rm get_user

pcrespov · pcrespov · commit 9043d61c8008 · 2025-07-18T18:04:52.000+02:00
diff --git a/services/web/server/src/simcore_service_webserver/login/_auth_service.py b/services/web/server/src/simcore_service_webserver/login/_auth_service.py
@@ -155,18 +155,20 @@ async def update_user_password(
     user_id: int,
     current_password: str,
     new_password: str,
+    verify_current_password: bool = True,
 ) -> None:
     """Updates user password after verifying current password"""
     repo = UsersRepo(get_asyncpg_engine(app))
 
-    # Get current password hash
-    current_password_hash = await repo.get_password_hash(user_id=user_id)
+    if verify_current_password:
+        # Get current password hash
+        current_password_hash = await repo.get_password_hash(user_id=user_id)
 
-    # Verify current password
-    if not security_service.check_password(current_password, current_password_hash):
-        raise web.HTTPUnauthorized(
-            text=MSG_WRONG_PASSWORD, content_type=MIMETYPE_APPLICATION_JSON
-        )
+        # Verify current password
+        if not security_service.check_password(current_password, current_password_hash):
+            raise web.HTTPUnauthorized(
+                text=MSG_WRONG_PASSWORD, content_type=MIMETYPE_APPLICATION_JSON
+            )
 
     # Encrypt new password and update
     new_password_hash = security_service.encrypt_password(new_password)
diff --git a/services/web/server/src/simcore_service_webserver/login/_controller/rest/change.py b/services/web/server/src/simcore_service_webserver/login/_controller/rest/change.py
@@ -117,7 +117,7 @@ def _get_error_context(
     ok = True
 
     # CHECK user exists
-    user = await db.get_user({"email": request_body.email})
+    user = await _auth_service.get_user_or_none(request.app, email=request_body.email)
     if not user:
         _logger.warning(
             **create_troubleshootting_log_kwargs(
@@ -223,7 +223,9 @@ async def initiate_change_email(request: web.Request):
 
     request_body = await parse_request_body_as(ChangeEmailBody, request)
 
-    user = await db.get_user({"id": request[RQT_USERID_KEY]})
+    user = await _auth_service.get_user_or_none(
+        request.app, user_id=request[RQT_USERID_KEY]
+    )
     assert user  # nosec
 
     if user["email"] == request_body.email:
diff --git a/services/web/server/src/simcore_service_webserver/login/_controller/rest/confirmation.py b/services/web/server/src/simcore_service_webserver/login/_controller/rest/confirmation.py
@@ -19,7 +19,6 @@
 
 from ....products import products_web
 from ....products.models import Product
-from ....security import security_service
 from ....session.access_policies import session_access_required
 from ....utils import HOUR, MINUTE
 from ....utils_aiohttp import create_redirect_to_page_response
@@ -262,17 +261,19 @@ async def complete_reset_password(request: web.Request):
     )
 
     if confirmation:
-        user = await db.get_user({"id": confirmation["user_id"]})
+        user = await _auth_service.get_user_or_none(
+            request.app, user_id=confirmation["user_id"]
+        )
         assert user  # nosec
 
-        await db.update_user(
-            user={"id": user["id"]},
-            updates={
-                "password_hash": security_service.encrypt_password(
-                    request_body.password.get_secret_value()
-                )
-            },
+        await _auth_service.update_user_password(
+            request.app,
+            user_id=user["id"],
+            current_password="",
+            new_password=request_body.password.get_secret_value(),
+            verify_current_password=False,  # confirmed by code
         )
+
         await db.delete_confirmation(confirmation)
 
         return flash_response(MSG_PASSWORD_CHANGED)
@@ -281,5 +282,4 @@ async def complete_reset_password(request: web.Request):
         text=MSG_PASSWORD_CHANGE_NOT_ALLOWED.format(
             support_email=product.support_email
         ),
-        content_type=MIMETYPE_APPLICATION_JSON,
     )  # 401
diff --git a/services/web/server/src/simcore_service_webserver/login/_controller/rest/twofa.py b/services/web/server/src/simcore_service_webserver/login/_controller/rest/twofa.py
@@ -10,8 +10,7 @@
 from ....products.models import Product
 from ....session.access_policies import session_access_required
 from ....web_utils import envelope_response
-from ... import _twofa_service
-from ..._login_repository_legacy import AsyncpgStorage, get_plugin_storage
+from ... import _auth_service, _twofa_service
 from ...constants import (
     CODE_2FA_EMAIL_CODE_REQUIRED,
     CODE_2FA_SMS_CODE_REQUIRED,
@@ -41,10 +40,9 @@ async def resend_2fa_code(request: web.Request):
     settings: LoginSettingsForProduct = get_plugin_settings(
         request.app, product_name=product.name
     )
-    db: AsyncpgStorage = get_plugin_storage(request.app)
     resend_2fa_ = await parse_request_body_as(Resend2faBody, request)
 
