Merge branch 'validate-sql-parameters' into boilerplate-temp

src/Bootstrappers/DatabaseTenancyBootstrapper.php

@@ -5,14 +5,24 @@ declare(strict_types=1);
 namespace Stancl\Tenancy\Bootstrappers;
 
 use Exception;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Schema;
+use RuntimeException;
 use Stancl\Tenancy\Contracts\TenancyBootstrapper;
 use Stancl\Tenancy\Contracts\Tenant;
 use Stancl\Tenancy\Database\Contracts\TenantWithDatabase;
 use Stancl\Tenancy\Database\DatabaseManager;
 use Stancl\Tenancy\Database\Exceptions\TenantDatabaseDoesNotExistException;
+use Throwable;
 
 class DatabaseTenancyBootstrapper implements TenancyBootstrapper
 {
+    /**
+     * When true, throw an exception if a tenant gets connected to
+     * another tenant's database or to the central database.
+     */
+    public static bool $harden = false;
+
     /** @var DatabaseManager */
     protected $database;
 
@@ -41,10 +51,38 @@ class DatabaseTenancyBootstrapper implements TenancyBootstrapper
         }
 
         $this->database->connectToTenant($tenant);
+
+        if (static::$harden) {
+            try {
+                $this->harden($tenant);
+            } catch (Throwable $e) {
+                // Revert connection back to central
+                $this->revert();
+
+                throw $e;
+            }
+        }
     }
 
     public function revert(): void
     {
         $this->database->reconnectToCentral();
     }
+
+    protected function harden(Tenant $tenant): void
+    {
+        $dbName = DB::getDatabaseName();
+
+        // Check if any other tenant uses this tenant's database
+        if ($tenant::where($tenant->getTenantKeyName(), '!=', $tenant->getTenantKey())
+            ->where('data->tenancy_db_name', $dbName)
+            ->exists()) {
+            throw new RuntimeException('Tenant cannot use a database of another tenant.');
+        }
+
+        // Check if the current database doesn't have the tenants table (i.e. it's not the central database)
+        if (Schema::hasTable($tenant->getTable())) {
+            throw new RuntimeException('Tenant cannot use the central database.');
+        }
+    }
 }

src/Database/Concerns/ManagesPostgresUsers.php

@@ -28,6 +28,9 @@ trait ManagesPostgresUsers
         $username = $databaseConfig->getUsername();
         $password = $databaseConfig->getPassword();
 
+        $this->validateParameter($username);
+        $this->validatePassword($password);
+
         $createUser = ! $this->userExists($username);
 
         if ($createUser) {
@@ -44,6 +47,8 @@ trait ManagesPostgresUsers
         // Tenant DB username
         $username = $databaseConfig->getUsername();
 
+        $this->validateParameter($username);
+
         // Tenant host connection config
         $connectionName = $this->connection()->getConfig('name');
         $centralDatabase = $this->connection()->getConfig('database');
@@ -77,6 +82,6 @@ trait ManagesPostgresUsers
 
     public function userExists(string $username): bool
     {
-        return (bool) $this->connection()->selectOne("SELECT usename FROM pg_user WHERE usename = '{$username}'");
+        return (bool) $this->connection()->select('SELECT usename FROM pg_user WHERE usename = ?', [$username]);
     }
 }

src/Database/Concerns/ValidatesDatabaseParameters.php

@@ -0,0 +1,93 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Stancl\Tenancy\Database\Concerns;
+
+use InvalidArgumentException;
+
+/**
+ * Provides methods to validate database parameters (e.g. database names, usernames, passwords)
+ * before using them in SQL statements (or in file paths in the case of SQLiteDatabaseManager).
+ *
+ * Used where parameters can be provided by users, and where parameter binding cannot be used.
+ *
+ * @mixin \Stancl\Tenancy\Database\TenantDatabaseManagers\TenantDatabaseManager
+ * @mixin \Stancl\Tenancy\Database\TenantDatabaseManagers\SQLiteDatabaseManager
+ */
+trait ValidatesDatabaseParameters
+{
+    /**
+     * Characters allowed in parameters.
+     *
+     * Used as the default allowlist in validateParameter(), which validates non-password
+     * parameters such as database names or usernames.
+     */
+    protected function allowedParameterCharacters(): string
+    {
+        return 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-';
+    }
+
+    /**
+     * Characters allowed in database user passwords.
+     *
+     * Passwords are always quoted in the SQL statements, so it's safe
+     * to allow a wider range of characters, as long as it doesn't include
+     * characters that can break out of the quoted SQL strings (so e.g.
+     * ', ", \, and ` aren't allowed).
+     */
+    protected function allowedPasswordCharacters(): string
+    {
+        return ' !#$%&()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_abcdefghijklmnopqrstuvwxyz{|}~';
+    }
+
+    /**
+     * Ensure that parameters (database names, usernames, etc.)
+     * only contain allowed characters before used in SQL statements
+     * (or paths in the case of SQLiteDatabaseManager).
+     *
+     * By default, only the characters in allowedParameterCharacters() are allowed.
+     *
+     * Null parameters are skipped.
+     *
+     * @throws InvalidArgumentException
+     */
+    protected function validateParameter(string|array|null $parameters, string|null $allowedCharacters = null): void
+    {
+        $allowedCharacters ??= $this->allowedParameterCharacters();
+
+        foreach ((array) $parameters as $parameter) {
+            if (is_null($parameter)) {
+                // Skip if there's nothing to validate
+                // (e.g. when $tenant->database()->getUsername() of an
+                // improperly created tenant is null and it gets passed).
+                continue;
+            }
+
+            if (! is_string($parameter)) {
+                // E.g. if a parameter is retrieved from the config, it isn't necessarily a string
+                throw new InvalidArgumentException('Parameter has to be a string.');
+            }
+
+            foreach (str_split($parameter) as $character) {
+                if (! str_contains($allowedCharacters, $character)) {
+                    throw new InvalidArgumentException("Forbidden character '{$character}' in parameter.");
+                }
+            }
+        }
+    }
+
+    /**
+     * Ensure password only contains allowed characters (allowedPasswordCharacters())
+     * before used in SQL statements.
+     *
+     * Used in permission controlled managers as a shorthand for calling validateParameter()
+     * with the less strict allowlist to validate database user passwords.
+     *
+     * @throws InvalidArgumentException
+     */
+    protected function validatePassword(string|null $password): void
+    {
+        $this->validateParameter($password, allowedCharacters: $this->allowedPasswordCharacters());
+    }
+}

