fix: get user by accountinfo tenant (#262)

* fix: remove unnecessary dependency

* fix: getUserByAccountInfo fix to consider tenantId instead of appId

* fix: review fix: remove onemillionusers test

Author: tamassoltesz

CHANGELOG.md

@@ -7,6 +7,11 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
 
+## [9.0.2]
+
+- Fixes `AuthRecipe#getUserByAccountInfo` to consider the tenantId instead of the appId when fetching the webauthn user
+- Changes dependency structure to avoid multiple dependency declarations for the same library
+
 ## [9.0.1]
 
 - Upgrades the embedded tomcat 11.0.6 and logback classic to 1.5.13 because of security vulnerabilities

build.gradle

@@ -2,7 +2,7 @@ plugins {
     id 'java-library'
 }
 
-version = "9.0.1"
+version = "9.0.2"
 
 repositories {
     mavenCentral()
@@ -19,14 +19,11 @@ dependencies {
     // https://mvnrepository.com/artifact/org.postgresql/postgresql
     implementation group: 'org.postgresql', name: 'postgresql', version: '42.7.2'
 
-    // https://mvnrepository.com/artifact/org.apache.tomcat.embed/tomcat-embed-core
-    implementation group: 'org.apache.tomcat.embed', name: 'tomcat-embed-core', version: '11.0.6'
-
     // https://mvnrepository.com/artifact/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml
-    compileOnly group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: '2.16.1'
+    compileOnly group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: '2.18.2'
 
     // https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-core
-    compileOnly group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.16.1'
+    compileOnly group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.18.2'
 
     // https://mvnrepository.com/artifact/ch.qos.logback/logback-classic
     compileOnly group: 'ch.qos.logback', name: 'logback-classic', version: '1.5.13'

src/main/java/io/supertokens/storage/postgresql/Start.java

@@ -329,6 +329,7 @@ public <T> T startTransaction(TransactionLogic<T> logic, TransactionIsolationLev
                 // PSQL error class 40 is transaction rollback. See:
                 // https://www.postgresql.org/docs/12/errcodes-appendix.html
                 boolean isPSQLRollbackException = psqlException != null
+                        && psqlException.getServerErrorMessage() != null
                         && psqlException.getServerErrorMessage().getSQLState().startsWith("40");
 
                 // We keep the old exception detection logic to ensure backwards compatibility.

src/main/java/io/supertokens/storage/postgresql/queries/GeneralQueries.java

@@ -1543,7 +1543,8 @@ public static AuthRecipeUserInfo[] listPrimaryUsersByEmail_Transaction(Start sta
 
         userIds.addAll(ThirdPartyQueries.getPrimaryUserIdUsingEmail_Transaction(start, sqlCon, appIdentifier, email));
 
-        String webauthnUserId = WebAuthNQueries.getPrimaryUserIdUsingEmail_Transaction(start, sqlCon, appIdentifier, email);
+        String webauthnUserId = WebAuthNQueries.getPrimaryUserIdForAppUsingEmail_Transaction(start, sqlCon,
+                appIdentifier, email);
         if(webauthnUserId != null) {
             userIds.add(webauthnUserId);
         }
@@ -1608,7 +1609,7 @@ public static AuthRecipeUserInfo[] listPrimaryUsersByEmail(Start start, TenantId
 
         userIds.addAll(ThirdPartyQueries.getPrimaryUserIdUsingEmail(start, tenantIdentifier, email));
 
-        String webauthnUserId = WebAuthNQueries.getPrimaryUserIdUsingEmail(start, tenantIdentifier.toAppIdentifier(), email);
+        String webauthnUserId = WebAuthNQueries.getPrimaryUserIdUsingEmail(start, tenantIdentifier, email);
         if(webauthnUserId != null) {
             userIds.add(webauthnUserId);
         }

src/main/java/io/supertokens/storage/postgresql/queries/WebAuthNQueries.java

@@ -392,13 +392,14 @@ private static AuthRecipeUserInfo getAuthRecipeUserInfo(Start start, Connection
         return userInfo;
     }
 
-    public static String getPrimaryUserIdUsingEmail(Start start, AppIdentifier appIdentifier, String email)
+    public static String getPrimaryUserIdUsingEmail(Start start, TenantIdentifier tenantIdentifier, String email)
             throws StorageQueryException {
         try {
             return start.startTransaction(con -> {
                 try {
                     Connection sqlConnection = (Connection) con.getConnection();
-                    return getPrimaryUserIdUsingEmail_Transaction(start, sqlConnection, appIdentifier, email);
+                    return getPrimaryUserIdForTenantUsingEmail_Transaction(start, sqlConnection, tenantIdentifier,
+                            email);
                 } catch (SQLException e) {
                     throw new StorageQueryException(e);
                 }
@@ -408,12 +409,37 @@ public static String getPrimaryUserIdUsingEmail(Start start, AppIdentifier appId
         }
     }
 
-    public static String getPrimaryUserIdUsingEmail_Transaction(Start start, Connection sqlConnection, AppIdentifier appIdentifier, String email)
+    public static String getPrimaryUserIdForTenantUsingEmail_Transaction(Start start, Connection sqlConnection,
+                                                                         TenantIdentifier tenantIdentifier,
+                                                                         String email)
             throws SQLException, StorageQueryException {
         String QUERY = "SELECT DISTINCT all_users.primary_or_recipe_user_id AS user_id "
                 + "FROM " + getConfig(start).getWebAuthNUserToTenantTable() + " AS webauthn" +
                 " JOIN " + getConfig(start).getUsersTable() + " AS all_users" +
-                " ON webauthn.app_id = all_users.app_id AND webauthn.user_id = all_users.user_id" +
+                " ON webauthn.tenant_id = all_users.tenant_id " +
+                " AND webauthn.app_id = all_users.app_id" +
+                " AND webauthn.user_id = all_users.user_id" +
+                " WHERE webauthn.tenant_id = ? AND webauthn.app_id = ? AND webauthn.email = ?";
+
+        return execute(sqlConnection, QUERY, pst -> {
+            pst.setString(1, tenantIdentifier.getTenantId());
+            pst.setString(2, tenantIdentifier.getAppId());
+            pst.setString(3, email);
+        }, result -> {
+            if (result.next()) {
+                return result.getString("user_id");
+            }
+            return null;
+        });
+    }
+
+    public static String getPrimaryUserIdForAppUsingEmail_Transaction(Start start, Connection sqlConnection,
+                                                                      AppIdentifier appIdentifier, String email)
+            throws SQLException, StorageQueryException {
+        String QUERY = "SELECT DISTINCT all_users.primary_or_recipe_user_id AS user_id " +
+                " FROM " + getConfig(start).getWebAuthNUserToTenantTable() + " AS webauthn" +
+                " JOIN " + getConfig(start).getUsersTable() + " AS all_users" +
+                " ON webauthn.user_id = all_users.user_id" +
                 " WHERE webauthn.app_id = ? AND webauthn.email = ?";
 
         return execute(sqlConnection, QUERY, pst -> {