feat: Introduce MFA recipe (#651)

* adds connection uri and tenant id based resource distributor

* removes unnecessary file

* adds a bunch of todos

* adds storage layer function and also laod all configs function

* implements core config merging across tenants

* restructures code related to config checking in core

* changes storage layer to take json instead of config file path

* small refactor

* adds ability to create new storage instances on the fly

* in mem db function impl for user pool ID and config conflict checking

* small change

* adds checks for conflicting core configs

* adds a few tests for multi tenant config

* adds more tests

* more tests

* adds function to get connection pool ID

* adds skeleton for loading storage layers for tenants

* fixes compile error

* adds code to load multiple storage layers as well

* deletes info across all tenants during testing

* adds one test for storage layer

* fixes a test

* fixes bug in setting resource in resource distributor

* fixes bugs

* loads signing keys for all tenants

* fixes bug

* adds new test and modifies the testing kill process to clear databases across mulitple user pools

* implements more test

* small change to formatting

* small change to formatting

* modifies cron jobs to run per unique user pool ID

* fixes a few bugs

* disallows different argon2 pool size across tenants

* changes server api key check to be based on connection uri as well

* adds function for getTenantId

* modfies delete user API as well

* makes tests compile

* marked getStorageLayer older version as testonly

* fixes a few tests

* removes unused storage layer when loading them for all tenants

* makes storagelayer.getAuthRecipeStorage testonly

* makes storagelayer.getSession testonly

* makes storagelayer.getEmailPasswordStorage testonly

* makes storagelayer.getEmailVerificationStorage testonly

* makes storagelayer.getThirdPartyStorage testonly

* makes storagelayer.getPasswordlessStorage testonly

* more updates to storage layer functions and reciope

* completes all storage layer function changes

* makes Config.getConfig testonly

* implements custom routing class for api requests

* fixes a few bugs

* adds test cases

* adds tenant not found logic

* adds new exception

* fixes all tests

* removes unnecessary exception catching

* fixes bug

* adds test for path router

* adds more tests

* adds more tests

* adds more tests

* changes defaulttenantid to public

* adds appId as a identifier for a unique tenant

* adds extracting appId from request path

* small change

* fixes bug with extarcting tenantid with appid

* fixes bug

* adds more tests

* starts working on multitenancy class and utils functions

* more changes to multitenancy file

* fixes a bug

* small change

* ads crud functions for multi tenancy

* changes to use of quiteprogramexception from in mem db

* adds skeleton for multitenancy functions in in mem db

* adds a few todos

* small change

* small change

* adds more functions to multi tenancy impl

* adds multi tenancy functions to delete and get info

* fixes tests

* adds a few exception cases

* updates exception import

* small change to make debugging easier

* fixes logging related issue in test

* checks for permission when creating a new app

* simplifies delete of app and connectionuridomain

* adds sync to respirce distributor

* small change

* small changes

* checks if multi tenancy is enabled in license key during tenant creation

* adds FeatureNotEnabledException exception

* small refactor

* fixes deadlock condition

* fixes in memory db issue

* does deep equals in tenant refresh function

* small change

* adds more checks when adding or updating a tenant

* adds tenantIdentifier for emailpassword and useridmapping recipes

* enforces unique user pool id per connectionuridomain

* small bug fix for refreshing cronjobs

* makes cronjob run per user pool, but pass list of tenants within that pool to the doTask function

* changes to incorporate tenantIndetifier for key value storage

* changes to session receipe to add tenantIdentifier

* adds a todo

* introduces the concept of appIdentifier vs tenantIdentifier

* fixes test compilation issues

* fixes bugs from existing tests

* adds appidentifier to user metadata functions

* modifes user roles functions to add tenantidentifier and appidentifiers

* small refactor

* modifies session recipe to add tenantId as part of the access token and refresh token

* small change

* fixes a bug

* modifies emailpassword functions

* changes to a few functions

* adds appidentifier to email verfication

* adds tenant identifier to third party

* adds tenantidentifier to passwordless

* changes how tenant configs are checked

* fixes tests

* small bug fixes

* fix: config tests (#568)

* fix: added a config test

* fix: added few config tests

* fix: pr comments

* fix: pr comments

* fix: new exceptions and tests (#573)

* fix: added a config test

* fix: added few config tests

* fix: pr comments

* fix: pr comments

* fix: new exceptions and tests

* fix: new tests and moved race condition test to postgres plugin

* fix: new tests

* fix: updated tests

* fix: concurrent test

* fix: typos

* fix: random test

* fix: random test

* makes telemetry and feature flag multi tenant as well - per app

* refactors crontask to be better suited for multi tenancy

* fix: Email password and user id mapping multi tenancy changes (#580)

* fix: ep recipe impl

* fix: updated as per plugin interface

* fix: pr comments

* fix: fixed unknown user handling

* fix: update useridmapping

* fix: updated the way storage is passed

* fix: updated the way storage is passed

* fix: smaller changes

* fix: smaller changes

* fix: pr comments

* fix: cleanup

* fix: cleanup

* fix: pr comments

* fix: fix compile

* fix: pr comments and test fixes

* fix: revert delete user

* fix: updated deleteUserAPI

* fix: test fix

* fix: plugin interface related

* fix: pr comments

* fix: pr comments

* fix: removed getTenantIdentifierFromRequest

* fix: app identifier with storage

* fixes test

* fix: Multitenant userroles (#600)

* fix: user roles impl

* fix: handling fkey

* fix: pr comments

* fix: pr comments

* fix: Multitenant usermetadata (#605)

* fix: user roles impl

* fix: handling fkey

* fix: usermetadata impl

* fix: user metadata impl

* fix: api updates

* fix: emailpassword storage (#607)

