test: Add test for emailpassword multitenancy

Author: KShivendu

supertokens_python/recipe/emailpassword/types.py

@@ -11,6 +11,7 @@
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.
+from __future__ import annotations
 from typing import Awaitable, Callable, List, TypeVar, Union
 
 from supertokens_python.ingredients.emaildelivery import EmailDeliveryIngredient
@@ -29,6 +30,15 @@ def __init__(
         self.time_joined = time_joined
         self.tenant_ids = tenant_ids
 
+    def __eq__(self, other: 'User'):
+        return (
+            isinstance(other, self.__class__)
+            and self.user_id == other.user_id
+            and self.email == other.email
+            and self.time_joined == other.time_joined
+            and self.tenant_ids == other.tenant_ids
+        )
+
 
 class UsersResponse:
     def __init__(self, users: List[User], next_pagination_token: Union[str, None]):

tests/emailpassword/test_multitenancy.py

@@ -0,0 +1,123 @@
+# Copyright (c) 2021, VRAI Labs and/or its affiliates. All rights reserved.
+#
+# This software is licensed under the Apache License, Version 2.0 (the
+# "License") as published by the Apache Software Foundation.
+#
+# You may not use this file except in compliance with the License. You may
+# obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+import setup
+
+from pytest import mark
+from supertokens_python.recipe import session, userroles, emailpassword, multitenancy
+from supertokens_python import init
+from supertokens_python.recipe.multitenancy.asyncio import (
+    create_or_update_tenant,
+    associate_user_to_tenant,
+)
+from supertokens_python.recipe.emailpassword.asyncio import (
+    sign_up,
+    sign_in,
+    get_user_by_id,
+    get_user_by_email,
+    create_reset_password_token,
+    reset_password_using_token,
+)
+from supertokens_python.recipe.multitenancy.interfaces import TenantConfig
+from supertokens_python.recipe.userroles.asyncio import (
+    create_new_role_or_add_permissions,
+    add_role_to_user,
+    get_roles_for_user,
+)
+
+from tests.sessions.claims.utils import get_st_init_args
+from tests.utils import setup_function, teardown_function, setup_multitenancy_feature
+
+
+_ = setup_function
+_ = teardown_function
+
+pytestmark = mark.asyncio
+
+
+async def test_multitenancy_in_user_roles():
+    # test that different roles can be assigned for the same user for each tenant
+    args = get_st_init_args(
+        [
+            session.init(),
+            userroles.init(),
+            emailpassword.init(),
+            multitenancy.init(),
+        ]
+    )
+    init(**args)
+    setup_multitenancy_feature()
+
+    await create_or_update_tenant("t1", TenantConfig(email_password_enabled=True))
+    await create_or_update_tenant("t2", TenantConfig(email_password_enabled=True))
+    await create_or_update_tenant("t3", TenantConfig(email_password_enabled=True))
+
+    user1 = await sign_up("t1", "[email protected]", "password1")
+    user2 = await sign_up("t2", "[email protected]", "password2")
+    user3 = await sign_up("t3", "[email protected]", "password3")
+
+    assert user1.user.user_id != user2.user.user_id
+    assert user2.user.user_id != user3.user.user_id
+    assert user3.user.user_id != user1.user.user_id
+
+    assert user1.user.tenant_ids == ["t1"]
+    assert user2.user.tenant_ids == ["t2"]
+    assert user3.user.tenant_ids == ["t3"]
+
+    # sign in
+    ep_user1 = await sign_in("t1", "[email protected]", "password1")
+    ep_user2 = await sign_in("t2", "[email protected]", "password1")
+    ep_user3 = await sign_in("t3", "[email protected]", "password1")
+
+    assert ep_user1.user.user_id == user2.user.user_id == user3.user.user_id
+
+    # get user by id:
+    g_user1 = await get_user_by_id(user1.user.user_id)
+    g_user2 = await get_user_by_id(user2.user.user_id)
+    g_user3 = await get_user_by_id(user3.user.user_id)
+
+    assert g_user1 == user1.user
+    assert g_user2 == user2.user
+    assert g_user3 == user3.user
+
+    # get user by email:
+    by_email_user1 = await get_user_by_email("t1", "[email protected]")
+    by_email_user2 = await get_user_by_email("t2", "[email protected]")
+    by_email_user3 = await get_user_by_email("t3", "[email protected]")
+
+    assert by_email_user1 == user1.user
+    assert by_email_user2 == user2.user
+    assert by_email_user3 == user3.user
+
+    # create password reset token:
+    pless_reset_link1 = await create_reset_password_token("t1", user1.user.user_id)
+    pless_reset_link2 = await create_reset_password_token("t2", user1.user.user_id)
+    pless_reset_link3 = await create_reset_password_token("t3", user1.user.user_id)
+
+    assert pless_reset_link1.token is not None
+    assert pless_reset_link2.token is not None
+    assert pless_reset_link3.token is not None
+
+    # reset password using token:
+    await reset_password_using_token("t1", pless_reset_link1.token, "newpassword1")
+    await reset_password_using_token("t2", pless_reset_link1.token, "newpassword2")
+    await reset_password_using_token("t3", pless_reset_link1.token, "newpassword3")
+
+    # new password should work:
+    s_user1 = await sign_in("t1", "[email protected]", "newpassword1")
+    s_user2 = await sign_in("t2", "[email protected]", "newpassword2")
+    s_user3 = await sign_in("t3", "[email protected]", "newpassword3")
+
+    assert s_user1.user == user1.user
+    assert s_user2.user == user2.user
+    assert s_user3.user == user3.user