The PreventAcessFromUnwantedDomains MW had the
`tenancy()->routeIsUniversal($route)` check either for returning early,
or it was a leftover from some older implementation, so I removed it.
The middleware aborts if the
`$this->accessingTenantRouteFromCentralDomain($request, $route) ||
$this->accessingCentralRouteFromTenantDomain($request, $route)` check
passes. Meaning, **for the middleware to abort, the route has to be
either in central or tenant mode**. When the route is in universal mode,
the middleware will never reach `return $abortRequest()`. `return
$next($request)` will always get reached, even when the `||
tenancy()->routeIsUniversal($route)` check is deleted from the previous
condition, so that check was basically useless.
Since the docblock for the class does mention the behavior for universal
routes explicitly, we've instead added a comment documenting that things
work this way. That's probably the most reasonable way to have this
explicit behavior for universal routes easily understandable in this
fairly complex logic without redundant code.
Resolves#1418
---------
Co-authored-by: Samuel Štancl <samuel@archte.ch>
From the perspective of the master branch, this commit merges in a
few small breaking changes from the dev branch:
6b0066c5ef
- Make pullPendingFromPool() $firstOrCreate arg default to false
(pullPending() is now a direct alias for pullPendingFromPool() with
default $firstOrCreate=true)
- See full commit message for other changes. They shouldn't be breaking
though.
13a2209f11
- Remove $WAL static property. We instead just let Laravel use its
journal_mode config now
This merge also adds a deprecation:
b320f8f33d
- Deprecate TenantConfig feature in favor of TenantConfigBootstrapper
This commit also corrects an Event::fake() call in a separate test, as
general Event::fake() calls without specified events can lead to
incorrect (and difficult to debug) behavior in some cases, since
Tenancy depends on the event system being functional.
* UrlGenerator: set defaults based on config; request data: move config to config file+resolver
* Claude code adjustments
* improve request data tests, simplify complex test in UrlGeneratorBootstrapperTest
* url generator test: test changing tenant parameter name
* request data identification: add tenant_model_column configuration
* defaultParameterNames -> passQueryParameter
* move comment
* minor refactor in PathIdentificationTest, expand CLAUDE.md to include early identification section
* Fix COLOR_FLAG
* improve test name
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* TenancyUrlGenerator: add a check for queryParameterName being null
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Fix code style (php-cs-fixer)
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* Skip ScopeSessions MW if the current context is central and the route is universal
* Add regressiont test
* Simplify code
---------
Co-authored-by: Samuel Štancl <samuel@archte.ch>
* cleanup, resolve todos, add immediate todos
* Improve path_identification_middleware docblock
* rename leave() method in tests
* wip fix hardcoded values making assumptions about the parameters used in routing
* defaultParameterNames
* fix CreatesDatabaseUsers return values
* $tenant -> tenant()
* resolve more todos
* make comment block a complete block
* Correct useTenantRoutesInFortify(), delete unused import
* test fixes
* remove todos
* remove JobPipeline todo
* simplify comment example
* remove todo
* fix VERSION_PREFIX in queue.yml
---------
Co-authored-by: lukinovec <lukinovec@gmail.com>
* Declare sensitive parameters as sensitive
... just so that they don't show up in logs
* Remove unnecessary null-coalescing
* Simplify return
* Merge isset() calls
* Inline return
* Use nullsafe operator
* Simplify if-else branches
* Use direct empty string comparison instead of strlen()
* Add missing type
* Change interface as events expect a TenantWithDatabase not just a Tenant
* Narrow typehint
* Remove redundant type casts
* Fix style with php-cs-fixer
* Fix typos
* Revert unwanted if-else simplification
* fix phpstan errors
* narrow type
---------
Co-authored-by: Samuel Štancl <samuel@archte.ch>
This makes it possible to have Domain records in both `foo` and
`foo.{centralDomain}` format when using the combined domain/subdomain
identification middleware, or the origin header id mw which extends it.
This commit also refactors some related logic.
