b/services/web/server/src/simcore_service_webserver/login/_controller/rest/change_schemas.py
@@ -0,0 +1,22 @@
+from models_library.emails import LowerCaseEmailStr
+from pydantic import SecretStr, field_validator
+
+from ..._models import InputSchema, create_password_match_validator
+
+
+class ResetPasswordBody(InputSchema):
+    email: LowerCaseEmailStr
+
+
+class ChangeEmailBody(InputSchema):
+    email: LowerCaseEmailStr
+
+
+class ChangePasswordBody(InputSchema):
+    current: SecretStr
+    new: SecretStr
+    confirm: SecretStr
+
+    _password_confirm_match = field_validator("confirm")(
+        create_password_match_validator(reference_field="new")
+    )