src/Database/TenantDatabaseManagers/MicrosoftSQLDatabaseManager.php

@@ -12,16 +12,22 @@ class MicrosoftSQLDatabaseManager extends TenantDatabaseManager
     {
         $database = $tenant->database()->getName();
 
+        $this->validateParameter($database);
+
         return $this->connection()->statement("CREATE DATABASE [{$database}]");
     }
 
     public function deleteDatabase(TenantWithDatabase $tenant): bool
     {
-        return $this->connection()->statement("DROP DATABASE [{$tenant->database()->getName()}]");
+        $database = $tenant->database()->getName();
+
+        $this->validateParameter($database);
+
+        return $this->connection()->statement("DROP DATABASE [{$database}]");
     }
 
     public function databaseExists(string $name): bool
     {
-        return (bool) $this->connection()->select("SELECT name FROM master.sys.databases WHERE name = '$name'");
+        return (bool) $this->connection()->select('SELECT name FROM master.sys.databases WHERE name = ?', [$name]);
     }
 }

src/Database/TenantDatabaseManagers/MySQLDatabaseManager.php

@@ -14,16 +14,36 @@ class MySQLDatabaseManager extends TenantDatabaseManager
         $charset = $this->connection()->getConfig('charset');
         $collation = $this->connection()->getConfig('collation');
 
-        return $this->connection()->statement("CREATE DATABASE `{$database}` CHARACTER SET `$charset` COLLATE `$collation`");
+        $this->validateParameter([$database, $charset, $collation]);
+
+        // MySQL defaults to the server's charset and collation
+        // if charset and collation are not specified.
+        // If charset is specified but collation is null, MySQL
+        // will choose a default collation for the specified charset (and vice versa).
+        $statement = "CREATE DATABASE `{$database}`";
+
+        if ($charset !== null) {
+            $statement .= " CHARACTER SET `{$charset}`";
+        }
+
+        if ($collation !== null) {
+            $statement .= " COLLATE `{$collation}`";
+        }
+
+        return $this->connection()->statement($statement);
     }
 
     public function deleteDatabase(TenantWithDatabase $tenant): bool
     {
-        return $this->connection()->statement("DROP DATABASE `{$tenant->database()->getName()}`");
+        $database = $tenant->database()->getName();
+
+        $this->validateParameter($database);
+
+        return $this->connection()->statement("DROP DATABASE `{$database}`");
     }
 
     public function databaseExists(string $name): bool
     {
-        return (bool) $this->connection()->select("SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = '$name'");
+        return (bool) $this->connection()->select('SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = ?', [$name]);
     }
 }

src/Database/TenantDatabaseManagers/PermissionControlledMicrosoftSQLServerDatabaseManager.php

@@ -24,6 +24,9 @@ class PermissionControlledMicrosoftSQLServerDatabaseManager extends MicrosoftSQL
         $username = $databaseConfig->getUsername();
         $password = $databaseConfig->getPassword();
 
+        $this->validateParameter([$database, $username]);
+        $this->validatePassword($password);
+
         // Create login
         $this->connection()->statement("CREATE LOGIN [$username] WITH PASSWORD = '$password'");
 
