🎨 web-api: enhances reset-password workflow (ITISFoundation#7336)

Author: pcrespov

api/specs/web-server/_auth.py

@@ -47,8 +47,7 @@
     operation_id="request_product_account",
     status_code=status.HTTP_204_NO_CONTENT,
 )
-async def request_product_account(_body: AccountRequestInfo):
-    ...
+async def request_product_account(_body: AccountRequestInfo): ...
 
 
 @router.post(
@@ -75,8 +74,7 @@ async def register(_body: RegisterBody):
     status_code=status.HTTP_200_OK,
     responses={status.HTTP_409_CONFLICT: {"model": EnvelopedError}},
 )
-async def unregister_account(_body: UnregisterCheck):
-    ...
+async def unregister_account(_body: UnregisterCheck): ...
 
 
 @router.post(
@@ -171,26 +169,24 @@ async def check_auth():
 @router.post(
     "/auth/reset-password",
     response_model=Envelope[Log],
-    operation_id="auth_reset_password",
+    operation_id="initiate_reset_password",
     responses={status.HTTP_503_SERVICE_UNAVAILABLE: {"model": EnvelopedError}},
 )
-async def reset_password(_body: ResetPasswordBody):
-    """a non logged-in user requests a password reset"""
+async def initiate_reset_password(_body: ResetPasswordBody): ...
 
 
 @router.post(
     "/auth/reset-password/{code}",
     response_model=Envelope[Log],
-    operation_id="auth_reset_password_allowed",
+    operation_id="complete_reset_password",
     responses={
         status.HTTP_401_UNAUTHORIZED: {
             "model": EnvelopedError,
-            "description": "unauthorized reset due to invalid token code",
+            "description": "Invalid token code",
         }
     },
 )
-async def reset_password_allowed(code: str, _body: ResetPasswordConfirmation):
-    """changes password using a token code without being logged in"""
+async def complete_reset_password(code: str, _body: ResetPasswordConfirmation): ...
 
 
 @router.post(
@@ -268,5 +264,4 @@ async def email_confirmation(code: str):
     status_code=status.HTTP_200_OK,
     responses={status.HTTP_200_OK: {"content": {"image/png": {}}}},
 )
-async def request_captcha():
-    ...
+async def request_captcha(): ...

packages/models-library/src/models_library/rest_error.py

@@ -1,6 +1,7 @@
 from dataclasses import dataclass
 from typing import Annotated
 
+from common_library.basic_types import DEFAULT_FACTORY
 from models_library.generics import Envelope
 from pydantic import BaseModel, ConfigDict, Field
 
@@ -81,11 +82,11 @@ class ErrorGet(BaseModel):
     errors: Annotated[
         list[ErrorItemType],
         Field(deprecated=True, default_factory=list, json_schema_extra={"default": []}),
-    ]
+    ] = DEFAULT_FACTORY
     logs: Annotated[
         list[LogMessageType],
         Field(deprecated=True, default_factory=list, json_schema_extra={"default": []}),
-    ]
+    ] = DEFAULT_FACTORY
 
     model_config = ConfigDict(
         populate_by_name=True,

services/static-webserver/client/source/class/osparc/data/Resources.js

@@ -1490,7 +1490,10 @@ qx.Class.define("osparc.data.Resources", {
           }
 
           if ([404, 503].includes(status)) {
-            message += "<br>Please try again later and/or contact support";
+            // NOTE: a temporary solution to avoid duplicate information
+            if (!message.includes("contact") && !message.includes("try")) {
+              message += "<br>Please try again later and/or contact support";
+            }
           }
           const err = Error(message ? message : `Error while trying to fetch ${endpoint} ${resource}`);
           if (status) {

services/web/server/VERSION

@@ -1 +1 @@
-0.61.0
+0.61.1

services/web/server/setup.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.61.0
+current_version = 0.61.1
 commit = True
 message = services/webserver api version: {current_version} → {new_version}
 tag = False