* Make universal route logic part of tbe early ID trait
* Add requstHasTenant to prevent access MW, add todo@samuel
* Delete PathIdentificationManager, move the used methods appropriately
* Correct and refactor code related to the deleted PathIdentificationManager class
* Add docblock
* Fix code style (php-cs-fixer)
* refactor globalStackMiddleware()
* remove todos [ci skip]
* refactor routeMiddleware()
* revert bool assertions
* revert more changes
---------
Co-authored-by: PHP CS Fixer <phpcsfixer@example.com>
Co-authored-by: Samuel Štancl <samuel@archte.ch>
* Run cache tests on all supported drivers
* update ci healthcheck for memcached
* remove memcached healthcheck
* fix typos in test comments, expand internal.md [ci skip]
* add empty line [ci skip]
* switch to using $store->setPrefix()
* add dynamodb
* refactor try-finally to try-catch
* remove unnecessary clearResolvedInstances() call
* add dual Cache:: and cache() assertions
* add apc
* Flush APCu cache in test setup
* Revert "add dual Cache:: and cache() assertions"
This reverts commit a0bab162fbe2dd0d25e7056ceca4fb7ce54efc77.
* phpstan fix
* Add logic for scoping 'file' disks to FilesystemTenancyBootstrapper
* minor changes, add todos
* refactor how the session.connection is used in the DB session bootstrapper
* add session forgery prevention logic to the db session bootstrapper
* only use the fs bootstrapper for file disk in 'cache data is separated' dataset
* minor session scoping test changes
* Add session scoping logic to FilesystemTenancyBootstrapper, correctly update disk roots even with storage_path_tenancy disabled
* Fix code style (php-cs-fixer)
* update docblock
* make not-null check more explicit
* separate bootstrapper tests, fix swapped test names for two tests
* refactor cache bootstrapper tests
* resolve global cache todo
* expand tests: session separation tests, more filesystem separation assertions; change prefix_base-type config keys to templates/formats
* add apc session scoping test, various session separation bugfixes
* phpstan + minor logic fixes
* prefix_format -> prefix
* fix database session separation test
* revert composer.json changes, update laravel dependencies to expected next release
* only run session scoping logic in cache bootstrapper for redis, memcached, dynamodb, apc; update gitattributes
* tenancy.central_domains -> tenancy.identification.central_domains
* db session separation test: add datasets
---------
Co-authored-by: PHP CS Fixer <phpcsfixer@example.com>
* resolver refactor
* Fix code style (php-cs-fixer)
* make tenant column used in PathTenantResolver configurable, fix phpstan errors, minor improvements
* support binding route fields, write tests for customizable tenant columns
* Invalidate cache for all possible columns in path resolver
* implement proper cache separation logic for different columns used by PathTenantResolver
* improve return type
---------
Co-authored-by: PHP CS Fixer <phpcsfixer@example.com>
* Add origin ID MW
* Test origin ID MW
* Test origin ID MW with early identification
* Fix code style (php-cs-fixer)
* Fix PHPStan errors
* Add getDomain() to domain ID MW, simplify origin ID MW
* Fix code style (php-cs-fixer)
* Rename InitializeTenancyByOrigin to InitializeTenancyByOriginHeader
* Add onFail test
* Stop throwing the exception in getDomain()
* FIx merge
* Improve origin identification test file
* Clean up test
---------
Co-authored-by: PHP CS Fixer <phpcsfixer@example.com>
* Stop bypassing tenancy initialization when host is central domain in domain ID MW
* Delete dataset for testing global domain ID MW + route-level prevent access MW
* Provide ID MW statically in TenantAssetController
* Fix code style (php-cs-fixer)
---------
Co-authored-by: PHP CS Fixer <phpcsfixer@example.com>
* Allow cloning routes when only kernel identification is used, explicitly enable specific cloning modes
* Explicitly enable needed clone modes in tests, use "clone" instead of "reregister"
* Fix code style (php-cs-fixer)
* Use "cloning" instead of "re-registration" in UniversalRouteTest
* Only clone routes using path identification
* Revert clone mode changes