* fix: uid mapping storage (#608)

* fix: multitenant ep tests (#609)

* fix: Multitenant user id mapping tests (#611)

* fix: uid mapping tests

* fix: uid mapping tests

* fix: uid mapping tests

* fix: uid mapping tests

* fix: uid mapping tests

* fix: uid mapping tests

* fix: pr comments

* fix: pr comments

* fix: pr comments

* fix: Multitenant API, storage and tests (#614)

* fix: passwordless storage

* fix: passwordless changes and tests

* fix: passwordless changes and tests

* fix: passwordless changes and tests

* fix: pr comments

* fix: Multitenant thirdparty API, storage and tests (#616)

* fix: thirdparty storage and API

* fix: thirdparty tests

* fix: thirdparty changes

* fix: pr comments

* fix: Multitenant emailverification (#618)

* fix: thirdparty storage and API

* fix: thirdparty tests

* fix: emailverification storage

* fix: emailverification changes

* fix: emailverification test

* fix: comment

* fix: token tenant specific

* fix: Multitenant session (#619)

* fix: session changes

* fix: session changes

* fix: session API

* fix: updated comments

* fix: minor fixes

* fix: minor fixes

* fix: minor fixes

* fix: minor fixes

* fix: minor fixes

* fix: session tests

* fix: fixed tests

* fix: pr comments

* fix: pr comments

* fix: pr comments

* fix: pr comments

* fix: removed unused param

* fix: pr comments

* merges with latest (#622)

* merges with latest - tests not fixed

* fixes a few tests

* fixes test compilation issue

* fixes tests

* adds load testing basics

---------

Co-authored-by: Sattvik Chakravarthy <[email protected]>

* several fixes

* fix: Multitenant jwt (#629)

* fix: jwt changes

* fix: undo

* fix: Multitenant Auth Recipe (#633)

* fix: auth recipe storage

* fix: auth recipe changes

* fix: updated API

* fix: pr comments

* fix: pr comments

* fix: Multitenant dashboard (#636)

* fix: dashboard changes

* fix: dashboard test

* fix: Multitenant totp (#637)

* fix: totp changes

* fix: handling fk

* fix: updated comments

* fix: multitenant test

* fix: pr comment

* merges (#638)

* adds new config (#639)

* makes test more reliable

* removes unnecessary deprecated annotation (#640)

* fix: multitenancy changes (#641)

* fix: api implementations

* fix: after merge

* fix: test fix

* fix: test fix

* fix: working cud tests

* fix: db config protection

* fix: add user to tenant

* fix: tests

* fix: pr comment

* fix: cleanup

* fix: input parsing

* fix: PR comments

* fix: remove DeletionInProgressException

* fix: removeUserIdFromTenant

* fix: protected fields

* fix: pr comment

* fix: more tests and fixes

* fix: fixed validation

* fix: remove api permission checks

* fix: fixed permission logic and added tests

* fix: thirdparty config tests and fixes

* fix: thirdparty config tests and fixes

* fix: tests

* fix: pr comments

* fix: pr comments

* fix: pr comments

* fix: pr comment

* fix: Misc changes (#645)

* fix: api implementations

* fix: after merge

* fix: test fix

* fix: test fix

* fix: working cud tests

* fix: db config protection

* fix: add user to tenant

* fix: tests

* fix: pr comment

* fix: cleanup

* fix: input parsing

* fix: PR comments

* fix: remove DeletionInProgressException

* fix: removeUserIdFromTenant

* fix: protected fields

* fix: pr comment

* fix: more tests and fixes

* fix: fixed validation

* fix: remove api permission checks

* fix: fixed permission logic and added tests

* fix: thirdparty config tests and fixes

* fix: thirdparty config tests and fixes

* fix: tests

* fix: config api

* fix: active users

* fix: test only code in production

* fix: Tenantid logging (#646)

* fix: tenant id in logging

* fix: pr comment

* fix: Rate limiting hello (#647)

* fix: rate limiting hello api

* fix: pr comments

* fix: multitenancy stats (#649)

* fix: multitenancy stats

* fix: pr comment and test

* fix: pr comment

* fix: pr comment

* fix: Tenantid in userobjects (#650)

* fix: create user type

* fix: test fixes

* fix: added test

* fix: refactored ep and tp

* fix: refactor pless

* fix: test fix

* fix: pr comment

* feat: Introduce MFA recipe

* fix: Ip filter per tenant (#652)

* fix: ip filter impl

* fix: ip filter impl

* fix: ip filter impl

* fix: jwt fix

* fix: updated console log (#653)

* fix: API key per app (#654)

* feat: Add EE feature for MFA functions

* fix: Fix didExist of factor disable API

* fix: Startup log (#655)

* fix: tenant id in loadConfig

* fix: remove repeat log

* fix: added test

* fix: License tests (#656)

* fix: license tests

* fix: added test

* fix: pr comment

* test: Config normalisation test (#658)

* fix: added tests for config normalisation

* fix: fixed comment

* fix: fixed comment

* feat: Suggested changes along with tests

* fix: delete non auth user in deleteUserIdFromTenantId (#659)

* fix: delete user in non auth recipe

* fix: pr comments

* fix: thirdparty related tests (#661)

* fix: tp changes

* fix: pr comment

* feat: Add MFA EE features and user id mapping related tests

* fix: Remove irrelevant multitenancy change

* fix: Config validation (#662)

* fix: config validation

* fix: config validation

* fix: pr comment

* fix: pr comment

* fix: pr comment

* fix: pr comment

* fix: config per tenant, per app annotations and validation (#666)

