♻️ Expired confirmation tokens are logged and INVITATION tokens do not expire

[pcrespov]

What do these changes do?

During a demo today, an invitation link did not work and was reported as "expired". At first glance, we did not understand why this happened and took us some time to recall that actually all confirmation tokens are time-limited. The problem was that the invitations that we were using were already expired but it was not obvious from the info available (no logs, no indication in the database, etc)

This PR aims to avoid this problem in the future by:

• logging as WARNING when a given confirmation token in use is expired and therefore removed from the database
• INVITATION tokens are now unlimited (i.e. they do not expire)

Some insights:

Some actions in a login require some sort of confirmation/validation step. For those we create confirmation tokens that, due to security reasons, have a limited lifetime. These tokens are used for actions like invitations, confirmation of emails, etc. The expiration date is based on the creation timestamp and a LIFETIME variable under login.settings.LoginOptions.

Related issue/s

How to test

cd services/web/server
make install-dev
pytest tests/unit/with_dbs/03/test_login_registration.py

[codecov]

Codecov Report

Merging #3440 (9191985) into master (2169876) will increase coverage by 0.0%.
The diff coverage is 66.6%.

@@          Coverage Diff           @@
##           master   #3440   +/-   ##
======================================
  Coverage    83.2%   83.3%           
======================================
  Files         822     822           
  Lines       34911   34915    +4     
  Branches     1255    1255           
======================================
+ Hits        29080   29098   +18     
+ Misses       5645    5631   -14     
  Partials      186     186           

Flag	Coverage Δ
integrationtests	68.3% <66.6%> (-0.1%)	⬇️
unittests	80.2% <66.6%> (+<0.1%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
...c/simcore_service_webserver/login/_confirmation.py	83.7% <0.0%> (-2.4%)	⬇️
...c/simcore_service_webserver/login/_registration.py	83.3% <0.0%> (-1.1%)	⬇️
...er/src/simcore_service_webserver/login/settings.py	100.0% <100.0%> (ø)
...rvice_datcore_adapter/utils/requests_decorators.py	75.6% <0.0%> (-8.2%)	⬇️
.../src/simcore_service_webserver/projects/_delete.py	85.4% <0.0%> (-5.5%)	⬇️
...mcore_service_webserver/garbage_collector_utils.py	85.8% <0.0%> (-1.3%)	⬇️
...simcore_service_director_v2/modules/node_rights.py	98.1% <0.0%> (-1.0%)	⬇️
...imcore_service_webserver/garbage_collector_core.py	68.6% <0.0%> (-0.7%)	⬇️
.../director/src/simcore_service_director/producer.py	67.5% <0.0%> (+0.2%)	⬆️
...simcore_service_director_v2/modules/dask_client.py	93.4% <0.0%> (+0.5%)	⬆️
... and 9 more

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication

[sanderegg]

99 years... we'll be old...