@@ -37,12 +40,16 @@ class PermissionControlledMicrosoftSQLServerDatabaseManager extends MicrosoftSQL
 
     public function deleteUser(DatabaseConfig $databaseConfig): bool
     {
-        return $this->connection()->statement("DROP LOGIN [{$databaseConfig->getUsername()}]");
+        $username = $databaseConfig->getUsername();
+
+        $this->validateParameter($username);
+
+        return $this->connection()->statement("DROP LOGIN [{$username}]");
     }
 
     public function userExists(string $username): bool
     {
-        return (bool) $this->connection()->select("SELECT sp.name as username FROM sys.server_principals sp WHERE sp.name = '{$username}'");
+        return (bool) $this->connection()->select('SELECT sp.name as username FROM sys.server_principals sp WHERE sp.name = ?', [$username]);
     }
 
     public function makeConnectionConfig(array $baseConfig, string $databaseName): array
@@ -54,11 +61,15 @@ class PermissionControlledMicrosoftSQLServerDatabaseManager extends MicrosoftSQL
 
     public function deleteDatabase(TenantWithDatabase $tenant): bool
     {
+        $name = $tenant->database()->getName();
+
+        $this->validateParameter($name);
+
         // Close all connections to the database before deleting it
         // Set the database to SINGLE_USER mode to ensure that
         // No other connections are using the database while we're trying to delete it
         // Rollback all active transactions
-        $this->connection()->statement("ALTER DATABASE [{$tenant->database()->getName()}] SET SINGLE_USER WITH ROLLBACK IMMEDIATE;");
+        $this->connection()->statement("ALTER DATABASE [{$name}] SET SINGLE_USER WITH ROLLBACK IMMEDIATE;");
 
         return parent::deleteDatabase($tenant);
     }

src/Database/TenantDatabaseManagers/PermissionControlledMySQLDatabaseManager.php

@@ -25,6 +25,9 @@ class PermissionControlledMySQLDatabaseManager extends MySQLDatabaseManager impl
         $username = $databaseConfig->getUsername();
         $password = $databaseConfig->getPassword();
 
+        $this->validateParameter([$database, $username]);
+        $this->validatePassword($password);
+
         $this->connection()->statement("CREATE USER `{$username}`@`%` IDENTIFIED BY '{$password}'");
 
         $grants = implode(', ', static::$grants);
@@ -48,11 +51,15 @@ class PermissionControlledMySQLDatabaseManager extends MySQLDatabaseManager impl
 
     public function deleteUser(DatabaseConfig $databaseConfig): bool
     {
-        return $this->connection()->statement("DROP USER IF EXISTS '{$databaseConfig->getUsername()}'");
+        $username = $databaseConfig->getUsername();
+
+        $this->validateParameter($username);
+
+        return $this->connection()->statement("DROP USER IF EXISTS '{$username}'");
     }
 
     public function userExists(string $username): bool
     {
-        return (bool) $this->connection()->select("SELECT count(*) FROM mysql.user WHERE user = '$username'")[0]->{'count(*)'};
+        return (bool) $this->connection()->select('SELECT count(*) FROM mysql.user WHERE user = ?', [$username])[0]->{'count(*)'};
     }
 }

src/Database/TenantDatabaseManagers/PermissionControlledPostgreSQLDatabaseManager.php

@@ -20,6 +20,8 @@ class PermissionControlledPostgreSQLDatabaseManager extends PostgreSQLDatabaseMa
         $username = $databaseConfig->getUsername();
         $schema = $databaseConfig->connection()['search_path'];
 
+        $this->validateParameter([$database, $username, $schema]);
+
         // Host config
         $connectionName = $this->connection()->getConfig('name');
         $centralDatabase = $this->connection()->getConfig('database');
@@ -32,10 +34,10 @@ class PermissionControlledPostgreSQLDatabaseManager extends PostgreSQLDatabaseMa
         $this->connection()->reconnect();
 
         // Grant permissions to create and use tables in the configured schema ("public" by default) to the user
-        $this->connection()->statement("GRANT USAGE, CREATE ON SCHEMA {$schema} TO \"{$username}\"");
+        $this->connection()->statement("GRANT USAGE, CREATE ON SCHEMA \"{$schema}\" TO \"{$username}\"");
 
         // Grant permissions to use sequences in the current schema to the user
-        $this->connection()->statement("GRANT USAGE ON ALL SEQUENCES IN SCHEMA {$schema} TO \"{$username}\"");
+        $this->connection()->statement("GRANT USAGE ON ALL SEQUENCES IN SCHEMA \"{$schema}\" TO \"{$username}\"");
 
         // Reconnect to central database
         config(["database.connections.{$connectionName}.database" => $centralDatabase]);

src/Database/TenantDatabaseManagers/PermissionControlledPostgreSQLSchemaManager.php

@@ -23,23 +23,25 @@ class PermissionControlledPostgreSQLSchemaManager extends PostgreSQLSchemaManage
         // Central database name
         $database = DB::connection(config('tenancy.database.central_connection'))->getDatabaseName();
 
-        $this->connection()->statement("GRANT CONNECT ON DATABASE {$database} TO \"{$username}\"");
+        $this->validateParameter([$username, $schema, $database]);
+
+        $this->connection()->statement("GRANT CONNECT ON DATABASE \"{$database}\" TO \"{$username}\"");
         $this->connection()->statement("GRANT USAGE, CREATE ON SCHEMA \"{$schema}\" TO \"{$username}\"");
         $this->connection()->statement("GRANT USAGE ON ALL SEQUENCES IN SCHEMA \"{$schema}\" TO \"{$username}\"");
 