* fix: pagination test (#667)

* fix: added version check for multitenant apis (#669)

* fix: added version check for multitenant apis

* fix: pr comment

* fix: clean up init keys (#670)

* fix: clean up init keys

* fix: pr comment

* fix: removed isTesting check in prod code (#671)

* fix: Suggested changes

* test: Improve MFA delete user test

* test: Fix all tests and inherit from MFaTestBase

* feat: Add function to delete user from a tenant and test it

* fix: resource reloading (#673)

* fix: resource reloading

* fix: license test task reloading

* fix: reload revert

* fix: impl

* fix: pr comments

* fix: pr comments

* fix: pr comment

* fix: pr comments

* fix: fixed missing log (#678)

* fix: fixed logging

* fix: pr comments

* fix: pr comments

* Overload deleteMfaInfoForUser and set factor column size to 64

* fix: merge issues (#680)

* fix: session v4 (#683)

* fix: session v4

* fix: tests

* fix: pr comments and tests

* fix: test

* fix: pr comments

* fix: Postgres migration (#685)

* fix: changelog

* fix: changelog

* fix: pr comments

* fix: fixed tests for active user storage (#686)

* refactor: Remove irrelevant changes from merge conflict

* chores: Mention new MFA recipe in CHANGELOG

* chores: Bring back ActiveUsers function implementation

* fix: tests

* refactor: Replace TOTP_NOT_ENABLED_ERROR status and make deviceName optional (#729)

* refactor: Dont send TOTP_NOT_ENABLED_ERROR status

* refactor: Add comments

* chores: Remove extra comments

* refactor: Completely replace totp not enabled error with unknown device error

* refactor: Remove Totp not enabled error

* feat: Make device name optional and generate it from number of existing devices

* Replace TotpNotEnabledError with UnknownUserIdTotpError

* refactor: Recursively generate device name when it already exists

* refactor: Remove redundant arguments

* feat: Remove the param to allow unverified devices from the verify totp API

* feat: Reject unverified devices

* feat: Add UNKNOWN_USER_ID_ERROR to verify totp api

* feat: Throw Unknown user id error when device gets deleted during verification

* fix: core fixes

* fix: cleanup

* fix: tests

---------

Co-authored-by: Sattvik Chakravarthy <[email protected]>

* fix: tests

* fix: mfa and totp queries

* fix: flaky tests

* fix: mfa cleanup (#837)

* fix: mfa cleanup

* fix: mfa cleanup

* fix: test

* fix: pr comments

* Mfa multitenancy (#841)

* fix: multitenancy changes

* fix: mfa cleanup

* fix: mfa cleanup

* fix: test

* fix: api

* fix: mfa multitenancy updates

* fix: tests

* fix: mfa

* fix: tests

* fix: tests

* fix: pr comments

* fix: pr comments

* fix: pr comments

* fix: tests

* fix: tests

* fix: pr comments

* Mfa accountlinking (#867)

* fix: multitenancy changes

* fix: mfa cleanup

* fix: mfa cleanup

* fix: test

* fix: api

* fix: mfa multitenancy updates

* fix: tests

* fix: mfa

* fix: tests

* fix: tests

* fix: accountlinking APIs for MFA

* fix: pr comments

* fix: pr comments

* fix: pr comments

* fix: tests

* fix: tests

* fix: pr comments

* fix: refactor and tests

* Mfa firstfactor in sign in or up (#868)

* fix: multitenancy changes

* fix: mfa cleanup

* fix: mfa cleanup

* fix: test

* fix: api

* fix: mfa multitenancy updates

* fix: tests

* fix: mfa

* fix: tests

* fix: tests

* fix: accountlinking APIs for MFA

* fix: pr comments

* fix: pr comments

* fix: pr comments

* fix: tests

* fix: tests

* fix: pr comments

* fix: refactor and tests

* fix: sign in/up API updates

* fix: some tests and fixes

* fix: more tests

* fix: sign in up apis

* fix: pr comment

* fix: import totp device API (#869)

* fix: import totp device API

* fix: remove extra api

* fix: add createdat to totp device (#870)

* fix: mfa stats

* fix: active users data saved into public tenant storage

* fix: pr comments

* fix: pr comments

* fix: pr comment

* Mfa inmemory (#874)

* fix: add createdat to totp device

* fix: inmemory changes for mfa

* fix: mfa stats queries

* fix: test

* fix: totp APIs and flaky tests fix (#879)

* fix: totp APIs and flaky tests fix

* fix: PR comment

* fix: response

* fix: version update

* fix: changelog

* fix: remove MFA apis

* fix: remove isValidFirstFactor

* fix: revert account linking api

* Mfa changes (#901)

* fix: remove tenant config and rename secondary factors

* fix: version prefix in logging

* fix: remove totp enabled

* fix: firstFactors and requiredSecondaryFactors validation

* fix: remove totpEnabled

* fix: more validation

* fix: version in core logs

* fix: error message

* fix: createNewRecipeUser input in consume code API (#910)

* fix: createNewRecipeUser flag in consume code API

* fix: more tests

* fix: update test

* fix: pr comments

* feat: make refresh sync signing key setting (#909)

* feat: make refresh update the signing key type of sessions

* feat: make the refresh and create session apis consistent

* test: remove test log

* chore: update changelog

* test: update tests to use new param

* fix: totp import api (#915)

* fix: totp import api

* fix: refactor

* fix: Fake email verified for emailpassword sign up (#913)

* fix: mark fake email as verified in emailpassword sign up

* fix: add tests

* fix: pr comments

* fix: clean

* Merge 7.0 (#940)

* fix: adds test for user pagination from old version (#893)

