fix: fixes storage handling for non-auth recipes (#942)

* fix: non auth recipe stuff

* fix: user roles

* fix: half done

* fix: thirdparty changes

* fix: passwordless changes

* fix: active users

* fix: session changes

* fix: user metadata

* fix: user roles

* fix: totp

* fix: email verification

* fix: multitenancy and other minor fixes

* fix: compile errors

* fix: bugs and tests

* fix: bugs and tests

* fix: func rename

* fix: PR comments

* fix: pr comments

* fix: pr comments

* fix: pr comments

* fix: user role multitenant tests

* fix: email verification tests

* fix: user role deletion

* fix: user roles

* fix: user roles

* fix: get tenant identifier refactor

* fix: pr comments

* fix: query

* fix: tests version and changelog

* Update CHANGELOG.md

Co-authored-by: Rishabh Poddar <[email protected]>

* fix: pr comments

---------

Co-authored-by: Rishabh Poddar <[email protected]>

CHANGELOG.md

@@ -5,6 +5,32 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres
 to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [8.0.0] - 2024-03-04
+
+### Breaking changes
+
+- The following app specific APIs return a 403 when they are called with a tenant ID other than the `public` one. For example, if the path is `/users/count/active`,  and you call it with `/tenant1/users/count/active`, it will return a 403. But if you call it with `/public/users/count/active`, or just `/users/count/active`, it will work.
+  - GET `/recipe/accountlinking/user/primary/check`
+  - GET `/recipe/accountlinking/user/link/check`
+  - POST `/recipe/accountlinking/user/primary`
+  - POST `/recipe/accountlinking/user/link`
+  - POST `/recipe/accountlinking/user/unlink`
+  - GET `/users/count/active`
+  - POST `/user/remove`
+  - GET `/ee/featureflag`
+  - GET `/user/id`
+  - PUT `/ee/license`
+  - DELETE `/ee/license`
+  - GET `/ee/license`
+  - GET `/requests/stats`
+  - GET `/recipe/user` when querying by `userId`
+  - GET `/recipe/jwt/jwks`
+  - POST `/recipe/jwt`
+
+### Fixes
+
+- Fixes issue with non-auth recipe related storage handling
+
 ## [7.0.18] - 2024-02-19
 
 - Fixes vulnerabilities in dependencies

build.gradle

@@ -19,7 +19,7 @@ compileTestJava { options.encoding = "UTF-8" }
 //    }
 //}
 
-version = "7.0.18"
+version = "8.0.0"
 
 
 repositories {

ee/src/main/java/io/supertokens/ee/EEFeatureFlag.java

@@ -271,7 +271,7 @@ private JsonObject getMultiTenancyStats()
         return stats;
     }
 
-    private JsonObject getAccountLinkingStats() throws StorageQueryException {
+    private JsonObject getAccountLinkingStats() throws StorageQueryException, TenantOrAppNotFoundException {
         JsonObject result = new JsonObject();
         Storage[] storages = StorageLayer.getStoragesForApp(main, this.appIdentifier);
         boolean usesAccountLinking = false;

src/main/java/io/supertokens/ActiveUsers.java

@@ -1,56 +1,45 @@
 package io.supertokens;
 
+import io.supertokens.pluginInterface.Storage;
+import io.supertokens.pluginInterface.StorageUtils;
 import io.supertokens.pluginInterface.authRecipe.sqlStorage.AuthRecipeSQLStorage;
 import io.supertokens.pluginInterface.exceptions.StorageQueryException;
 import io.supertokens.pluginInterface.exceptions.StorageTransactionLogicException;
-import io.supertokens.pluginInterface.multitenancy.AppIdentifierWithStorage;
+import io.supertokens.pluginInterface.multitenancy.AppIdentifier;
 import io.supertokens.pluginInterface.multitenancy.exceptions.TenantOrAppNotFoundException;
 import io.supertokens.storageLayer.StorageLayer;
 import org.jetbrains.annotations.TestOnly;
 
 public class ActiveUsers {
 
-    public static void updateLastActive(AppIdentifierWithStorage appIdentifierWithStorage, Main main, String userId)
+    public static void updateLastActive(AppIdentifier appIdentifier, Main main, String userId)
             throws TenantOrAppNotFoundException {
+        Storage storage = StorageLayer.getStorage(appIdentifier.getAsPublicTenantIdentifier(), main);
         try {
-            appIdentifierWithStorage.getActiveUsersStorage().updateLastActive(appIdentifierWithStorage, userId);
+            StorageUtils.getActiveUsersStorage(storage).updateLastActive(appIdentifier, userId);
         } catch (StorageQueryException ignored) {
         }
     }
 
