flip_api.user_services.register_user

Attributes

router

Functions

`_rollback_cognito_on_audit_failure`(→ None)	Delete the just-created Cognito user after a failed audit-row write.
`register_user`(, token_id)	Register a new user in Cognito.

Module Contents

flip_api.user_services.register_user.router

flip_api.user_services.register_user._rollback_cognito_on_audit_failure(email: str, user_pool_id: str, original_err: Exception) → None

Delete the just-created Cognito user after a failed audit-row write.

The audit commit owns the failure path; this helper just attempts the Cognito-side rollback and translates a rollback failure into the more explicit “manual cleanup required” 500. Callers handle the post-rollback “Please try again” 500 themselves so the success-path 500 stays at the main call site.

Mirrors the _rollback_after_role_failure pattern in register_user_step_function so the two rollback shapes look the same.

Parameters:

email – Email of the Cognito user to delete (the username).
user_pool_id – Cognito user pool ID.
original_err – The audit-write exception, chained as __cause__ if this helper raises so the operator sees the original trigger.

Raises:

HTTPException – 500 with a “manual cleanup required” detail iff the delete_cognito_user call itself fails. A successful rollback returns cleanly; the caller then raises the “Please try again” 500.

flip_api.user_services.register_user.register_user(user_data: flip_api.domain.interfaces.user.IRegisterUser, request: fastapi.Request, db: sqlmodel.Session = Depends(get_session), token_id: uuid.UUID = Depends(verify_token)) → flip_api.domain.interfaces.user.IUserResponse

Register a new user in Cognito.

Cognito is the source of truth for user identity; we do not mirror users in a local table. Role assignment is a separate step (handled by /api/step/users). This endpoint writes a UsersAudit row keyed by the new Cognito sub on success.

Parameters:

user_data (IRegisterUser) – The user data to register (email + roles).
request (Request) – The FastAPI request object.
db (Session) – The database session.
token_id (UUID) – ID of the authenticated user making the request.

Returns:

Created user data including the new Cognito sub.

Return type:

IUserResponse

Raises:

HTTPException – If the user does not have permission to register a
user, if the email is already registered, or if Cognito rejects the –
create. –