fractal-server 2.17.0a3__py3-none-any.whl → 2.17.0a5__py3-none-any.whl

fractal_server/app/security/__init__.py

@@ -1,14 +1,3 @@
-# Copyright 2022 (C) Friedrich Miescher Institute for Biomedical Research and
-# University of Zurich
-#
-# Original authors:
-# Jacopo Nespolo <jacopo.nespolo@exact-lab.it>
-# Tommaso Comparin <tommaso.comparin@exact-lab.it>
-#
-# This file is part of Fractal and was originally developed by eXact lab S.r.l.
-# <exact-lab.it> under contract with Liberali Lab from the Friedrich Miescher
-# Institute for Biomedical Research and Pelkmans Lab from the University of
-# Zurich.
 """
 Auth subsystem
 
@@ -30,6 +19,7 @@ import contextlib
 from collections.abc import AsyncGenerator
 from typing import Any
 from typing import Generic
+from typing import Self
 
 from fastapi import Depends
 from fastapi import Request
@@ -55,10 +45,12 @@ from fractal_server.app.models import LinkUserGroup
 from fractal_server.app.models import OAuthAccount
 from fractal_server.app.models import UserGroup
 from fractal_server.app.models import UserOAuth
-from fractal_server.app.models import UserSettings
 from fractal_server.app.schemas.user import UserCreate
-from fractal_server.app.security.signup_email import mail_new_oauth_signup
+from fractal_server.app.security.signup_email import (
+    send_fractal_email_or_log_failure,
+)
 from fractal_server.config import get_email_settings
+from fractal_server.config import get_settings
 from fractal_server.logger import set_logger
 from fractal_server.syringe import Inject
 
@@ -209,6 +201,131 @@ class UserManager(IntegerIDMixin, BaseUserManager[UserOAuth, int]):
                 f"The password is too long (maximum length: {min_length})."
             )
 
+    async def oauth_callback(
+        self: Self,
+        oauth_name: str,
+        access_token: str,
+        account_id: str,
+        account_email: str,
+        expires_at: int | None = None,
+        refresh_token: str | None = None,
+        request: Request | None = None,
+        *,
+        associate_by_email: bool = False,
+        is_verified_by_default: bool = False,
+    ) -> UserOAuth:
+        """
+        Handle the callback after a successful OAuth authentication.
+
+        This method extends the corresponding `BaseUserManager` method of
+        > fastapi-users v14.0.1, Copyright (c) 2019 François Voron, MIT License
+
+        If the user already exists with this OAuth account, the token is
+        updated.
+
+        If a user with the same e-mail already exists and `associate_by_email`
+        is True, the OAuth account is associated to this user.
+        Otherwise, the `UserNotExists` exception is raised.
+
+        If the user does not exist, send an email to the Fractal admins (if
+        configured) and respond with a 400 error status. NOTE: This is the
+        function branch where the `fractal-server` implementation deviates
+        from the original `fastapi-users` one.
+
+        :param oauth_name: Name of the OAuth client.
+        :param access_token: Valid access token for the service provider.
+        :param account_id: models.ID of the user on the service provider.
+        :param account_email: E-mail of the user on the service provider.
+        :param expires_at: Optional timestamp at which the access token
+        expires.
+        :param refresh_token: Optional refresh token to get a
+        fresh access token from the service provider.
+        :param request: Optional FastAPI request that
+        triggered the operation, defaults to None
+        :param associate_by_email: If True, any existing user with the same
+        e-mail address will be associated to this user. Defaults to False.
+        :param is_verified_by_default: If True, the `is_verified` flag will be
+        set to `True` on newly created user. Make sure the OAuth Provider you
+        are using does verify the email address before enabling this flag.
+        Defaults to False.
+        :return: A user.
+        """
+        from fastapi import HTTPException
+        from fastapi import status
+        from fastapi_users import exceptions
+
+        oauth_account_dict = {
+            "oauth_name": oauth_name,
+            "access_token": access_token,
+            "account_id": account_id,
+            "account_email": account_email,
+            "expires_at": expires_at,
+            "refresh_token": refresh_token,
+        }
+
+        try:
+            user = await self.get_by_oauth_account(oauth_name, account_id)
+        except exceptions.UserNotExists:
+            try:
+                # Associate account
+                user = await self.get_by_email(account_email)
+                if not associate_by_email:
+                    raise exceptions.UserAlreadyExists()
+                user = await self.user_db.add_oauth_account(
+                    user, oauth_account_dict
+                )
+            except exceptions.UserNotExists:
+                # (0) Log
+                logger.warning(
+                    f"Self-registration attempt by {account_email}."
+                )
+
+                # (1) Prepare user-facing error message
+                settings = Inject(get_settings)
+                error_msg = (
+                    "Thank you for registering for the Fractal service. "
+                    "Administrators have been informed to configure your "
+                    "account and will get back to you."
+                )
+                if settings.FRACTAL_HELP_URL is not None:
+                    error_msg = (
+                        f"{error_msg}\n"
+                        "You can find more information about the onboarding "
+                        f"process at {settings.FRACTAL_HELP_URL}."
+                    )
+
+                # (2) Send email to admins
+                email_settings = Inject(get_email_settings)
+                send_fractal_email_or_log_failure(
+                    subject="New OAuth self-registration",
+                    msg=(
+                        f"User '{account_email}' tried to "
+                        "self-register through OAuth.\n"
+                        "Please create the Fractal account manually.\n"
+                        "Here is the error message displayed to the "
+                        f"user:\n{error_msg}"
+                    ),
+                    email_settings=email_settings.public,
+                )
+
+                # (3) Raise
+                raise HTTPException(
+                    status_code=status.HTTP_400_BAD_REQUEST,
+                    detail=error_msg,
+                )
+        else:
+            # Update oauth
+            for existing_oauth_account in user.oauth_accounts:
+                if (
+                    existing_oauth_account.account_id == account_id
+                    and existing_oauth_account.oauth_name == oauth_name
+                ):
+                    user = await self.user_db.update_oauth_account(
+                        user, existing_oauth_account, oauth_account_dict
+                    )
+
+        return user
+
     async def on_after_register(
         self, user: UserOAuth, request: Request | None = None
     ):
@@ -216,7 +333,6 @@ class UserManager(IntegerIDMixin, BaseUserManager[UserOAuth, int]):
             f"New-user registration completed ({user.id=}, {user.email=})."
         )
         async for db in get_async_db():
-            # Find default group
             stm = select(UserGroup).where(
                 UserGroup.name == FRACTAL_DEFAULT_GROUP_NAME
             )
@@ -236,38 +352,6 @@ class UserManager(IntegerIDMixin, BaseUserManager[UserOAuth, int]):
                     f"Added {user.email} user to group {default_group.id=}."
                 )
 
-            this_user = await db.get(UserOAuth, user.id)
-
-            this_user.settings = UserSettings()
-            await db.merge(this_user)
-            await db.commit()
-            await db.refresh(this_user)
-            logger.info(
-                f"Associated empty settings (id={this_user.user_settings_id}) "
-                f"to '{this_user.email}'."
-            )
-
-            # Send mail section
-            email_settings = Inject(get_email_settings)
-
-            if this_user.oauth_accounts and email_settings.public is not None:
-                try:
-                    logger.info(
-                        "START sending email about new signup to "
-                        f"{email_settings.public.recipients}."
-                    )
-                    mail_new_oauth_signup(
-                        msg=f"New user registered: '{this_user.email}'.",
-                        email_settings=email_settings.public,
-                    )
-                    logger.info("END sending email about new signup.")
-                except Exception as e:
-                    logger.error(
-                        "ERROR sending notification email after oauth "
-                        f"registration of {this_user.email}. "
-                        f"Original error: '{e}'."
-                    )
-
 
 async def get_user_manager(
     user_db: SQLModelUserDatabaseAsync = Depends(get_user_db),
@@ -283,6 +367,8 @@ get_user_manager_context = contextlib.asynccontextmanager(get_user_manager)
 async def _create_first_user(
     email: str,
     password: str,
+    project_dir: str,
+    profile_id: int | None = None,
     is_superuser: bool = False,
     is_verified: bool = False,
 ) -> None:
@@ -331,6 +417,8 @@ async def _create_first_user(
                     kwargs = dict(
                         email=email,
                         password=password,
+                        project_dir=project_dir,
+                        profile_id=profile_id,
                         is_superuser=is_superuser,
                         is_verified=is_verified,
                     )

fractal_server/app/security/signup_email.py

@@ -2,47 +2,65 @@ import smtplib
 from email.message import EmailMessage
 from email.utils import formataddr
 
-from cryptography.fernet import Fernet
-
 from fractal_server.config import PublicEmailSettings
+from fractal_server.logger import set_logger
+
+logger = set_logger(__name__)
 
 
-def mail_new_oauth_signup(msg: str, email_settings: PublicEmailSettings):
+def send_fractal_email_or_log_failure(
+    *,
+    subject: str,
+    msg: str,
+    email_settings: PublicEmailSettings | None,
+):
     """
-    Send an email using the specified settings to notify a new OAuth signup.
+    Send an email using the specified settings, or log about failure.
     """
 
-    mail_msg = EmailMessage()
-    mail_msg.set_content(msg)
-    mail_msg["From"] = formataddr(
-        (email_settings.sender, email_settings.sender)
-    )
-    mail_msg["To"] = ", ".join(
-        [
-            formataddr((recipient, recipient))
-            for recipient in email_settings.recipients
-        ]
-    )
-    mail_msg[
-        "Subject"
-    ] = f"[Fractal, {email_settings.instance_name}] New OAuth signup"
+    if email_settings is None:
+        logger.error(
+            f"Cannot send email with {subject=}, because {email_settings=}."
+        )
 
-    with smtplib.SMTP(
-        email_settings.smtp_server, email_settings.port
-    ) as server:
-        server.ehlo()
-        if email_settings.use_starttls:
-            server.starttls()
+    try:
+        logger.info(f"START sending email with {subject=}.")
+        mail_msg = EmailMessage()
+        mail_msg.set_content(msg)
+        mail_msg["From"] = formataddr(
+            (email_settings.sender, email_settings.sender)
+        )
+        mail_msg["To"] = ", ".join(
+            [
+                formataddr((recipient, recipient))
+                for recipient in email_settings.recipients
+            ]
+        )
+        mail_msg[
+            "Subject"
+        ] = f"[Fractal, {email_settings.instance_name}] {subject}"
+        with smtplib.SMTP(
+            email_settings.smtp_server,
+            email_settings.port,
+        ) as server:
             server.ehlo()
-        if email_settings.use_login:
-            password = (
-                Fernet(email_settings.encryption_key.get_secret_value())
-                .decrypt(email_settings.encrypted_password.get_secret_value())
-                .decode("utf-8")
+            if email_settings.use_starttls:
+                server.starttls()
+                server.ehlo()
+            if email_settings.use_login:
+                server.login(
+                    user=email_settings.sender,
+                    password=email_settings.password.get_secret_value(),
+                )
+            server.sendmail(
+                from_addr=email_settings.sender,
+                to_addrs=email_settings.recipients,
+                msg=mail_msg.as_string(),
             )
-            server.login(user=email_settings.sender, password=password)
-        server.sendmail(
-            from_addr=email_settings.sender,
-            to_addrs=email_settings.recipients,
-            msg=mail_msg.as_string(),
+        logger.info(f"END sending email with {subject=}.")
+
+    except Exception as e:
+        logger.error(
+            "Could not send self-registration email, "
+            f"original error: {str(e)}."
         )

fractal_server/config/__init__.py

@@ -1,8 +1,8 @@
 from ._database import DatabaseSettings
 from ._email import EmailSettings
 from ._email import PublicEmailSettings  # noqa F401
-from ._init_data import InitDataSettings
 from ._main import Settings
+from ._main import ViewerAuthScheme  # noqa F401
 from ._oauth import OAuthSettings
 
 
@@ -18,11 +18,5 @@ def get_email_settings(email_settings=EmailSettings()) -> EmailSettings:
     return email_settings
 
 
-def get_init_data_settings(
-    init_data_settings=InitDataSettings(),
-) -> InitDataSettings:
-    return init_data_settings
-
-
 def get_oauth_settings(oauth_settings=OAuthSettings()) -> OAuthSettings:
     return oauth_settings

fractal_server/config/_email.py

@@ -1,6 +1,6 @@
 from typing import Literal
+from typing import Self
 
-from cryptography.fernet import Fernet
 from pydantic import BaseModel
 from pydantic import EmailStr
 from pydantic import Field
@@ -31,8 +31,7 @@ class PublicEmailSettings(BaseModel):
     recipients: list[EmailStr] = Field(min_length=1)
     smtp_server: str
     port: int
-    encrypted_password: SecretStr | None = None
-    encryption_key: SecretStr | None = None
+    password: SecretStr | None = None
     instance_name: str
     use_starttls: bool
     use_login: bool
@@ -53,10 +52,6 @@ class EmailSettings(BaseSettings):
     """
     Password for the OAuth-signup email sender.
     """
-    FRACTAL_EMAIL_PASSWORD_KEY: SecretStr | None = None
-    """
-    Key value for `cryptography.fernet` decrypt
-    """
     FRACTAL_EMAIL_SMTP_SERVER: str | None = None
     """
     SMTP server for the OAuth-signup emails.
@@ -81,8 +76,7 @@ class EmailSettings(BaseSettings):
     FRACTAL_EMAIL_USE_LOGIN: Literal["true", "false"] = "true"
     """
     Whether to use login when using the SMTP server.
-    If 'true', FRACTAL_EMAIL_PASSWORD and FRACTAL_EMAIL_PASSWORD_KEY must be
-    provided.
+    If 'true', FRACTAL_EMAIL_PASSWORD  must be provided.
     Accepted values: 'true', 'false'.
     """
 
@@ -93,7 +87,7 @@ class EmailSettings(BaseSettings):
     """
 
     @model_validator(mode="after")
-    def validate_email_settings(self):
+    def validate_email_settings(self: Self) -> Self:
         """
         Set `self.public`.
         """
@@ -119,49 +113,18 @@ class EmailSettings(BaseSettings):
             use_starttls = self.FRACTAL_EMAIL_USE_STARTTLS == "true"
             use_login = self.FRACTAL_EMAIL_USE_LOGIN == "true"
 
-            if use_login:
-                if self.FRACTAL_EMAIL_PASSWORD is None:
-                    raise ValueError(
-                        "'FRACTAL_EMAIL_USE_LOGIN' is 'true' but "
-                        "'FRACTAL_EMAIL_PASSWORD' is not provided."
-                    )
-                if self.FRACTAL_EMAIL_PASSWORD_KEY is None:
-                    raise ValueError(
-                        "'FRACTAL_EMAIL_USE_LOGIN' is 'true' but "
-                        "'FRACTAL_EMAIL_PASSWORD_KEY' is not provided."
-                    )
-                try:
-                    (
-                        Fernet(
-                            self.FRACTAL_EMAIL_PASSWORD_KEY.get_secret_value()
-                        )
-                        .decrypt(
-                            self.FRACTAL_EMAIL_PASSWORD.get_secret_value()
-                        )
-                        .decode("utf-8")
-                    )
-                except Exception as e:
-                    raise ValueError(
-                        "Invalid pair (FRACTAL_EMAIL_PASSWORD, "
-                        "FRACTAL_EMAIL_PASSWORD_KEY). "
-                        f"Original error: {str(e)}."
-                    )
-                password = self.FRACTAL_EMAIL_PASSWORD.get_secret_value()
-            else:
-                password = None
-
-            if self.FRACTAL_EMAIL_PASSWORD_KEY is not None:
-                key = self.FRACTAL_EMAIL_PASSWORD_KEY.get_secret_value()
-            else:
-                key = None
+            if use_login and self.FRACTAL_EMAIL_PASSWORD is None:
+                raise ValueError(
+                    "'FRACTAL_EMAIL_USE_LOGIN' is 'true' but "
+                    "'FRACTAL_EMAIL_PASSWORD' is not provided."
+                )
 
             self.public = PublicEmailSettings(
                 sender=self.FRACTAL_EMAIL_SENDER,
                 recipients=self.FRACTAL_EMAIL_RECIPIENTS.split(","),
                 smtp_server=self.FRACTAL_EMAIL_SMTP_SERVER,
                 port=self.FRACTAL_EMAIL_SMTP_PORT,
-                encrypted_password=password,
-                encryption_key=key,
+                password=self.FRACTAL_EMAIL_PASSWORD,
                 instance_name=self.FRACTAL_EMAIL_INSTANCE_NAME,
                 use_starttls=use_starttls,
                 use_login=use_login,

fractal_server/config/_main.py

@@ -1,7 +1,9 @@
 import logging
+from enum import StrEnum
 from typing import Literal
 from typing import TypeVar
 
+from pydantic import HttpUrl
 from pydantic import SecretStr
 from pydantic_settings import BaseSettings
 from pydantic_settings import SettingsConfigDict
@@ -14,6 +16,12 @@ class FractalConfigurationError(ValueError):
     pass
 
 
+class ViewerAuthScheme(StrEnum):
+    VIEWER_PATHS = "viewer-paths"
+    USERS_FOLDERS = "users-folders"
+    NONE = "none"
+
+
 T = TypeVar("T")
 
 
@@ -72,9 +80,7 @@ class Settings(BaseSettings):
     Waiting time for the shutdown phase of executors
     """
 
-    FRACTAL_VIEWER_AUTHORIZATION_SCHEME: Literal[
-        "viewer-paths", "users-folders", "none"
-    ] = "none"
+    FRACTAL_VIEWER_AUTHORIZATION_SCHEME: ViewerAuthScheme = "none"
     """
     Defines how the list of allowed viewer paths is built.
 
@@ -119,3 +125,8 @@ class Settings(BaseSettings):
                     "FRACTAL_VIEWER_AUTHORIZATION_SCHEME is set to "
                     "users-folders"
                 )
+
+    FRACTAL_HELP_URL: HttpUrl | None = None
+    """
+    The URL of an instance-specific Fractal help page.
+    """

fractal_server/migrations/versions/f65ee53991e3_user_settings_related.py

@@ -0,0 +1,67 @@
+"""user-settings-related
+
+Revision ID: f65ee53991e3
+Revises: 90f6508c6379
+Create Date: 2025-10-22 15:16:42.217910
+
+"""
+import sqlalchemy as sa
+from alembic import op
+from sqlalchemy.dialects import postgresql
+
+# revision identifiers, used by Alembic.
+revision = "f65ee53991e3"
+down_revision = "90f6508c6379"
+branch_labels = None
+depends_on = None
+
+
+def upgrade() -> None:
+    # ### commands auto generated by Alembic - please adjust! ###
+    with op.batch_alter_table("user_oauth", schema=None) as batch_op:
+        batch_op.add_column(
+            sa.Column(
+                "project_dir",
+                sa.String(),
+                server_default="/PLACEHOLDER",
+                nullable=False,
+            )
+        )
+        batch_op.add_column(
+            sa.Column(
+                "slurm_accounts",
+                postgresql.ARRAY(sa.String()),
+                server_default="{}",
+                nullable=True,
+            )
+        )
+        batch_op.drop_constraint(
+            batch_op.f("fk_user_oauth_user_settings_id_user_settings"),
+            type_="foreignkey",
+        )
+        batch_op.drop_column("user_settings_id")
+
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    # ### commands auto generated by Alembic - please adjust! ###
+    with op.batch_alter_table("user_oauth", schema=None) as batch_op:
+        batch_op.add_column(
+            sa.Column(
+                "user_settings_id",
+                sa.INTEGER(),
+                autoincrement=False,
+                nullable=True,
+            )
+        )
+        batch_op.create_foreign_key(
+            batch_op.f("fk_user_oauth_user_settings_id_user_settings"),
+            "user_settings",
+            ["user_settings_id"],
+            ["id"],
+        )
+        batch_op.drop_column("slurm_accounts")
+        batch_op.drop_column("project_dir")
+
+    # ### end Alembic commands ###

fractal_server/runner/config/_slurm.py

@@ -3,6 +3,7 @@ from typing import Annotated
 from pydantic import AfterValidator
 from pydantic import BaseModel
 from pydantic import ConfigDict
+from pydantic import Field
 from pydantic.types import PositiveInt
 
 from fractal_server.runner.config.slurm_mem_to_MB import slurm_mem_to_MB
@@ -44,7 +45,7 @@ class _SlurmConfigSet(BaseModel):
     nodelist: NonEmptyStr | None = None
     time: NonEmptyStr | None = None
     account: NonEmptyStr | None = None
-    extra_lines: list[NonEmptyStr] | None = None
+    extra_lines: list[NonEmptyStr] = Field(default_factory=list)
     gpus: NonEmptyStr | None = None
 
