feat: Introduce MFA recipe in plugin interface

CHANGELOG.md

@@ -7,6 +7,22 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
 
+- Introduce MFA Recipe plugin interface
+
+## [2.23.0] - 2023-04-05
+
+- Added `useStaticKey ` into session info classes
+- Added `hashCode` override for JWTSigningKeyInfo
+
+## [2.22.0] - 2023-03-30
+
+- Adds Support for Dashboard Search 
+
+## [2.21.0] - 2023-03-27
+
+- Introduce TOTP Recipe plugin interface
+- Introduce Active users storage plugin interface
+
 ## [2.20.0] - 2023-02-21
 
 - Dashboard Recipe Interface

build.gradle

@@ -2,7 +2,7 @@ plugins {
     id 'java-library'
 }
 
-version = "2.20.0"
+version = "2.23.0"
 
 repositories {
     mavenCentral()

src/main/java/io/supertokens/pluginInterface/ActiveUsersStorage.java

@@ -0,0 +1,28 @@
+package io.supertokens.pluginInterface;
+
+import io.supertokens.pluginInterface.exceptions.StorageQueryException;
+import io.supertokens.pluginInterface.multitenancy.AppIdentifier;
+import io.supertokens.pluginInterface.nonAuthRecipe.NonAuthRecipeStorage;
+
+public interface ActiveUsersStorage extends NonAuthRecipeStorage {
+    /* Update the last active time of a user to now */
+    void updateLastActive(AppIdentifier appIdentifier, String userId) throws StorageQueryException;
+
+    /* Count the number of users who did some activity after given timestamp */
+    int countUsersActiveSince(AppIdentifier appIdentifier, long time) throws StorageQueryException;
+
+    /* Count the number of users who have enabled TOTP */
+    int countUsersEnabledTotp(AppIdentifier appIdentifier) throws StorageQueryException;
+
+    /* Count the number of users who have enabled TOTP and are active */
+    int countUsersEnabledTotpAndActiveSince(AppIdentifier appIdentifier, long time) throws StorageQueryException;
+
+    /* Count the number of users who have enabled MFA */
+    int countUsersEnabledMfa(AppIdentifier appIdentifier) throws StorageQueryException;
+
+    /* Count the number of users who have enabled MFA and are active */
+    int countUsersEnabledMfaAndActiveSince(AppIdentifier appIdentifier, long time) throws StorageQueryException;
+
+    /* Delete a user from active users table */
+    void deleteUserActive(AppIdentifier appIdentifier, String userId) throws StorageQueryException;
+}

src/main/java/io/supertokens/pluginInterface/RECIPE_ID.java

@@ -21,7 +21,8 @@ public enum RECIPE_ID {
 
     EMAIL_PASSWORD("emailpassword"), THIRD_PARTY("thirdparty"), SESSION("session"),
     EMAIL_VERIFICATION("emailverification"), JWT("jwt"), PASSWORDLESS("passwordless"), USER_METADATA("usermetadata"),
-    USER_ROLES("userroles"), USER_ID_MAPPING("useridmapping"), DASHBOARD("dashboard");
+    USER_ROLES("userroles"), USER_ID_MAPPING("useridmapping"), DASHBOARD("dashboard"), TOTP("totp"),
+    MULTITENANCY("multitenancy"), MFA("mfa");
 
     private final String name;
 

src/main/java/io/supertokens/pluginInterface/Storage.java

@@ -17,7 +17,13 @@
 
 package io.supertokens.pluginInterface;
 
+import com.google.gson.JsonObject;
+import io.supertokens.pluginInterface.exceptions.DbInitException;
+import io.supertokens.pluginInterface.exceptions.InvalidConfigException;
 import io.supertokens.pluginInterface.exceptions.StorageQueryException;
+import io.supertokens.pluginInterface.multitenancy.AppIdentifier;
+import io.supertokens.pluginInterface.multitenancy.TenantIdentifier;
+import io.supertokens.pluginInterface.multitenancy.exceptions.TenantOrAppNotFoundException;
 
 import java.util.Set;
 
@@ -26,14 +32,27 @@ public interface Storage {
     // if silent is true, do not log anything out on the console
     void constructor(String processId, boolean silent);
 
-    void loadConfig(String configFilePath, Set<LOG_LEVEL> logLevels);
+    void loadConfig(JsonObject jsonConfig, Set<LOG_LEVEL> logLevels, TenantIdentifier tenantIdentifier) throws InvalidConfigException;
+
+    // this returns a unique ID based on the db's connection URI and table prefix such that
+    // two different user pool IDs imply that the data for those two user pools are completely isolated.
+    String getUserPoolId();
+
+    // this returns a unique ID based on the db's connection pool config. This can be different
+    // even if the getUserPoolId returns the same ID - based on the config provided by the user.
+    // So two different db connection pools may point to the same end user pool.
+    String getConnectionPoolId();
+
+    // if the input otherConfig has different values set for the same properties as this user pool's config,
+    // then this function should throw an error since this is a misconfig from ther user's side.
+    void assertThatConfigFromSameUserPoolIsNotConflicting(JsonObject otherConfig) throws InvalidConfigException;
 
     void initFileLogging(String infoLogPath, String errorLogPath);
 
     void stopLogging();
 
