#Discussion email verification to use listeners

so currently as you can see the initiate_email_verification is sending the email verification and creating or updating the user, so now that listeners came in my eye, i am not sure how do i refactor this, since from the code i saw so for emits are usually done from the controller layer, using request.app.emit ... but my email sending happens inside the service layer, so i am not sure how should i refactor this ... @naive marsh you have probably worked on this for litestar fullstack, so probably you would know best

https://mystb.in/8fb8461a2498b39751 , code link , since the above can be hard to read in mob

you would probably refactor your service to somehow return an indicator on whether it should send and email or not. then you add the emitter back into the route. Without creating a custom emitter backend, you'll need to have access to the .emit function on the route to send the necessary signal.

But it would be nice to expand the backend to allow for an external signal at some point.

In your code, instead of calling this you'd return a boolean or something

so in the controller something like this ?

account, token = await account_service.register(...)
if token:
    request.app.emit(
        "verification_email_requested",
        email=account.email,
        token=token,
        smtp_client=smtp_client,
    )

correct - and then grab a new db session if you need to look up extra data from what oyu passed in

do not pass the db session in the emit

also i dont get why you refetch the account object in the listener, cant we just pass the account object instead of the account id?

no, not always in sqlalchemy - it has a complicated local cache state that can trigger strange things.

Also, I usually want to ensure that the work done there is in it's own transaction.

if it's like a pydantic model or something, that would be fine

oh, is that the reason you said to grab a new session above

yep

yes, it does emit another set of DB queriers, but this is almost never a problem in this kind of situation and the tradeoff is no expiration issues, no object fetch issues, etc.

for something like this

@post("/email-verification/request", status_code=status_codes.HTTP_204_NO_CONTENT)
    async def request_email_verification(
        self,
        data: RequestEmailVerificationRequest,
        account_service: AccountService,
        smtp_client: SMTPClient,
        captcha_client: CaptchaClient,
    ) -> None:
        """Request email verification for an account."""
        await account_service.request_email_verification(
            email=data.email,
            smtp_client=smtp_client,
            captcha_client=captcha_client,
            captcha_token=data.captcha,
        )

# in service
async def request_email_verification(
        self,
        email: str,
        smtp_client: SMTPClient,
        captcha_client: captcha.CaptchaClient,
        captcha_token: str | UnsetType,
    ) -> None:
        await self._verify_captcha(captcha_client, captcha_token)

        account = await self.get_one_or_none(email=email)

        # we dont want to report any errors to the client,
        # as it will lead to account enumeration.

        if account is None:
            return

        vs = account.email_verification_status

        if vs is EmailVerificationStatus.PENDING:
            await self.initiate_email_verification(account, smtp_client)
        elif vs is EmailVerificationStatus.VERIFIED:
            await self.initiate_password_reset(account, smtp_client)
        # MOVING status is ignored here because email change verification
        # was sent to the new email address, not this one. If the user needs
        # to resend it, they should do so from account settings.

i would have to tell the controller which event to emit too right since this can trigger two things, wont this get ugly?

exactly - and this is where using exists or something like that on the repo/service can help as well. you can do simple guards on these types of functions.

basically i try to make sure all of my jobs fetch their info and hold db sessions as short as possible

can you elaborate this a bit, didnt really get you

because sqlalchemy can obfuscate how many queries it's emitting and when they emit, I tend to not pass them as arguments to functions.

you'll also get the added benefit of being ready for horizontal scaling when you need to move this work to mutliple processes/servers/or both. Each process can fetch the data it needs and you are passing primitives around instead.

this looks like a guard function almost:

        await self._verify_captcha(captcha_client, captcha_token)

        account = await self.get_one_or_none(email=email)

        # we dont want to report any errors to the client,
        # as it will lead to account enumeration.

        if account is None:
            return

let's say you didn't need the rest of account in the email body. you could just do something like this:

  await self._verify_captcha(captcha_client, captcha_token)
  account_exists = await self.exits(email=email)
  if account_exists is None:
      return

oh right exists will be faster

if i would write pure SQL, i would do a select exists check, but since i am doing alchemy and all i just forgot that

also, you may see me do more walrus operators, but that's just a preference - it's all the same.

