🐛Fixes: Registration of the same phone number (ITISFoundation#3315)

Author: pcrespov

services/web/server/src/simcore_service_webserver/login/handlers.py

@@ -168,7 +168,7 @@ async def register_phone(request: web.Request):
 
         if await db.get_user({"phone": phone}):
             raise web.HTTPUnauthorized(
-                reason="Invalid phone number: one phone number per account allowed",
+                reason="Cannot register this phone number because it is already assigned to an active user",
                 content_type=MIMETYPE_APPLICATION_JSON,
             )
 
@@ -189,15 +189,19 @@ async def register_phone(request: web.Request):
         )
         return response
 
-    except Exception as e:
+    except web.HTTPException:
+        raise
+
+    except Exception as e:  # Unexpected errors -> 503
         error_code = create_error_code(e)
         log.exception(
             "Phone registration unexpectedly failed [%s]",
             f"{error_code}",
             extra={"error_code": error_code},
         )
+
         raise web.HTTPServiceUnavailable(
-            reason=f"Currently cannot register phone, please try again later ({error_code})",
+            reason=f"Currently our system cannot register phones ({error_code})",
             content_type=MIMETYPE_APPLICATION_JSON,
         ) from e
 

services/web/server/tests/unit/with_dbs/03/test_login_2fa.py

@@ -10,6 +10,7 @@
 from aiohttp import web
 from aiohttp.test_utils import TestClient
 from pytest import MonkeyPatch
+from pytest_simcore.helpers import utils_login
 from pytest_simcore.helpers.utils_assert import assert_status
 from pytest_simcore.helpers.utils_dict import ConfigDict
 from pytest_simcore.helpers.utils_envs import setenvs_from_dict
@@ -238,3 +239,28 @@ def _get_confirmation_link_from_email():
     assert user["email"] == EMAIL
     assert user["phone"] == PHONE
     assert user["status"] == UserStatus.ACTIVE.value
+
+
+async def test_register_phone_fails_with_used_number(
+    client: TestClient,
+    db: AsyncpgStorage,
+):
+    """
+    Tests https://github.com/ITISFoundation/osparc-simcore/issues/3304
+    """
+
+    # some user ALREADY registered with the same phone
+    await utils_login.create_user(db, data={"phone": PHONE})
+
+    # new registration with same phone
+    # 1. submit
+    url = client.app.router["auth_verify_2fa_phone"].url_for()
+    rsp = await client.post(
+        url,
+        json={
+            "email": EMAIL,
+            "phone": PHONE,
+        },
+    )
+    _, error = await assert_status(rsp, web.HTTPUnauthorized)
+    assert "phone" in error["message"]