-        $tables = $this->connection()->select("SELECT table_name FROM information_schema.tables WHERE table_schema = '{$schema}' AND table_type = 'BASE TABLE'");
+        $tables = $this->connection()->select("SELECT table_name FROM information_schema.tables WHERE table_schema = ? AND table_type = 'BASE TABLE'", [$schema]);
 
         // Grant permissions to any existing tables. This is used with RLS
         foreach ($tables as $table) {
             $tableName = $table->table_name;
 
             /** @var string $primaryKey */
-            $primaryKey = $this->connection()->selectOne(<<<SQL
+            $primaryKey = $this->connection()->selectOne(<<<'SQL'
                 SELECT column_name
                 FROM information_schema.key_column_usage
-                WHERE table_name = '{$tableName}'
+                WHERE table_name = ?
                 AND constraint_name LIKE '%_pkey'
-            SQL)->column_name;
+            SQL, [$tableName])->column_name;
 
             // Grant all permissions for all existing tables
             $this->connection()->statement("GRANT ALL ON \"{$schema}\".\"{$tableName}\" TO \"{$username}\"");

src/Database/TenantDatabaseManagers/PostgreSQLDatabaseManager.php

@@ -10,16 +10,24 @@ class PostgreSQLDatabaseManager extends TenantDatabaseManager
 {
     public function createDatabase(TenantWithDatabase $tenant): bool
     {
-        return $this->connection()->statement("CREATE DATABASE \"{$tenant->database()->getName()}\" WITH TEMPLATE=template0");
+        $name = $tenant->database()->getName();
+
+        $this->validateParameter($name);
+
+        return $this->connection()->statement("CREATE DATABASE \"{$name}\" WITH TEMPLATE=template0");
     }
 
     public function deleteDatabase(TenantWithDatabase $tenant): bool
     {
-        return $this->connection()->statement("DROP DATABASE \"{$tenant->database()->getName()}\"");
+        $name = $tenant->database()->getName();
+
+        $this->validateParameter($name);
+
+        return $this->connection()->statement("DROP DATABASE \"{$name}\"");
     }
 
     public function databaseExists(string $name): bool
     {
-        return (bool) $this->connection()->selectOne("SELECT datname FROM pg_database WHERE datname = '$name'");
+        return (bool) $this->connection()->select('SELECT datname FROM pg_database WHERE datname = ?', [$name]);
     }
 }

src/Database/TenantDatabaseManagers/PostgreSQLSchemaManager.php

@@ -10,17 +10,25 @@ class PostgreSQLSchemaManager extends TenantDatabaseManager
 {
     public function createDatabase(TenantWithDatabase $tenant): bool
     {
-        return $this->connection()->statement("CREATE SCHEMA \"{$tenant->database()->getName()}\"");
+        $name = $tenant->database()->getName();
+
+        $this->validateParameter($name);
+
+        return $this->connection()->statement("CREATE SCHEMA \"{$name}\"");
     }
 
     public function deleteDatabase(TenantWithDatabase $tenant): bool
     {
-        return $this->connection()->statement("DROP SCHEMA \"{$tenant->database()->getName()}\" CASCADE");
+        $name = $tenant->database()->getName();
+
+        $this->validateParameter($name);
+
+        return $this->connection()->statement("DROP SCHEMA \"{$name}\" CASCADE");
     }
 
     public function databaseExists(string $name): bool
     {
-        return (bool) $this->connection()->select("SELECT schema_name FROM information_schema.schemata WHERE schema_name = '$name'");
+        return (bool) $this->connection()->select('SELECT schema_name FROM information_schema.schemata WHERE schema_name = ?', [$name]);
     }
 
     public function makeConnectionConfig(array $baseConfig, string $databaseName): array

src/Database/TenantDatabaseManagers/SQLiteDatabaseManager.php

@@ -6,13 +6,17 @@ namespace Stancl\Tenancy\Database\TenantDatabaseManagers;
 
 use Closure;
 use Illuminate\Database\Eloquent\Model;
+use InvalidArgumentException;
 use PDO;
+use Stancl\Tenancy\Database\Concerns\ValidatesDatabaseParameters;
 use Stancl\Tenancy\Database\Contracts\TenantDatabaseManager;
 use Stancl\Tenancy\Database\Contracts\TenantWithDatabase;
 use Throwable;
 
 class SQLiteDatabaseManager implements TenantDatabaseManager
 {
+    use ValidatesDatabaseParameters;
+
     /**
      * SQLite database directory path.
      *
@@ -57,6 +61,16 @@ class SQLiteDatabaseManager implements TenantDatabaseManager
      */
     public static Closure|null $closeInMemoryConnectionUsing = null;
 
+    /**
+     * Characters allowed in database names.
+     *
+     * Includes dots to support file extensions (e.g. '.sqlite').
+     */
+    protected static function allowedDatabaseNameCharacters(): string
+    {
+        return 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-.';
+    }
+
     public function createDatabase(TenantWithDatabase $tenant): bool
     {
         /** @var TenantWithDatabase&Model $tenant */
@@ -122,6 +136,9 @@ class SQLiteDatabaseManager implements TenantDatabaseManager
     public function makeConnectionConfig(array $baseConfig, string $databaseName): array
     {
         if ($this->isInMemory($databaseName)) {
+            // Named in-memory DBs are formatted like 'file:_tenancy_inmemory_tenant123?mode=memory&cache=shared'
+            $this->validateDatabaseName($databaseName, ':?=&');
+
             $baseConfig['database'] = $databaseName;
 
             if (static::$persistInMemoryConnectionUsing !== null) {
@@ -129,7 +146,7 @@ class SQLiteDatabaseManager implements TenantDatabaseManager
                 (static::$persistInMemoryConnectionUsing)(new PDO($dsn), $dsn);
             }
         } else {
-            $baseConfig['database'] = database_path($databaseName);
+            $baseConfig['database'] = $this->getPath($databaseName);
         }
 
         return $baseConfig;
@@ -137,6 +154,8 @@ class SQLiteDatabaseManager implements TenantDatabaseManager
 
     public function getPath(string $name): string
     {
+        $this->validateDatabaseName($name);
+
         if (static::$path) {
             return rtrim(static::$path, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR . $name;
         }
@@ -146,6 +165,28 @@ class SQLiteDatabaseManager implements TenantDatabaseManager
 
     public static function isInMemory(string $name): bool
     {
-        return $name === ':memory:' || str_contains($name, '_tenancy_inmemory_');
+        $isNamed = str_starts_with($name, 'file:_tenancy_inmemory_') &&
+            str_ends_with($name, '?mode=memory&cache=shared');
+
+        return $name === ':memory:' || $isNamed;
+    }
+
+    /**
+     * Ensure database name only contains allowed characters
+     * (allowedDatabaseNameCharacters() + $extraAllowedCharacters) and is not a directory name.
+     *
+     * @throws InvalidArgumentException
+     */
+    protected function validateDatabaseName(string $name, string $extraAllowedCharacters = ''): void
+    {
+        $this->validateParameter($name, $this->allowedDatabaseNameCharacters() . $extraAllowedCharacters);
+
+        if ($name === '') {
+            throw new InvalidArgumentException('Database name cannot be empty.');
+        }
+
+        if (is_dir($name)) {
+            throw new InvalidArgumentException('Database name cannot be a directory.');
+        }
     }
 }

src/Database/TenantDatabaseManagers/TenantDatabaseManager.php

@@ -6,11 +6,14 @@ namespace Stancl\Tenancy\Database\TenantDatabaseManagers;
 
 use Illuminate\Database\Connection;
 use Illuminate\Support\Facades\DB;
+use Stancl\Tenancy\Database\Concerns\ValidatesDatabaseParameters;
 use Stancl\Tenancy\Database\Contracts\StatefulTenantDatabaseManager;
 use Stancl\Tenancy\Database\Exceptions\NoConnectionSetException;
 
 abstract class TenantDatabaseManager implements StatefulTenantDatabaseManager
 {
+    use ValidatesDatabaseParameters;
+
     /** The database connection to the server. */
     protected string $connection;
 

tests/Bootstrappers/DatabaseTenancyBootstrapper.php

@@ -1,35 +0,0 @@
-<?php
-
-use Illuminate\Support\Facades\Event;
-use Stancl\Tenancy\Bootstrappers\DatabaseTenancyBootstrapper;
-use Stancl\Tenancy\Events\TenancyEnded;
-use Stancl\Tenancy\Events\TenancyInitialized;
-use Stancl\Tenancy\Listeners\BootstrapTenancy;
-use Stancl\Tenancy\Listeners\RevertToCentralContext;
-use Stancl\Tenancy\Tests\Etc\Tenant;
-
-use function Stancl\Tenancy\Tests\pest;
-
-beforeEach(function () {
-    Event::listen(TenancyInitialized::class, BootstrapTenancy::class);
-    Event::listen(TenancyEnded::class, RevertToCentralContext::class);
-});
-
-test('database tenancy bootstrapper throws an exception if DATABASE_URL is set', function (string|null $databaseUrl) {
-    if ($databaseUrl) {
-        config(['database.connections.central.url' => $databaseUrl]);
-
-        pest()->expectException(Exception::class);
-    }
-
-    config(['tenancy.bootstrappers' => [DatabaseTenancyBootstrapper::class]]);
-
-    $tenant1 = Tenant::create();
-
-    pest()->artisan('tenants:migrate');
-
-    tenancy()->initialize($tenant1);
-
-    expect(true)->toBe(true);
-})->with(['abc.us-east-1.rds.amazonaws.com', null]);
-