 
@@ -125,4 +126,4 @@ class JobRunnerConfigSLURM(BaseModel):
     default_slurm_config: _SlurmConfigSet
     gpu_slurm_config: _SlurmConfigSet | None = None
     batching_config: _BatchingConfigSet
-    user_local_exports: DictStrStr | None = None
+    user_local_exports: DictStrStr = Field(default_factory=dict)

fractal_server/runner/executors/slurm_common/base_slurm_runner.py

@@ -87,7 +87,7 @@ class BaseSlurmRunner(BaseRunner):
         python_worker_interpreter: str,
         poll_interval: int,
         common_script_lines: list[str] | None = None,
-        user_cache_dir: str | None = None,  # FIXME: make required?
+        user_cache_dir: str,
         slurm_account: str | None = None,
     ):
         self.slurm_runner_type = slurm_runner_type
@@ -252,7 +252,7 @@ class BaseSlurmRunner(BaseRunner):
                 f"Add {self.common_script_lines} to "
                 f"{new_slurm_config.extra_lines=}."
             )
-            current_extra_lines = new_slurm_config.extra_lines or []
+            current_extra_lines = new_slurm_config.extra_lines
             new_slurm_config.extra_lines = (
                 current_extra_lines + self.common_script_lines
             )

fractal_server/runner/executors/slurm_common/get_slurm_config.py

@@ -77,7 +77,7 @@ def _get_slurm_config_internal(
     else:
         needs_gpu = False
     logger.debug(f"[get_slurm_config] {needs_gpu=}")
-    if needs_gpu:
+    if needs_gpu and shared_config.gpu_slurm_config is not None:
         for key, value in shared_config.gpu_slurm_config.model_dump(
             exclude_unset=True, exclude={"mem"}
         ).items():

fractal_server/runner/executors/slurm_common/slurm_config.py

@@ -83,10 +83,10 @@ class SlurmConfig(BaseModel):
 
     # Free-field attribute for extra lines to be added to the SLURM job
     # preamble
-    extra_lines: list[str] | None = Field(default_factory=list)
+    extra_lines: list[str] = Field(default_factory=list)
 
     # Variables that will be `export`ed in the SLURM submission script
-    user_local_exports: dict[str, str] | None = None
+    user_local_exports: dict[str, str] = Field(default_factory=dict)
 
     # Metaparameters needed to combine multiple tasks in each SLURM job
     tasks_per_job: int | None = None
@@ -136,7 +136,7 @@ class SlurmConfig(BaseModel):
 
     def to_sbatch_preamble(
         self,
-        remote_export_dir: str | None = None,
+        remote_export_dir: str,
     ) -> list[str]:
         """
         Compile `SlurmConfig` object into the preamble of a SLURM submission
@@ -152,9 +152,8 @@ class SlurmConfig(BaseModel):
                 "SlurmConfig.sbatch_preamble requires that "
                 f"{self.parallel_tasks_per_job=} is not None."
             )
-        if self.extra_lines:
-            if len(self.extra_lines) != len(set(self.extra_lines)):
-                raise ValueError(f"{self.extra_lines=} contains repetitions")
+        if len(self.extra_lines) != len(set(self.extra_lines)):
+            raise ValueError(f"{self.extra_lines=} contains repetitions")
 
         mem_per_job_MB = self.parallel_tasks_per_job * self.mem_per_task_MB
         lines = [
@@ -187,15 +186,10 @@ class SlurmConfig(BaseModel):
                 option = key.replace("_", "-")
                 lines.append(f"{self.prefix} --{option}={value}")
 
-        if self.extra_lines:
-            for line in self._sorted_extra_lines():
-                lines.append(line)
+        for line in self._sorted_extra_lines():
+            lines.append(line)
 
         if self.user_local_exports:
-            if remote_export_dir is None:
-                raise ValueError(
-                    f"remote_export_dir=None but {self.user_local_exports=}"
-                )
             for key, value in self.user_local_exports.items():
                 tmp_value = str(Path(remote_export_dir) / value)
                 lines.append(f"export {key}={tmp_value}")

fractal_server/runner/executors/slurm_ssh/runner.py

@@ -31,7 +31,7 @@ class SlurmSSHRunner(BaseSlurmRunner):
         # Specific
         slurm_account: str | None = None,
         profile: Profile,
-        user_cache_dir: str | None = None,
+        user_cache_dir: str,
         fractal_ssh: FractalSSH,
     ) -> None:
         """