From 7397f79f0ea84060fb76f40a3e8d0c5f9afdc485 Mon Sep 17 00:00:00 2001 From: Sattvik Chakravarthy Date: Wed, 20 Dec 2023 16:51:26 +0530 Subject: [PATCH] fix: more validation --- .../api/multitenancy/BaseCreateOrUpdate.java | 8 +++++ .../test/multitenant/api/TestApp.java | 34 +++++++++++++++++++ .../test/multitenant/api/TestTenant.java | 8 ++--- .../generator/GenerateTenantConfig.java | 12 +++---- 4 files changed, 52 insertions(+), 10 deletions(-) diff --git a/src/main/java/io/supertokens/webserver/api/multitenancy/BaseCreateOrUpdate.java b/src/main/java/io/supertokens/webserver/api/multitenancy/BaseCreateOrUpdate.java index 6688586fc..68f043fb5 100644 --- a/src/main/java/io/supertokens/webserver/api/multitenancy/BaseCreateOrUpdate.java +++ b/src/main/java/io/supertokens/webserver/api/multitenancy/BaseCreateOrUpdate.java @@ -51,6 +51,14 @@ protected void handle(HttpServletRequest req, TenantIdentifier sourceTenantIdent JsonObject coreConfig, HttpServletResponse resp) throws ServletException, IOException { + if (hasFirstFactors && firstFactors != null && firstFactors.length == 0) { + throw new ServletException(new BadRequestException("firstFactors cannot be empty")); + } + + if (hasRequiredSecondaryFactors && requiredSecondaryFactors != null && requiredSecondaryFactors.length == 0) { + throw new ServletException(new BadRequestException("requiredSecondaryFactors cannot be empty")); + } + TenantConfig tenantConfig = Multitenancy.getTenantInfo(main, new TenantIdentifier(targetTenantIdentifier.getConnectionUriDomain(), targetTenantIdentifier.getAppId(), targetTenantIdentifier.getTenantId())); diff --git a/src/test/java/io/supertokens/test/multitenant/api/TestApp.java b/src/test/java/io/supertokens/test/multitenant/api/TestApp.java index 176679312..09573e15d 100644 --- a/src/test/java/io/supertokens/test/multitenant/api/TestApp.java +++ b/src/test/java/io/supertokens/test/multitenant/api/TestApp.java @@ -753,6 +753,23 @@ public void testFirstFactorArrayValueValidationBasedOnDisabledRecipe() throws Ex false, null, false, null, config, SemVer.v5_0); + { + try { + TestMultitenancyAPIHelper.createApp( + process.getProcess(), + new TenantIdentifier(null, null, null), + "a1", false, null, null, + true, new String[]{}, false, null, + config, SemVer.v5_0); + fail(); + } catch (HttpResponseException e) { + assertEquals(400, e.statusCode); + assertEquals( + "Http error. Status Code: 400. Message: firstFactors cannot be empty", + e.getMessage()); + } + } + { String[] factors = new String[]{"emailpassword", "custom"}; try { @@ -885,6 +902,23 @@ public void testRequiredSecondaryFactorArrayValueValidationBasedOnDisabledRecipe false, null, false, null, config, SemVer.v5_0); + { + try { + TestMultitenancyAPIHelper.createApp( + process.getProcess(), + new TenantIdentifier(null, null, null), + "a1", false, null, null, + false, null, true, new String[]{}, + config, SemVer.v5_0); + fail(); + } catch (HttpResponseException e) { + assertEquals(400, e.statusCode); + assertEquals( + "Http error. Status Code: 400. Message: requiredSecondaryFactors cannot be empty", + e.getMessage()); + } + } + { String[] factors = new String[]{"emailpassword", "custom"}; try { diff --git a/src/test/java/io/supertokens/test/multitenant/api/TestTenant.java b/src/test/java/io/supertokens/test/multitenant/api/TestTenant.java index 1f42d1c51..bbcdb8dbf 100644 --- a/src/test/java/io/supertokens/test/multitenant/api/TestTenant.java +++ b/src/test/java/io/supertokens/test/multitenant/api/TestTenant.java @@ -374,7 +374,7 @@ public void testFirstFactorsArray() throws Exception { response = TestMultitenancyAPIHelper.createTenant( process.getProcess(), new TenantIdentifier(null, null, null), - "t1", null, null, null, + "t1", null, null, true, true, new String[]{"otp-phone"}, false, null, config, SemVer.v5_0); assertFalse(response.get("createdNew").getAsBoolean()); @@ -420,7 +420,7 @@ public void testFirstFactorsArray() throws Exception { response = TestMultitenancyAPIHelper.createTenant( process.getProcess(), new TenantIdentifier(null, null, null), - "t1", null, null, null, + "t1", true, null, true, true, firstFactors, false, null, config, SemVer.v5_0); assertFalse(response.get("createdNew").getAsBoolean()); @@ -470,7 +470,7 @@ public void testRequiredSecondaryFactorsArray() throws Exception { response = TestMultitenancyAPIHelper.createTenant( process.getProcess(), new TenantIdentifier(null, null, null), - "t1", null, null, null, + "t1", null, null, true, false, null, true, new String[]{"otp-phone"}, config, SemVer.v5_0); assertFalse(response.get("createdNew").getAsBoolean()); @@ -516,7 +516,7 @@ public void testRequiredSecondaryFactorsArray() throws Exception { response = TestMultitenancyAPIHelper.createTenant( process.getProcess(), new TenantIdentifier(null, null, null), - "t1", null, null, null, + "t1", true, null, true, false, null, true, requiredSecondaryFactors, config, SemVer.v5_0); assertFalse(response.get("createdNew").getAsBoolean()); diff --git a/src/test/java/io/supertokens/test/multitenant/generator/GenerateTenantConfig.java b/src/test/java/io/supertokens/test/multitenant/generator/GenerateTenantConfig.java index f96a1c580..abb633f26 100644 --- a/src/test/java/io/supertokens/test/multitenant/generator/GenerateTenantConfig.java +++ b/src/test/java/io/supertokens/test/multitenant/generator/GenerateTenantConfig.java @@ -26,12 +26,12 @@ public class GenerateTenantConfig { private static final String[] FACTORS = new String[]{ - "emailpassword", - "thirdparty", - "otp-email", - "otp-phone", - "link-email", - "link-phone", + "emailpassword1", + "thirdparty1", + "otp-email1", + "otp-phone1", + "link-email1", + "link-phone1", "totp", "biometric", "custom"