     // load tables and create connection pools
-    void initStorage();
+    void initStorage(boolean shouldWait) throws DbInitException;
 
     // used by the core to do transactions the right way.
     STORAGE_TYPE getType();
@@ -43,19 +62,32 @@ public interface Storage {
 
     void close();
 
-    KeyValueInfo getKeyValue(String key) throws StorageQueryException;
+    KeyValueInfo getKeyValue(TenantIdentifier tenantIdentifier, String key) throws StorageQueryException;
 
-    void setKeyValue(String key, KeyValueInfo info) throws StorageQueryException;
+    void setKeyValue(TenantIdentifier tenantIdentifier, String key, KeyValueInfo info) throws StorageQueryException,
+            TenantOrAppNotFoundException;
 
     void setStorageLayerEnabled(boolean enabled);
 
-    boolean canBeUsed(String configFilePath);
+    boolean canBeUsed(JsonObject configJson);
 
     // this function will be used in the createUserIdMapping and deleteUserIdMapping functions to check if the userId is
     // being used in NonAuth recipes.
-    boolean isUserIdBeingUsedInNonAuthRecipe(String className, String userId) throws StorageQueryException;
+    boolean isUserIdBeingUsedInNonAuthRecipe(AppIdentifier appIdentifier, String className, String userId)
+            throws StorageQueryException;
 
     // to be used for testing purposes only. This function will add dummy data to non-auth tables.
-    void addInfoToNonAuthRecipesBasedOnUserId(String className, String userId) throws StorageQueryException;
+    void addInfoToNonAuthRecipesBasedOnUserId(TenantIdentifier tenantIdentifier, String className, String userId) throws StorageQueryException;
+
+    // this function is used during testing in the core so that the core can
+    // create multiple user pools across any plugin being used.
+    void modifyConfigToAddANewUserPoolForTesting(JsonObject config, int poolNumber);
+
+    // this function returns a list of protected configs which users of supertokens saas can't read or modify
+    // when they are operating on tenantsm unless the supertokens_saas_secret key is used in the API request.
+    String[] getProtectedConfigsFromSuperTokensSaaSUsers();
+
+    Set<String> getValidFieldsInConfig();
 
+    void setLogLevels(Set<LOG_LEVEL> logLevels);
 }

src/main/java/io/supertokens/pluginInterface/authRecipe/AuthRecipeStorage.java

@@ -19,18 +19,29 @@
 
 import io.supertokens.pluginInterface.RECIPE_ID;
 import io.supertokens.pluginInterface.Storage;
+import io.supertokens.pluginInterface.dashboard.DashboardSearchTags;
 import io.supertokens.pluginInterface.exceptions.StorageQueryException;
+import io.supertokens.pluginInterface.multitenancy.AppIdentifier;
+import io.supertokens.pluginInterface.multitenancy.TenantIdentifier;
 
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 
 public interface AuthRecipeStorage extends Storage {
 
-    long getUsersCount(@Nullable RECIPE_ID[] includeRecipeIds) throws StorageQueryException;
+    long getUsersCount(TenantIdentifier tenantIdentifier, @Nullable RECIPE_ID[] includeRecipeIds)
+            throws StorageQueryException;
+
+    long getUsersCount(AppIdentifier appIdentifier, @Nullable RECIPE_ID[] includeRecipeIds)
+            throws StorageQueryException;
 
-    AuthRecipeUserInfo[] getUsers(@Nonnull Integer limit, @Nonnull String timeJoinedOrder,
-            @Nullable RECIPE_ID[] includeRecipeIds, @Nullable String userId, @Nullable Long timeJoined)
+    AuthRecipeUserInfo[] getUsers(TenantIdentifier tenantIdentifier, @Nonnull Integer limit,
+                                  @Nonnull String timeJoinedOrder,
+                                  @Nullable RECIPE_ID[] includeRecipeIds, @Nullable String userId,
+                                  @Nullable Long timeJoined, @Nullable DashboardSearchTags dashboardSearchTags)
             throws StorageQueryException;
 
-    boolean doesUserIdExist(String userId) throws StorageQueryException;
+    boolean doesUserIdExist(AppIdentifier appIdentifier, String userId) throws StorageQueryException;
+
+    boolean doesUserIdExist(TenantIdentifier tenantIdentifierIdentifier, String userId) throws StorageQueryException;
 }

src/main/java/io/supertokens/pluginInterface/authRecipe/AuthRecipeUserInfo.java

@@ -24,9 +24,12 @@ public abstract class AuthRecipeUserInfo {
 
     public long timeJoined;
 
-    public AuthRecipeUserInfo(String id, long timeJoined) {
+    public final String[] tenantIds;
+
+    public AuthRecipeUserInfo(String id, long timeJoined, String[] tenantIds) {
         this.id = id;
         this.timeJoined = timeJoined;
+        this.tenantIds = tenantIds;
     }
 
     public abstract RECIPE_ID getRecipeId();

src/main/java/io/supertokens/pluginInterface/dashboard/DashboardSearchTags.java

@@ -0,0 +1,96 @@
+package io.supertokens.pluginInterface.dashboard;
+
+import java.util.ArrayList;
+
+import javax.annotation.Nullable;
+
+public class DashboardSearchTags {
+
+    public ArrayList<String> emails;
+    public ArrayList<String> phoneNumbers;
+    public ArrayList<String> providers;
+
+    public DashboardSearchTags(@Nullable ArrayList<String> emails, @Nullable ArrayList<String> phones,
+            @Nullable ArrayList<String> providers) {
+        this.emails = emails;
+        this.phoneNumbers = phones;
+        this.providers = providers;
+    }
+
+    public boolean shouldEmailPasswordTableBeSearched() {
+
+        ArrayList<SUPPORTED_SEARCH_TAGS> nonNullSearchTags = getNonNullSearchFields();
+        return nonNullSearchTags.contains(SUPPORTED_SEARCH_TAGS.EMAIL) && nonNullSearchTags.size() == 1;
+
+    }
+
+    public boolean shouldThirdPartyTableBeSearched() {
+
+        ArrayList<SUPPORTED_SEARCH_TAGS> nonNullSearchTags = getNonNullSearchFields();
+        if(nonNullSearchTags.contains(SUPPORTED_SEARCH_TAGS.EMAIL) && nonNullSearchTags.contains(SUPPORTED_SEARCH_TAGS.PROVIDER)){
+            return nonNullSearchTags.size() == 2;
+        }
+
+        if(nonNullSearchTags.contains(SUPPORTED_SEARCH_TAGS.EMAIL) || nonNullSearchTags.contains(SUPPORTED_SEARCH_TAGS.PROVIDER)){
+            return nonNullSearchTags.size() == 1;
+        }
+
+        return false;
+    }
+
+    public boolean shouldPasswordlessTableBeSearched() {
+        ArrayList<SUPPORTED_SEARCH_TAGS> nonNullSearchTags = getNonNullSearchFields();
+        if(nonNullSearchTags.contains(SUPPORTED_SEARCH_TAGS.EMAIL) && nonNullSearchTags.contains(SUPPORTED_SEARCH_TAGS.PHONE)){
+            return nonNullSearchTags.size() == 2;
+        }
+
+        if(nonNullSearchTags.contains(SUPPORTED_SEARCH_TAGS.EMAIL) || nonNullSearchTags.contains(SUPPORTED_SEARCH_TAGS.PHONE)){
+            return nonNullSearchTags.size() == 1;
+        }
+
+        return false;
+    }
+
+    private ArrayList<SUPPORTED_SEARCH_TAGS> getNonNullSearchFields() {
+        ArrayList<SUPPORTED_SEARCH_TAGS> nonNullSearchTags = new ArrayList<>();
+
+        if (this.emails != null) {
+            nonNullSearchTags.add(SUPPORTED_SEARCH_TAGS.EMAIL);
+        }
+
+        if (this.phoneNumbers != null) {
+            nonNullSearchTags.add(SUPPORTED_SEARCH_TAGS.PHONE);
+        }
+
+        if (this.providers != null) {
+            nonNullSearchTags.add(SUPPORTED_SEARCH_TAGS.PROVIDER);
+        }
+
+        return nonNullSearchTags;
+    }
+
+    public enum SUPPORTED_SEARCH_TAGS {
+        EMAIL("email"), PHONE("phone"), PROVIDER("provider");
+
+        private String tag;
+
+        SUPPORTED_SEARCH_TAGS(String tag) {
+            this.tag = tag;
+        }
+
+        public static SUPPORTED_SEARCH_TAGS fromString(String text) {
+            for (SUPPORTED_SEARCH_TAGS t : SUPPORTED_SEARCH_TAGS.values()) {
+                if (t.tag.equalsIgnoreCase(text)) {
+                    return t;
+                }
+            }
+            return null;
+        }
+
+        @Override
+        public String toString() {
+            return tag;
+        }
+    }
+
+}

src/main/java/io/supertokens/pluginInterface/dashboard/DashboardStorage.java

@@ -1,30 +1,38 @@
 package io.supertokens.pluginInterface.dashboard;
 