* Fix code style (php-cs-fixer)
* Update comment
* Skip cloning 'stancl.tenancy.asset' by default
* Decide which routes should get cloned in the filtering step, improve method organization
* Return `RouteMode::UNIVERSAL` in getMiddlewareContext if route is universal
* Give universal route the path ID MW so that it gets cloned
* Fix code style (php-cs-fixer)
* Simplify UsableWithEarlyIdentification code
* Handle universal route mode in ForgetTenantParameter
* Fix code style (php-cs-fixer)
* Rename getMiddlewareContext to getRouteMode
* Append '/' to the route prefix
* Rename variable
* Wrap part of condition in parentheses
* Refresh name lookups after cloning routes
* Test giving tenant flag to cloned routes
* Add routeIsUniversal method
* Correct ForgetTenantParameter condition
* Improve tenant flag giving logic
* Improve test name
* Delete leftover testing code
* Put part of condition into `()`
* Improve CloneRoutesAsTenant code + comments
* Extract route mode-related code into methods, refactor and improve code
* Improve ForgetTenantParameter, test tenant parameter removing in universal routes
* Fix code style (php-cs-fixer)
* Fix test
* Simplify adding tenant flag
* Don't skip stancl.tenancy.asset route cloning
* clean up comment
* fix in_array() argument
* Fix code style (php-cs-fixer)
---------
Co-authored-by: PHP CS Fixer <phpcsfixer@example.com>
Co-authored-by: Samuel Štancl <samuel.stancl@gmail.com>
* Update url binding bootstrapper test
* Fix parent::temporarySignedRoute() call
* Add universal route tests for all identification types
* Improve determineContextFromRequest()
* Add setting `TenancyUrlGenerator::$prefixRouteNames` to true in TSP stub
* Delete seemingly redundant test (making one route universal won't make all routes universal in any case)
* Use collection syntax in ReregisterUniversalRoutes
* Improve comments
* Add domain identification MW annotation
* Update condition in GloballyUsable
* Set `tenancy.bootstrappers` instead of adding the bootstrappers using `tenancy.bootstrappers.x`, move test
* Revert GloballyUsable condition change
* Delete assigning bootstrappers to tenancy.bootstrappers.x
* Exclude cache prefixing bootstrapper from the initial configuration
* Fix test
* Unset bypass parameter
* Set static kernel identification-related properties in TestCase
* Update bootstrapper name in annotation
* Move unset() into a condition
* Update TenancyUrlGenerator condition
* Set static properties without instantiating Tenancy
* Fix unsetting bypass parameter
* formatting changes
* add a comment
* improve docblock
* add docblock to TenancyUrlGenerator [ci skip]
* docblock changes [ci skip]
* Update TenancyUrlGenerator (rename variable, allow bypassing prefixing temporarySignedRoute name)
* Improve determineContextFromRequest
* Only return the new url generator instance when extending 'url' in UrlBindingBootstrapper
* Check route's MW groups for the path ID MW
* Remove extra imports from config
* Rename MiddlewareContext to Context, add condition for skipping ID MW
* Set only the needed bootstrappers in TestCase
* Fix code style (php-cs-fixer)
* Remove condition
* Use correct return type
* Fix PHPStan issue
* Update comment
* Check for tenant parameter instead of prefix
* Update shouldBeSkipped condition for universal routes
* Don't remove the 'universal' MW group after route re-registration, update test
* Fix code style (php-cs-fixer)
* Fix typo
* Add test for mixing placement of access prevention and identification MW
* Add test for mixing placement of access prevention and identification MW
* Update docblock
* Add setting the session and key resolvers in UrlBindingBootstrapper (required with LW file uploads)
* Update stub
* Update variable name in route reregistering action
* Add trailing comma
* Fix code style (php-cs-fixer)
* Require routes using path identification to be flagged as tenant in order to be recognized as tenant routes
* Add tenant flag while re-registering routes
* Update determineContextFromRequest condition (wip)
* Fix code style (php-cs-fixer)
* Update the middleware context logic so that universal routes have to be flagged as tenant instead of just having ID MW
