archtechx/tenancy
1
0
Fork 0
mirror of https://github.com/archtechx/tenancy.git synced 2025-12-12 09:54:03 +00:00
Code Activity

Central routes without Route::domain(), configurable tenant/central routes by default for domain/subdomain identification, allow accessing central routes in early identification for path & request data middleware (#3)

Browse source 
* Update url binding bootstrapper test

* Fix parent::temporarySignedRoute() call

* Add universal route tests for all identification types

* Improve determineContextFromRequest()

* Add setting `TenancyUrlGenerator::$prefixRouteNames` to true in TSP stub

* Delete seemingly redundant test (making one route universal won't make all routes universal in any case)

* Use collection syntax in ReregisterUniversalRoutes

* Improve comments

* Add domain identification MW annotation

* Update condition in GloballyUsable

* Set `tenancy.bootstrappers` instead of adding the bootstrappers using `tenancy.bootstrappers.x`, move test

* Revert GloballyUsable condition change

* Delete assigning bootstrappers to tenancy.bootstrappers.x

* Exclude cache prefixing bootstrapper from the initial configuration

* Fix test

* Unset bypass parameter

* Set static kernel identification-related properties in TestCase

* Update bootstrapper name in annotation

* Move unset() into a condition

* Update TenancyUrlGenerator condition

* Set static properties without instantiating Tenancy

* Fix unsetting bypass parameter

* formatting changes

* add a comment

* improve docblock

* add docblock to TenancyUrlGenerator [ci skip]

* docblock changes [ci skip]

* Update TenancyUrlGenerator (rename variable, allow bypassing prefixing temporarySignedRoute name)

* Improve determineContextFromRequest

* Only return the new url generator instance when extending 'url' in UrlBindingBootstrapper

* Check route's MW groups for the path ID MW

* Remove extra imports from config

* Rename MiddlewareContext to Context, add condition for skipping ID MW

* Set only the needed bootstrappers in TestCase

* Fix code style (php-cs-fixer)

* Remove condition

* Use correct return type

* Fix PHPStan issue

* Update comment

* Check for tenant parameter instead of prefix

* Update shouldBeSkipped condition for universal routes

* Don't remove the 'universal' MW group after route re-registration, update test

* Fix code style (php-cs-fixer)

* Fix typo

* Add test for mixing placement of access prevention and identification MW

* Add test for mixing placement of access prevention and identification MW

* Update docblock

* Add setting the session and key resolvers in UrlBindingBootstrapper (required with LW file uploads)

* Update stub

* Update variable name in route reregistering action

* Add trailing comma

* Fix code style (php-cs-fixer)

* Require routes using path identification to be flagged as tenant in order to be recognized as tenant routes

* Add tenant flag while re-registering routes

* Update determineContextFromRequest condition (wip)

* Fix code style (php-cs-fixer)

* Update the middleware context logic so that universal routes have to be flagged as tenant instead of just having ID MW

* Update path identification condition

* Fix re-registering the LW localized route (add 'tenant' MW)

* Update docblock

* Simplify LW route re-registration

* Add comment

* Update comment

* Simplify determineContextFromRequest, add comment

* Improve stub

* Add skipRoute method + test

* Fix typo

* Update assets/TenancyServiceProvider.stub.php

* Update src/Concerns/DealsWithEarlyIdentification.php

* Fix typo

Co-authored-by: Samuel Štancl <samuel.stancl@gmail.com>

* Improve comment

* Update test structure

* Restructure Fortify test

* code style

* Fix typo

* Update ReregisterUniversalRoutes annotation

* Only prefix route  name if it wasn't already prefixed

* Add todo@docs

* Delete `Tenancy::$kernelAccessPreventionSkipped` and related logic

* Delete test tenant cleanup

* Test MW group unpacking, restructure and improve test

* Test that tenancy isn't initialized after visiting a central route with the tenant parameter

* Delete "in both central and tenant contexts" from test names

* Test that re-registering works with controllers too

* Set misc route properties during re-registering

* Determine context instead of guessing, update universal route tests

* Use randomly generated tenant ID instead of hardcoding `acme`

* Remove setting route validators

* Rename and update determine context method, add comments

* Update ForgetTenantParameter annotation

* Add comment

* Delete comment, delete variable assignment

* Update early domain identification test

* Improve domain identification tests (test defaulting accurately)