 import io.supertokens.pluginInterface.Storage;
-import io.supertokens.pluginInterface.exceptions.StorageQueryException;
 import io.supertokens.pluginInterface.dashboard.exceptions.DuplicateEmailException;
 import io.supertokens.pluginInterface.dashboard.exceptions.DuplicateUserIdException;
 import io.supertokens.pluginInterface.dashboard.exceptions.UserIdNotFoundException;
+import io.supertokens.pluginInterface.exceptions.StorageQueryException;
+import io.supertokens.pluginInterface.multitenancy.AppIdentifier;
+import io.supertokens.pluginInterface.multitenancy.exceptions.TenantOrAppNotFoundException;
 
 public interface DashboardStorage extends Storage {
 
-    void createNewDashboardUser(DashboardUser userInfo) throws StorageQueryException, DuplicateUserIdException, DuplicateEmailException;
+    void createNewDashboardUser(AppIdentifier appIdentifier, DashboardUser userInfo)
+            throws StorageQueryException, DuplicateUserIdException, DuplicateEmailException,
+            TenantOrAppNotFoundException;
+
+    DashboardUser getDashboardUserByEmail(AppIdentifier appIdentifier, String email) throws StorageQueryException;
 
-    DashboardUser getDashboardUserByEmail(String email) throws StorageQueryException;
+    DashboardUser getDashboardUserByUserId(AppIdentifier appIdentifier, String userId) throws StorageQueryException;
 
-    DashboardUser getDashboardUserByUserId(String userId) throws StorageQueryException;
+    DashboardUser[] getAllDashboardUsers(AppIdentifier appIdentifier) throws StorageQueryException;
 
-    DashboardUser[] getAllDashboardUsers() throws StorageQueryException;
+    boolean deleteDashboardUserWithUserId(AppIdentifier appIdentifier, String userId) throws StorageQueryException;
 
-    boolean deleteDashboardUserWithUserId(String userId) throws StorageQueryException;
-
-    void createNewDashboardUserSession(String userId, String sessionId, long timeCreated, long expiry) throws StorageQueryException, UserIdNotFoundException;
+    void createNewDashboardUserSession(AppIdentifier appIdentifier, String userId, String sessionId, long timeCreated,
+                                       long expiry) throws StorageQueryException, UserIdNotFoundException;
 
-    DashboardSessionInfo[] getAllSessionsForUserId(String userId) throws StorageQueryException;
+    DashboardSessionInfo[] getAllSessionsForUserId(AppIdentifier appIdentifier, String userId)
+            throws StorageQueryException;
 
-    DashboardSessionInfo getSessionInfoWithSessionId(String sessionId) throws StorageQueryException;
+    DashboardSessionInfo getSessionInfoWithSessionId(AppIdentifier appIdentifier, String sessionId)
+            throws StorageQueryException;
 
-    boolean revokeSessionWithSessionId(String sessionId) throws StorageQueryException;
+    boolean revokeSessionWithSessionId(AppIdentifier appIdentifier, String sessionId) throws StorageQueryException;
 
+    // this function removes based on expired time, so we can use this to globally remove from a particular db.
     void revokeExpiredSessions() throws StorageQueryException;
 }

src/main/java/io/supertokens/pluginInterface/dashboard/sqlStorage/DashboardSQLStorage.java

@@ -4,13 +4,18 @@
 import io.supertokens.pluginInterface.dashboard.exceptions.DuplicateEmailException;
 import io.supertokens.pluginInterface.dashboard.exceptions.UserIdNotFoundException;
 import io.supertokens.pluginInterface.exceptions.StorageQueryException;
+import io.supertokens.pluginInterface.multitenancy.AppIdentifier;
 import io.supertokens.pluginInterface.sqlStorage.SQLStorage;
 import io.supertokens.pluginInterface.sqlStorage.TransactionConnection;
 
 public interface DashboardSQLStorage extends DashboardStorage, SQLStorage {
 
-    void updateDashboardUsersEmailWithUserId_Transaction(TransactionConnection con, String userId, String newEmail) throws StorageQueryException, DuplicateEmailException, UserIdNotFoundException;
+    void updateDashboardUsersEmailWithUserId_Transaction(AppIdentifier appIdentifier, TransactionConnection con,
+                                                         String userId, String newEmail)
+            throws StorageQueryException, DuplicateEmailException, UserIdNotFoundException;
+
+    void updateDashboardUsersPasswordWithUserId_Transaction(AppIdentifier appIdentifier, TransactionConnection con,
+                                                            String userId, String newPassword)
+            throws StorageQueryException, UserIdNotFoundException;
 
-    void updateDashboardUsersPasswordWithUserId_Transaction(TransactionConnection con, String userId, String newPassword) throws StorageQueryException, UserIdNotFoundException;
-
 }