if (account := (await self.get_one_or_none(email=email))) is None:
  return

but in this case i do need the acount below to check the email verification status

wallrus leaks state right, i do walrus sometimes but not all of the time

does it?

if you have details, let me know. I wasn't aware of any issues other than it being sometimes hard to understand

>>> [i for i in range(10)]
[0, 1, 2, 3, 4, 5, 6, 7, 8, 9]
>>> i
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
NameError: name 'i' is not defined. Did you mean: 'id'?
>>> [x for i in range(10) if (x := i % 2)]
[1, 1, 1, 1, 1]
>>> x
1
>>>

@naive marsh also one more thing, up until now since i used to send the email in the request response cycle only, so the tests i wrote which used to check if the email was sent after user creation and all, all break now so is there any pattern i should follow their to check the emails

the solution i can think of is to just wait for the messages to arrive in (mailpit (testing tool)) with a timeout

use the litestar-email package i created. it has a local backend that is useful testing. and you can review messges that get sent out.

i saw that, tbh its complex to explain but i have my own smtp package which handles email sending and all, and i use mailpit for testing with docker so i cant change that setup tbh, so i hit mailpit localhost:8025 to check for mails

but anyways whats the approach? i will have to wait for the messages to arrive right? since they arent now instantly sent in the request response cycle

yes, it should basically be instant though.

yeah so i like keep a timeout of 1 sec?

if you end up going with the smtp support i have in litestar-email, it's this: https://github.com/litestar-org/litestar-fullstack/blob/main/src/py/tests/integration/accounts/routes/test_email_verification.py

i wouldn't really test this way, I'd try to mock the service so it didn't actually send in my tests

async def wait_for_messages(
        self,
        email: str,
        count: int = 1,
        interval: float = 0.1,
    ) -> list[dict[str, Any]]:
        while True:
            messages = await self.get_messages_for(email)
            if len(messages) >= count:
                return messages
            await asyncio.sleep(interval)

so i have this method, and in the tests i do something like this

async with asyncio.timeout(2.0):
        messages = await mailpit.wait_for_messages("[email protected]")

if it's working, go for it

but tbh mailpit is meant for testing mails only

both manual and automated

yes, mailpit is definitely just a dev tool

i run the mailpit container using the testcontainers lib in the tests, and when its manual it is just docker compose up

is timeout=1 a good threshold like where a platform specific things wont matter?

i am just worried about that, since its passing in the local testing but maybe it will fail in ci/cd?

i'd say if it takes more than a second to send an email to a local docker container that's a problem. I don't know how long mailpit takes to register a received mail, that would be the only thing about it

how are you tesing that it sent now?

the timeout method?

async def get_messages_for(self, email: str) -> list[dict[str, Any]]:
        messages = await self.get_messages()
        return [
            msg
            for msg in messages
            if any(to.get("Address") == email for to in msg.get("To", []))
        ]

yeah it just calls this method

i see that you have that await_events thing i can add that too, then it will be basically perfect right

but its basically the same asyncio.sleep i wrote i guess

tbh you should just wrap it in asyncio.timeout block instead of doing the elapsed < max_wait here too https://github.com/litestar-org/litestar-fullstack/blob/4fab0fbc3f233167c257690c933866a79e324cf9/src/py/tests/utils/events.py#L8

src/py/tests/utils/events.py line 8

async def wait_for_events(max_wait: float = 1.0, interval: float = 0.1) -> None:

https://docs.astral.sh/ruff/rules/async-function-with-timeout/

ok so i am confused if we are just doing this https://github.com/litestar-org/litestar-fullstack/blob/4fab0fbc3f233167c257690c933866a79e324cf9/src/py/tests/utils/events.py#L8 , why arent we just asyncio.sleeping for a duration?

src/py/tests/utils/events.py line 8

async def wait_for_events(max_wait: float = 1.0, interval: float = 0.1) -> None: