fix: bulk migration user roles association fix when there is no externalId (#1139)

Co-authored-by: Sattvik Chakravarthy <[email protected]>

Author: tamassoltesz

CHANGELOG.md

@@ -9,9 +9,9 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [10.1.4]
 
+- Fixes bulk migration user roles association when there is no external userId assigned to the user
 - Bulk migration now actually uses the `isVerified` field's value in the loginMethod input
 
-
 ## [10.1.3]
 
 - Version bumped for re-release

src/main/java/io/supertokens/bulkimport/BulkImport.java

@@ -624,27 +624,7 @@ public static void createMultipleUserMetadata(AppIdentifier appIdentifier, Stora
 
     public static void createMultipleUserRoles(Main main, AppIdentifier appIdentifier, Storage storage,
                                                List<BulkImportUser> users) throws StorageTransactionLogicException {
-        Map<TenantIdentifier, Map<String, List<String>>> rolesToUserByTenant = new HashMap<>();
-        for (BulkImportUser user : users) {
-
-            if (user.userRoles != null) {
-                for (UserRole userRole : user.userRoles) {
-                    for (String tenantId : userRole.tenantIds) {
-                        TenantIdentifier tenantIdentifier = new TenantIdentifier(
-                                appIdentifier.getConnectionUriDomain(), appIdentifier.getAppId(),
-                                tenantId);
-                        if(!rolesToUserByTenant.containsKey(tenantIdentifier)){
-
-                            rolesToUserByTenant.put(tenantIdentifier, new HashMap<>());
-                        }
-                        if(!rolesToUserByTenant.get(tenantIdentifier).containsKey(user.externalUserId)){
-                            rolesToUserByTenant.get(tenantIdentifier).put(user.externalUserId, new ArrayList<>());
-                        }
-                        rolesToUserByTenant.get(tenantIdentifier).get(user.externalUserId).add(userRole.role);
-                    }
-                }
-            }
-        }
+        Map<TenantIdentifier, Map<String, List<String>>> rolesToUserByTenant = gatherRolesForUsersByTenant(appIdentifier, users);
         try {
             if(!rolesToUserByTenant.isEmpty()){
                 UserRoles.addMultipleRolesToMultipleUsers(main, appIdentifier, storage, rolesToUserByTenant);
@@ -670,6 +650,32 @@ public static void createMultipleUserRoles(Main main, AppIdentifier appIdentifie
 
     }
 
+    private static Map<TenantIdentifier, Map<String, List<String>>> gatherRolesForUsersByTenant(AppIdentifier appIdentifier, List<BulkImportUser> users) {
+        Map<TenantIdentifier, Map<String, List<String>>> rolesToUserByTenant = new HashMap<>();
+        for (BulkImportUser user : users) {
+            if (user.userRoles != null) {
+                for (UserRole userRole : user.userRoles) {
+                    for (String tenantId : userRole.tenantIds) {
+                        TenantIdentifier tenantIdentifier = new TenantIdentifier(
+                                appIdentifier.getConnectionUriDomain(), appIdentifier.getAppId(),
+                                tenantId);
+                        if(!rolesToUserByTenant.containsKey(tenantIdentifier)){
+
+                            rolesToUserByTenant.put(tenantIdentifier, new HashMap<>());
+                        }
+                        String userIdToUse = user.externalUserId != null ?
+                                user.externalUserId : user.primaryUserId;
+                        if(!rolesToUserByTenant.get(tenantIdentifier).containsKey(userIdToUse)){
+                            rolesToUserByTenant.get(tenantIdentifier).put(userIdToUse, new ArrayList<>());
+                        }
+                        rolesToUserByTenant.get(tenantIdentifier).get(userIdToUse).add(userRole.role);
+                    }
+                }
+            }
+        }
+        return rolesToUserByTenant;
+    }
+
     public static void verifyMultipleEmailForAllLoginMethods(AppIdentifier appIdentifier, Storage storage,
                                                              List<BulkImportUser> users)
             throws StorageTransactionLogicException {

src/test/java/io/supertokens/test/bulkimport/BulkImportTestUtils.java

@@ -161,6 +161,40 @@ public static List<BulkImportUser> generateBulkImportUserWithEmailPasswordAndRol
         return users;
     }
 