tests/Bootstrappers/DatabaseTenancyBootstrapperTest.php

@@ -0,0 +1,103 @@
+<?php
+
+use Illuminate\Support\Facades\Event;
+use Stancl\JobPipeline\JobPipeline;
+use Stancl\Tenancy\Bootstrappers\DatabaseTenancyBootstrapper;
+use Stancl\Tenancy\Events\TenancyEnded;
+use Stancl\Tenancy\Events\TenancyInitialized;
+use Stancl\Tenancy\Jobs\CreateDatabase;
+use Stancl\Tenancy\Events\TenantCreated;
+use Stancl\Tenancy\Listeners\BootstrapTenancy;
+use Stancl\Tenancy\Listeners\RevertToCentralContext;
+use Stancl\Tenancy\Tests\Etc\Tenant;
+
+use function Stancl\Tenancy\Tests\pest;
+use Illuminate\Support\Str;
+use Illuminate\Support\Facades\DB;
+
+$cleanup = function () {
+    DatabaseTenancyBootstrapper::$harden = false;
+};
+
+beforeEach(function () use ($cleanup) {
+    Event::listen(TenancyInitialized::class, BootstrapTenancy::class);
+    Event::listen(TenancyEnded::class, RevertToCentralContext::class);
+
+    $cleanup();
+});
+
+afterEach($cleanup);
+
+test('harden prevents tenants from using the central database', function () {
+    config([
+        'tenancy.bootstrappers' => [DatabaseTenancyBootstrapper::class],
+    ]);
+
+    DatabaseTenancyBootstrapper::$harden = true;
+
+    Event::listen(TenantCreated::class, JobPipeline::make([CreateDatabase::class])->send(function (TenantCreated $event) {
+        return $event->tenant;
+    })->toListener());
+
+    $tenant = Tenant::create();
+
+    $tenant->update([
+        'tenancy_db_name' => config('database.connections.central.database'), // Central database name
+    ]);
+
+    // Harden blocks initialization for tenants that use central database
+    expect(fn () => tenancy()->initialize($tenant))->toThrow(RuntimeException::class);
+
+    // Connection should be reverted back to central
+    expect(DB::connection()->getName())->toBe('central');
+});
+
+test('harden prevents tenants from using a database of another tenant', function () {
+    config([
+        'tenancy.bootstrappers' => [DatabaseTenancyBootstrapper::class],
+    ]);
+
+    DatabaseTenancyBootstrapper::$harden = true;
+
+    Event::listen(TenantCreated::class, JobPipeline::make([CreateDatabase::class])->send(function (TenantCreated $event) {
+        return $event->tenant;
+    })->toListener());
+
+    $tenant = Tenant::create();
+
+    Tenant::create([
+        'tenancy_db_name' => $tenantDbName = 'foo' . Str::random(8),
+    ]);
+
+    $tenant->update([
+        'tenancy_db_name' => $tenantDbName, // Database of another tenant
+    ]);
+
+    // Harden blocks initialization for tenants that use a database of another tenant
+    expect(fn () => tenancy()->initialize($tenant))->toThrow(RuntimeException::class);
+
+    // Connection should be reverted back to central
+    expect(DB::connection()->getName())->toBe('central');
+});
+
+test('database tenancy bootstrapper throws an exception if DATABASE_URL is set', function (string|null $databaseUrl) {
+    config(['database.connections.central.url' => $databaseUrl]);
+
+    if ($databaseUrl) {
+        pest()->expectException(Exception::class);
+    }
+
+    config(['tenancy.bootstrappers' => [DatabaseTenancyBootstrapper::class]]);
+
+    Event::listen(TenantCreated::class, JobPipeline::make([CreateDatabase::class])->send(function (TenantCreated $event) {
+        return $event->tenant;
+    })->toListener());
+
+    $tenant1 = Tenant::create();
+
+    pest()->artisan('tenants:migrate');
+
+    tenancy()->initialize($tenant1);
+
+    expect(true)->toBe(true);
+})->with(['abc.us-east-1.rds.amazonaws.com', null]);

tests/TenantDatabaseManagerTest.php

@@ -17,6 +17,7 @@ use Stancl\Tenancy\Events\TenancyInitialized;
 use Stancl\Tenancy\Listeners\BootstrapTenancy;
 use Stancl\Tenancy\Listeners\RevertToCentralContext;
 use Stancl\Tenancy\Bootstrappers\DatabaseTenancyBootstrapper;
+use Stancl\Tenancy\Database\Contracts\ManagesDatabaseUsers;
 use Stancl\Tenancy\Database\Contracts\StatefulTenantDatabaseManager;
 use Stancl\Tenancy\Database\TenantDatabaseManagers\MySQLDatabaseManager;
 use Stancl\Tenancy\Database\TenantDatabaseManagers\SQLiteDatabaseManager;
@@ -539,6 +540,225 @@ test('partial tenant connection templates get merged into the central connection
     expect($manager->connection()->getConfig('url'))->toBeNull();
 });
 
