Merge branch '4.4' into feat/totp-inmemory

CHANGELOG.md

@@ -20,9 +20,13 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 - `POST /recipe/totp/device/verify` to verify a device. This is to ensure that the user has access to the device.
 - `POST /recipe/totp/verify` to verify a code and continue the login flow.
 - `PUT /recipe/totp/device` to update the name of a device. Name is just a string that the user can set to identify the device.
-- `GET /recipe/totp/device/list` to get all devices for a user. 
+- `GET /recipe/totp/device/list` to get all devices for a user.
 - `POST /recipe/totp/device/remove` to remove a device. If the user has no more devices, the user is also removed.
 
+## [4.4.2] - 2023-03-16
+
+- Adds null check in email normalisation to fix: https://github.com/supertokens/supertokens-node/issues/514
+
 ## [4.4.1] - 2023-03-09
 
 - Normalises email in all APIs in which email was not being

build.gradle

@@ -19,7 +19,7 @@ compileTestJava { options.encoding = "UTF-8" }
 //    }
 //}
 
-version = "4.4.1"
+version = "4.4.2"
 
 
 repositories {

src/main/java/io/supertokens/utils/Utils.java

@@ -16,18 +16,16 @@
 
 package io.supertokens.utils;
 
-import javax.crypto.*;
-import javax.crypto.spec.GCMParameterSpec;
-import javax.crypto.spec.PBEKeySpec;
-import javax.crypto.spec.SecretKeySpec;
-
 import com.google.gson.GsonBuilder;
 import com.google.gson.JsonArray;
 import com.google.gson.JsonElement;
 import com.google.gson.JsonObject;
-
 import io.supertokens.session.accessToken.AccessTokenSigningKey.KeyInfo;
 
+import javax.crypto.*;
+import javax.crypto.spec.GCMParameterSpec;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.SecretKeySpec;
 import java.io.ByteArrayOutputStream;
 import java.io.PrintStream;
 import java.math.BigInteger;
@@ -39,14 +37,17 @@
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.security.spec.X509EncodedKeySpec;
 import java.util.Base64;
-import java.util.List;
 import java.util.Base64.Decoder;
 import java.util.Base64.Encoder;
+import java.util.List;
 import java.util.UUID;
 
 public class Utils {
 
     public static String normaliseEmail(String email) {
+        if (email == null) {
+            return null;
+        }
         // we assume that the email's syntax is correct here.
 
         // as per https://github.com/supertokens/supertokens-core/issues/89 and

src/test/java/io/supertokens/test/emailpassword/api/UserPutAPITest2_8.java

@@ -155,6 +155,32 @@ public void testSuccessfulUpdate() throws Exception {
 
             assertEquals("OK", response.get("status").getAsString());
             assertEquals(1, response.entrySet().size());
+
+            EmailPassword.signIn(process.main, "someotheremail@gmail.com", "somePass");
+        });
+    }
+
+    @Test
+    public void testSuccessfulUpdateWithOnlyPassword() throws Exception {
+        TestingProcessManager.withProcess(process -> {
+            if (StorageLayer.getStorage(process.getProcess()).getType() != STORAGE_TYPE.SQL) {
+                return;
+            }
+
+            UserInfo user = EmailPassword.signUp(process.getProcess(), "someemail@gmail.com", "somePass");
+
+            JsonObject body = new JsonObject();
+            body.addProperty("userId", user.id);
+            body.addProperty("password", "somePass123");
+
+            JsonObject response = HttpRequestForTesting.sendJsonPUTRequest(process.getProcess(), "",
+                    "http://localhost:3567/recipe/user", body, 1000, 1000, null, Utils.getCdiVersion2_8ForTests(),
+                    RECIPE_ID.EMAIL_PASSWORD.toString());
+
+            assertEquals("OK", response.get("status").getAsString());
+            assertEquals(1, response.entrySet().size());
+
+            EmailPassword.signIn(process.main, "someemail@gmail.com", "somePass123");
         });
     }