From 4a4c6ac4c06874aeac6db2b8c80892f2efe00a74 Mon Sep 17 00:00:00 2001
From: Pedro Crespo-Valero <32402063+pcrespov@users.noreply.github.com>
Date: Wed, 22 Oct 2025 18:19:26 +0200
Subject: [PATCH 1/2] =?UTF-8?q?=F0=9F=8E=A8=F0=9F=94=92=EF=B8=8F=20Update?=
 =?UTF-8?q?=20user=20messages=20for=20two-factor=20authentication=20and=20?=
 =?UTF-8?q?password=20prompts?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../login/constants.py                         | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/services/web/server/src/simcore_service_webserver/login/constants.py b/services/web/server/src/simcore_service_webserver/login/constants.py
index 28c86b85943..693a9370b28 100644
--- a/services/web/server/src/simcore_service_webserver/login/constants.py
+++ b/services/web/server/src/simcore_service_webserver/login/constants.py
@@ -6,8 +6,8 @@
     "A verification code has been sent via SMS to {phone_number}.", _version=1
 )
 MSG_2FA_UNAVAILABLE: Final[str] = user_message(
-    "Two-factor authentication is temporarily unavailable. Please try again later.",
-    _version=1,
+    "The two-factor authentication service is currently unavailable. Please try again in a few minutes.",
+    _version=2,
 )
 MSG_ACTIVATED: Final[str] = user_message(
     "Your account has been successfully activated.", _version=1
@@ -17,8 +17,8 @@
     _version=1,
 )
 MSG_AUTH_FAILED: Final[str] = user_message(
-    "We couldn't sign you in with those credentials. Please check your email and password and try again.",
-    _version=1,
+    "The provided credentials are incorrect. Please verify your email and password.",
+    _version=2,
 )
 MSG_CANT_SEND_MAIL: Final[str] = user_message(
     "We're unable to send emails at this time. Please try again later.", _version=1
@@ -99,17 +99,19 @@
     _version=2,
 )
 MSG_WRONG_2FA_CODE__EXPIRED: Final[str] = user_message(
-    "The verification code is either incorrect or has expired. Please request a new verification code and try again.",
-    _version=3,
+    "The verification code has expired or is incorrect. Please request a new code and try again.",
+    _version=4,
 )
 MSG_WRONG_CAPTCHA__INVALID: Final[str] = user_message(
     "The CAPTCHA entered is incorrect. Please try again.", _version=1
 )
 MSG_WRONG_PASSWORD: Final[str] = user_message(
-    "The password is incorrect. Please try again.", _version=1
+    "The password does not match the one associated with this email address. Please try again.",
+    _version=3,
 )
 MSG_WEAK_PASSWORD: Final[str] = user_message(
-    "Password must be at least {LOGIN_PASSWORD_MIN_LENGTH} characters long.", _version=1
+    "Your password must contain at least {LOGIN_PASSWORD_MIN_LENGTH} characters for security.",
+    _version=2,
 )
 MSG_INVITATIONS_CONTACT_SUFFIX: Final[str] = user_message(
     "Please contact our support team to request a new invitation.", _version=1

From 02bb36cea759070baac6477ed224a4f42c57853b Mon Sep 17 00:00:00 2001
From: Pedro Crespo-Valero <32402063+pcrespov@users.noreply.github.com>
Date: Wed, 22 Oct 2025 18:19:47 +0200
Subject: [PATCH 2/2] =?UTF-8?q?=F0=9F=8E=A8=F0=9F=90=9B=20Add=20exception?=
 =?UTF-8?q?=20handling=20to=20registration=20invitation=20and=20registrati?=
 =?UTF-8?q?on=20endpoints?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../login/_controller/rest/registration.py                    | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/services/web/server/src/simcore_service_webserver/login/_controller/rest/registration.py b/services/web/server/src/simcore_service_webserver/login/_controller/rest/registration.py
index c0471af55b9..6ba64857fdd 100644
--- a/services/web/server/src/simcore_service_webserver/login/_controller/rest/registration.py
+++ b/services/web/server/src/simcore_service_webserver/login/_controller/rest/registration.py
@@ -55,6 +55,7 @@
     get_plugin_settings,
 )
 from ._rest_dependencies import get_confirmation_service
+from ._rest_exceptions import handle_rest_requests_exceptions
 from .registration_schemas import (
     InvitationCheck,
     InvitationInfo,
@@ -73,6 +74,7 @@
     name="auth_check_registration_invitation",
 )
 @global_rate_limit_route(number_of_requests=30, interval_seconds=MINUTE)
+@handle_rest_requests_exceptions
 async def check_registration_invitation(request: web.Request):
     """
     Decrypts invitation and extracts associated email or
@@ -103,6 +105,7 @@ async def check_registration_invitation(request: web.Request):
 
 
 @routes.post(f"/{API_VTAG}/auth/register", name="auth_register")
+@handle_rest_requests_exceptions
 async def register(request: web.Request):
     """
     Starts user's registration by providing an email, password and
@@ -309,6 +312,7 @@ async def register(request: web.Request):
     name="auth_resend_2fa_code",
     max_access_count=MAX_2FA_CODE_RESEND,
 )
+@handle_rest_requests_exceptions
 async def register_phone(request: web.Request):
     """
     Submits phone registration