* Improve readability

* Simplify domain early ID test

* Use randomly generated tenant instead of 'acme'

* Simplify request data ID test, use random tenant instead of 'acme'

* Simplify defaulting domain identification test

* Use RouteFacade alias for the Route facade, improve test code

* Add defaulting to the request data and path ID tests

* Merge path identification tenant parameter removal tests, clean up

* Correct wording

Co-authored-by: Samuel Štancl <samuel.stancl@gmail.com>

* Delete debugging things from UniversalRouteTest

* Update annotation

* Add `// Creates a matrix`

* Improve comment wording

* Add MiddlewareUsableWithUniversalRoutes, refactor code accordingly

* Fix code style (php-cs-fixer)

* Delete debugging leftovers

* Delete unused import

* Update universal route GloballyUsable condition

* Don't implement the universal route interface in access prevention MW

* Check if request host is in the central domains in domain ID MW

* Test universal routes with domain identification without access prevent MW

* Test that universal routes work only with identification MW implementing the universal route interface

* Fix code style (php-cs-fixer)

* Rename GloballyUsable to UsableWithEarlyIdentification

* Fix annotation

* Update requestHasTenant annotations

* Update comment

* Add `with()` comments

* Add with() comments where missing

* Rename interface, update/add comments

* Rename exception, update its default message

* Fix code style (php-cs-fixer)

* Fix interface name

* Delete redundant code from subdomain ID MW

* Change domainOrSubdomain ID MW so that instead of passing the identification to other MWs, it happens in the domainOrSubdomain MW

* Test domainOrSubdomain identification with universal routes

* Fix code style (php-cs-fixer)

* Rename universal routes interface

* Fix code style (php-cs-fixer)

* Try explaining forgetting the tenant parameter better

* update interface name reference

* uncouple example from query parameters

* Update ForgetTenantParameter.php

* Update ForgetTenantParameter annotation

* Check both routeHasMiddleware and routeHasIdentificationMiddleware in the route MW detection test

* Hardcode tenant subdomain

* Delete redundant event listening code

* Delete unused imports

* Delete misuse of `tenancy()->getMiddlewareContext()` from conditions

* Delete unused variable

* Update comment

* Correct request data identification test (defaulting)

* Fix defaulting in path id test

* Move default route context configuration in domian id test

* Rename and update the tenant parameter test

* Delete extra tenant parameter test

* Use `tenant-domain.test` instead of `127.0.0.2`

* Add `default_to_universal_routes` config key

* Deal with defaulting to universal routes in the reregistering action

* Update logic to make defaulting to universal routes possible

* Test defaulting to universal routes

* Fix code style (php-cs-fixer)

* Delete extra tests

* Delete "without access prevention" from datasets

* Add defaulting to universal routes to datasets

* Override universal flag by central/tenant flag

* Add universal flag overriding test

* Update "a route can be universal in both route modes" so that the name corresponds with the tested thing

* Ignore the PHPStan error

* Reset `InitializeTenancyByPath::$onFail` in PathIdentificationTest

* Simplify expression

* Use 'Tenancy (not) initialized.' in instead of `tenant()?->getTenantKey()` for better assertions

* Properly test removing tenant parameter

* Reset static properties in tests

* Correct comments in EarlyIdentificationTest

* Add comment

* Add detail to annotation

* Throw exception if payload isn't string or null in request data ID MW

* Fix code style (php-cs-fixer)

* Delete static `$kernelIdentificationSkipped` property, use `$request->attributes` instead

* Use 'default_route_mode' instead of 'default_to_tenant/universal_routes'

* Fix code style (php-cs-fixer)

* Make path identification MW, tenantParameterName and tenantRouteNamePrefix configurable in ReregisterUniversalRoutes

* Delete unused import

* Add `$passTenantParameterToRoute` to TenancyUrlGenerator

* Use `$passTenantParameterToRoute` in BootstrapperTest

* Bypass tenant parameter passing

* Improve TenancyUrlGenerator so that both ID methods work

* Fix code style (php-cs-fixer)

* Improve TenancyUrlGenerator readability

* Add modifyBehavior() to TenancyUrlGenerator

* Fix code style (php-cs-fixer)