-    user = await db.get_user({"email": resend_2fa_.email})
+    user = await _auth_service.get_user_or_none(request.app, email=resend_2fa_.email)
     if not user:
         raise web.HTTPUnauthorized(
             text=MSG_UNKNOWN_EMAIL, content_type=MIMETYPE_APPLICATION_JSON
diff --git a/services/web/server/src/simcore_service_webserver/login/_invitations_service.py b/services/web/server/src/simcore_service_webserver/login/_invitations_service.py
@@ -40,7 +40,7 @@
     InvitationsServiceUnavailableError,
 )
 from ..products.models import Product
-from . import _confirmation_service
+from . import _auth_service, _confirmation_service
 from ._login_repository_legacy import (
     AsyncpgStorage,
     BaseConfirmationTokenDict,
@@ -114,8 +114,9 @@ async def check_other_registrations(
     db: AsyncpgStorage,
     cfg: LoginOptions,
 ) -> None:
+
     # An account is already registered with this email
-    if user := await db.get_user({"email": email}):
+    if user := await _auth_service.get_user_or_none(app, email=email):
         user_status = UserStatus(user["status"])
         match user_status:
 
diff --git a/services/web/server/src/simcore_service_webserver/login/_login_repository_legacy.py b/services/web/server/src/simcore_service_webserver/login/_login_repository_legacy.py
@@ -52,12 +52,6 @@ def __init__(
     # CRUD user
     #
 
-    async def get_user(self, with_data: dict[str, Any]) -> asyncpg.Record | None:
-        async with self.pool.acquire() as conn:
-            return await _login_repository_legacy_sql.find_one(
-                conn, self.user_tbl, with_data
-            )
-
     async def create_user(self, data: dict[str, Any]) -> dict[str, Any]:
         async with self.pool.acquire() as conn:
             user_id = await _login_repository_legacy_sql.insert(
diff --git a/services/web/server/src/simcore_service_webserver/publications/_rest.py b/services/web/server/src/simcore_service_webserver/publications/_rest.py
@@ -12,8 +12,8 @@
 from .._meta import API_VTAG as VTAG
 from ..login._emails_service import AttachmentTuple, send_email_from_template, themed
 from ..login.decorators import login_required
-from ..login.login_repository_legacy import AsyncpgStorage, get_plugin_storage
 from ..products import products_web
+from ..users import users_service
 from ._utils import json2html
 
 _logger = logging.getLogger(__name__)
@@ -57,11 +57,9 @@ async def service_submission(request: web.Request):
 
     support_email_address = product.support_email
 
-    db: AsyncpgStorage = get_plugin_storage(request.app)
-    user = await db.get_user({"id": request[RQT_USERID_KEY]})
-    assert user  # nosec
-    user_email = user.get("email")
-    assert user_email  # nosec
+    user = await users_service.get_user_name_and_email(
+        request.app, user_id=request[RQT_USERID_KEY]
+    )
 
     try:
         attachments = [
@@ -80,11 +78,11 @@ async def service_submission(request: web.Request):
         # send email
         await send_email_from_template(
             request,
-            from_=user_email,
+            from_=user.email,
             to=support_email_address,
             template=themed("templates/common", _EMAIL_TEMPLATE_NAME),
             context={
-                "user": user_email,
+                "user": user.email,
                 "data": json2html.convert(
                     json=json_dumps(data), table_attributes='class="pure-table"'
                 ),
diff --git a/services/web/server/tests/unit/with_dbs/03/login/test_login_registration.py b/services/web/server/tests/unit/with_dbs/03/login/test_login_registration.py
@@ -19,6 +19,7 @@
 from servicelib.rest_responses import unwrap_envelope
 from simcore_service_webserver.db.models import UserStatus
 from simcore_service_webserver.groups.api import auto_add_user_to_product_group
+from simcore_service_webserver.login import _auth_service
 from simcore_service_webserver.login._confirmation_web import _url_for_confirmation
 from simcore_service_webserver.login._login_repository_legacy import AsyncpgStorage
 from simcore_service_webserver.login.constants import (
@@ -263,7 +264,6 @@ async def test_registration_with_invalid_confirmation_code(
 
