diff --git a/src/main/java/io/supertokens/emailpassword/EmailPassword.java b/src/main/java/io/supertokens/emailpassword/EmailPassword.java index 950b9bf3e..2ac0a96b9 100644 --- a/src/main/java/io/supertokens/emailpassword/EmailPassword.java +++ b/src/main/java/io/supertokens/emailpassword/EmailPassword.java @@ -676,7 +676,7 @@ public static AuthRecipeUserInfo getUserUsingId(AppIdentifierWithStorage appIden return null; } for (LoginMethod lM : result.loginMethods) { - if (lM.getSupertokensUserId().equals(userId)) { + if (lM.getSupertokensUserId().equals(userId) && lM.recipeId == RECIPE_ID.EMAIL_PASSWORD) { return AuthRecipeUserInfo.create(lM.getSupertokensUserId(), result.isPrimaryUser, lM); } } diff --git a/src/main/java/io/supertokens/passwordless/Passwordless.java b/src/main/java/io/supertokens/passwordless/Passwordless.java index 930e61493..62f92b037 100644 --- a/src/main/java/io/supertokens/passwordless/Passwordless.java +++ b/src/main/java/io/supertokens/passwordless/Passwordless.java @@ -608,7 +608,7 @@ public static AuthRecipeUserInfo getUserById(AppIdentifierWithStorage appIdentif return null; } for (LoginMethod lM : result.loginMethods) { - if (lM.getSupertokensUserId().equals(userId)) { + if (lM.getSupertokensUserId().equals(userId) && lM.recipeId == RECIPE_ID.PASSWORDLESS) { return AuthRecipeUserInfo.create(lM.getSupertokensUserId(), result.isPrimaryUser, lM); } diff --git a/src/main/java/io/supertokens/thirdparty/ThirdParty.java b/src/main/java/io/supertokens/thirdparty/ThirdParty.java index 3100daf4a..33a7f8717 100644 --- a/src/main/java/io/supertokens/thirdparty/ThirdParty.java +++ b/src/main/java/io/supertokens/thirdparty/ThirdParty.java @@ -337,7 +337,7 @@ public static AuthRecipeUserInfo getUser(AppIdentifierWithStorage appIdentifierW return null; } for (LoginMethod lM : result.loginMethods) { - if (lM.getSupertokensUserId().equals(userId)) { + if (lM.getSupertokensUserId().equals(userId) && lM.recipeId == RECIPE_ID.THIRD_PARTY) { return AuthRecipeUserInfo.create(lM.getSupertokensUserId(), result.isPrimaryUser, lM); } diff --git a/src/test/java/io/supertokens/test/emailpassword/api/EmailPasswordGetUserAPITest2_7.java b/src/test/java/io/supertokens/test/emailpassword/api/EmailPasswordGetUserAPITest2_7.java index 4cbb5f559..ee71b3b44 100644 --- a/src/test/java/io/supertokens/test/emailpassword/api/EmailPasswordGetUserAPITest2_7.java +++ b/src/test/java/io/supertokens/test/emailpassword/api/EmailPasswordGetUserAPITest2_7.java @@ -18,11 +18,14 @@ import com.google.gson.JsonObject; import io.supertokens.ProcessState; +import io.supertokens.passwordless.Passwordless; import io.supertokens.pluginInterface.STORAGE_TYPE; +import io.supertokens.pluginInterface.authRecipe.AuthRecipeUserInfo; import io.supertokens.storageLayer.StorageLayer; import io.supertokens.test.TestingProcessManager; import io.supertokens.test.Utils; import io.supertokens.test.httpRequest.HttpRequestForTesting; +import io.supertokens.thirdparty.ThirdParty; import io.supertokens.utils.SemVer; import org.junit.AfterClass; import org.junit.Before; @@ -194,4 +197,44 @@ public void testForAllTypesOfOutput() throws Exception { process.kill(); assertNotNull(process.checkOrWaitForEvent(ProcessState.PROCESS_STATE.STOPPED)); } + + @Test + public void testGetUserForUsersOfOtherRecipeIds() throws Exception { + String[] args = {"../"}; + + TestingProcessManager.TestingProcess process = TestingProcessManager.start(args); + assertNotNull(process.checkOrWaitForEvent(ProcessState.PROCESS_STATE.STARTED)); + + if (StorageLayer.getStorage(process.getProcess()).getType() != STORAGE_TYPE.SQL) { + return; + } + + AuthRecipeUserInfo user1 = ThirdParty.signInUp(process.getProcess(), "google", "googleid", "test@example.com").user; + Passwordless.CreateCodeResponse user2code = Passwordless.createCode(process.getProcess(), "test@example.com", + null, null, null); + AuthRecipeUserInfo user2 = Passwordless.consumeCode(process.getProcess(), user2code.deviceId, user2code.deviceIdHash, user2code.userInputCode, null).user; + + { + HashMap map = new HashMap<>(); + map.put("userId", user1.getSupertokensUserId()); + + JsonObject response = HttpRequestForTesting.sendGETRequest(process.getProcess(), "", + "http://localhost:3567/recipe/user", map, 1000, 1000, null, SemVer.v2_7.get(), + "emailpassword"); + assertEquals(response.get("status").getAsString(), "UNKNOWN_USER_ID_ERROR"); + } + + { + HashMap map = new HashMap<>(); + map.put("userId", user2.getSupertokensUserId()); + + JsonObject response = HttpRequestForTesting.sendGETRequest(process.getProcess(), "", + "http://localhost:3567/recipe/user", map, 1000, 1000, null, SemVer.v2_7.get(), + "emailpassword"); + assertEquals(response.get("status").getAsString(), "UNKNOWN_USER_ID_ERROR"); + } + + process.kill(); + assertNotNull(process.checkOrWaitForEvent(ProcessState.PROCESS_STATE.STOPPED)); + } } diff --git a/src/test/java/io/supertokens/test/passwordless/api/PasswordlessUserGetAPITest2_11.java b/src/test/java/io/supertokens/test/passwordless/api/PasswordlessUserGetAPITest2_11.java index 0f2b3f24e..92d1b580d 100644 --- a/src/test/java/io/supertokens/test/passwordless/api/PasswordlessUserGetAPITest2_11.java +++ b/src/test/java/io/supertokens/test/passwordless/api/PasswordlessUserGetAPITest2_11.java @@ -18,7 +18,10 @@ import com.google.gson.JsonObject; import io.supertokens.ProcessState; +import io.supertokens.emailpassword.EmailPassword; +import io.supertokens.passwordless.Passwordless; import io.supertokens.pluginInterface.STORAGE_TYPE; +import io.supertokens.pluginInterface.authRecipe.AuthRecipeUserInfo; import io.supertokens.pluginInterface.multitenancy.TenantIdentifier; import io.supertokens.pluginInterface.passwordless.PasswordlessStorage; import io.supertokens.storageLayer.StorageLayer; @@ -26,6 +29,7 @@ import io.supertokens.test.Utils; import io.supertokens.test.httpRequest.HttpRequestForTesting; +import io.supertokens.thirdparty.ThirdParty; import io.supertokens.utils.SemVer; import io.supertokens.test.httpRequest.HttpResponseException; import org.junit.AfterClass; @@ -233,4 +237,42 @@ private static void checkUser(JsonObject resp, String userId, String email, Stri assert (System.currentTimeMillis() - 10000 < user.get("timeJoined").getAsLong()); assertEquals(3, user.entrySet().size()); } + + @Test + public void testGetUserForUsersOfOtherRecipeIds() throws Exception { + String[] args = {"../"}; + + TestingProcessManager.TestingProcess process = TestingProcessManager.start(args); + assertNotNull(process.checkOrWaitForEvent(ProcessState.PROCESS_STATE.STARTED)); + + if (StorageLayer.getStorage(process.getProcess()).getType() != STORAGE_TYPE.SQL) { + return; + } + + AuthRecipeUserInfo user1 = EmailPassword.signUp(process.getProcess(), "test@example.com", "password"); + AuthRecipeUserInfo user2 = ThirdParty.signInUp(process.getProcess(), "google", "googleid", "test@example.com").user; + + { + HashMap map = new