flip_api.step_functions_services.register_user_step_function

Attributes

router

_TRANSIENT_ROLE_ASSIGNMENT_STATUSES

Functions

_rollback_after_role_failure(→ fastapi.HTTPException)

Roll back a just-registered Cognito user after role assignment failed definitively.

register_user_step_function_endpoint(request, user_data)

Register a new user and assign roles.

Module Contents

flip_api.step_functions_services.register_user_step_function.router
flip_api.step_functions_services.register_user_step_function._TRANSIENT_ROLE_ASSIGNMENT_STATUSES
flip_api.step_functions_services.register_user_step_function._rollback_after_role_failure(*, user_id: uuid.UUID, user_email: str, role_err: BaseException, request: fastapi.Request, db: sqlmodel.Session, token_id: uuid.UUID) fastapi.HTTPException

Roll back a just-registered Cognito user after role assignment failed definitively.

Returns the HTTPException to raise at the call site (chained from role_err). If delete_user raises, builds a detail that includes both failures so the operator can see why the rollback broke — a plain except Exception would discard a rollback HTTPException’s own detail.

Parameters:

  • user_id (UUID) – Cognito sub of the just-registered user.

  • user_email (str) – Email of the user, for forensic logging.

  • role_err (BaseException) – The role-assignment error that triggered the rollback.

  • request (Request) – FastAPI request, forwarded to delete_user.

  • db (Session) – Database session.

  • token_id (UUID) – Authenticated caller’s id.

Returns:

500 to raise from the caller.

Return type:

HTTPException

flip_api.step_functions_services.register_user_step_function.register_user_step_function_endpoint(request: fastapi.Request, user_data: flip_api.domain.interfaces.user.IRegisterUser, db: sqlmodel.Session = Depends(get_session), token_id: uuid.UUID = Depends(verify_token))

Register a new user and assign roles.

Two-phase: register the Cognito user, then assign roles. If role assignment fails definitively (4xx other than 404, or unexpected Exception), the Cognito user is rolled back via delete_user. If role assignment fails transiently (HTTP 503, or HTTP 404 — Cognito ListUsers propagation lag immediately after admin_create_user) the rollback is skipped: the user has been registered and the operator (or a retry) can complete role assignment later. This avoids destroying valid registrations on a transient Cognito blip.

Parameters:

  • request (Request) – The FastAPI request object.

  • user_data (IRegisterUser) – The user data to register, including email and roles.

  • db (Session) – The database session.

  • token_id (UUID) – The ID of the current user making the request.

Returns:

A DTO with the new user’s id, email, and roles.

Return type:

IRegisterUserDto

Raises:

HTTPException – If an error occurs during registration or role assignment.