+test('database managers validate parameters that cannot be bound', function ($driver, $databaseManager) {
+    config()->set([
+        "tenancy.database.template_tenant_connection" => $driver,
+    ]);
+
+    $manager = app($databaseManager);
+
+    if ($manager instanceof StatefulTenantDatabaseManager) {
+        $manager->setConnection($driver);
+    }
+
+    $invalidDatabaseName = "\"database_with_quotes\"";
+
+    if (! $manager instanceof ManagesDatabaseUsers) {
+        // Only test createDatabase() and deleteDatabase() with non-permission controlled managers here
+        // since permission controlled managers override these methods to e.g. delete users before
+        // calling parent::deleteDatabase(), and with invalid DB name, the user deletion will already
+        // fail before we even get to actual deleteDatabase() logic.
+        $tenant = Tenant::make([
+            'tenancy_db_name' => $invalidDatabaseName,
+            'tenancy_db_username' => 'valid-username',
+        ]);
+
+        expect(fn () => $manager->createDatabase($tenant))
+            ->toThrow(InvalidArgumentException::class, 'Forbidden character');
+
+        expect(fn () => $manager->deleteDatabase($tenant))
+            ->toThrow(InvalidArgumentException::class, 'Forbidden character');
+    } else {
+        // Invalid username, createUser() and deleteUser() should
+        // throw an invalid argument exception.
+        $tenantWithInvalidUsername = Tenant::make([
+            'tenancy_db_name' => 'valid_database_name890',
+            'tenancy_db_username' => "username with spaces",
+        ]);
+
+        expect(fn () => $manager->createUser($tenantWithInvalidUsername->database()))
+            ->toThrow(InvalidArgumentException::class, 'Forbidden character');
+
+        expect(fn () => $manager->deleteUser($tenantWithInvalidUsername->database()))
+            ->toThrow(InvalidArgumentException::class, 'Forbidden character');
+
+        // Invalid database name, createUser() should throw
+        // an invalid argument exception. deleteUser() doesn't
+        // validate the DB name (it only validates the username).
+        $tenantWithInvalidDatabase = Tenant::make([
+            'tenancy_db_name' => $invalidDatabaseName,
+            'tenancy_db_username' => 'valid_USERNAME',
+        ]);
+
+        expect(fn () => $manager->createUser($tenantWithInvalidDatabase->database()))
+            ->toThrow(InvalidArgumentException::class, 'Forbidden character');
+
+        $tenantWithInvalidPassword = Tenant::make([
+            'tenancy_db_name' => 'valid_database_name890',
+            'tenancy_db_username' => 'valid_USERNAME',
+            'tenancy_db_password' => "p'ssword",
+        ]);
+
+        expect(fn () => $manager->createUser($tenantWithInvalidPassword->database()))
+            ->toThrow(InvalidArgumentException::class, 'Forbidden character');
+
+        $tenantWithNullDbParameters = Tenant::make([
+            'tenancy_db_name' => null,
+            'tenancy_db_username' => null,
+            'tenancy_db_password' => null,
+        ]);
+
+        // validateParameter() doesn't throw InvalidArgumentException if a parameter is null
+        // (an exception will be thrown, but not by validateParameter()).
+        expect(fn () => $manager->createUser($tenantWithNullDbParameters->database()))
+            ->not()->toThrow(InvalidArgumentException::class);
+
+        if ($driver === 'mysql') {
+            // MySQLDatabaseManager gets the charset from the config
+            // Validation throws if the parameter is not a string
+            $tenantWithNonStringCharset = Tenant::make([
+                'tenancy_db_name' => 'valid_database_name890',
+                'tenancy_db_username' => 'valid-username',
+            ]);
+
+            config(['database.connections.mysql.charset' => []]);
+
+            expect(fn () => $manager->createDatabase($tenantWithNonStringCharset))
+                ->toThrow(InvalidArgumentException::class, 'Parameter has to be a string.');
+        }
+    }
+})->with('database_managers');
+
+test('sqlite database manager validates database names correctly', function () {
+    $manager = app(SQLiteDatabaseManager::class);
+
+    // Dots are allowed in database names
+    expect(fn () => $manager->databaseExists('valid-db_name.sqlite'))
+        ->not()->toThrow(InvalidArgumentException::class);
+
+    // Directory names are considered invalid input for database names
+    expect(fn () => $manager->databaseExists('..'))
+        ->toThrow(InvalidArgumentException::class);
+
+    // Empty strings are considered invalid input for database names
+    expect(fn () => $manager->databaseExists(''))
+        ->toThrow(InvalidArgumentException::class);
+});
+
+test('sqlite database manager recognizes inmemory databases correctly', function () {
