fix: get user by id as per recipe (#788)

src/main/java/io/supertokens/emailpassword/EmailPassword.java

@@ -676,7 +676,7 @@ public static AuthRecipeUserInfo getUserUsingId(AppIdentifierWithStorage appIden
             return null;
         }
         for (LoginMethod lM : result.loginMethods) {
-            if (lM.getSupertokensUserId().equals(userId)) {
+            if (lM.getSupertokensUserId().equals(userId) && lM.recipeId == RECIPE_ID.EMAIL_PASSWORD) {
                 return AuthRecipeUserInfo.create(lM.getSupertokensUserId(), result.isPrimaryUser, lM);
             }
         }

src/main/java/io/supertokens/passwordless/Passwordless.java

@@ -608,7 +608,7 @@ public static AuthRecipeUserInfo getUserById(AppIdentifierWithStorage appIdentif
             return null;
         }
         for (LoginMethod lM : result.loginMethods) {
-            if (lM.getSupertokensUserId().equals(userId)) {
+            if (lM.getSupertokensUserId().equals(userId) && lM.recipeId == RECIPE_ID.PASSWORDLESS) {
                 return AuthRecipeUserInfo.create(lM.getSupertokensUserId(), result.isPrimaryUser,
                         lM);
             }

src/main/java/io/supertokens/thirdparty/ThirdParty.java

@@ -337,7 +337,7 @@ public static AuthRecipeUserInfo getUser(AppIdentifierWithStorage appIdentifierW
             return null;
         }
         for (LoginMethod lM : result.loginMethods) {
-            if (lM.getSupertokensUserId().equals(userId)) {
+            if (lM.getSupertokensUserId().equals(userId) && lM.recipeId == RECIPE_ID.THIRD_PARTY) {
                 return AuthRecipeUserInfo.create(lM.getSupertokensUserId(), result.isPrimaryUser,
                         lM);
             }

src/test/java/io/supertokens/test/emailpassword/api/EmailPasswordGetUserAPITest2_7.java

@@ -18,11 +18,14 @@
 
 import com.google.gson.JsonObject;
 import io.supertokens.ProcessState;
+import io.supertokens.passwordless.Passwordless;
 import io.supertokens.pluginInterface.STORAGE_TYPE;
+import io.supertokens.pluginInterface.authRecipe.AuthRecipeUserInfo;
 import io.supertokens.storageLayer.StorageLayer;
 import io.supertokens.test.TestingProcessManager;
 import io.supertokens.test.Utils;
 import io.supertokens.test.httpRequest.HttpRequestForTesting;
+import io.supertokens.thirdparty.ThirdParty;
 import io.supertokens.utils.SemVer;
 import org.junit.AfterClass;
 import org.junit.Before;
@@ -194,4 +197,44 @@ public void testForAllTypesOfOutput() throws Exception {
         process.kill();
         assertNotNull(process.checkOrWaitForEvent(ProcessState.PROCESS_STATE.STOPPED));
     }
+
+    @Test
+    public void testGetUserForUsersOfOtherRecipeIds() throws Exception {
+        String[] args = {"../"};
+
+        TestingProcessManager.TestingProcess process = TestingProcessManager.start(args);
+        assertNotNull(process.checkOrWaitForEvent(ProcessState.PROCESS_STATE.STARTED));
+
+        if (StorageLayer.getStorage(process.getProcess()).getType() != STORAGE_TYPE.SQL) {
+            return;
+        }
+
+        AuthRecipeUserInfo user1 = ThirdParty.signInUp(process.getProcess(), "google", "googleid", "test@example.com").user;
+        Passwordless.CreateCodeResponse user2code = Passwordless.createCode(process.getProcess(), "test@example.com",
+                null, null, null);
+        AuthRecipeUserInfo user2 = Passwordless.consumeCode(process.getProcess(), user2code.deviceId, user2code.deviceIdHash, user2code.userInputCode, null).user;
+
+        {
+            HashMap<String, String> map = new HashMap<>();
+            map.put("userId", user1.getSupertokensUserId());
+
+            JsonObject response = HttpRequestForTesting.sendGETRequest(process.getProcess(), "",
+                    "http://localhost:3567/recipe/user", map, 1000, 1000, null, SemVer.v2_7.get(),
+                    "emailpassword");
+            assertEquals(response.get("status").getAsString(), "UNKNOWN_USER_ID_ERROR");
+        }
+
+        {
+            HashMap<String, String> map = new HashMap<>();
+            map.put("userId", user2.getSupertokensUserId());
+
+            JsonObject response = HttpRequestForTesting.sendGETRequest(process.getProcess(), "",
+                    "http://localhost:3567/recipe/user", map, 1000, 1000, null, SemVer.v2_7.get(),
+                    "emailpassword");
+            assertEquals(response.get("status").getAsString(), "UNKNOWN_USER_ID_ERROR");
+        }
+
+        process.kill();
+        assertNotNull(process.checkOrWaitForEvent(ProcessState.PROCESS_STATE.STOPPED));
+    }
 }

src/test/java/io/supertokens/test/passwordless/api/PasswordlessUserGetAPITest2_11.java

@@ -18,14 +18,18 @@
 
 import com.google.gson.JsonObject;
 import io.supertokens.ProcessState;
+import io.supertokens.emailpassword.EmailPassword;
+import io.supertokens.passwordless.Passwordless;
 import io.supertokens.pluginInterface.STORAGE_TYPE;
+import io.supertokens.pluginInterface.authRecipe.AuthRecipeUserInfo;
 import io.supertokens.pluginInterface.multitenancy.TenantIdentifier;
 import io.supertokens.pluginInterface.passwordless.PasswordlessStorage;
 import io.supertokens.storageLayer.StorageLayer;
 import io.supertokens.test.TestingProcessManager;
 import io.supertokens.test.Utils;
 import io.supertokens.test.httpRequest.HttpRequestForTesting;
 
