fix: bugs and tests

src/main/java/io/supertokens/storageLayer/StorageLayer.java

@@ -434,6 +434,13 @@ public static StorageAndUserIdMapping getTenantIdentifierWithStorageAndUserIdMap
                 return new StorageAndUserIdMapping(storage, mapping);
             }
 
+            UserIdMapping mapping = io.supertokens.useridmapping.UserIdMapping.getUserIdMapping(
+                    tenantIdentifier.toAppIdentifier(), storage,
+                    userId, userIdType);
+            if (mapping != null) {
+                return new StorageAndUserIdMapping(storage, mapping);
+            }
+
             try {
                 io.supertokens.useridmapping.UserIdMapping.findNonAuthStoragesWhereUserIdIsUsedOrAssertIfUsed(
                         tenantIdentifier.toAppIdentifier(), storage, userId, true);

src/main/java/io/supertokens/userroles/UserRoles.java

@@ -31,13 +31,25 @@
 import org.jetbrains.annotations.TestOnly;
 
 import javax.annotation.Nullable;
+import java.util.Arrays;
 
 public class UserRoles {
     // add a role to a user and return true, if the role is already mapped to the user return false, but if
     // the role does not exist, throw an UNKNOWN_ROLE_EXCEPTION error
-    public static boolean addRoleToUser(TenantIdentifier tenantIdentifier, Storage storage, String userId,
+    public static boolean addRoleToUser(Main main, TenantIdentifier tenantIdentifier, Storage storage, String userId,
                                         String role)
             throws StorageQueryException, UnknownRoleException, TenantOrAppNotFoundException {
+
+        // Roles are stored in public tenant storage and role to user mapping is stored in the tenant's storage
+        // We do this because it's not straight forward to replicate roles to all storages of an app
+        Storage appStorage = StorageLayer.getStorage(
+                tenantIdentifier.toAppIdentifier().getAsPublicTenantIdentifier(), main);
+
+        String[] roles = getRoles(tenantIdentifier.toAppIdentifier(), appStorage);
+        if (!Arrays.asList(roles).contains(role)) {
+            throw new UnknownRoleException();
+        }
+
         try {
             StorageUtils.getUserRolesStorage(storage).addRoleToUser(tenantIdentifier, userId, role);
             return true;
@@ -53,7 +65,7 @@ public static boolean addRoleToUser(Main main, String userId, String role)
         Storage storage = StorageLayer.getStorage(main);
         try {
             return addRoleToUser(
-                    new TenantIdentifier(null, null, null),
+                    main, new TenantIdentifier(null, null, null),
                     storage, userId, role);
         } catch (TenantOrAppNotFoundException e) {
             throw new IllegalStateException(e);

src/main/java/io/supertokens/webserver/WebserverAPI.java

@@ -230,8 +230,10 @@ private String getTenantId(HttpServletRequest req) {
         if (!apiPath.startsWith("/")) {
             apiPath = "/" + apiPath;
         }
-        if (apiPath.equals("/") && (path.equals("") || path.equals("/"))) {
-            return null;
+        if (apiPath.equals("/")) {
+            if ((path.equals("") || path.equals("/"))) {
+                return null;
+            }
         } else {
             if (path.matches("^/appid-[a-z0-9-]*/[a-z0-9-]+" + apiPath + "/?$")) {
                 String tenantId = path.split("/")[2].toLowerCase();
@@ -251,6 +253,7 @@ private String getTenantId(HttpServletRequest req) {
                 return null;
             }
         }
+        return null;
     }
 
     private String getAppId(HttpServletRequest req) {

src/main/java/io/supertokens/webserver/api/core/HelloAPI.java

@@ -22,6 +22,7 @@
 import io.supertokens.pluginInterface.exceptions.StorageQueryException;
 import io.supertokens.pluginInterface.multitenancy.AppIdentifier;
 import io.supertokens.pluginInterface.multitenancy.exceptions.TenantOrAppNotFoundException;
+import io.supertokens.storageLayer.StorageLayer;
 import io.supertokens.utils.RateLimiter;
 import io.supertokens.webserver.WebserverAPI;
 import jakarta.servlet.ServletException;
@@ -89,16 +90,16 @@ private void handleRequest(HttpServletRequest req, HttpServletResponse resp) thr
                 return;
             }
 
