fix: more validation

src/main/java/io/supertokens/webserver/api/multitenancy/BaseCreateOrUpdate.java

@@ -51,6 +51,14 @@ protected void handle(HttpServletRequest req, TenantIdentifier sourceTenantIdent
                           JsonObject coreConfig, HttpServletResponse resp)
             throws ServletException, IOException {
 
+        if (hasFirstFactors && firstFactors != null && firstFactors.length == 0) {
+            throw new ServletException(new BadRequestException("firstFactors cannot be empty"));
+        }
+
+        if (hasRequiredSecondaryFactors && requiredSecondaryFactors != null && requiredSecondaryFactors.length == 0) {
+            throw new ServletException(new BadRequestException("requiredSecondaryFactors cannot be empty"));
+        }
+
         TenantConfig tenantConfig = Multitenancy.getTenantInfo(main,
                 new TenantIdentifier(targetTenantIdentifier.getConnectionUriDomain(), targetTenantIdentifier.getAppId(),
                         targetTenantIdentifier.getTenantId()));

src/test/java/io/supertokens/test/multitenant/api/TestApp.java

@@ -753,6 +753,23 @@ public void testFirstFactorArrayValueValidationBasedOnDisabledRecipe() throws Ex
             false, null, false, null,
             config, SemVer.v5_0);
 
+        {
+            try {
+                TestMultitenancyAPIHelper.createApp(
+                        process.getProcess(),
+                        new TenantIdentifier(null, null, null),
+                        "a1", false, null, null,
+                        true, new String[]{}, false, null,
+                        config, SemVer.v5_0);
+                fail();
+            } catch (HttpResponseException e) {
+                assertEquals(400, e.statusCode);
+                assertEquals(
+                        "Http error. Status Code: 400. Message: firstFactors cannot be empty",
+                        e.getMessage());
+            }
+        }
+
         {
             String[] factors = new String[]{"emailpassword", "custom"};
             try {
@@ -885,6 +902,23 @@ public void testRequiredSecondaryFactorArrayValueValidationBasedOnDisabledRecipe
                 false, null, false, null,
                 config, SemVer.v5_0);
 
+        {
+            try {
+                TestMultitenancyAPIHelper.createApp(
+                        process.getProcess(),
+                        new TenantIdentifier(null, null, null),
+                        "a1", false, null, null,
+                        false, null, true, new String[]{},
+                        config, SemVer.v5_0);
+                fail();
+            } catch (HttpResponseException e) {
+                assertEquals(400, e.statusCode);
+                assertEquals(
+                        "Http error. Status Code: 400. Message: requiredSecondaryFactors cannot be empty",
+                        e.getMessage());
+            }
+        }
+
         {
             String[] factors = new String[]{"emailpassword", "custom"};
             try {

src/test/java/io/supertokens/test/multitenant/api/TestTenant.java

@@ -374,7 +374,7 @@ public void testFirstFactorsArray() throws Exception {
         response = TestMultitenancyAPIHelper.createTenant(
                 process.getProcess(),
                 new TenantIdentifier(null, null, null),
-                "t1", null, null, null,
+                "t1", null, null, true,
                 true, new String[]{"otp-phone"}, false, null,
                 config, SemVer.v5_0);
         assertFalse(response.get("createdNew").getAsBoolean());
@@ -420,7 +420,7 @@ public void testFirstFactorsArray() throws Exception {
         response = TestMultitenancyAPIHelper.createTenant(
                 process.getProcess(),
                 new TenantIdentifier(null, null, null),
-                "t1", null, null, null,
+                "t1", true, null, true,
                 true, firstFactors, false, null,
                 config, SemVer.v5_0);
         assertFalse(response.get("createdNew").getAsBoolean());
@@ -470,7 +470,7 @@ public void testRequiredSecondaryFactorsArray() throws Exception {
         response = TestMultitenancyAPIHelper.createTenant(
                 process.getProcess(),
                 new TenantIdentifier(null, null, null),
-                "t1", null, null, null,
+                "t1", null, null, true,
                 false, null, true, new String[]{"otp-phone"},
                 config, SemVer.v5_0);
         assertFalse(response.get("createdNew").getAsBoolean());
@@ -516,7 +516,7 @@ public void testRequiredSecondaryFactorsArray() throws Exception {
         response = TestMultitenancyAPIHelper.createTenant(
                 process.getProcess(),
                 new TenantIdentifier(null, null, null),
-                "t1", null, null, null,
+                "t1", true, null, true,
                 false, null, true, requiredSecondaryFactors,
                 config, SemVer.v5_0);
         assertFalse(response.get("createdNew").getAsBoolean());

src/test/java/io/supertokens/test/multitenant/generator/GenerateTenantConfig.java

@@ -26,12 +26,12 @@
 
 public class GenerateTenantConfig {
     private static final String[] FACTORS = new String[]{
-            "emailpassword",
-            "thirdparty",
-            "otp-email",
-            "otp-phone",
-            "link-email",
-            "link-phone",
+            "emailpassword1",
+            "thirdparty1",
+            "otp-email1",
+            "otp-phone1",
+            "link-email1",
+            "link-phone1",
             "totp",
             "biometric",
             "custom"