+    public static List<BulkImportUser> generateBulkImportUserWithNoExternalIdWithRoles(int numberOfUsers, List<String> tenants, int startIndex, List<String> roles) {
+        List<BulkImportUser> users = new ArrayList<>();
+        JsonParser parser = new JsonParser();
+
+        for (int i = startIndex; i < numberOfUsers + startIndex; i++) {
+            String email = "user" + i + "@example.com";
+            String id = "somebogus" + Utils.getUUID();
+            JsonObject userMetadata = parser.parse("{\"key1\":\""+id+"\",\"key2\":{\"key3\":\"value3\"}}")
+                    .getAsJsonObject();
+
+            List<UserRole> userRoles = new ArrayList<>();
+            for(String roleName : roles) {
+                userRoles.add(new UserRole(roleName, tenants));
+            }
+
+            List<TotpDevice> totpDevices = new ArrayList<>();
+            totpDevices.add(new TotpDevice("secretKey", 30, 1, "deviceName"));
+
+            List<LoginMethod> loginMethods = new ArrayList<>();
+            long currentTimeMillis = System.currentTimeMillis();
+            loginMethods.add(new LoginMethod(tenants, "emailpassword", true, true, currentTimeMillis, email, "$2a",
+                    "BCRYPT", null, null, null, null, io.supertokens.utils.Utils.getUUID()));
+            loginMethods
+                    .add(new LoginMethod(tenants, "thirdparty", true, false, currentTimeMillis, email, null, null, null,
+                            "thirdPartyId" + i, "thirdPartyUserId" + i, null, io.supertokens.utils.Utils.getUUID()));
+            loginMethods.add(
+                    new LoginMethod(tenants, "passwordless", true, false, currentTimeMillis, email, null, null, null,
+                            null, null, null, io.supertokens.utils.Utils.getUUID()));
+            id = loginMethods.get(0).superTokensUserId;
+            users.add(new BulkImportUser(id, null, userMetadata, userRoles, totpDevices, loginMethods));
+        }
+        return users;
+    }
+
     public static void createTenants(Main main)
             throws StorageQueryException, TenantOrAppNotFoundException, InvalidProviderConfigException,
             FeatureNotEnabledException, IOException, InvalidConfigException,
@@ -244,7 +278,11 @@ public static void assertBulkImportUserAndAuthRecipeUserAreEqual(Main main, AppI
                 }
             }
         }
-        assertEquals(bulkImportUser.externalUserId, authRecipeUser.getSupertokensOrExternalUserId());
+        if(bulkImportUser.externalUserId != null) {
+            assertEquals(bulkImportUser.externalUserId, authRecipeUser.getSupertokensOrExternalUserId());
+        } else {
+            assertEquals(bulkImportUser.id, authRecipeUser.getSupertokensOrExternalUserId());
+        }
         assertEquals(bulkImportUser.id, authRecipeUser.getSupertokensUserId());
         assertEquals(bulkImportUser.userMetadata,
                 UserMetadata.getUserMetadata(appIdentifier, storage, authRecipeUser.getSupertokensOrExternalUserId()));

src/test/java/io/supertokens/test/bulkimport/ProcessBulkImportUsersCronJobTest.java

@@ -117,6 +117,54 @@ public void shouldProcessBulkImportUsersInTheSameTenant() throws Exception {
         assertNotNull(process.checkOrWaitForEvent(ProcessState.PROCESS_STATE.STOPPED));
     }
 
+    @Test
+    public void shouldProcessBulkImportUsersInTheSameTenantWithoutExternalIdWithRoles() throws Exception {
+        TestingProcess process = startCronProcess();
+        if(process == null) {
+            return;
+        }
+
+        Main main = process.getProcess();
+
+        // Create user roles before inserting bulk users
+        {
+            UserRoles.createNewRoleOrModifyItsPermissions(main, "role1", null);
+            UserRoles.createNewRoleOrModifyItsPermissions(main, "role2", null);
+        }
+
+        BulkImportTestUtils.createTenants(main);
+
+        BulkImportSQLStorage storage = (BulkImportSQLStorage) StorageLayer.getStorage(main);
+        AppIdentifier appIdentifier = new AppIdentifier(null, null);
+
+        int usersCount = 1;
+        List<BulkImportUser> users = generateBulkImportUserWithNoExternalIdWithRoles(usersCount, List.of("public", "t1"), 0, List.of("role1", "role2"));
+        BulkImport.addUsers(appIdentifier, storage, users);
+
+        BulkImportUser bulkImportUser = users.get(0);
+
+        waitForProcessingWithTimeout(appIdentifier, storage, 30);
+
+        List<BulkImportUser> usersAfterProcessing = storage.getBulkImportUsers(appIdentifier, 100, null,
+                null, null);
+
+        assertEquals(0, usersAfterProcessing.size());
+
+        UserPaginationContainer container = AuthRecipe.getUsers(main, 100, "ASC", null, null, null);
+        assertEquals(usersCount, container.users.length);
+
+        UserIdMapping.populateExternalUserIdForUsers(appIdentifier, storage, container.users);
+
+        TenantIdentifier publicTenant = new TenantIdentifier(null, null, "public");
+
+        BulkImportTestUtils.assertBulkImportUserAndAuthRecipeUserAreEqual(main, appIdentifier, publicTenant, storage,
+                bulkImportUser,
+                container.users[0]);
+
+        process.kill();
+        assertNotNull(process.checkOrWaitForEvent(ProcessState.PROCESS_STATE.STOPPED));
+    }
+
     @Test
     public void shouldProcessPlainTextPasswordBulkImportUsersInTheSameTenant() throws Exception {
         TestingProcess process = startCronProcess();