archtechx/tenancy
1
0
Fork 0
mirror of https://github.com/archtechx/tenancy.git synced 2026-06-21 08:24:04 +00:00
Code Activity

Merge 0d177c7e9b into 652bc987ce

Browse source
This commit is contained in:
lukinovec 2026-06-12 13:34:52 +00:00 committed by GitHub
commit 02e5d7cd7c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
16 changed files with 697 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

35
tests/Bootstrappers/DatabaseTenancyBootstrapper.php
View file

@ -1,35 +0,0 @@
<?php
use Illuminate\Support\Facades\Event;
use Stancl\Tenancy\Bootstrappers\DatabaseTenancyBootstrapper;
use Stancl\Tenancy\Events\TenancyEnded;
use Stancl\Tenancy\Events\TenancyInitialized;
use Stancl\Tenancy\Listeners\BootstrapTenancy;
use Stancl\Tenancy\Listeners\RevertToCentralContext;
use Stancl\Tenancy\Tests\Etc\Tenant;
use function Stancl\Tenancy\Tests\pest;
beforeEach(function () {
Event::listen(TenancyInitialized::class, BootstrapTenancy::class);
Event::listen(TenancyEnded::class, RevertToCentralContext::class);
});
test('database tenancy bootstrapper throws an exception if DATABASE_URL is set', function (string|null $databaseUrl) {
if ($databaseUrl) {
config(['database.connections.central.url' => $databaseUrl]);
pest()->expectException(Exception::class);
}
config(['tenancy.bootstrappers' => [DatabaseTenancyBootstrapper::class]]);
$tenant1 = Tenant::create();
pest()->artisan('tenants:migrate');
tenancy()->initialize($tenant1);
expect(true)->toBe(true);
})->with(['abc.us-east-1.rds.amazonaws.com', null]);

164
tests/Bootstrappers/DatabaseTenancyBootstrapperTest.php Normal file
View file

@ -0,0 +1,164 @@
<?php
use Illuminate\Support\Facades\Event;
use Stancl\JobPipeline\JobPipeline;
use Stancl\Tenancy\Bootstrappers\DatabaseTenancyBootstrapper;
use Stancl\Tenancy\Events\TenancyEnded;
use Stancl\Tenancy\Events\TenancyInitialized;
use Stancl\Tenancy\Jobs\CreateDatabase;
use Stancl\Tenancy\Events\TenantCreated;
use Stancl\Tenancy\Listeners\BootstrapTenancy;
use Stancl\Tenancy\Listeners\RevertToCentralContext;
use Stancl\Tenancy\Tests\Etc\Tenant;
use Illuminate\Support\Str;
use Illuminate\Support\Facades\DB;
use Illuminate\Database\QueryException;
use Stancl\Tenancy\Database\TenantDatabaseManagers\MySQLDatabaseManager;
use Stancl\Tenancy\Database\TenantDatabaseManagers\SQLiteDatabaseManager;
use Stancl\Tenancy\Database\TenantDatabaseManagers\PostgreSQLDatabaseManager;
use Stancl\Tenancy\Database\TenantDatabaseManagers\PostgreSQLSchemaManager;
use function Stancl\Tenancy\Tests\pest;
$cleanup = function () {
DatabaseTenancyBootstrapper::$harden = false;
};
beforeEach(function () use ($cleanup) {
Event::listen(TenancyInitialized::class, BootstrapTenancy::class);
Event::listen(TenancyEnded::class, RevertToCentralContext::class);
$cleanup();
});
afterEach($cleanup);
test('harden prevents tenants from using the central database', function (bool $harden, string $connection, string $manager) {
config([
'tenancy.bootstrappers' => [DatabaseTenancyBootstrapper::class],
"tenancy.database.managers.{$connection}" => $manager,
]);
// Point the central connection at the tested connection's config and migrate it
// (so that the central database/schema contains the tenants table).