+    $manager = app(SQLiteDatabaseManager::class);
+
+    expect($manager->isInMemory('file:_tenancy_inmemory_123?mode=memory&cache=shared'))->toBeTrue();
+    expect($manager->isInMemory(':memory:'))->toBeTrue();
+
+    // Missing the '?mode=memory&cache=shared' suffix
+    expect($manager->isInMemory('file:_tenancy_inmemory_456'))->toBeFalse();
+
+    // Doesn't start with 'file:_tenancy_inmemory_'
+    expect($manager->isInMemory('_tenancy_inmemory_123?mode=memory&cache=shared'))->toBeFalse();
+
+    // In-memory DB name is validated correctly in makeConnectionConfig()
+    expect(fn () => $manager->makeConnectionConfig([], 'file:_tenancy_inmemory_12"3?mode=memory&cache=shared'))
+        ->toThrow(InvalidArgumentException::class, 'Forbidden character');
+
+    expect(fn () => $manager->makeConnectionConfig([], 'file:_tenancy_inmemory_123?mode=memory&cache=shared'))
+        ->not()->toThrow(InvalidArgumentException::class);
+
+    expect(fn () => $manager->makeConnectionConfig([], ':memory:'))
+        ->not()->toThrow(InvalidArgumentException::class);
+});
+
+test('sqlite database manager respects the configured path while making the database config', function () {
+    config()->set([
+        'tenancy.database.template_tenant_connection' => 'sqlite',
+    ]);
+
+    $tenant = Tenant::make([
+        'tenancy_db_name' => 'tenant.sqlite',
+    ]);
+
+    // SQLiteDatabaseManager::$path is null, the database path is built using database_path()
+    expect($tenant->database()->connection()['database'])->toBe(database_path('tenant.sqlite'));
+
+    SQLiteDatabaseManager::$path = '/custom/path/';
+
+    expect($tenant->database()->connection()['database'])->toBe('/custom/path/tenant.sqlite');
+});
+
+test('newly created tenant databases use the correct charset and collation with mysql', function () {
+    config([
+        'tenancy.bootstrappers' => [DatabaseTenancyBootstrapper::class],
+    ]);
+
+    Event::listen(TenantCreated::class, JobPipeline::make([CreateDatabase::class])->send(function (TenantCreated $event) {
+        return $event->tenant;
+    })->toListener());
+
+    withBootstrapping();
+
+    $serverDefaultCharset = DB::selectOne('SELECT @@character_set_server AS charset')->charset;
+    $serverDefaultCollation = DB::selectOne('SELECT @@collation_server AS collation')->collation;
+
+    $databaseCharset = fn () => DB::selectOne('SELECT DEFAULT_CHARACTER_SET_NAME FROM information_schema.SCHEMATA WHERE SCHEMA_NAME = DATABASE()')->DEFAULT_CHARACTER_SET_NAME;
+    $databaseCollation = fn () => DB::selectOne('SELECT DEFAULT_COLLATION_NAME FROM information_schema.SCHEMATA WHERE SCHEMA_NAME = DATABASE()')->DEFAULT_COLLATION_NAME;
+
+    $defaultTenant = Tenant::create();
+
+    tenancy()->initialize($defaultTenant);
+
+    // No charset or collation specified,
+    // defaults from the MySQL config used.
+    expect($databaseCharset())->toBe('utf8mb4');
+    expect($databaseCollation())->toBe('utf8mb4_unicode_ci');
+
+    $tenantWithCharsetAndCollation = Tenant::create([
+        'tenancy_db_charset' => 'latin1',
+        'tenancy_db_collation' => 'latin1_swedish_ci',
+    ]);
+
+    tenancy()->initialize($tenantWithCharsetAndCollation);
+
+    // Custom charset and collation from tenant config
+    expect($databaseCharset())->toBe('latin1');
+    expect($databaseCollation())->toBe('latin1_swedish_ci');
+
+    $tenantWithNullCharsetAndCollation = Tenant::create([
+        'tenancy_db_charset' => null,
+        'tenancy_db_collation' => null,
+    ]);
+
+    tenancy()->initialize($tenantWithNullCharsetAndCollation);
+
+    // Default MySQL server charset and collation
+    // (e.g. charset = utf8mb4, collation = utf8mb4_0900_ai_ci)
+    expect($databaseCharset())->toBe($serverDefaultCharset);
+    expect($databaseCollation())->toBe($serverDefaultCollation);
+
+    $tenantWithCharsetAndNullCollation = Tenant::create([
+        'tenancy_db_charset' => 'binary',
+        'tenancy_db_collation' => null,
+    ]);
+
+    tenancy()->initialize($tenantWithCharsetAndNullCollation);
+
+    // Charset specified, collation is null,
+    // MySQL will choose a default collation for the specified charset.
+    expect($databaseCharset())->toBe('binary');
+    expect($databaseCollation())->toBe('binary');
+
+    // Collation specified, charset is null,
+    // MySQL will choose a default charset for the specified collation.
+    $tenantWithCollationAndNullCharset = Tenant::create([
+        'tenancy_db_charset' => null,
+        'tenancy_db_collation' => 'latin1_swedish_ci',
+    ]);
+
+    tenancy()->initialize($tenantWithCollationAndNullCharset);
+
+    expect($databaseCharset())->toBe('latin1');
+    expect($databaseCollation())->toBe('latin1_swedish_ci');
+});
+
 // Datasets
 dataset('database_managers', [
     ['mysql', MySQLDatabaseManager::class],