* Improve comment

* Toggle route name prefixing in path/request data ID MW (route-level identification)

* Fix code style (php-cs-fixer)

* Add path identification MW config key, add `getTenantParameterName()` to ForgetTenantParameter

* Fix code style (php-cs-fixer)

* Fix modifyBehavior and routeBehaviorModificationBypassed

* Add type to `$parameters` parameter

* Split modifyBehavior into two methods, don't pass name and parameters by reference

* Update UrlBindingBootstrapper annotation

* Correct naming in tests (request data -> query string identification)

* Add info to annotation

* Pass arrays to the behavior modification methods instead of `mixed`

* Fix default value of static property in Fortify bootstrapper

* Fix code style (php-cs-fixer)

* Correct annotation

* Enable prefixing routes directly using path identification MW

* Test re-registration of routes with path ID MW

* Prefix names of routes directly using path ID MW

* Fix code style (php-cs-fixer)

* Add Livewire v3 integration example to TSP stub

* Prefix route name only if it's not prefixed already

* Rename ReregisterUniversalRoutes to ReregisterRoutesAsTenant

* Fix code style (php-cs-fixer)

* Improve ReregisterRoutesAsTenant

* Add/update TenancyUrlGenerator docblocks

* Update action name in comments/test names

* Update reregister action annotation

* Delete unused imports

* Improve comments

* Make method protected

* Improve TenancyUrlGenerator code

* Test bypass parameter removal

* Fix comment

* Update annotation

* Improve shouldReregisterRoute

* Fix typo, delete redundant comment

* Improve skipRoute

* Improve shouldBeSkipped

* Add and test `$passTenantParameterToRoutes`

* add a comment

* Fix typo in comment

* Pass array as $parameters in prepareRouteInputs

* Make path_identification_middleware an array

* Fix code style (php-cs-fixer)

* Fix ReregisterRouteAsTenant

* Move tenantParameterName and tenantRouteNamePrefix getting to PathIdentificationManager

* Make PathIdentificationManager properties `Closure|null`

* Fix code style (php-cs-fixer)

* Fix PathIdentificationManager

* Update comments

* Use foreach for dataset definition

* Extract repetitive inGlobalStack and routeHasMiddleware calls

* Refactor PathIdentificationManager

* Update TenancyUrlGenerator annotation

* Add $skippedRoutes, refactor ReregisterRoutesAsTenant

* Improve reregisterRoute

* Update re-register action annotation

* update test name

* Make PathIdentificationManager methods static again, update comments

* Add test comment

* Update ForgetTenantParameter annotation

* Improve route re-registration condition, add comment

* Change "re-register" to "clone"

* minor code improvements

---------

Co-authored-by: lukinovec <lukinovec@gmail.com>
Co-authored-by: Samuel Štancl <samuel.stancl@gmail.com>
Co-authored-by: PHP CS Fixer <phpcsfixer@example.com>
This commit is contained in:
Abrar Ahmad 2023-08-03 03:23:26 +05:00 committed by GitHub
parent bd9bbe8b41
commit 1d0ca27bc8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
53 changed files with 2668 additions and 271 deletions
Download patch file Download diff file Expand all files Collapse all files