 async def test_registration_without_confirmation(
     client: TestClient,
-    db: AsyncpgStorage,
     mocker: MockerFixture,
     user_email: str,
     user_password: str,
@@ -293,13 +293,12 @@ async def test_registration_without_confirmation(
     data, _ = await assert_status(response, status.HTTP_200_OK)
     assert MSG_LOGGED_IN in data["message"]
 
-    user = await db.get_user({"email": user_email})
+    user = await _auth_service.get_user_or_none(client.app, email=user_email)
     assert user
 
 
 async def test_registration_with_confirmation(
     client: TestClient,
-    db: AsyncpgStorage,
     capsys: pytest.CaptureFixture,
     mocker: MockerFixture,
     user_email: str,
@@ -331,7 +330,8 @@ async def test_registration_with_confirmation(
     data, error = unwrap_envelope(await response.json())
     assert response.status == 200, (data, error)
 
-    user = await db.get_user({"email": user_email})
+    user = await _auth_service.get_user_or_none(client.app, email=user_email)
+    assert user
     assert user["status"] == UserStatus.CONFIRMATION_PENDING.name
 
     assert "verification link" in data["message"]
@@ -350,7 +350,8 @@ async def test_registration_with_confirmation(
     assert response.status == 200
 
     # user is active
-    user = await db.get_user({"email": user_email})
+    user = await _auth_service.get_user_or_none(client.app, email=user_email)
+    assert user
     assert user["status"] == UserStatus.ACTIVE.name
 
 
diff --git a/services/web/server/tests/unit/with_dbs/03/login/test_login_twofa.py b/services/web/server/tests/unit/with_dbs/03/login/test_login_twofa.py
@@ -21,6 +21,7 @@
 from simcore_postgres_database.models.products import ProductLoginSettingsDict, products
 from simcore_service_webserver.application_settings import ApplicationSettings
 from simcore_service_webserver.db.models import UserStatus
+from simcore_service_webserver.login import _auth_service
 from simcore_service_webserver.login._login_repository_legacy import AsyncpgStorage
 from simcore_service_webserver.login._twofa_service import (
     _do_create_2fa_code,
@@ -161,7 +162,8 @@ def _get_confirmation_link_from_email():
     assert response.status == status.HTTP_200_OK
 
     # check email+password registered
-    user = await db.get_user({"email": user_email})
+    user = await _auth_service.get_user_or_none(client.app, email=user_email)
+    assert user
     assert user["status"] == UserStatus.ACTIVE.name
     assert user["phone"] is None
 
@@ -195,7 +197,8 @@ def _get_confirmation_link_from_email():
     assert phone == user_phone_number
 
     # check phone still NOT in db (TODO: should be in database and unconfirmed)
-    user = await db.get_user({"email": user_email})
+    user = await _auth_service.get_user_or_none(client.app, email=user_email)
+    assert user
     assert user["status"] == UserStatus.ACTIVE.name
     assert user["phone"] is None
 
@@ -211,7 +214,8 @@ def _get_confirmation_link_from_email():
     )
     await assert_status(response, status.HTTP_200_OK)
     # check user has phone confirmed
-    user = await db.get_user({"email": user_email})
+    user = await _auth_service.get_user_or_none(client.app, email=user_email)
+    assert user
     assert user["status"] == UserStatus.ACTIVE.name
     assert user["phone"] == user_phone_number
 
@@ -252,7 +256,8 @@ def _get_confirmation_link_from_email():
     await assert_status(response, status.HTTP_200_OK)
 
     # assert users is successfully registered
-    user = await db.get_user({"email": user_email})
+    user = await _auth_service.get_user_or_none(client.app, email=user_email)
+    assert user
     assert user["email"] == user_email
     assert user["phone"] == user_phone_number
     assert user["status"] == UserStatus.ACTIVE.value