* Update path identification condition
* Fix re-registering the LW localized route (add 'tenant' MW)
* Update docblock
* Simplify LW route re-registration
* Add comment
* Update comment
* Simplify determineContextFromRequest, add comment
* Improve stub
* Add skipRoute method + test
* Fix typo
* Update assets/TenancyServiceProvider.stub.php
* Update src/Concerns/DealsWithEarlyIdentification.php
* Fix typo
Co-authored-by: Samuel Štancl <samuel.stancl@gmail.com>
* Improve comment
* Update test structure
* Restructure Fortify test
* code style
* Fix typo
* Update ReregisterUniversalRoutes annotation
* Only prefix route name if it wasn't already prefixed
* Add todo@docs
* Delete `Tenancy::$kernelAccessPreventionSkipped` and related logic
* Delete test tenant cleanup
* Test MW group unpacking, restructure and improve test
* Test that tenancy isn't initialized after visiting a central route with the tenant parameter
* Delete "in both central and tenant contexts" from test names
* Test that re-registering works with controllers too
* Set misc route properties during re-registering
* Determine context instead of guessing, update universal route tests
* Use randomly generated tenant ID instead of hardcoding `acme`
* Remove setting route validators
* Rename and update determine context method, add comments
* Update ForgetTenantParameter annotation
* Add comment
* Delete comment, delete variable assignment
* Update early domain identification test
* Improve domain identification tests (test defaulting accurately)
* Improve readability
* Simplify domain early ID test
* Use randomly generated tenant instead of 'acme'
* Simplify request data ID test, use random tenant instead of 'acme'
* Simplify defaulting domain identification test
* Use RouteFacade alias for the Route facade, improve test code
* Add defaulting to the request data and path ID tests
* Merge path identification tenant parameter removal tests, clean up
* Correct wording
Co-authored-by: Samuel Štancl <samuel.stancl@gmail.com>
* Delete debugging things from UniversalRouteTest
* Update annotation
* Add `// Creates a matrix`
* Improve comment wording
* Add MiddlewareUsableWithUniversalRoutes, refactor code accordingly
* Fix code style (php-cs-fixer)
* Delete debugging leftovers
* Delete unused import
* Update universal route GloballyUsable condition
* Don't implement the universal route interface in access prevention MW
* Check if request host is in the central domains in domain ID MW
* Test universal routes with domain identification without access prevent MW
* Test that universal routes work only with identification MW implementing the universal route interface
* Fix code style (php-cs-fixer)
* Rename GloballyUsable to UsableWithEarlyIdentification
* Fix annotation
* Update requestHasTenant annotations
* Update comment
* Add `with()` comments
* Add with() comments where missing
* Rename interface, update/add comments
* Rename exception, update its default message
* Fix code style (php-cs-fixer)
* Fix interface name
* Delete redundant code from subdomain ID MW
* Change domainOrSubdomain ID MW so that instead of passing the identification to other MWs, it happens in the domainOrSubdomain MW
* Test domainOrSubdomain identification with universal routes
* Fix code style (php-cs-fixer)
* Rename universal routes interface
* Fix code style (php-cs-fixer)
* Try explaining forgetting the tenant parameter better
* update interface name reference
* uncouple example from query parameters
* Update ForgetTenantParameter.php
* Update ForgetTenantParameter annotation
* Check both routeHasMiddleware and routeHasIdentificationMiddleware in the route MW detection test
* Hardcode tenant subdomain
* Delete redundant event listening code
* Delete unused imports
* Delete misuse of `tenancy()->getMiddlewareContext()` from conditions
* Delete unused variable
* Update comment
* Correct request data identification test (defaulting)
* Fix defaulting in path id test
* Move default route context configuration in domian id test
* Rename and update the tenant parameter test