235
tests/PreventAccessFromUnwantedDomainsTest.php Normal file
View file

@ -0,0 +1,235 @@
<?php
declare(strict_types=1);
use Stancl\Tenancy\RouteMode;
use Illuminate\Contracts\Http\Kernel;
use Illuminate\Support\Facades\Route;
use Stancl\Tenancy\Middleware\InitializeTenancyByDomain;
use Stancl\Tenancy\Middleware\InitializeTenancyBySubdomain;
use Stancl\Tenancy\Middleware\PreventAccessFromUnwantedDomains;
use Stancl\Tenancy\Middleware\InitializeTenancyByDomainOrSubdomain;
use Stancl\Tenancy\Tests\Etc\EarlyIdentification\ControllerWithMiddleware;
test('correct routes are accessible in route-level identification', function (RouteMode $defaultRouteMode) {
config()->set([
'tenancy.default_route_mode' => $defaultRouteMode,
]);
if ($defaultRouteMode === RouteMode::TENANT) {
// Apply `central` middleware to central routes if routes default to `tenant`
$centralMiddleware = ['central', PreventAccessFromUnwantedDomains::class];
$tenantMiddleware = [PreventAccessFromUnwantedDomains::class, InitializeTenancyByDomain::class];
} else {
// Apply `tenant` middleware to `tenant` routes if routes default to `central`
$centralMiddleware = [PreventAccessFromUnwantedDomains::class];
$tenantMiddleware = ['tenant', PreventAccessFromUnwantedDomains::class, InitializeTenancyByDomain::class];
}
// Central route
Route::get('central-route', function () {
return 'central-route';
})->middleware($centralMiddleware);
// Tenant route
Route::get('tenant-route', function () {
return 'tenant-route';
})->middleware($tenantMiddleware);
$tenant = Tenant::create();
$tenant->domains()->create([
'domain' => 'foo.localhost',
]);
// Accessing tenant routes on central domains and vice versa is not allowed
pest()->get('http://localhost/tenant-route')->assertNotFound();
pest()->get('http://foo.localhost/central-route')->assertNotFound();
// Accessing central routes from central domains and vice versa is allowed
pest()->get('http://localhost/central-route')->assertOk();
pest()->get('http://foo.localhost/tenant-route')->assertOk();
})->with([
'default to tenant routes' => RouteMode::TENANT,
'default to central routes' => RouteMode::CENTRAL,
]);
test('correct routes are accessible in kernel identification', function (RouteMode $defaultRouteMode) {
// Defaulting to tenant routes only works when using identification middleware globally
app(Kernel::class)->pushMiddleware(PreventAccessFromUnwantedDomains::class);
app(Kernel::class)->pushMiddleware(InitializeTenancyByDomain::class);
config()->set([
'tenancy.default_route_mode' => $defaultRouteMode,
]);
$defaultToTenantRoutes = $defaultRouteMode === RouteMode::TENANT;
// Test that if we're defaulting to a route mode, we don't have to specify the mode middleware ('tenant'/'central') explicitly
if ($defaultToTenantRoutes) {
// Apply `central` middleware to central routes if routes default to tenant context
$centralMiddleware = ['central'];
$tenantMiddleware = [];
} else {
// Apply `tenant` middleware to tenant routes if routes default to `central`
$centralMiddleware = [];
$tenantMiddleware = ['tenant'];
}
// Central route
Route::get('central-route', function () {
return 'central-route';
})->middleware($centralMiddleware);
// Tenant route
Route::get('tenant-route', function () {
return 'tenant-route';
})->middleware($tenantMiddleware);
// Route without the mode middleware
Route::get('package-route', function () {
return 'package-route';
});
$tenant = Tenant::create();
$tenant->domains()->create([
'domain' => 'foo.localhost',
]);
// Central route on central domain is accessible
pest()->get('http://localhost/central-route')->assertOk();
expect(tenancy()->initialized)->toBeFalse();
// Central route on tenant domain is not accessible
pest()->get('http://foo.localhost/central-route')->assertNotFound();
expect(tenancy()->initialized)->toBeFalse();
// Tenant route on tenant domain is accessible
pest()->get('http://foo.localhost/tenant-route')->assertOk();
expect(tenancy()->initialized)->toBeTrue();
tenancy()->end();
// Tenant route on central domain is not accessible
pest()->get('http://localhost/tenant-route')->assertNotFound();
expect(tenancy()->initialized)->toBeFalse();
if ($defaultToTenantRoutes) {
// Routes default to tenant package route is accessible from `tenant` domains
pest()->get('http://foo.localhost/package-route')->assertOk();
expect(tenancy()->initialized)->toBeTrue();
tenancy()->end();
// Package route isn't accessible from `central` domains
pest()->get('http://localhost/package-route')->assertNotFound();
} else {
// Routes default to central package route is accessible from `central` domains