     @TestOnly
     public static void updateLastActive(Main main, String userId) {
         try {
-            ActiveUsers.updateLastActive(new AppIdentifierWithStorage(null, null, StorageLayer.getStorage(main)), main,
-                    userId);
+            ActiveUsers.updateLastActive(new AppIdentifier(null, null),
+                    main, userId);
         } catch (TenantOrAppNotFoundException e) {
             throw new IllegalStateException(e);
         }
     }
 
-    public static int countUsersActiveSince(AppIdentifierWithStorage appIdentifierWithStorage, Main main, long time)
+    public static int countUsersActiveSince(Main main, AppIdentifier appIdentifier, long time)
             throws StorageQueryException, TenantOrAppNotFoundException {
-        return appIdentifierWithStorage.getActiveUsersStorage().countUsersActiveSince(appIdentifierWithStorage, time);
+        Storage storage = StorageLayer.getStorage(appIdentifier.getAsPublicTenantIdentifier(), main);
+        return StorageUtils.getActiveUsersStorage(storage).countUsersActiveSince(appIdentifier, time);
     }
 
     @TestOnly
     public static int countUsersActiveSince(Main main, long time)
             throws StorageQueryException, TenantOrAppNotFoundException {
-        return countUsersActiveSince(new AppIdentifierWithStorage(null, null, StorageLayer.getStorage(main)), main,
-                time);
-    }
-
-    public static void removeActiveUser(AppIdentifierWithStorage appIdentifierWithStorage, String userId)
-            throws StorageQueryException {
-        try {
-            ((AuthRecipeSQLStorage) appIdentifierWithStorage.getActiveUsersStorage()).startTransaction(con -> {
-                appIdentifierWithStorage.getActiveUsersStorage().deleteUserActive_Transaction(con, appIdentifierWithStorage, userId);
-                ((AuthRecipeSQLStorage) appIdentifierWithStorage.getActiveUsersStorage()).commitTransaction(con);
-                return null;
-            });
-
-        } catch (StorageTransactionLogicException e) {
-            throw new StorageQueryException(e.actualException);
-        }
+        return countUsersActiveSince(main, new AppIdentifier(null, null), time);
     }
 }

src/main/java/io/supertokens/AppIdentifierWithStorageAndUserIdMapping.java → src/main/java/io/supertokens/StorageAndUserIdMapping.java

@@ -16,23 +16,21 @@
 
 package io.supertokens;
 
-import io.supertokens.pluginInterface.multitenancy.AppIdentifierWithStorage;
+import io.supertokens.pluginInterface.Storage;
 import io.supertokens.pluginInterface.useridmapping.UserIdMapping;
 
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 
-public class AppIdentifierWithStorageAndUserIdMapping {
+public class StorageAndUserIdMapping {
     @Nullable
     public final io.supertokens.pluginInterface.useridmapping.UserIdMapping userIdMapping;
 
     @Nonnull
-    public final AppIdentifierWithStorage appIdentifierWithStorage;
+    public final Storage storage;
 
-    public AppIdentifierWithStorageAndUserIdMapping(AppIdentifierWithStorage appIdentifierWithStorage, UserIdMapping userIdMapping) {
-        this.appIdentifierWithStorage = appIdentifierWithStorage;
+    public StorageAndUserIdMapping(Storage storage, UserIdMapping userIdMapping) {
+        this.storage = storage;
         this.userIdMapping = userIdMapping;
-
-        assert(this.appIdentifierWithStorage != null);
     }
 }