* Delete extra tenant parameter test
* Use `tenant-domain.test` instead of `127.0.0.2`
* Add `default_to_universal_routes` config key
* Deal with defaulting to universal routes in the reregistering action
* Update logic to make defaulting to universal routes possible
* Test defaulting to universal routes
* Fix code style (php-cs-fixer)
* Delete extra tests
* Delete "without access prevention" from datasets
* Add defaulting to universal routes to datasets
* Override universal flag by central/tenant flag
* Add universal flag overriding test
* Update "a route can be universal in both route modes" so that the name corresponds with the tested thing
* Ignore the PHPStan error
* Reset `InitializeTenancyByPath::$onFail` in PathIdentificationTest
* Simplify expression
* Use 'Tenancy (not) initialized.' in instead of `tenant()?->getTenantKey()` for better assertions
* Properly test removing tenant parameter
* Reset static properties in tests
* Correct comments in EarlyIdentificationTest
* Add comment
* Add detail to annotation
* Throw exception if payload isn't string or null in request data ID MW
* Fix code style (php-cs-fixer)
* Delete static `$kernelIdentificationSkipped` property, use `$request->attributes` instead
* Use 'default_route_mode' instead of 'default_to_tenant/universal_routes'
* Fix code style (php-cs-fixer)
* Make path identification MW, tenantParameterName and tenantRouteNamePrefix configurable in ReregisterUniversalRoutes
* Delete unused import
* Add `$passTenantParameterToRoute` to TenancyUrlGenerator
* Use `$passTenantParameterToRoute` in BootstrapperTest
* Bypass tenant parameter passing
* Improve TenancyUrlGenerator so that both ID methods work
* Fix code style (php-cs-fixer)
* Improve TenancyUrlGenerator readability
* Add modifyBehavior() to TenancyUrlGenerator
* Fix code style (php-cs-fixer)
* Improve comment
* Toggle route name prefixing in path/request data ID MW (route-level identification)
* Fix code style (php-cs-fixer)
* Add path identification MW config key, add `getTenantParameterName()` to ForgetTenantParameter
* Fix code style (php-cs-fixer)
* Fix modifyBehavior and routeBehaviorModificationBypassed
* Add type to `$parameters` parameter
* Split modifyBehavior into two methods, don't pass name and parameters by reference
* Update UrlBindingBootstrapper annotation
* Correct naming in tests (request data -> query string identification)
* Add info to annotation
* Pass arrays to the behavior modification methods instead of `mixed`
* Fix default value of static property in Fortify bootstrapper
* Fix code style (php-cs-fixer)
* Correct annotation
* Enable prefixing routes directly using path identification MW
* Test re-registration of routes with path ID MW
* Prefix names of routes directly using path ID MW
* Fix code style (php-cs-fixer)
* Add Livewire v3 integration example to TSP stub
* Prefix route name only if it's not prefixed already
* Rename ReregisterUniversalRoutes to ReregisterRoutesAsTenant
* Fix code style (php-cs-fixer)
* Improve ReregisterRoutesAsTenant
* Add/update TenancyUrlGenerator docblocks
* Update action name in comments/test names
* Update reregister action annotation
* Delete unused imports
* Improve comments
* Make method protected
* Improve TenancyUrlGenerator code
* Test bypass parameter removal
* Fix comment
* Update annotation
* Improve shouldReregisterRoute
* Fix typo, delete redundant comment
* Improve skipRoute
* Improve shouldBeSkipped
* Add and test `$passTenantParameterToRoutes`
* add a comment
* Fix typo in comment
* Pass array as $parameters in prepareRouteInputs
* Make path_identification_middleware an array
* Fix code style (php-cs-fixer)
* Fix ReregisterRouteAsTenant
* Move tenantParameterName and tenantRouteNamePrefix getting to PathIdentificationManager
* Make PathIdentificationManager properties `Closure|null`
* Fix code style (php-cs-fixer)
* Fix PathIdentificationManager
* Update comments
* Use foreach for dataset definition
* Extract repetitive inGlobalStack and routeHasMiddleware calls
* Refactor PathIdentificationManager
* Update TenancyUrlGenerator annotation
* Add $skippedRoutes, refactor ReregisterRoutesAsTenant
* Improve reregisterRoute
* Update re-register action annotation
* update test name
* Make PathIdentificationManager methods static again, update comments
* Add test comment
* Update ForgetTenantParameter annotation
* Improve route re-registration condition, add comment
* Change "re-register" to "clone"
* minor code improvements
---------
Co-authored-by: lukinovec <lukinovec@gmail.com>
Co-authored-by: Samuel Štancl <samuel.stancl@gmail.com>
Co-authored-by: PHP CS Fixer <phpcsfixer@example.com>
* wip
* Improve tests
* rename class
* wip
* improve tests
* introduce early identification middlewares
* Update PreventAccessFromCentralDomains.php
* method rename
* method rename
* Update UniversalRouteTest.php
* Update UniversalRouteTest.php
* Update EarlyIdentificationTest.php
* remove early classes and add check in existing classes
* MWs improvements
* Update UniversalRouteTest.php
* Fix code style (php-cs-fixer)
* trigger ci
* fix failing test after merge
* add test for universal route in early identification
* Update InitializeTenancyByDomain.php
* Update UniversalRouteTest.php
* remove `routeHasMiddleware` method from MW and use the UniversalRoutes class method
* helper dockblock
* add test
* handle universal routes in early identification
* remove UniversalRoute class because we are not using it anymore
* rename class from PreventAccessFromCentralDomains to PreventAccessFromUnwantedDomains
* improvements after self review
* Update PreventAccessFromUnwantedDomains.php
* remove inline class namespaces
* remove DomainTenant class and use the Tenant class
* update comment
* removed custom expection and add method
* Update tests/EarlyIdentificationTest.php
Co-authored-by: Samuel Štancl <samuel.stancl@gmail.com>
* use ltrim and simplify the comment
* remove comments and typhint
* dataset and keys rename
* rename $route parameter
* removed helper functions
* fix style
* Update InitializeTenancyByPath.php
* Update tests/EarlyIdentificationTest.php
* code style
* improve subdomain test
* use TenancyInitialized event and remove DomainTenant alias
* remove comment and move expectException below
* code style
* use TenancyInitialized event
* improve test
* improve datasets
* Initialized -> Initializing
* Update InitializeTenancyByPath.php
* remove todo
* Fix code style (php-cs-fixer)
* refactor helper method
* Update UniversalRouteTest.php
* add note above test
* remove after each hook
* renamed universal_middleware to global_middleware
* remove helper and improve url names
* change check position
* Revert "change check position"
This reverts commit e4371d2f3aa8ad7ae5e5b7d15781b72a5f1be03c.
* repositioned central check
* add comment
Co-authored-by: PHP CS Fixer <phpcsfixer@example.com>
Co-authored-by: Samuel Štancl <samuel.stancl@gmail.com>
* Add bring up from maintenance function
* Add up and down tenant maintenance commands
* Rename commands signatures
* Update TenancyServiceProvider.php
* Complying to Laravel maintenance code and parameters
* Update MaintenanceModeTest.php
* Add maintenance mode via commands test
* Update CheckTenantForMaintenanceMode.php
* Update MaintenanceModeTest.php
* Cookie bypass only for > Laravel 8
* minor formatting change, trigger CI
* clean
* Update MaintenanceModeTest.php
* Add comments for using the 'tenants' option in runForMultiple
* improve code
* php-cs-fixer
* fix php cs fixer config
* improve test logic
* remove version check since v4 will be L9+
Co-authored-by: Samuel Štancl <samuel@archte.ch>
Co-authored-by: lukinovec <lukinovec@gmail.com>
Co-authored-by: Samuel Štancl <samuel.stancl@gmail.com>
* Test on Laravel 9
* Don't extend final Kernel class
* Make FilesystemTenancyBootstrapper compatible with Flysystem v3
Co-authored-by: George <jiri.zizka@funfirst.cz>
* Update tenant maintenance mode te be in line with Laravel
* Exclude PHP 7.4 <> L9 combination from testing
* add root_override-related assertions
* getPrefix -> getPathPrefix
* handle / inconsistency in s3 prefix
* Refactor Storage facade changes
Co-authored-by: George <jiri.zizka@funfirst.cz>
Co-authored-by: Samuel Štancl <samuel.stancl@gmail.com>
