Fix: safe argument guard and remove redundant redis call

[paulhuiseismic]

What problem does this PR solve?

• Moved if not all([email, new_pwd, new_pwd2]) guard to the top, before any decryption that could crash on None value
• Removed the redundant REDIS_CONN.get() call — one call is sufficient

Type of change

• Bug Fix (non-breaking change which fixes an issue)
• Refactoring

[coderabbitai]

📝 Walkthrough

Walkthrough

The forget_reset_password function in user_app.py was refactored to improve validation efficiency and eliminate redundant code. Input validation now occurs upfront before any decryption operations, and a redundant Redis lookup was removed, streamlining the verification flow.

Changes

Cohort / File(s)	Summary
Input Validation Refactoring api/apps/user_app.py	Reordered validation checks to occur before decryption/decoding operations. Removed redundant Redis get call in verification logic. Password comparison logic remains unchanged.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A hop, a skip, a check—then decode,
No wasted Redis trips along the road,
Validation first, then secrets unveiled,
Cleaner logic where redundance once sailed! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the two main changes: moving the argument guard check and removing a redundant Redis call.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Description check	✅ Passed	The PR description follows the required template and includes all necessary sections with clear explanations of the problem solved and type of change.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@api/apps/user_app.py`:
- Around line 1028-1034: The early-return branches in the reset-password flow
lack logging; add debug/info-level logs before each return to record why the
flow exited (e.g., missing args or unverified email). Specifically, in the
function handling reset-password where get_json_result is returned for missing
email/new_pwd/new_pwd2 and where REDIS_CONN.get(_verified_key(email)) is
checked, insert concise log statements (using the module/app logger) that
include the email (or masked email) and the reason ("missing parameters" or
"email not verified") immediately before those get_json_result returns so
failures are traceable in logs.
- Around line 1036-1039: The decrypt/base64 decode sequence for new passwords
(functions/variables: decrypt, new_pwd, new_pwd2, new_pwd_base64,
new_pwd_string, new_pwd2_string) can throw on malformed input; wrap the calls to
decrypt(...) and base64.b64decode(...) in a try/except that catches
decryption/decoding errors (e.g., ValueError, binascii.Error, custom decrypt
exceptions), validate the results are proper UTF-8 strings, and on failure
return a controlled 4xx response (argument/auth error) instead of letting the
exception bubble up; update the code paths that set
new_pwd_base64/new_pwd_string/new_pwd2_string to use these guarded conversions
and return a clear client error when validation fails.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: beee1159-243b-45ca-aeea-3268d75be1a5

📥 Commits

Reviewing files that changed from the base of the PR and between 52442c8 and 43bcc2f.

📒 Files selected for processing (1)

• api/apps/user_app.py

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Add logging for new early-exit reset-password flows.

Line 1029 and Line 1033 return early without any trace logs, which makes reset failure diagnosis harder in production.

Suggested patch

     # Guard first, before any decryption that would crash on None values
     if not all([email, new_pwd, new_pwd2]):
+        logging.warning("forget_reset_password rejected: missing required fields")
         return get_json_result(data=False, code=RetCode.ARGUMENT_ERROR, message="email and passwords are required")

     # Single Redis call — removed the preceding redundant discarded call
-    if not REDIS_CONN.get(_verified_key(email)):
+    if not REDIS_CONN.get(_verified_key(email)):
+        logging.info("forget_reset_password rejected: email not verified")
         return get_json_result(data=False, code=RetCode.AUTHENTICATION_ERROR, message="email not verified")

As per coding guidelines, **/*.py: Add logging for new flows.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@api/apps/user_app.py` around lines 1028 - 1034, The early-return branches in
the reset-password flow lack logging; add debug/info-level logs before each
return to record why the flow exited (e.g., missing args or unverified email).
Specifically, in the function handling reset-password where get_json_result is
returned for missing email/new_pwd/new_pwd2 and where
REDIS_CONN.get(_verified_key(email)) is checked, insert concise log statements
(using the module/app logger) that include the email (or masked email) and the
reason ("missing parameters" or "email not verified") immediately before those
get_json_result returns so failures are traceable in logs.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Handle malformed encrypted/base64 password payloads to prevent 500s.

Line 1036-Line 1039 can raise on bad input and currently bubbles into an internal error response path. This endpoint should return a controlled argument/auth error instead.

Suggested patch

-    new_pwd_base64 = decrypt(new_pwd)
-    new_pwd_string = base64.b64decode(new_pwd_base64).decode('utf-8')
-    new_pwd2_string = base64.b64decode(decrypt(new_pwd2)).decode('utf-8')
+    try:
+        new_pwd_base64 = decrypt(new_pwd)
+        new_pwd_string = base64.b64decode(new_pwd_base64, validate=True).decode("utf-8")
+        new_pwd2_string = base64.b64decode(decrypt(new_pwd2), validate=True).decode("utf-8")
+    except Exception:
+        logging.warning("forget_reset_password rejected: invalid encrypted password payload")
+        return get_json_result(data=False, code=RetCode.ARGUMENT_ERROR, message="invalid password payload")

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	new_pwd_base64 = decrypt(new_pwd)
	new_pwd_string = base64.b64decode(new_pwd_base64).decode('utf-8')
	new_pwd2_string = base64.b64decode(decrypt(new_pwd2)).decode('utf-8')
	try:
	new_pwd_base64 = decrypt(new_pwd)
	new_pwd_string = base64.b64decode(new_pwd_base64, validate=True).decode("utf-8")
	new_pwd2_string = base64.b64decode(decrypt(new_pwd2), validate=True).decode("utf-8")
	except Exception:
	logging.warning("forget_reset_password rejected: invalid encrypted password payload")
	return get_json_result(data=False, code=RetCode.ARGUMENT_ERROR, message="invalid password payload")

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@api/apps/user_app.py` around lines 1036 - 1039, The decrypt/base64 decode
sequence for new passwords (functions/variables: decrypt, new_pwd, new_pwd2,
new_pwd_base64, new_pwd_string, new_pwd2_string) can throw on malformed input;
wrap the calls to decrypt(...) and base64.b64decode(...) in a try/except that
catches decryption/decoding errors (e.g., ValueError, binascii.Error, custom
decrypt exceptions), validate the results are proper UTF-8 strings, and on
failure return a controlled 4xx response (argument/auth error) instead of
letting the exception bubble up; update the code paths that set
new_pwd_base64/new_pwd_string/new_pwd2_string to use these guarded conversions
and return a clear client error when validation fails.

[xugangqiang]

@paulhuiseismic
May I ask for your help to do regression test and upload testing evidence?
And if possible, could you please do me a favor to add unit test - which should be failed before your fix and should success with your fix?
Thank you.

[Magicbook1108]

looks great

[paulhuiseismic]

Hi @xugangqiang this is just for code enhancement and should be no breaking change without regression issue. So would you like me to add the UT also? cc: @Magicbook1108

[xugangqiang]

@paulhuiseismic

1. would you like me to add the UT also -> Yes, if UT can be added that will be great
2. just for code enhancement -> I think a regression test is needed to make sure your change will not break the logic. As you said, "should be no breaking change". But we want to make sure no regression issue (like typo, un-expected change, ...etc.). Without regression test, we are not confident there is no regression.

[xugangqiang]

@paulhuiseismic
Could you please resolve conflicts as well? Thanks.