$centralConnection = config('tenancy.database.central_connection');
$centralConfig = config("database.connections.{$connection}");
if ($connection === 'sqlite') {
$centralConfig['database'] = database_path($sqliteCentralDb = 'central.sqlite');
}
DB::purge($centralConnection);
config(["database.connections.{$centralConnection}" => $centralConfig]);
pest()->artisan('migrate:fresh', [
'--force' => true,
'--path' => __DIR__ . '/../../assets/migrations',
'--realpath' => true,
]);
DatabaseTenancyBootstrapper::$harden = $harden;
Event::listen(TenantCreated::class, JobPipeline::make([CreateDatabase::class])->send(function (TenantCreated $event) {
return $event->tenant;
})->toListener());
// Create the tenant with its own database, then repoint it at the central database/schema
// (which contains the tenants table that the hardening check looks for).
$tenant = Tenant::create(['tenancy_db_connection' => $connection]);
$central = DB::connection($centralConnection);
$centralName = match (true) {
$manager === PostgreSQLSchemaManager::class => $central->selectOne('SELECT current_schema() AS schema')->schema, // Central schema name
$connection === 'sqlite' => $sqliteCentralDb, // Central SQLite DB name
default => $central->getDatabaseName(), // Central DB name
};
$tenant->update(['tenancy_db_name' => $centralName]);
if ($harden) {
// Harden blocks initialization for tenants that use the central database
expect(fn () => tenancy()->initialize($tenant))->toThrow(RuntimeException::class);
// Connection should be reverted back to central
expect(DB::connection()->getName())->toBe($centralConnection);
} else {
expect(fn () => tenancy()->initialize($tenant))->not()->toThrow(Throwable::class);
// Connection not reverted to central
expect(DB::connection()->getName())->toBe('tenant');
}
})->with([
'hardening enabled' => true,
'hardening disabled' => false,
])->with('db_managers');
test('harden prevents tenants from using a database of another tenant', function (bool $harden, string $connection, string $manager) {
config([
'tenancy.bootstrappers' => [DatabaseTenancyBootstrapper::class],
"tenancy.database.managers.{$connection}" => $manager,
]);
DatabaseTenancyBootstrapper::$harden = $harden;
Event::listen(TenantCreated::class, JobPipeline::make([CreateDatabase::class])->send(function (TenantCreated $event) {
return $event->tenant;
})->toListener());
$tenant = Tenant::create(['tenancy_db_connection' => $connection]);
$dbName = Str::random(8) . ($connection === 'sqlite' ? '.sqlite' : '');
Tenant::create(['tenancy_db_name' => $dbName, 'tenancy_db_connection' => $connection]);
$tenant->update(['tenancy_db_name' => $dbName]);
if ($harden) {
// Harden blocks initialization for tenants that use a database of another tenant
expect(fn () => tenancy()->initialize($tenant))->toThrow(RuntimeException::class);
// Connection should be reverted back to central
expect(DB::connection()->getName())->toBe('central');
} else {
expect(fn() => tenancy()->initialize($tenant))->not()->toThrow(Throwable::class);
// Connection not reverted to central
expect(DB::connection()->getName())->toBe('tenant');
}
})->with([
'hardening enabled' => true,
'hardening disabled' => false,
])->with('db_managers');
test('database tenancy bootstrapper throws an exception if DATABASE_URL is set', function (string|null $databaseUrl) {
config(['database.connections.central.url' => $databaseUrl]);
config(['tenancy.bootstrappers' => [DatabaseTenancyBootstrapper::class]]);
Event::listen(TenantCreated::class, JobPipeline::make([CreateDatabase::class])->send(function (TenantCreated $event) {
return $event->tenant;
})->toListener());
if ($databaseUrl) {
expect(fn() => Tenant::create())->toThrow(QueryException::class);
} else {
expect(function() {
$tenant1 = Tenant::create();
pest()->artisan('tenants:migrate');
tenancy()->initialize($tenant1);
})->not()->toThrow(Throwable::class);
}
})->with(['abc.us-east-1.rds.amazonaws.com', null]);
// Database managers to test with hardening.
