implement user phone update functionality and refactor related services

Author: pcrespov

packages/postgres-database/src/simcore_postgres_database/utils_users.py

@@ -272,6 +272,23 @@ async def get_user_by_email_or_none(
             )
             return result.one_or_none()
 
+    async def get_user_by_id_or_none(
+        self, connection: AsyncConnection | None = None, *, user_id: int
+    ) -> Any | None:
+        async with pass_or_acquire_connection(self._engine, connection) as conn:
+            result = await conn.execute(
+                sa.select(
+                    users.c.id,
+                    users.c.name,
+                    users.c.email,
+                    users.c.role,
+                    users.c.status,
+                    users.c.first_name,
+                    users.c.phone,
+                ).where(users.c.id == user_id)
+            )
+            return result.one_or_none()
+
     async def update_user_phone(
         self, connection: AsyncConnection | None = None, *, user_id: int, phone: str
     ) -> None:

services/web/server/src/simcore_service_webserver/login/_auth_service.py

@@ -26,13 +26,22 @@ class UserInfoDict(TypedDict):
     phone: str | None
 
 
-async def get_user_by_email_or_none(
-    app: web.Application, *, email: str
+async def get_user_or_none(
+    app: web.Application, *, email: str | None = None, user_id: int | None = None
 ) -> UserInfoDict | None:
+    if email is None and user_id is None:
+        msg = "Either email or user_id must be provided"
+        raise ValueError(msg)
 
     asyncpg_engine = get_asyncpg_engine(app)
     repo = UsersRepo(asyncpg_engine)
-    user_row = await repo.get_user_by_email_or_none(email=email.lower())
+
+    if email is not None:
+        user_row = await repo.get_user_by_email_or_none(email=email.lower())
+    else:
+        assert user_id is not None
+        user_row = await repo.get_user_by_id_or_none(user_id=user_id)
+
     if user_row is None:
         return None
 

services/web/server/src/simcore_service_webserver/login/_controller/rest/auth.py

@@ -73,9 +73,7 @@ async def login(request: web.Request):
     login_data = await parse_request_body_as(LoginBody, request)
 
     # Authenticate user and verify access to the product
-    user = await _auth_service.get_user_by_email_or_none(
-        request.app, email=login_data.email
-    )
+    user = await _auth_service.get_user_or_none(request.app, email=login_data.email)
 
     user = _auth_service.check_not_null_user(user)
 
@@ -235,9 +233,7 @@ async def login_2fa(request: web.Request):
         )
 
     user = _auth_service.check_not_null_user(
-        await _auth_service.get_user_by_email_or_none(
-            request.app, email=login_2fa_.email
-        )
+        await _auth_service.get_user_or_none(request.app, email=login_2fa_.email)
     )
 
     # NOTE: a priviledge user should not have called this entrypoint

services/web/server/src/simcore_service_webserver/login/_controller/rest/change.py

@@ -16,7 +16,7 @@
 from ....utils import HOUR
 from ....utils_rate_limiting import global_rate_limit_route
 from ....web_utils import flash_response
-from ... import _confirmation_service, _confirmation_web
+from ... import _auth_service, _confirmation_service, _confirmation_web
 from ..._emails_service import get_template_path, send_email_from_template
 from ..._login_repository_legacy import AsyncpgStorage, get_plugin_storage
 from ..._login_service import (
@@ -30,7 +30,6 @@
     MSG_EMAIL_SENT,
     MSG_OFTEN_RESET_PASSWORD,
     MSG_PASSWORD_CHANGED,
-    MSG_WRONG_PASSWORD,
 )
 from ...decorators import login_required
 from ...settings import LoginOptions, get_plugin_options
@@ -272,13 +271,14 @@ async def change_password(request: web.Request):
     db: AsyncpgStorage = get_plugin_storage(request.app)
     passwords = await parse_request_body_as(ChangePasswordBody, request)
 
-    user = await db.get_user({"id": request[RQT_USERID_KEY]})
-    assert user  # nosec
+    user = await _auth_service.get_user_or_none(request.app, user_id=user["id"])
 
-    if not security_service.check_password(
-        passwords.current.get_secret_value(), user["password_hash"]
-    ):
-        raise web.HTTPUnprocessableEntity(text=MSG_WRONG_PASSWORD)  # 422
+    await _auth_service.check_authorized_user_credentials_or_raise(
+        request.app,
+        user=user,
+        password=passwords.current.get_secret_value(),
+        product=products_web.get_current_product(request),
+    )
 
     await db.update_user(
         dict(user),

services/web/server/src/simcore_service_webserver/login/_controller/rest/confirmation.py

@@ -227,9 +227,7 @@ async def phone_confirmation(request: web.Request):
         await _twofa_service.delete_2fa_code(request.app, request_body.email)
 
         user = _auth_service.check_not_null_user(
-            await _auth_service.get_user_by_email_or_none(
-                request.app, email=request_body.email
-            )
+            await _auth_service.get_user_or_none(request.app, email=request_body.email)
         )
 
         await _registration_service.register_user_phone(

services/web/server/src/simcore_service_webserver/login/_controller/rest/registration.py

@@ -185,9 +185,7 @@ async def register(request: web.Request):
             ).replace(tzinfo=None)
 
     #  get authorized user or create new
-    user = await _auth_service.get_user_by_email_or_none(
-        request.app, email=registration.email
-    )
+    user = await _auth_service.get_user_or_none(request.app, email=registration.email)
     if user:
         await _auth_service.check_authorized_user_credentials_or_raise(
             request.app,