fix: bulk migration user to roles association in case of non primary user (#1157)

## Summary of change

(A few sentences about this PR)

## Related issues

- Link to issue1 here
- Link to issue1 here

## Test Plan

(Write your test plan here. If you changed any code, please provide us with clear instructions on how you verified your
changes work. Bonus points for screenshots and videos!)

## Documentation changes

(If relevant, please create a PR in our [docs repo](https://github.com/supertokens/docs), or create a checklist here
highlighting the necessary changes)

## Checklist for important updates

- [ ] Changelog has been updated
    - [ ] If there are any db schema changes, mention those changes clearly
- [ ] `coreDriverInterfaceSupported.json` file has been updated (if needed)
- [ ] `pluginInterfaceSupported.json` file has been updated (if needed)
- [ ] Changes to the version if needed
    - In `build.gradle`
- [ ] If added a new paid feature, edit the `getPaidFeatureStats` function in FeatureFlag.java file
- [ ] Had installed and ran the pre-commit hook
- [ ] If there are new dependencies that have been added in `build.gradle`, please make sure to add them
  in `implementationDependencies.json`.
- [ ] Update function `getValidFields` in `io/supertokens/config/CoreConfig.java` if new aliases were added for any core
  config (similar to the `access_token_signing_key_update_interval` config alias).
- [ ] Issue this PR against the latest non released version branch.
    - To know which one it is, run find the latest released tag (`git tag`) in the format `vX.Y.Z`, and then find the
      latest branch (`git branch --all`) whose `X.Y` is greater than the latest released tag.
    - If no such branch exists, then create one from the latest released branch.
- [ ] If added a foreign key constraint on `app_id_to_user_id` table, make sure to delete from this table when deleting
  the user as well if `deleteUserIdMappingToo` is false.
- [ ] If added a new recipe, then make sure to update the bulk import API to include the new recipe.

## Remaining TODOs for this PR

- [ ] Item1
- [ ] Item2

Author: porcellus

CHANGELOG.md

@@ -7,6 +7,10 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
 
+## [11.0.4]
+
+- Fixes user to roles association in bulk import users when the user is not a primary user
+
 ## [11.0.3]
 
 - Fixes BatchUpdateException checks and error handling to prevent bulk import users stuck in `PROCESSING` state

build.gradle

@@ -20,7 +20,7 @@ compileTestJava { options.encoding = "UTF-8" }
 //    }
 //}
 
-version = "11.0.3"
+version = "11.0.4"
 
 repositories {
     mavenCentral()

src/main/java/io/supertokens/bulkimport/BulkImport.java

@@ -687,7 +687,7 @@ private static Map<TenantIdentifier, Map<String, List<String>>> gatherRolesForUs
                             rolesToUserByTenant.put(tenantIdentifier, new HashMap<>());
                         }
                         String userIdToUse = user.externalUserId != null ?
-                                user.externalUserId : user.primaryUserId;
+                                user.externalUserId : user.id;
                         if(!rolesToUserByTenant.get(tenantIdentifier).containsKey(userIdToUse)){
                             rolesToUserByTenant.get(tenantIdentifier).put(userIdToUse, new ArrayList<>());
                         }

src/test/java/io/supertokens/test/bulkimport/apis/ImportUserTest.java

@@ -265,9 +265,71 @@ public void shouldImportSucceedWithoutAccountLinkingEnabled() throws Exception {
         }
 
         FeatureFlagTestContent.getInstance(main).setKeyValue(FeatureFlagTestContent.ENABLED_FEATURES,
-                new EE_FEATURES[] { EE_FEATURES.MULTI_TENANCY});
+                new EE_FEATURES[]{EE_FEATURES.MULTI_TENANCY});
+
+        BulkImportTestUtils.createTenants(process);
+
+        String userJsonStr = """
+                    {
+                    "externalUserId":"some-text-you-like",
+                    "userRoles":[
+                        {
+                            "role":"user",
+                                "tenantIds":[
+                                    "public",
+                                    "t1"
+                                ]
+                        }
+                     ],
+                        "loginMethods":[
+                            {
+                            "tenantIds":[
+                                "public",
+                                "t1"
+                            ],
+                                "isVerified":true,
+                                "isPrimary":false,
+                                "timeJoinedInMSSinceEpoch":1506523117518,
+                                "recipeId":"emailpassword",
+                                "email":"something0@testing.com",
+                                // passwordHash is randomly generated
+                                "passwordHash":"$argon2id$v=19$m=23298,t=5,p=12$+AlWgiuzC2vqlKrde9G0SG$PmpDeTU2e6ORbHwUMi7MOavS0M3sUJlc9rX/o+nnSxt",
+                                "hashingAlgorithm":"argon2"
+                            }
+                        ]
+                }""";
+
+        String user2JsonStr = """
+                    {
+                    "userRoles":[
+                        {
+                            "role":"user",
+                                "tenantIds":[
+                                    "public",
+                                    "t1"
+                                ]
+                        }
+                     ],
+                        "loginMethods":[
+                            {
+                            "tenantIds":[
+                                "public",
+                                "t1"
+                            ],
+                                "isVerified":true,
+                                "isPrimary":false,
+                                "timeJoinedInMSSinceEpoch":1506523117518,
+                                "recipeId":"emailpassword",
+                                "email":"something1@testing.com",
+                                // passwordHash is randomly generated
+                                "passwordHash":"$argon2id$v=19$m=23298,t=5,p=12$+AlWgiuzC2vqlKrde9G0SG$PmpDeTU2e6ORbHwUMi7MOavS0M3sUJlc9rX/o+nnSxt",
+                                "hashingAlgorithm":"argon2"
+                            }
+                        ]
+                }""";
+        // Create user roles
+        UserRoles.createNewRoleOrModifyItsPermissions(main, "user", null);
 
-        String userJsonStr = "{\"id\":\"random-id-lol\",\"loginMethods\":[{\"tenantIds\":[\"public\"],\"isVerified\":true,\"isPrimary\":false,\"timeJoinedInMSSinceEpoch\":1741077729471,\"recipeId\":\"emailpassword\",\"email\":\"test@sometestmail.com\",\"passwordHash\":\"$2a\",\"hashingAlgorithm\":\"BCRYPT\"}]}";
         JsonObject request = new Gson().fromJson(userJsonStr, JsonObject.class);
 
         JsonObject response = HttpRequestForTesting.sendJsonPOSTRequest(main, "",
@@ -277,6 +339,14 @@ public void shouldImportSucceedWithoutAccountLinkingEnabled() throws Exception {
         assertEquals("OK", response.get("status").getAsString());
         assertNotNull(response.get("user"));
 
+        request = new Gson().fromJson(user2JsonStr, JsonObject.class);
+        JsonObject response2 = HttpRequestForTesting.sendJsonPOSTRequest(main, "",
+                "http://localhost:3567/bulk-import/import",
+                request, 1000, 1000, null, Utils.getCdiVersionStringLatestForTests(), null);
+
+        assertEquals("OK", response2.get("status").getAsString());
+        assertNotNull(response2.get("user"));
+
         process.kill();
         Assert.assertNotNull(process.checkOrWaitForEvent(ProcessState.PROCESS_STATE.STOPPED));
     }