* adding dev-v7.0.15 tag to this commit to ensure building

* fix: core config validation (#894)

* fix: core config validation

* fix: core config validation

* fix: PR comments

* fix: PR comments

* fix: test

* fix: startup test

* fix: using ConfigMapper

* fix: test

* fix: config mapper

* fix: core config

* adding dev-v7.0.16 tag to this commit to ensure building

* fix: null handling in config mapper (#897)

* fix: core config validation

* fix: core config validation

* fix: PR comments

* fix: PR comments

* fix: test

* fix: startup test

* fix: using ConfigMapper

* fix: test

* fix: config mapper

* fix: core config

* fix: null handling

* fix: test defaults

* adding dev-v7.0.16 tag to this commit to ensure building

* Add t4-app in release checklist (#899)

* Update README.md

* Add Dockerfile for ubuntu 22.04 (#904)

* fix: error logs should be printed to StdErr (#918)

* fix: Load only cud (#917)

* fix: update config and validateAndNormalize

* fix: impl

* fix: PR comments

* fix: cleanup

* fix: cleanup

* fix: pr comments

* fix: pr comments

* fix: tests

* fix: changelog

* fix: 400 error

* fix: cuds from db

* fix: connection pool issue (#919)

* adding dev-v7.0.17 tag to this commit to ensure building

* fix: Test fix (#921)

* fix: test

* fix: tests

* adding dev-v7.0.17 tag to this commit to ensure building

* fix: CICD tests (#925)

* fix: tests

* fix: adding retry

* fix: kill

* fix: typo

* fix: cicd

* fix: cicd

* adding dev-v7.0.17 tag to this commit to ensure building

* fix: Vulnerability fix (#928)

* fix: updated dependencies

* fix: updated dependencies

* chore: version and changelog

* fix: update impl deps

* fix: telemetry data

* fix: changelog

* fix: cleanup

* fix: active user storage

* fix: active users storage test

* fix: changelog

* fix: versions

* adding dev-v7.0.18 tag to this commit to ensure building

* fix: Cicd tests fix (#932)

* fix: CICD fix

* fix: test fix

* fix: test for mongo

* adding dev-v7.0.18 tag to this commit to ensure building

* fix: dependencies (#933)

* fix: dependency fix

* fix: dep fix

* adding dev-v7.0.18 tag to this commit to ensure building

* fix: dependencies (#934)

* adding dev-v7.0.18 tag to this commit to ensure building

* fix: 31 days of mau (#936)

* fix: MAU computation (#937)

* fix: mau

* fix: typo

* adding dev-v7.0.18 tag to this commit to ensure building

* fix: mau related tests (#938)

* adding dev-v7.0.18 tag to this commit to ensure building

* fix: Tests (#939)

* fix: mau related tests

* fix: test

* adding dev-v7.0.18 tag to this commit to ensure building

---------

Co-authored-by: rishabhpoddar <[email protected]>
Co-authored-by: Ankit Tiwari <[email protected]>

* merge latest (#947)

* fix: adds test for user pagination from old version (#893)

* adding dev-v7.0.15 tag to this commit to ensure building

* fix: core config validation (#894)

* fix: core config validation

* fix: core config validation

* fix: PR comments

* fix: PR comments

* fix: test

* fix: startup test

* fix: using ConfigMapper

* fix: test

* fix: config mapper

* fix: core config

* adding dev-v7.0.16 tag to this commit to ensure building

* fix: null handling in config mapper (#897)

* fix: core config validation

* fix: core config validation

* fix: PR comments

* fix: PR comments

* fix: test

* fix: startup test

* fix: using ConfigMapper

* fix: test

* fix: config mapper

* fix: core config

* fix: null handling

* fix: test defaults

* adding dev-v7.0.16 tag to this commit to ensure building

* Add t4-app in release checklist (#899)

* Update README.md

* Add Dockerfile for ubuntu 22.04 (#904)

* fix: error logs should be printed to StdErr (#918)

* fix: Load only cud (#917)

* fix: update config and validateAndNormalize

* fix: impl

* fix: PR comments

* fix: cleanup

* fix: cleanup

* fix: pr comments

* fix: pr comments

* fix: tests

* fix: changelog

* fix: 400 error

* fix: cuds from db

* fix: connection pool issue (#919)

* adding dev-v7.0.17 tag to this commit to ensure building

* fix: Test fix (#921)

* fix: test

* fix: tests

* adding dev-v7.0.17 tag to this commit to ensure building

* fix: CICD tests (#925)

* fix: tests

* fix: adding retry

* fix: kill

* fix: typo

* fix: cicd

* fix: cicd

* adding dev-v7.0.17 tag to this commit to ensure building

* fix: Vulnerability fix (#928)

* fix: updated dependencies

* fix: updated dependencies

* chore: version and changelog

* fix: update impl deps

* fix: telemetry data

* fix: changelog

* fix: cleanup

* fix: active user storage

* fix: active users storage test

* fix: changelog

* fix: versions

* adding dev-v7.0.18 tag to this commit to ensure building

* fix: Cicd tests fix (#932)

* fix: CICD fix

* fix: test fix

* fix: test for mongo

* adding dev-v7.0.18 tag to this commit to ensure building

* fix: dependencies (#933)

* fix: dependency fix

* fix: dep fix

* adding dev-v7.0.18 tag to this commit to ensure building

* fix: dependencies (#934)

* adding dev-v7.0.18 tag to this commit to ensure building

* fix: 31 days of mau (#936)

* fix: MAU computation (#937)

* fix: mau

* fix: typo

* adding dev-v7.0.18 tag to this commit to ensure building

* fix: mau related tests (#938)

* adding dev-v7.0.18 tag to this commit to ensure building

* fix: Tests (#939)

* fix: mau related tests

* fix: test

* adding dev-v7.0.18 tag to this commit to ensure building

* fix: fixes storage handling for non-auth recipes (#942)

* fix: non auth recipe stuff

* fix: user roles

* fix: half done

* fix: thirdparty changes

* fix: passwordless changes

* fix: active users

* fix: session changes

* fix: user metadata

* fix: user roles

* fix: totp

* fix: email verification

* fix: multitenancy and other minor fixes

* fix: compile errors

* fix: bugs and tests

* fix: bugs and tests

* fix: func rename

* fix: PR comments

* fix: pr comments

* fix: pr comments

* fix: pr comments

* fix: user role multitenant tests

* fix: email verification tests

* fix: user role deletion

* fix: user roles

* fix: user roles

* fix: get tenant identifier refactor

* fix: pr comments

* fix: query

* fix: tests version and changelog

* Update CHANGELOG.md

Co-authored-by: Rishabh Poddar <[email protected]>

* fix: pr comments

---------

Co-authored-by: Rishabh Poddar <[email protected]>

* adding dev-v8.0.0 tag to this commit to ensure building

* fix: plugin interface version (#945)

* adding dev-v8.0.0 tag to this commit to ensure building

* fix: cicd tests (#946)

* fix: cicd tests

* fix: cicd tests

* fix: cicd tests

* fix: cicd tests

* fix: cicd tests

* adding dev-v8.0.0 tag to this commit to ensure building

---------

Co-authored-by: rishabhpoddar <[email protected]>
Co-authored-by: Ankit Tiwari <[email protected]>

* fix: add check code API and update delete code API (#948)

* fix: verify code API

* pr comments

* fix: cleanup

* fix: PR comments

* fix: pr comment

* fix: revert formatting

* fix: revert formatting

* feat: merge last active times when linking users (#954)

* feat: merge last active times when linking users

* fix: pr comments

* fix: cleanup

* fix: pr comments

* fix: cleanup

---------

Co-authored-by: Sattvik Chakravarthy <[email protected]>

* Remaining changes (#956)

* fix: enforce public tenant

* fix: enforce public tenant >= 5.0

* fix: pass appId to getUserIdMappingForSuperTokensIds

* fix: create session with useridmapping

* fix: consumed device

* fix: list and remove tenant api enforcement

* fix: firstFactors and secondFactors in multitenancy stats

* fix: tests

* fix: tests

* fix: versions

* fix: PR coments

* fix: pr comments

* fix: null handling

* fix: fixme

---------

Co-authored-by: rishabhpoddar <[email protected]>
Co-authored-by: Sattvik Chakravarthy <[email protected]>
Co-authored-by: Sattvik Chakravarthy <[email protected]>
Co-authored-by: Mihály Lengyel <[email protected]>
Co-authored-by: Ankit Tiwari <[email protected]>

CHANGELOG.md

@@ -5,6 +5,36 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres
 to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [9.0.0] - 2024-03-13
+
+### Added
+
+- Supports CDI version `5.0`
+- MFA stats in `EEFeatureFlag`
+- Adds `ImportTotpDeviceAPI`
+
+### Changes
+
+- `deviceName` in request body of `CreateOrUpdateTotpDeviceAPI` `POST` is now optional
+- Adds `firstFactors` and `requiredSecondaryFactors` in request body of create or update CUD, App and
+  Tenant APIs
+- Adds `deviceName` in the response of `CreateOrUpdateTotpDeviceAPI` `POST`
+- `VerifyTOTPAPI` changes
+  - Removes `allowUnverifiedDevices` from request body and unverified devices are not allowed
+  - Adds `currentNumberOfFailedAttempts` and `maxNumberOfFailedAttempts` in response when status is 
+    `INVALID_TOTP_ERROR` or `LIMIT_REACHED_ERROR`
+  - Adds status `UNKNOWN_USER_ID_ERROR`
+- `VerifyTotpDeviceAPI` changes
+  - Adds `currentNumberOfFailedAttempts` and `maxNumberOfFailedAttempts` in response when status is
+    `INVALID_TOTP_ERROR` or `LIMIT_REACHED_ERROR`
+- Adds a new required `useDynamicSigningKey` into the request body of `RefreshSessionAPI`
+  - This enables smooth switching between `useDynamicAccessTokenSigningKey` settings by allowing refresh calls to 
+    change the signing key type of a session
+
+### Migration
+
+- TODO - copy once postgres / mysql changelog is done
+
 ## [8.0.1] - 2024-03-11
 
 - Making this version backward compatible. Breaking changes in `8.0.0` can now be ignored.

build.gradle

@@ -19,7 +19,7 @@ compileTestJava { options.encoding = "UTF-8" }
 //    }
 //}
 
-version = "8.0.1"
+version = "9.0.0"
 
 
 repositories {

coreDriverInterfaceSupported.json

@@ -17,6 +17,7 @@
     "2.20",
     "2.21",
     "3.0",
-    "4.0"
+    "4.0",
+    "5.0"
   ]
-}
+}

ee/src/main/java/io/supertokens/ee/EEFeatureFlag.java

@@ -185,43 +185,43 @@ private JsonObject getDashboardLoginStats() throws TenantOrAppNotFoundException,
         return stats;
     }
 
-    private JsonObject getTOTPStats() throws StorageQueryException, TenantOrAppNotFoundException {
-        JsonObject totpStats = new JsonObject();
-        JsonArray totpMauArr = new JsonArray();
+    private boolean isEnterpriseThirdPartyId(String thirdPartyId) {
+        for (String enterpriseThirdPartyId : ENTERPRISE_THIRD_PARTY_IDS) {
+            if (thirdPartyId.startsWith(enterpriseThirdPartyId)) {
+                return true;
+            }
+        }
+        return false;
+    }
 
+    private JsonObject getMFAStats() throws StorageQueryException, TenantOrAppNotFoundException {
+        // TODO: Active users are present only on public tenant and MFA users may be
+        // present on different storages
+        JsonObject result = new JsonObject();
         Storage[] storages = StorageLayer.getStoragesForApp(main, this.appIdentifier);
 
-        // TODO Active users are present only on public tenant and TOTP users may be present on different storages
-        Storage publicTenantStorage = StorageLayer.getStorage(this.appIdentifier.getAsPublicTenantIdentifier(), main);
-        final long now = System.currentTimeMillis();
-        for (int i = 1; i <= 31; i++) {
-            long timestamp = now - (i * 24 * 60 * 60 * 1000L);
-
-            int totpMau = 0;
-            // TODO Need to figure out a way to combine the data from different storages to get the final stats
-            // for (Storage storage : storages) {
-            totpMau += ((ActiveUsersStorage) publicTenantStorage).countUsersEnabledTotpAndActiveSince(this.appIdentifier, timestamp);
-            // }
-            totpMauArr.add(new JsonPrimitive(totpMau));
-        }
+        int totalUserCountWithMoreThanOneLoginMethod = 0;
+        int[] maus = new int[31];
 
-        totpStats.add("maus", totpMauArr);
+        long now = System.currentTimeMillis();
 
-        int totpTotalUsers = 0;
         for (Storage storage : storages) {
-            totpTotalUsers += ((ActiveUsersStorage) storage).countUsersEnabledTotp(this.appIdentifier);
-        }
-        totpStats.addProperty("total_users", totpTotalUsers);
-        return totpStats;
-    }
+            totalUserCountWithMoreThanOneLoginMethod += ((AuthRecipeStorage) storage)
+                    .getUsersCountWithMoreThanOneLoginMethodOrTOTPEnabled(this.appIdentifier);
 
-    private boolean isEnterpriseThirdPartyId(String thirdPartyId) {
-        for (String enterpriseThirdPartyId : ENTERPRISE_THIRD_PARTY_IDS) {
-            if (thirdPartyId.startsWith(enterpriseThirdPartyId)) {
-                return true;
+            for (int i = 1; i <= 31; i++) {
+                long timestamp = now - (i * 24 * 60 * 60 * 1000L);
+
+                // `maus[i-1]` since i starts from 1
+                maus[i - 1] += ((ActiveUsersStorage) storage)
+                        .countUsersThatHaveMoreThanOneLoginMethodOrTOTPEnabledAndActiveSince(appIdentifier, timestamp);
             }
         }
-        return false;
+
+        result.addProperty("totalUserCountWithMoreThanOneLoginMethodOrTOTPEnabled",
+                totalUserCountWithMoreThanOneLoginMethod);
+        result.add("mauWithMoreThanOneLoginMethodOrTOTPEnabled", new Gson().toJsonTree(maus));
+        return result;
     }
 
     private JsonObject getMultiTenancyStats()
@@ -245,6 +245,21 @@ private JsonObject getMultiTenancyStats()
                 hasUsersOrSessions = hasUsersOrSessions || ((SessionSQLStorage) storage).getNumberOfSessions(tenantConfig.tenantIdentifier) > 0;
                 tenantStat.addProperty("usersCount", usersCount);
                 tenantStat.addProperty("hasUsersOrSessions", hasUsersOrSessions);
+                if (tenantConfig.firstFactors != null) {
+                    JsonArray firstFactors = new JsonArray();
+                    for (String firstFactor : tenantConfig.firstFactors) {
+                        firstFactors.add(new JsonPrimitive(firstFactor));
+                    }
+                    tenantStat.add("firstFactors", firstFactors);
+                }
+
+                if (tenantConfig.requiredSecondaryFactors != null) {
+                    JsonArray requiredSecondaryFactors = new JsonArray();
+                    for (String requiredSecondaryFactor : tenantConfig.requiredSecondaryFactors) {
+                        requiredSecondaryFactors.add(new JsonPrimitive(requiredSecondaryFactor));
+                    }
+                    tenantStat.add("requiredSecondaryFactors", requiredSecondaryFactors);
+                }
 
                 try {
                     tenantStat.addProperty("userPoolId", Utils.hashSHA256(storage.getUserPoolId()));
@@ -355,8 +370,8 @@ public JsonObject getPaidFeatureStats() throws StorageQueryException, TenantOrAp
                 usageStats.add(EE_FEATURES.DASHBOARD_LOGIN.toString(), getDashboardLoginStats());
             }
 
-            if (feature == EE_FEATURES.TOTP) {
-                usageStats.add(EE_FEATURES.TOTP.toString(), getTOTPStats());
+            if (feature == EE_FEATURES.MFA) {
+                usageStats.add(EE_FEATURES.MFA.toString(), getMFAStats());
             }
 
             if (feature == EE_FEATURES.MULTI_TENANCY) {

ee/src/test/java/io/supertokens/ee/test/TestMultitenancyStats.java

@@ -78,6 +78,7 @@ public void testPaidStatsIsSentForAllAppsInMultitenancy() throws Exception {
                     new EmailPasswordConfig(true),
                     new ThirdPartyConfig(true, null),
                     new PasswordlessConfig(true),
+                    null, null,
                     config
             ), false);
 
@@ -86,6 +87,7 @@ public void testPaidStatsIsSentForAllAppsInMultitenancy() throws Exception {
                     new EmailPasswordConfig(true),
                     new ThirdPartyConfig(true, null),
                     new PasswordlessConfig(true),
+                    null, null,
                     config
             ), false);
 
@@ -94,6 +96,7 @@ public void testPaidStatsIsSentForAllAppsInMultitenancy() throws Exception {
                     new EmailPasswordConfig(true),
                     new ThirdPartyConfig(true, null),
                     new PasswordlessConfig(true),
+                    null, null,
                     config
             ), false);
         }

pluginInterfaceSupported.json

@@ -1,6 +1,6 @@
 {
   "_comment": "contains a list of plugin interfaces branch names that this core supports",
   "versions": [
-    "5.0"
+    "6.0"
   ]
 }

src/main/java/io/supertokens/ActiveUsers.java

@@ -1,8 +1,8 @@
 package io.supertokens;
 
+import io.supertokens.pluginInterface.ActiveUsersSQLStorage;
 import io.supertokens.pluginInterface.Storage;
 import io.supertokens.pluginInterface.StorageUtils;
-import io.supertokens.pluginInterface.authRecipe.sqlStorage.AuthRecipeSQLStorage;
 import io.supertokens.pluginInterface.exceptions.StorageQueryException;
 import io.supertokens.pluginInterface.exceptions.StorageTransactionLogicException;
 import io.supertokens.pluginInterface.multitenancy.AppIdentifier;
@@ -37,6 +37,20 @@ public static int countUsersActiveSince(Main main, AppIdentifier appIdentifier,
         return StorageUtils.getActiveUsersStorage(storage).countUsersActiveSince(appIdentifier, time);
     }
 
+    public static void updateLastActiveAfterLinking(Main main, AppIdentifier appIdentifier, String primaryUserId,
+                                                    String recipeUserId)
+            throws StorageQueryException, TenantOrAppNotFoundException, StorageTransactionLogicException {
+        ActiveUsersSQLStorage activeUsersStorage =
+                (ActiveUsersSQLStorage) StorageUtils.getActiveUsersStorage(StorageLayer.getStorage(appIdentifier.getAsPublicTenantIdentifier(), main));
+
+        activeUsersStorage.startTransaction(con -> {
+            activeUsersStorage.deleteUserActive_Transaction(con, appIdentifier, recipeUserId);
+            return null;
+        });
+
+        updateLastActive(appIdentifier, main, primaryUserId);
+    }
+
     @TestOnly
     public static int countUsersActiveSince(Main main, long time)
             throws StorageQueryException, TenantOrAppNotFoundException {

src/main/java/io/supertokens/Main.java

@@ -157,6 +157,9 @@ private void init() throws IOException, StorageQueryException {
             throw new QuitProgramException(e);
         }
 
+        // loading version file
+        Version.loadVersion(this, CLIOptions.get(this).getInstallationPath() + "version.yaml");
+
         Logging.info(this, TenantIdentifier.BASE_TENANT, "Completed config.yaml loading.", true);
 
         // loading storage layer
@@ -167,9 +170,6 @@ private void init() throws IOException, StorageQueryException {
             throw new QuitProgramException(e);
         }
 
-        // loading version file
-        Version.loadVersion(this, CLIOptions.get(this).getInstallationPath() + "version.yaml");
-
         // init file logging
         Logging.initFileLogging(this);
 

src/main/java/io/supertokens/authRecipe/AuthRecipe.java

@@ -25,11 +25,7 @@
 import io.supertokens.featureflag.FeatureFlag;
 import io.supertokens.featureflag.exceptions.FeatureNotEnabledException;
 import io.supertokens.multitenancy.exception.BadPermissionException;
-import io.supertokens.pluginInterface.RECIPE_ID;
-import io.supertokens.pluginInterface.STORAGE_TYPE;
-import io.supertokens.pluginInterface.Storage;
-import io.supertokens.pluginInterface.StorageUtils;
-import io.supertokens.pluginInterface.authRecipe.AuthRecipeStorage;
+import io.supertokens.pluginInterface.*;
 import io.supertokens.pluginInterface.authRecipe.AuthRecipeUserInfo;
 import io.supertokens.pluginInterface.authRecipe.LoginMethod;
 import io.supertokens.pluginInterface.authRecipe.sqlStorage.AuthRecipeSQLStorage;
@@ -126,7 +122,7 @@ public static AuthRecipeUserInfo getUserById(Main main, String userId)
 
     public static AuthRecipeUserInfo getUserById(AppIdentifier appIdentifier, Storage storage, String userId)
             throws StorageQueryException {
-        return  StorageUtils.getAuthRecipeStorage(storage).getPrimaryUserById(appIdentifier, userId);
+        return StorageUtils.getAuthRecipeStorage(storage).getPrimaryUserById(appIdentifier, userId);
     }
 
     public static class CreatePrimaryUserResult {
@@ -325,22 +321,22 @@ public static LinkAccountsResult linkAccounts(Main main, String recipeUserId, St
     }
 
     public static LinkAccountsResult linkAccounts(Main main, AppIdentifier appIdentifier,
-                                       Storage storage, String _recipeUserId, String _primaryUserId)
+                                                  Storage storage, String _recipeUserId, String _primaryUserId)
             throws StorageQueryException,
             AccountInfoAlreadyAssociatedWithAnotherPrimaryUserIdException,
             RecipeUserIdAlreadyLinkedWithAnotherPrimaryUserIdException, InputUserIdIsNotAPrimaryUserException,
             UnknownUserIdException, TenantOrAppNotFoundException, FeatureNotEnabledException {
 
         if (Arrays.stream(FeatureFlag.getInstance(main, appIdentifier).getEnabledFeatures())
-                .noneMatch(t -> t == EE_FEATURES.ACCOUNT_LINKING)) {
+                .noneMatch(t -> t == EE_FEATURES.ACCOUNT_LINKING || t == EE_FEATURES.MFA)) {
             throw new FeatureNotEnabledException(
                     "Account linking feature is not enabled for this app. Please contact support to enable it.");
         }
 
