♻️ webserver: Enhance Action Confirmation Token Logic (🚨🗃️)

[pcrespov]

What do these changes do?

This PR upgrades the logic behind confirmation tokens and codes by dropping old database access and helpers and introducing a well structured service and repository layers.

Background

• When you want a user to confirm an action (e.g. “Do you want to delete this?”), you typically prompt them directly.
• In some cases, you cannot prompt the user in real time (e.g. when interacting asynchronously via email, SMS, etc. These scenarios happen when the user is not signed in or is not currently online).
• In these situations, a common solution is to implement a Two-Step Action Confirmation pattern:
  1. Generate a secret token or code on the server.
  2. Send it to the user (usually as a link in an email).
  3. Let the user confirm by clicking the link.

Example Use Case

• A project is shared with a user.
• The user receives an email with confirmation links (e.g. Accept / Reject).
• When the user clicks a link:
  • The HTTP API receives the confirmation token.
  • The token is validated against the one stored in the database.
  • If valid, the confirmation is accepted and the action is executed (e.g. the project is shared).

Current Status

• This logic has existed in the repository since early development.\
• Substantial improvements to the existing confirmation token system.
• Preparing the system for broader use across more actions.
• Follow up:
  • Currently is under login but it will be moved on its own sub-domain since the functionality will be used in other sub-domains e.g. to confirm project sharing.
  • Any kind of confirmation will share a common interface irrespective of the means (e.g. email, sms)
  • Some of the current service logic will be moved to the future notifications service

Overview of Changes

• ♻️ Refactors confirmation business logic
  • New ConfirmationService: Service layer for managing confirmation tokens and codes
  • New ConfirmationRepository: Repository layer that controls the storage of confirmation tokens and codes by accessing to confirmations users tables
    • Removes login_repository_legacy*.py modules and transforms into _confirmation_repository.py
    • Removes old AsyncpgStorage and uses new asynpg engine
  • New Confirmation domain model
• ✅ Refactors tests
  • replaces db: AsyncpgStorage, login_options: LoginOptions fixtures by new confirmation_service: ConfirmationService fixture

Related issue/s

• Part of migrate code from aiopg to asyncpg #4529
• Part of https://github.com/ITISFoundation/private-issues/issues/40

How to test

• Driving tests

cd services/web/server
make install-dev
pytest -vv tests/unit/**/test*login*.py`

• 🚨 Manual testing on deploy
  • request an account and check email confirmation
  • reset password
  • change email
  • old invitations (deprecated)

Dev-ops

[codecov]

Codecov Report

❌ Patch coverage is 85.71429% with 28 lines in your changes missing coverage. Please review.
✅ Project coverage is 87.84%. Comparing base (3941b09) to head (685a8d2).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #8150      +/-   ##
==========================================
+ Coverage   87.36%   87.84%   +0.48%     
==========================================
  Files        1954     1954              
  Lines       76107    76105       -2     
  Branches     1342     1342              
==========================================
+ Hits        66491    66858     +367     
+ Misses       9212     8843     -369     
  Partials      404      404              

Flag	Coverage Δ
integrationtests	64.09% <50.25%> (+3.67%)	⬆️
unittests	86.52% <85.71%> (-0.06%)	⬇️

Components	Coverage Δ
pkg_aws_library	93.59% <ø> (ø)
pkg_celery_library	83.41% <ø> (ø)
pkg_dask_task_models_library	79.33% <ø> (ø)
pkg_models_library	93.08% <ø> (ø)
pkg_notifications_library	85.20% <ø> (ø)
pkg_postgres_database	87.95% <100.00%> (ø)
pkg_service_integration	70.19% <ø> (ø)
pkg_service_library	72.57% <ø> (ø)
pkg_settings_library	90.19% <ø> (ø)
pkg_simcore_sdk	84.93% <ø> (-0.06%)	⬇️
agent	93.53% <ø> (ø)
api_server	91.94% <ø> (ø)
autoscaling	95.74% <ø> (ø)
catalog	92.36% <ø> (ø)
clusters_keeper	99.13% <ø> (ø)
dask_sidecar	92.38% <ø> (ø)
datcore_adapter	97.94% <ø> (ø)
director	75.81% <ø> (ø)
director_v2	90.90% <ø> (+5.55%)	⬆️
dynamic_scheduler	96.30% <ø> (ø)
dynamic_sidecar	90.43% <ø> (ø)
efs_guardian	89.62% <ø> (ø)
invitations	91.44% <ø> (ø)
payments	92.62% <ø> (ø)
resource_usage_tracker	92.18% <ø> (-0.11%)	⬇️
storage	86.74% <ø> (+0.08%)	⬆️
webclient	∅ <ø> (∅)
webserver	87.81% <85.64%> (-0.17%)	⬇️

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3941b09...685a8d2. Read the comment docs.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[mergify]

🧪 CI Insights

Here's what we observed from your CI run for 685a8d2.

