From 540e3635e27ade5cd36f2f7dde737d873fd2eda7 Mon Sep 17 00:00:00 2001
From: lukinovec <lukinovec@gmail.com>
Date: Tue, 9 Jun 2026 09:53:26 +0200
Subject: [PATCH] Improve hardening

Make hardening work correctly even for named SQLite DBs, also make the related test test named SQLite DBs instead of just MySQL (the SQLite dataset fails when the DatabaseTenancyBootstrapper changes get reverted).
---
 .../DatabaseTenancyBootstrapper.php             |  6 +++---
 .../DatabaseTenancyBootstrapperTest.php         | 17 +++++++++--------
 2 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/src/Bootstrappers/DatabaseTenancyBootstrapper.php b/src/Bootstrappers/DatabaseTenancyBootstrapper.php
index b23e4fe5..1a813d39 100644
--- a/src/Bootstrappers/DatabaseTenancyBootstrapper.php
+++ b/src/Bootstrappers/DatabaseTenancyBootstrapper.php
@@ -90,11 +90,11 @@ class DatabaseTenancyBootstrapper implements TenancyBootstrapper
     protected function verifyTenantCanUseDatabase(Tenant $tenant): void
     {
         /** @var \Stancl\Tenancy\Database\Models\Tenant $tenant */
-        $dbName = DB::getDatabaseName();
+        $tenantDbName = $tenant->database()->getName();
 
         // Check if any other tenant uses this tenant's database
         if ($tenant::where($tenant->getTenantKeyName(), '!=', $tenant->getTenantKey())
-            ->where($tenant::getDataColumn() . '->' . $tenant->internalPrefix() . 'db_name', $dbName)
+            ->where($tenant::getDataColumn() . '->' . $tenant->internalPrefix() . 'db_name', $tenantDbName)
             ->exists()) {
             throw new RuntimeException('Tenant cannot use a database of another tenant.');
         }
@@ -104,7 +104,7 @@ class DatabaseTenancyBootstrapper implements TenancyBootstrapper
             config('tenancy.database.central_connection', 'central')
         )->getDatabaseName();
 
-        if ($dbName === $centralDbName) {
+        if (DB::getDatabaseName() === $centralDbName) {
             throw new RuntimeException('Tenant cannot use the central database.');
         }
     }
diff --git a/tests/Bootstrappers/DatabaseTenancyBootstrapperTest.php b/tests/Bootstrappers/DatabaseTenancyBootstrapperTest.php
index f91eee39..ce78e4aa 100644
--- a/tests/Bootstrappers/DatabaseTenancyBootstrapperTest.php
+++ b/tests/Bootstrappers/DatabaseTenancyBootstrapperTest.php
@@ -63,7 +63,7 @@ test('harden prevents tenants from using the central database', function ($harde
     'hardening disabled' => false,
 ]);
 
-test('harden prevents tenants from using a database of another tenant', function ($harden) {
+test('harden prevents tenants from using a database of another tenant', function (bool $harden, string $connection) {
     config([
         'tenancy.bootstrappers' => [DatabaseTenancyBootstrapper::class],
     ]);
@@ -74,15 +74,13 @@ test('harden prevents tenants from using a database of another tenant', function
         return $event->tenant;
     })->toListener());
 
-    $tenant = Tenant::create();
+    $tenant = Tenant::create(['tenancy_db_connection' => $connection]);
 
-    Tenant::create([
-        'tenancy_db_name' => $tenantDbName = 'foo' . Str::random(8),
-    ]);
+    $dbName = Str::random(8) . ($connection === 'sqlite' ? '.sqlite' : '');
 
-    $tenant->update([
-        'tenancy_db_name' => $tenantDbName, // Database of another tenant
-    ]);
+    Tenant::create(['tenancy_db_name' => $dbName, 'tenancy_db_connection' => $connection]);
+
+    $tenant->update(['tenancy_db_name' => $dbName]);
 
     if ($harden) {
         // Harden blocks initialization for tenants that use a database of another tenant
@@ -99,6 +97,9 @@ test('harden prevents tenants from using a database of another tenant', function
 })->with([
     'hardening enabled' => true,
     'hardening disabled' => false,
+])->with([
+    'mysql' => 'mysql',
+    'named sqlite' => 'sqlite',
 ]);
 
 test('database tenancy bootstrapper throws an exception if DATABASE_URL is set', function (string|null $databaseUrl) {