2fa failure displays user_id and phone number

services/web/server/src/simcore_service_webserver/login/_2fa.py

@@ -169,10 +169,11 @@ async def send_email_code(
 #
 
 _FROM, _TO = 3, -1
+_MIN_NUM_DIGITS = 5
 
 
-def mask_phone_number(phn: str) -> str:
-    assert len(phn) > 5  # nosec
+def mask_phone_number(phone: str) -> str:
+    assert len(phone) > _MIN_NUM_DIGITS  # nosec
     # SEE https://github.com/pydantic/pydantic/issues/1551
     # SEE https://en.wikipedia.org/wiki/E.164
-    return phn[:_FROM] + len(phn[_FROM:_TO]) * "X" + phn[_TO:]
+    return phone[:_FROM] + len(phone[_FROM:_TO]) * "X" + phone[_TO:]

services/web/server/src/simcore_service_webserver/login/_constants.py

@@ -1,6 +1,9 @@
 from typing import Final
 
 MSG_2FA_CODE_SENT: Final[str] = "Code sent by SMS to {phone_number}"
+MSG_2FA_UNAVAILABLE_OEC: Final[
+    str
+] = "Currently we cannot use 2FA, please try again later ({error_code})"
 MSG_ACTIVATED: Final[str] = "Your account is activated"
 MSG_ACTIVATION_REQUIRED: Final[
     str

services/web/server/src/simcore_service_webserver/login/handlers_auth.py

@@ -7,7 +7,7 @@
 from pydantic import BaseModel, Field, PositiveInt, SecretStr
 from servicelib.aiohttp.requests_validation import parse_request_body_as
 from servicelib.error_codes import create_error_code
-from servicelib.logging_utils import get_log_record_extra, log_context
+from servicelib.logging_utils import LogExtra, get_log_record_extra, log_context
 from servicelib.mimetype_constants import MIMETYPE_APPLICATION_JSON
 from servicelib.request_keys import RQT_USERID_KEY
 from simcore_postgres_database.models.users import UserRole
@@ -33,6 +33,7 @@
     MAX_2FA_CODE_RESEND,
     MAX_2FA_CODE_TRIALS,
     MSG_2FA_CODE_SENT,
+    MSG_2FA_UNAVAILABLE_OEC,
     MSG_LOGGED_OUT,
     MSG_PHONE_MISSING,
     MSG_UNAUTHORIZED_LOGIN_2FA,
@@ -120,12 +121,10 @@ async def login(request: web.Request):
     # Some roles have login privileges
     has_privileges: Final[bool] = UserRole.USER < UserRole(user["role"])
     if has_privileges or not settings.LOGIN_2FA_REQUIRED:
-        response = await login_granted_response(request, user=user)
-        return response
+        return await login_granted_response(request, user=user)
 
     # no phone
     if not user["phone"]:
-
         response = envelope_response(
             # LoginNextPage
             {
@@ -163,7 +162,7 @@ async def login(request: web.Request):
             user_name=user["name"],
         )
 
-        response = envelope_response(
+        return envelope_response(
             # LoginNextPage
             {
                 "name": CODE_2FA_CODE_REQUIRED,
@@ -181,19 +180,20 @@ async def login(request: web.Request):
             },
             status=web.HTTPAccepted.status_code,
         )
-        return response
 
-    except Exception as e:
-        error_code = create_error_code(e)
+    except Exception as exc:
+        error_code = create_error_code(exc)
+        more_extra: LogExtra = get_log_record_extra(user_id=user.get("id")) or {}
         log.exception(
-            "Unexpectedly failed while setting up 2FA code and sending SMS[%s]",
+            "Failed while setting up 2FA code and sending SMS to %s [%s]",
+            mask_phone_number(user.get("phone", "Unknown")),
             f"{error_code}",
-            extra={"error_code": error_code},
+            extra={"error_code": error_code, **more_extra},
         )
         raise web.HTTPServiceUnavailable(
-            reason=f"Currently we cannot use 2FA, please try again later ({error_code})",
+            reason=MSG_2FA_UNAVAILABLE_OEC.format(error_code=error_code),
             content_type=MIMETYPE_APPLICATION_JSON,
-        ) from e
+        ) from exc
 
 
 class LoginTwoFactorAuthBody(InputSchema):
@@ -239,8 +239,7 @@ async def login_2fa(request: web.Request):
     # dispose since code was used
     await delete_2fa_code(request.app, login_2fa_.email)
 
-    response = await login_granted_response(request, user=user)
-    return response
+    return await login_granted_response(request, user=user)
 
 
 class LogoutBody(InputSchema):
@@ -270,3 +269,4 @@ async def logout(request: web.Request) -> web.Response:
         await forget(request, response)
 
         return response
+        return response

services/web/server/tests/unit/with_dbs/03/login/test_login_2fa.py

@@ -101,7 +101,7 @@ async def test_2fa_code_operations(client: TestClient):
     assert await get_2fa_code(client.app, email) is None
 
 
-@pytest.mark.acceptance_test
+@pytest.mark.acceptance_test()
 async def test_workflow_register_and_login_with_2fa(
     client: TestClient,
     db: AsyncpgStorage,