✅ Passed Jobs With Interesting Signals

Pipeline	Job	Signal	Health on master	Retries	🔍 CI Insights	📄 Logs
CI	system-tests	Base branch is healthy, but retries were needed. Could be early signs of flakiness 👀		1	View	View

[Copilot]

Pull Request Overview

This PR refactors the confirmation business logic by replacing the legacy database access layer with a well-structured service and repository pattern. The changes modernize the codebase by removing old AsyncpgStorage implementations and introducing new ConfirmationService and ConfirmationRepository classes for managing confirmation tokens and codes.

• Removes legacy repository modules and replaces with modern service/repository architecture
• Updates confirmation token handling with new domain models and service layer
• Refactors tests to use new fixture patterns with ConfirmationService

Reviewed Changes

Copilot reviewed 26 out of 26 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
test files	Updates test fixtures and assertions to use new ConfirmationService and ConfirmationRepository
_models.py	Adds new domain models Confirmation and related types
_confirmation_service.py	New service layer encapsulating confirmation business logic
_confirmation_repository.py	New repository layer for data access using modern asyncpg engine
REST controllers	Updates to use dependency injection pattern for confirmation service
product models	Minor Field annotation improvements
database migration	Updates confirmation table schema for timezone-aware timestamps

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[sanderegg]

so the asynpg additional connection pool goes away with this right?

[GitHK]

thanks

[giancarloromeo]

🆗

[matusdrobuliak66]

thanks

[pcrespov]

@mergify queue

[mergify]

queue

🟠 Waiting for conditions to match

• -closed [📌 queue requirement]
• -conflict [📌 queue requirement]
• -draft [📌 queue requirement]
• any of: [📌 queue -> configuration change requirements]
  • -mergify-configuration-changed
  • check-success = Configuration changed
• any of: [🔀 queue conditions]
  • all of: [📌 queue conditions of queue default]
    • #approved-reviews-by >= 2 [🛡 GitHub branch protection]
    • #approved-reviews-by>=2
    • #changes-requested-reviews-by = 0 [🛡 GitHub branch protection]
    • #changes-requested-reviews-by=0
    • #review-threads-unresolved = 0 [🛡 GitHub branch protection]
    • #review-threads-unresolved=0
    • -conflict
    • -draft
    • base=master
    • branch-protection-review-decision = APPROVED [🛡 GitHub branch protection]
    • label!=🤖-do-not-merge
    • label=🤖-automerge
    • any of: [🛡 GitHub branch protection]
      • check-skipped = deploy to dockerhub
      • check-neutral = deploy to dockerhub
      • check-success = deploy to dockerhub
    • any of: [🛡 GitHub branch protection]
      • check-success = system-tests
      • check-neutral = system-tests
      • check-skipped = system-tests
    • any of: [🛡 GitHub branch protection]
      • check-success = unit-tests
      • check-neutral = unit-tests
      • check-skipped = unit-tests
    • any of: [🛡 GitHub branch protection]
      • check-success = check OAS' are up to date
      • check-neutral = check OAS' are up to date
      • check-skipped = check OAS' are up to date
    • any of: [🛡 GitHub branch protection]
      • check-success = integration-tests
      • check-neutral = integration-tests
      • check-skipped = integration-tests
    • any of: [🛡 GitHub branch protection]
      • check-success = build-test-images (frontend) / build-test-images
      • check-neutral = build-test-images (frontend) / build-test-images
      • check-skipped = build-test-images (frontend) / build-test-images
    • any of: [🛡 GitHub branch protection]
      • check-success = SonarCloud Code Analysis
      • check-neutral = SonarCloud Code Analysis
      • check-skipped = SonarCloud Code Analysis

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud