From e31249dd097b8b3b526808c378fbc5db1bc941fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Samuel=20=C5=A0tancl?= <samuel@archte.ch>
Date: Mon, 13 Apr 2026 23:57:59 +0200
Subject: [PATCH 1/2] Prevent mkdir() race conditions in
 FilesystemTenancyBootstrapper (#1453)

This prevents race conditions that may occur if there are two concurrent
processes trying to create the storage path for the tenant. The
storagePath() method runs during bootstrap() which can easily happen
in two places at once. The race condition specifically occurs in between
the is_dir() check and the mkdir() call, the latter producing an
exception if the dir already exist. We simply ignore any error coming
out of mkdir() and then check for success separately.

We could omit that success check since failure is unlikely and would
only occur due to a server misconfiguration that would manifest itself
in other ways as well, but this way the simple TOC/TOU race condition
is prevented while other errors are still reported.

We apply the same change to the mkdir() in scopeSessions() as the logic
is similar.

Resolves #1452
---
 .../FilesystemTenancyBootstrapper.php         | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/src/Bootstrappers/FilesystemTenancyBootstrapper.php b/src/Bootstrappers/FilesystemTenancyBootstrapper.php
index af2b809f..56091600 100644
--- a/src/Bootstrappers/FilesystemTenancyBootstrapper.php
+++ b/src/Bootstrappers/FilesystemTenancyBootstrapper.php
@@ -4,6 +4,7 @@ declare(strict_types=1);
 
 namespace Stancl\Tenancy\Bootstrappers;
 
+use Exception;
 use Illuminate\Foundation\Application;
 use Illuminate\Session\FileSessionHandler;
 use Illuminate\Support\Facades\Storage;
@@ -75,8 +76,13 @@ class FilesystemTenancyBootstrapper implements TenancyBootstrapper
             : $this->originalStoragePath . '/framework/cache';
 
         if (! is_dir($path)) {
-            // Create tenant framework/cache directory if it does not exist
-            mkdir($path, 0750, true);
+            // Create tenant framework/cache directory if it does not exist.
+            // We ignore errors due to TOCTOU race conditions, instead we check for success below.
+            @mkdir($path, 0750, true);
+
+            if (! is_dir($path)) {
+                throw new Exception("Unable to create tenant storage directory [{$path}].");
+            }
         }
 
         if ($suffix === false) {
@@ -222,8 +228,13 @@ class FilesystemTenancyBootstrapper implements TenancyBootstrapper
             : $this->originalStoragePath . '/framework/sessions';
 
         if (! is_dir($path)) {
-            // Create tenant framework/sessions directory if it does not exist
-            mkdir($path, 0750, true);
+            // Create tenant framework/sessions directory if it does not exist.
+            // We ignore errors due to TOCTOU race conditions, instead we check for success below.
+            @mkdir($path, 0750, true);
+
+            if (! is_dir($path)) {
+                throw new Exception("Unable to create tenant session directory [{$path}].");
+            }
         }
 
         $this->app['config']['session.files'] = $path;

From c32f52ce7cb9e705cbf1f5a5e884e466c8dde319 Mon Sep 17 00:00:00 2001
From: Samuel Stancl <samuel@archte.ch>
Date: Wed, 15 Apr 2026 11:09:22 +0200
Subject: [PATCH 2/2] phpstan fix: Scope generics

phpstan started failing with '... implements generic interface
Illuminate\Database\Eloquent\Scope but does not specify its types:
TModel'. We solve this by adding an implements docblock to the scopes
implementing that interface. They're fairly generic - we just use the
Model type itself in the code - so we use Model for the type parameter.
---
 src/Database/Concerns/PendingScope.php | 1 +
 src/Database/ParentModelScope.php      | 1 +
 src/Database/TenantScope.php           | 1 +
 3 files changed, 3 insertions(+)

diff --git a/src/Database/Concerns/PendingScope.php b/src/Database/Concerns/PendingScope.php
index 712de6c7..52b8eb19 100644
--- a/src/Database/Concerns/PendingScope.php
+++ b/src/Database/Concerns/PendingScope.php
@@ -8,6 +8,7 @@ use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\Scope;
 
+/** @implements Scope<Model> */
 class PendingScope implements Scope
 {
     /**
diff --git a/src/Database/ParentModelScope.php b/src/Database/ParentModelScope.php
index ee1a200e..44f4ac12 100644
--- a/src/Database/ParentModelScope.php
+++ b/src/Database/ParentModelScope.php
@@ -8,6 +8,7 @@ use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\Scope;
 
+/** @implements Scope<Model> */
 class ParentModelScope implements Scope
 {
     /**
diff --git a/src/Database/TenantScope.php b/src/Database/TenantScope.php
index 050da365..94ff4572 100644
--- a/src/Database/TenantScope.php
+++ b/src/Database/TenantScope.php
@@ -9,6 +9,7 @@ use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\Scope;
 use Stancl\Tenancy\Tenancy;
 
+/** @implements Scope<Model> */
 class TenantScope implements Scope
 {
     /**