+import io.supertokens.thirdparty.ThirdParty;
 import io.supertokens.utils.SemVer;
 import io.supertokens.test.httpRequest.HttpResponseException;
 import org.junit.AfterClass;
@@ -233,4 +237,42 @@ private static void checkUser(JsonObject resp, String userId, String email, Stri
         assert (System.currentTimeMillis() - 10000 < user.get("timeJoined").getAsLong());
         assertEquals(3, user.entrySet().size());
     }
+
+    @Test
+    public void testGetUserForUsersOfOtherRecipeIds() throws Exception {
+        String[] args = {"../"};
+
+        TestingProcessManager.TestingProcess process = TestingProcessManager.start(args);
+        assertNotNull(process.checkOrWaitForEvent(ProcessState.PROCESS_STATE.STARTED));
+
+        if (StorageLayer.getStorage(process.getProcess()).getType() != STORAGE_TYPE.SQL) {
+            return;
+        }
+
+        AuthRecipeUserInfo user1 = EmailPassword.signUp(process.getProcess(), "test@example.com", "password");
+        AuthRecipeUserInfo user2 = ThirdParty.signInUp(process.getProcess(), "google", "googleid", "test@example.com").user;
+
+        {
+            HashMap<String, String> map = new HashMap<>();
+            map.put("userId", user1.getSupertokensUserId());
+
+            JsonObject response = HttpRequestForTesting.sendGETRequest(process.getProcess(), "",
+                    "http://localhost:3567/recipe/user", map, 1000, 1000, null, SemVer.v2_7.get(),
+                    "passwordless");
+            assertEquals(response.get("status").getAsString(), "UNKNOWN_USER_ID_ERROR");
+        }
+
+        {
+            HashMap<String, String> map = new HashMap<>();
+            map.put("userId", user2.getSupertokensUserId());
+
+            JsonObject response = HttpRequestForTesting.sendGETRequest(process.getProcess(), "",
+                    "http://localhost:3567/recipe/user", map, 1000, 1000, null, SemVer.v2_7.get(),
+                    "passwordless");
+            assertEquals(response.get("status").getAsString(), "UNKNOWN_USER_ID_ERROR");
+        }
+
+        process.kill();
+        assertNotNull(process.checkOrWaitForEvent(ProcessState.PROCESS_STATE.STOPPED));
+    }
 }

src/test/java/io/supertokens/test/thirdparty/api/ThirdPartyGetUserAPITest2_7.java

@@ -18,7 +18,10 @@
 
 import com.google.gson.JsonObject;
 import io.supertokens.ProcessState;
+import io.supertokens.emailpassword.EmailPassword;
+import io.supertokens.passwordless.Passwordless;
 import io.supertokens.pluginInterface.STORAGE_TYPE;
+import io.supertokens.pluginInterface.authRecipe.AuthRecipeUserInfo;
 import io.supertokens.storageLayer.StorageLayer;
 import io.supertokens.test.TestingProcessManager;
 import io.supertokens.test.Utils;
@@ -205,6 +208,46 @@ public void testAllTypesOfOutput() throws Exception {
         }
     }
 
+    @Test
+    public void testGetUserForUsersOfOtherRecipeIds() throws Exception {
+        String[] args = {"../"};
+
+        TestingProcessManager.TestingProcess process = TestingProcessManager.start(args);
+        assertNotNull(process.checkOrWaitForEvent(ProcessState.PROCESS_STATE.STARTED));
+
+        if (StorageLayer.getStorage(process.getProcess()).getType() != STORAGE_TYPE.SQL) {
+            return;
+        }
+
+        AuthRecipeUserInfo user1 = EmailPassword.signUp(process.getProcess(), "test@example.com", "password");
+        Passwordless.CreateCodeResponse user2code = Passwordless.createCode(process.getProcess(), "test@example.com",
+                null, null, null);
+        AuthRecipeUserInfo user2 = Passwordless.consumeCode(process.getProcess(), user2code.deviceId, user2code.deviceIdHash, user2code.userInputCode, null).user;
+
+        {
+            HashMap<String, String> map = new HashMap<>();
+            map.put("userId", user1.getSupertokensUserId());
+
+            JsonObject response = HttpRequestForTesting.sendGETRequest(process.getProcess(), "",
+                    "http://localhost:3567/recipe/user", map, 1000, 1000, null, SemVer.v2_7.get(),
+                    "thirdparty");
+            assertEquals(response.get("status").getAsString(), "UNKNOWN_USER_ID_ERROR");
+        }
+
+        {
+            HashMap<String, String> map = new HashMap<>();
+            map.put("userId", user2.getSupertokensUserId());
+
+            JsonObject response = HttpRequestForTesting.sendGETRequest(process.getProcess(), "",
+                    "http://localhost:3567/recipe/user", map, 1000, 1000, null, SemVer.v2_7.get(),
+                    "thirdparty");
+            assertEquals(response.get("status").getAsString(), "UNKNOWN_USER_ID_ERROR");
+        }
+
+        process.kill();
+        assertNotNull(process.checkOrWaitForEvent(ProcessState.PROCESS_STATE.STOPPED));
+    }
+
     public static void checkUser(JsonObject user, String thirdPartyId, String thirdPartyUserId, String email) {
         assertNotNull(user.get("id"));
         assertNotNull(user.get("timeJoined"));