-            Storage[] storages = enforcePublicTenantAndGetAllStoragesForApp(req);
             AppIdentifier appIdentifier = getAppIdentifier(req);
+            Storage[] storages = StorageLayer.getStoragesForApp(main, appIdentifier);
 
             for (Storage storage : storages) {
                 // even if the public tenant does not exist, the following function will return a null
                 // idea here is to test that the storage is working
                 storage.getKeyValue(appIdentifier.getAsPublicTenantIdentifier(), "Test");
             }
             super.sendTextResponse(200, "Hello", resp);
-        } catch (StorageQueryException | BadPermissionException | TenantOrAppNotFoundException e) {
+        } catch (StorageQueryException | TenantOrAppNotFoundException e) {
             // we send 500 status code
             throw new ServletException(e);
         }

src/main/java/io/supertokens/webserver/api/core/NotFoundOrHelloAPI.java

@@ -23,6 +23,7 @@
 import io.supertokens.pluginInterface.exceptions.StorageQueryException;
 import io.supertokens.pluginInterface.multitenancy.AppIdentifier;
 import io.supertokens.pluginInterface.multitenancy.exceptions.TenantOrAppNotFoundException;
+import io.supertokens.storageLayer.StorageLayer;
 import io.supertokens.utils.RateLimiter;
 import io.supertokens.webserver.WebserverAPI;
 import jakarta.servlet.ServletException;
@@ -73,11 +74,11 @@ protected void handleRequest(HttpServletRequest req, HttpServletResponse resp) t
             ServletException {
         // getServletPath returns the path without the base path.
         AppIdentifier appIdentifier = getAppIdentifier(req);
-        Storage[] storages = null;
+        Storage[] storages;
 
         try {
-            enforcePublicTenantAndGetAllStoragesForApp(req); // check if app exists and enforce public tenant
-        } catch (TenantOrAppNotFoundException | BadPermissionException e) {
+            storages = StorageLayer.getStoragesForApp(main, appIdentifier);
+        } catch (TenantOrAppNotFoundException e) {
             // we send 500 status code
             throw new ServletException(e);
         }

src/main/java/io/supertokens/webserver/api/userroles/AddUserRoleAPI.java

@@ -66,7 +66,7 @@ protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws IO
             Storage storage = getTenantStorage(req);
 
             boolean didUserAlreadyHaveRole = !UserRoles.addRoleToUser(
-                    tenantIdentifier, storage, userId, role);
+                    main, tenantIdentifier, storage, userId, role);
             JsonObject response = new JsonObject();
             response.addProperty("status", "OK");
             response.addProperty("didUserAlreadyHaveRole", didUserAlreadyHaveRole);

src/test/java/io/supertokens/test/thirdparty/api/MultitenantAPITest.java

@@ -249,7 +249,7 @@ public void testGetUserUsingIdReturnsUserFromTheRightTenantWhileQueryingFromAnyT
         JsonObject user2 = signInUp(t2, "google", "google-user-id", "[email protected]");
         JsonObject user3 = signInUp(t3, "google", "google-user-id", "[email protected]");
 
-        for (TenantIdentifier tenant : new TenantIdentifier[]{t1, t2, t3}) {
+        for (TenantIdentifier tenant : new TenantIdentifier[]{t1}) { // Only public tenant can get user by id
             assertEquals(user1, getUserUsingId(tenant, user1.get("id").getAsString()));
             assertEquals(user2, getUserUsingId(tenant, user2.get("id").getAsString()));
             assertEquals(user3, getUserUsingId(tenant, user3.get("id").getAsString()));