// Permission controlled managers omitted as they inherit the non-perm controlled managers (= they share the same code paths),
// each important code path is covered by testing the non-permission controlled manager, so adding permission controlled managers
// would add unnecessary complexity to the tests.
dataset('db_managers', [
'mysql' => ['mysql', MySQLDatabaseManager::class],
'pgsql (database)' => ['pgsql', PostgreSQLDatabaseManager::class],
'pgsql (schema)' => ['pgsql', PostgreSQLSchemaManager::class],
'sqlite' => ['sqlite', SQLiteDatabaseManager::class],
]);

236
tests/TenantDatabaseManagerTest.php
View file

@ -17,6 +17,7 @@ use Stancl\Tenancy\Events\TenancyInitialized;
use Stancl\Tenancy\Listeners\BootstrapTenancy;
use Stancl\Tenancy\Listeners\RevertToCentralContext;
use Stancl\Tenancy\Bootstrappers\DatabaseTenancyBootstrapper;
use Stancl\Tenancy\Database\Contracts\ManagesDatabaseUsers;
use Stancl\Tenancy\Database\Contracts\StatefulTenantDatabaseManager;
use Stancl\Tenancy\Database\TenantDatabaseManagers\MySQLDatabaseManager;
use Stancl\Tenancy\Database\TenantDatabaseManagers\SQLiteDatabaseManager;
@ -36,6 +37,10 @@ beforeEach(function () {
SQLiteDatabaseManager::$path = null;
});
afterEach(function () {
SQLiteDatabaseManager::$path = null;
});
test('databases can be created and deleted', function ($driver, $databaseManager) {
Event::listen(TenantCreated::class, JobPipeline::make([CreateDatabase::class])->send(function (TenantCreated $event) {
return $event->tenant;
@ -539,6 +544,237 @@ test('partial tenant connection templates get merged into the central connection
expect($manager->connection()->getConfig('url'))->toBeNull();
});
test('database managers validate parameters used in raw sql statements', function ($driver, $databaseManager) {
config()->set([
"tenancy.database.template_tenant_connection" => $driver,
]);
$manager = app($databaseManager);
if ($manager instanceof StatefulTenantDatabaseManager) {
$manager->setConnection($driver);
}
$invalidDatabaseName = "\"database_with_quotes\"";
if (! ($manager instanceof ManagesDatabaseUsers)) {
// Only test createDatabase() and deleteDatabase() with non-permission controlled managers here
// since permission controlled managers override these methods to e.g. delete users before
// calling parent::deleteDatabase(), and with invalid DB name, the user deletion will already
// fail before we even get to actual deleteDatabase() logic.
$tenant = Tenant::make([
'tenancy_db_name' => $invalidDatabaseName,
]);
expect(fn () => $manager->createDatabase($tenant))
->toThrow(InvalidArgumentException::class, 'Forbidden character');
expect(fn () => $manager->deleteDatabase($tenant))
->toThrow(InvalidArgumentException::class, 'Forbidden character');
} else {
// Invalid username, createUser() and deleteUser() should
// throw an invalid argument exception.
$tenantWithInvalidUsername = Tenant::make([
'tenancy_db_name' => 'valid_database_name890',
'tenancy_db_username' => "username with spaces",
]);
expect(fn () => $manager->createUser($tenantWithInvalidUsername->database()))
->toThrow(InvalidArgumentException::class, 'Forbidden character');
expect(fn () => $manager->deleteUser($tenantWithInvalidUsername->database()))
->toThrow(InvalidArgumentException::class, 'Forbidden character');
// Invalid database name, createUser() should throw
// an invalid argument exception. deleteUser() doesn't
// validate the DB name (it only validates the username).
$tenantWithInvalidDatabase = Tenant::make([
'tenancy_db_name' => $invalidDatabaseName,
'tenancy_db_username' => 'valid_USERNAME',
'tenancy_db_password' => 'valid_password',
]);
expect(fn () => $manager->createUser($tenantWithInvalidDatabase->database()))
->toThrow(InvalidArgumentException::class, 'Forbidden character');
$tenantWithInvalidPassword = Tenant::make([
'tenancy_db_name' => 'valid_database_name890',
'tenancy_db_username' => 'valid_USERNAME',
'tenancy_db_password' => "p'ssword",
]);
expect(fn () => $manager->createUser($tenantWithInvalidPassword->database()))
->toThrow(InvalidArgumentException::class, 'Forbidden character');
// Special characters are allowed in passwords
$tenantWithValidPassword = Tenant::make([
'tenancy_db_name' => 'valid_database_name890' . Str::random(8),
'tenancy_db_username' => 'valid_USERNAME' . Str::random(8),
'tenancy_db_password' => "]pa$$ ;word",
]);
expect(fn () => $manager->createUser($tenantWithValidPassword->database()))
->not()->toThrow(InvalidArgumentException::class, 'Forbidden character');
$tenantWithNullCredentials = Tenant::make([
'tenancy_db_name' => 'valid_db_name',
'tenancy_db_username' => null,
'tenancy_db_password' => null,
]);
expect(fn () => $manager->createUser($tenantWithNullCredentials->database()))
->toThrow(InvalidArgumentException::class, 'Parameter cannot be null.');
}
})->with('database_managers');
test('mysql database manager validates charset and collation correctly', function (string $param) {
$manager = app(MySQLDatabaseManager::class);
$manager->setConnection('mysql');
// using a non-string value (empty array) which is invalid
config(["database.connections.mysql.$param" => []]);
DB::purge('mysql');
$tenant = Tenant::make([
'tenancy_db_name' => 'valid_db_name',
]);
expect(fn () => $manager->createDatabase($tenant))
->toThrow(InvalidArgumentException::class, 'Parameter has to be a string.');
})->with(['charset', 'collation']);
test('sqlite database manager validates database names correctly', function () {
$manager = app(SQLiteDatabaseManager::class);
// Dots are allowed in database names
expect(fn () => $manager->databaseExists('valid-db_name.sqlite'))
->not()->toThrow(InvalidArgumentException::class);
// Directory names are considered invalid input for database names
expect(fn () => $manager->databaseExists('..'))
->toThrow(InvalidArgumentException::class);
// Empty strings are considered invalid input for database names
expect(fn () => $manager->databaseExists(''))
->toThrow(InvalidArgumentException::class);
});
test('sqlite database manager recognizes inmemory databases correctly', function () {
$manager = app(SQLiteDatabaseManager::class);
expect($manager->isInMemory('file:_tenancy_inmemory_123?mode=memory&cache=shared'))->toBeTrue();
expect($manager->isInMemory(':memory:'))->toBeTrue();
// Missing the '?mode=memory&cache=shared' suffix
expect($manager->isInMemory('file:_tenancy_inmemory_456'))->toBeFalse();
// Doesn't start with 'file:_tenancy_inmemory_'
expect($manager->isInMemory('_tenancy_inmemory_123?mode=memory&cache=shared'))->toBeFalse();
// In-memory DB name is validated correctly in makeConnectionConfig()
expect(fn () => $manager->makeConnectionConfig([], 'file:_tenancy_inmemory_12"3?mode=memory&cache=shared'))
->toThrow(InvalidArgumentException::class, 'Forbidden character');
expect(fn () => $manager->makeConnectionConfig([], 'file:_tenancy_inmemory_123?mode=memory&cache=shared'))
->not()->toThrow(InvalidArgumentException::class);
expect(fn () => $manager->makeConnectionConfig([], ':memory:'))
->not()->toThrow(InvalidArgumentException::class);
});
test('sqlite database manager respects the configured path while making the database config', function () {
config()->set([
'tenancy.database.template_tenant_connection' => 'sqlite',
]);
$tenant = Tenant::make([
'tenancy_db_name' => 'tenant.sqlite',
]);
// SQLiteDatabaseManager::$path is null, the database path is built using database_path()
expect($tenant->database()->connection()['database'])->toBe(database_path('tenant.sqlite'));
SQLiteDatabaseManager::$path = '/custom/path/';
expect($tenant->database()->connection()['database'])->toBe('/custom/path/tenant.sqlite');
});
test('newly created tenant databases use the correct charset and collation with mysql', function () {
config([
'tenancy.bootstrappers' => [DatabaseTenancyBootstrapper::class],
'database.connections.mysql.charset' => 'utf8mb4',
'database.connections.mysql.collation' => 'utf8mb4_unicode_ci',
]);
Event::listen(TenantCreated::class, JobPipeline::make([CreateDatabase::class])->send(function (TenantCreated $event) {
return $event->tenant;
})->toListener());
withBootstrapping();
$serverDefaultCharset = DB::selectOne('SELECT @@character_set_server AS charset')->charset;
$serverDefaultCollation = DB::selectOne('SELECT @@collation_server AS collation')->collation;
$databaseCharset = fn () => DB::selectOne('SELECT DEFAULT_CHARACTER_SET_NAME FROM information_schema.SCHEMATA WHERE SCHEMA_NAME = DATABASE()')->DEFAULT_CHARACTER_SET_NAME;
$databaseCollation = fn () => DB::selectOne('SELECT DEFAULT_COLLATION_NAME FROM information_schema.SCHEMATA WHERE SCHEMA_NAME = DATABASE()')->DEFAULT_COLLATION_NAME;
$defaultTenant = Tenant::create();
tenancy()->initialize($defaultTenant);
// No charset or collation specified,
// defaults from the MySQL config used.
expect($databaseCharset())->toBe('utf8mb4');
expect($databaseCollation())->toBe('utf8mb4_unicode_ci');
$tenantWithCharsetAndCollation = Tenant::create([
'tenancy_db_charset' => 'latin1',
'tenancy_db_collation' => 'latin1_swedish_ci',
]);
tenancy()->initialize($tenantWithCharsetAndCollation);
// Custom charset and collation from tenant config
expect($databaseCharset())->toBe('latin1');
expect($databaseCollation())->toBe('latin1_swedish_ci');
$tenantWithNullCharsetAndCollation = Tenant::create([
'tenancy_db_charset' => null,
'tenancy_db_collation' => null,
]);
tenancy()->initialize($tenantWithNullCharsetAndCollation);
// Default MySQL server charset and collation
// (e.g. charset = utf8mb4, collation = utf8mb4_0900_ai_ci)
expect($databaseCharset())->toBe($serverDefaultCharset);
expect($databaseCollation())->toBe($serverDefaultCollation);
$tenantWithCharsetAndNullCollation = Tenant::create([
'tenancy_db_charset' => 'binary',
'tenancy_db_collation' => null,
]);
tenancy()->initialize($tenantWithCharsetAndNullCollation);
// Charset specified, collation is null,
// MySQL will choose a default collation for the specified charset.
expect($databaseCharset())->toBe('binary');
expect($databaseCollation())->toBe('binary');
// Collation specified, charset is null,
// MySQL will choose a default charset for the specified collation.
$tenantWithCollationAndNullCharset = Tenant::create([
'tenancy_db_charset' => null,
'tenancy_db_collation' => 'latin1_swedish_ci',
]);
tenancy()->initialize($tenantWithCollationAndNullCharset);
expect($databaseCharset())->toBe('latin1');
expect($databaseCollation())->toBe('latin1_swedish_ci');
});
// Datasets
dataset('database_managers', [
['mysql', MySQLDatabaseManager::class],