pest()->get('http://localhost/package-route')->assertOk();
expect(tenancy()->initialized)->toBeFalse();
// Package route isn't accessible from `tenant` domains
pest()->get('http://foo.localhost/package-route')->assertNotFound();
}
})->with([
'default to tenant routes' => RouteMode::TENANT,
'default to central routes' => RouteMode::CENTRAL,
]);
test('kernel PreventAccessFromUnwantedDomains does not get skipped when route level domain identification is used', function (string $domainIdentificationMiddleware, string $domain) {
// With route-level *domain identification* MW (without PreventAccessFromUnwantedDomains)
// PreventAccessFromUnwantedDomains shouldn't be skipped
config([
'tenancy.test_service_token' => 'token:central',
]);
app(Kernel::class)->pushMiddleware(PreventAccessFromUnwantedDomains::class);
Route::middlewareGroup('tenant', [$domainIdentificationMiddleware]);
Route::get('tenant-route', [ControllerWithMiddleware::class, 'index'])->middleware('tenant')->name('tenant-route');
Route::get('central-route', [ControllerWithMiddleware::class, 'index'])->middleware('central')->name('central-route');
$tenant = Tenant::create();
$tenant->domains()->create([
'domain' => $domain,
]);
if ($domain === 'foo') {
$domain = 'foo.localhost';
}
// Tenant route is not accessible on central domain
pest()->get('http://localhost/tenant-route')->assertNotFound();
expect(tenancy()->initialized)->toBeFalse();
// Central route is not accessible on tenant domain
pest()->get("http://$domain/central-route")->assertNotFound();
expect(tenancy()->initialized)->toBeFalse();
// Tenant route is accessible on tenant domain
pest()->get("http://$domain/tenant-route")->assertOk();
expect(tenancy()->initialized)->toBeTrue();
tenancy()->end();
// Central route is accessible on central domain
pest()->get('http://localhost/central-route')->assertOk();
expect(tenancy()->initialized)->toBeFalse();
})->with([
'domain identification mw' => [InitializeTenancyByDomain::class, 'foo.test'],
'subdomain identification mw' => [InitializeTenancyBySubdomain::class, 'foo'],
'domainOrSubdomain identification mw using domain' => [InitializeTenancyByDomainOrSubdomain::class, 'foo.test'],
'domainOrSubdomain identification mw using subdomain' => [InitializeTenancyByDomainOrSubdomain::class, 'foo'],
]);
test('placement of domain identification and access prevention middleware can get mixed', function (
array $globalMiddleware,
array $routeMiddleware,
array $centralRouteMiddleware
) {
config([
'tenancy.test_service_token' => 'token:central',
]);
foreach ($globalMiddleware as $middleware) {
app(Kernel::class)->pushMiddleware($middleware);
}
// Make sure the central route has the prevention MW
// If it isn't used globally and it's not passed in $centralRouteMiddleware
if (! in_array(PreventAccessFromUnwantedDomains::class, array_merge($centralRouteMiddleware, $globalMiddleware))) {
$centralRouteMiddleware[] = PreventAccessFromUnwantedDomains::class;
}
$tenant = Tenant::create();
$subdomain = $tenant->domains()->create(['domain' => 'foo'])->domain;
Route::get('tenant-route', fn () => 'tenant route')->middleware(['tenant', ...$routeMiddleware]);
Route::get('central-route', fn () => 'central route')->middleware($centralRouteMiddleware);
pest()->get("http://$subdomain.localhost/tenant-route")->assertOk();
expect(tenancy()->initialized)->toBeTrue();
tenancy()->end();
pest()->get("http://$subdomain.localhost/central-route")->assertNotFound();
pest()->get("http://localhost/tenant-route")->assertNotFound();
pest()->get("http://localhost/central-route")->assertOk();
expect(tenancy()->initialized)->toBeFalse();
})->with([
'kernel identification, route-level access prevention' => [
'global_middleware' => [InitializeTenancyBySubdomain::class],
'route_middleware' => [PreventAccessFromUnwantedDomains::class],
],
'route-level identification, kernel access prevention' => [
'global_middleware' => [PreventAccessFromUnwantedDomains::class],
'route_middleware' => [InitializeTenancyBySubdomain::class],
],
'kernel identification, kernel access prevention' => [
'global_middleware' => [PreventAccessFromUnwantedDomains::class, InitializeTenancyBySubdomain::class],
'route_middleware' => [],
],
'route-level identification, route-level access prevention' => [
'global_middleware' => [],
'route_middleware' => [PreventAccessFromUnwantedDomains::class, InitializeTenancyBySubdomain::class],
],
// Creates a matrix (multiple with())
])->with([
'central route middleware' => [['central']],
'central route middleware with access prevention' => [['central', PreventAccessFromUnwantedDomains::class]],
]);