services/web/server/src/simcore_service_webserver/api/v0/openapi.yaml

@@ -2,7 +2,7 @@ openapi: 3.1.0
 info:
   title: simcore-service-webserver
   description: Main service with an interface (http-API & websockets) to the web front-end
-  version: 0.61.0
+  version: 0.61.1
 servers:
 - url: ''
   description: webserver
@@ -253,9 +253,8 @@ paths:
     post:
       tags:
       - auth
-      summary: Reset Password
-      description: a non logged-in user requests a password reset
-      operationId: auth_reset_password
+      summary: Initiate Reset Password
+      operationId: initiate_reset_password
       requestBody:
         content:
           application/json:
@@ -279,9 +278,8 @@ paths:
     post:
       tags:
       - auth
-      summary: Reset Password Allowed
-      description: changes password using a token code without being logged in
-      operationId: auth_reset_password_allowed
+      summary: Complete Reset Password
+      operationId: complete_reset_password
       parameters:
       - name: code
         in: path
@@ -303,7 +301,7 @@ paths:
               schema:
                 $ref: '#/components/schemas/Envelope_Log_'
         '401':
-          description: unauthorized reset due to invalid token code
+          description: Invalid token code
           content:
             application/json:
               schema:
@@ -14225,6 +14223,7 @@ components:
       properties:
         email:
           type: string
+          format: email
           title: Email
       additionalProperties: false
       type: object
@@ -15404,7 +15403,6 @@ components:
           - change_email_email.jinja2
           - new_2fa_code.jinja2
           - registration_email.jinja2
-          - reset_password_email_failed.jinja2
           - reset_password_email.jinja2
           - service_submission.jinja2
           title: Template Name

services/web/server/src/simcore_service_webserver/email/_handlers.py

@@ -31,7 +31,6 @@ class TestEmail(BaseModel):
         "change_email_email.jinja2",
         "new_2fa_code.jinja2",
         "registration_email.jinja2",
-        "reset_password_email_failed.jinja2",
         "reset_password_email.jinja2",
         "service_submission.jinja2",
     ] = "registration_email.jinja2"

services/web/server/src/simcore_service_webserver/login/_confirmation.py

@@ -1,21 +1,21 @@
-""" Confirmation codes/tokens tools
+"""Confirmation codes/tokens tools
 
-    Codes are inserted in confirmation tables and they are associated to a user and an action
-    Used to validate some action (e.g. register, invitation, etc)
-    Codes can be used one time
-    Codes have expiration date (duration time is configurable)
+Codes are inserted in confirmation tables and they are associated to a user and an action
+Used to validate some action (e.g. register, invitation, etc)
+Codes can be used one time
+Codes have expiration date (duration time is configurable)
 """
 
 import logging
 from datetime import datetime
 from urllib.parse import quote
 
 from aiohttp import web
+from models_library.users import UserID
 from yarl import URL
 
-from ..db.models import ConfirmationAction
 from .settings import LoginOptions
-from .storage import AsyncpgStorage, ConfirmationTokenDict
+from .storage import ActionLiteralStr, AsyncpgStorage, ConfirmationTokenDict
 
 log = logging.getLogger(__name__)
 
@@ -61,22 +61,29 @@ def get_expiration_date(
     return confirmation["created_at"] + lifetime
 
 
-async def is_confirmation_allowed(
-    cfg: LoginOptions, db: AsyncpgStorage, user, action: ConfirmationAction
-):
+async def get_or_create_confirmation(
+    cfg: LoginOptions,
+    db: AsyncpgStorage,
+    user_id: UserID,
+    action: ActionLiteralStr,
+) -> ConfirmationTokenDict:
+
     confirmation: ConfirmationTokenDict | None = await db.get_confirmation(
-        {"user": user, "action": action}
+        {"user": {"id": user_id}, "action": action}
     )
-    if not confirmation:
-        return True
-    if is_confirmation_expired(cfg, confirmation):
+
+    if confirmation is not None and is_confirmation_expired(cfg, confirmation):
         await db.delete_confirmation(confirmation)
         log.warning(
             "Used expired token [%s]. Deleted from confirmations table.",
             confirmation,
         )
-        return True
-    return False
+        confirmation = None
+
+    if confirmation is None:
+        confirmation = await db.create_confirmation(user_id, action=action)
+
+    return confirmation
 
 
 def is_confirmation_expired(cfg: LoginOptions, confirmation: ConfirmationTokenDict):