HashMap<>(); + map.put("userId", user1.getSupertokensUserId()); + + JsonObject response = HttpRequestForTesting.sendGETRequest(process.getProcess(), "", + "http://localhost:3567/recipe/user", map, 1000, 1000, null, SemVer.v2_7.get(), + "passwordless"); + assertEquals(response.get("status").getAsString(), "UNKNOWN_USER_ID_ERROR"); + } + + { + HashMap map = new HashMap<>(); + map.put("userId", user2.getSupertokensUserId()); + + JsonObject response = HttpRequestForTesting.sendGETRequest(process.getProcess(), "", + "http://localhost:3567/recipe/user", map, 1000, 1000, null, SemVer.v2_7.get(), + "passwordless"); + assertEquals(response.get("status").getAsString(), "UNKNOWN_USER_ID_ERROR"); + } + + process.kill(); + assertNotNull(process.checkOrWaitForEvent(ProcessState.PROCESS_STATE.STOPPED)); + } } diff --git a/src/test/java/io/supertokens/test/thirdparty/api/ThirdPartyGetUserAPITest2_7.java b/src/test/java/io/supertokens/test/thirdparty/api/ThirdPartyGetUserAPITest2_7.java index 7ab18068b..9aab47c5a 100644 --- a/src/test/java/io/supertokens/test/thirdparty/api/ThirdPartyGetUserAPITest2_7.java +++ b/src/test/java/io/supertokens/test/thirdparty/api/ThirdPartyGetUserAPITest2_7.java @@ -18,7 +18,10 @@ import com.google.gson.JsonObject; import io.supertokens.ProcessState; +import io.supertokens.emailpassword.EmailPassword; +import io.supertokens.passwordless.Passwordless; import io.supertokens.pluginInterface.STORAGE_TYPE; +import io.supertokens.pluginInterface.authRecipe.AuthRecipeUserInfo; import io.supertokens.storageLayer.StorageLayer; import io.supertokens.test.TestingProcessManager; import io.supertokens.test.Utils; @@ -205,6 +208,46 @@ public void testAllTypesOfOutput() throws Exception { } } + @Test + public void testGetUserForUsersOfOtherRecipeIds() throws Exception { + String[] args = {"../"}; + + TestingProcessManager.TestingProcess process = TestingProcessManager.start(args); + assertNotNull(process.checkOrWaitForEvent(ProcessState.PROCESS_STATE.STARTED)); + + if (StorageLayer.getStorage(process.getProcess()).getType() != STORAGE_TYPE.SQL) { + return; + } + + AuthRecipeUserInfo user1 = EmailPassword.signUp(process.getProcess(), "test@example.com", "password"); + Passwordless.CreateCodeResponse user2code = Passwordless.createCode(process.getProcess(), "test@example.com", + null, null, null); + AuthRecipeUserInfo user2 = Passwordless.consumeCode(process.getProcess(), user2code.deviceId, user2code.deviceIdHash, user2code.userInputCode, null).user; + + { + HashMap map = new HashMap<>(); + map.put("userId", user1.getSupertokensUserId()); + + JsonObject response = HttpRequestForTesting.sendGETRequest(process.getProcess(), "", + "http://localhost:3567/recipe/user", map, 1000, 1000, null, SemVer.v2_7.get(), + "thirdparty"); + assertEquals(response.get("status").getAsString(), "UNKNOWN_USER_ID_ERROR"); + } + + { + HashMap map = new HashMap<>(); + map.put("userId", user2.getSupertokensUserId()); + + JsonObject response = HttpRequestForTesting.sendGETRequest(process.getProcess(), "", + "http://localhost:3567/recipe/user", map, 1000, 1000, null, SemVer.v2_7.get(), + "thirdparty"); + assertEquals(response.get("status").getAsString(), "UNKNOWN_USER_ID_ERROR"); + } + + process.kill(); + assertNotNull(process.checkOrWaitForEvent(ProcessState.PROCESS_STATE.STOPPED)); + } + public static void checkUser(JsonObject user, String thirdPartyId, String thirdPartyUserId, String email) { assertNotNull(user.get("id")); assertNotNull(user.get("timeJoined"));