         AuthRecipeSQLStorage authRecipeStorage = StorageUtils.getAuthRecipeStorage(storage);
         try {
-            LinkAccountsResult result = authRecipeStorage.startTransaction(con -> {
 
+            LinkAccountsResult result = authRecipeStorage.startTransaction(con -> {
                 try {
                     CanLinkAccountsResult canLinkAccounts = canLinkAccountsHelper(con, appIdentifier,
                             authRecipeStorage, _recipeUserId, _primaryUserId);
@@ -537,7 +533,7 @@ public static CreatePrimaryUserResult createPrimaryUser(Main main,
             FeatureNotEnabledException {
 
         if (Arrays.stream(FeatureFlag.getInstance(main, appIdentifier).getEnabledFeatures())
-                .noneMatch(t -> t == EE_FEATURES.ACCOUNT_LINKING)) {
+                .noneMatch(t -> t == EE_FEATURES.ACCOUNT_LINKING || t == EE_FEATURES.MFA)) {
             throw new FeatureNotEnabledException(
                     "Account linking feature is not enabled for this app. Please contact support to enable it.");
         }
@@ -911,7 +907,7 @@ public static void deleteUser(AppIdentifier appIdentifier, Storage storage, Stri
     }
 
     private static void deleteNonAuthRecipeUser(TransactionConnection con, AppIdentifier appIdentifier,
-            Storage storage, String userId)
+                                                Storage storage, String userId)
             throws StorageQueryException {
         StorageUtils.getUserMetadataStorage(storage)
                 .deleteUserMetadata_Transaction(con, appIdentifier, userId);
@@ -921,6 +917,7 @@ private static void deleteNonAuthRecipeUser(TransactionConnection con, AppIdenti
                 .deleteEmailVerificationUserInfo_Transaction(con, appIdentifier, userId);
         StorageUtils.getUserRolesStorage(storage)
                 .deleteAllRolesForUser_Transaction(con, appIdentifier, userId);
+
         StorageUtils.getActiveUsersStorage(storage)
                 .deleteUserActive_Transaction(con, appIdentifier, userId);
         StorageUtils.getTOTPStorage(storage)
@@ -977,4 +974,4 @@ public UnlinkResult(String userId, boolean wasLinked) {
             this.wasLinked = wasLinked;
         }
     }
-}
+}

src/main/java/io/supertokens/emailpassword/EmailPassword.java

@@ -38,6 +38,7 @@
 import io.supertokens.pluginInterface.emailpassword.exceptions.DuplicateUserIdException;
 import io.supertokens.pluginInterface.emailpassword.exceptions.UnknownUserIdException;
 import io.supertokens.pluginInterface.emailpassword.sqlStorage.EmailPasswordSQLStorage;
+import io.supertokens.pluginInterface.emailverification.sqlStorage.EmailVerificationSQLStorage;
 import io.supertokens.pluginInterface.exceptions.StorageQueryException;
 import io.supertokens.pluginInterface.exceptions.StorageTransactionLogicException;
 import io.supertokens.pluginInterface.multitenancy.AppIdentifier;
@@ -110,14 +111,37 @@ public static AuthRecipeUserInfo signUp(TenantIdentifier tenantIdentifier, Stora
                 .createHashWithSalt(tenantIdentifier.toAppIdentifier(), password);
 
         while (true) {
-
             String userId = Utils.getUUID();
             long timeJoined = System.currentTimeMillis();
 
             try {
-                return StorageUtils.getEmailPasswordStorage(storage)
+                AuthRecipeUserInfo newUser = StorageUtils.getEmailPasswordStorage(storage)
                         .signUp(tenantIdentifier, userId, email, hashedPassword, timeJoined);
 
+                if (Utils.isFakeEmail(email)) {
+                    try {
+                        EmailVerificationSQLStorage evStorage = StorageUtils.getEmailVerificationStorage(storage);
+                        evStorage.startTransaction(con -> {
+                            try {
+                                evStorage.updateIsEmailVerified_Transaction(tenantIdentifier.toAppIdentifier(), con,
+                                                newUser.getSupertokensUserId(), email, true);
+                                evStorage.commitTransaction(con);
+
+                                return null;
+                            } catch (TenantOrAppNotFoundException e) {
+                                throw new StorageTransactionLogicException(e);
+                            }
+                        });
+                        newUser.loginMethods[0].setVerified(); // newly created user has only one loginMethod
+                    } catch (StorageTransactionLogicException e) {
+                        if (e.actualException instanceof TenantOrAppNotFoundException) {
+                            throw (TenantOrAppNotFoundException) e.actualException;
+                        }
+                        throw new StorageQueryException(e);
+                    }
+                }
+
+                return newUser;
             } catch (DuplicateUserIdException ignored) {
                 // we retry with a new userId (while loop)
             }

src/main/java/io/supertokens/featureflag/EE_FEATURES.java

@@ -18,8 +18,7 @@
 
 public enum EE_FEATURES {
     ACCOUNT_LINKING("account_linking"), MULTI_TENANCY("multi_tenancy"), TEST("test"),
-    DASHBOARD_LOGIN("dashboard_login"),
-    TOTP("totp");
+    DASHBOARD_LOGIN("dashboard_login"), MFA("mfa");
 
     private final String name;