archtechx/tenancy
1
0
Fork 0
mirror of https://github.com/archtechx/tenancy.git synced 2026-05-07 10:54:03 +00:00
Code Activity
1466 commits 24 branches 93 tags 11 MiB
Commit graph

1466 commits

This branch
This branch
All branches
Author SHA1 Message Date
lukinovec
66ae88a325 Fix non-string parameter validation assertion 2026-05-04 13:26:01 +02:00
lukinovec
e59195eefe Improve coverage 
Cover non-string parameter validation and in-memory DB name validation
 2026-05-04 13:04:57 +02:00
lukinovec
bdbfbd4561 Remove extra variable 2026-05-04 12:32:25 +02:00
lukinovec
de913486e0 Specify exception message in assertions 2026-05-04 12:27:46 +02:00
lukinovec
6ed9975e85 Catch broader range of exceptions (harden() in DB bootstrapper) 2026-05-04 12:14:39 +02:00
lukinovec
98a808bb98 Quote schema names in GRANT statements 
PermissionControlledPostgreSQLDatabaseManager now uses the same quoting in GRANT statements as its schema counterpart.
 2026-05-04 11:59:11 +02:00
github-actions[bot]
fec170ada9 Fix code style (php-cs-fixer) 2026-05-04 09:55:13 +00:00
lukinovec
338526d9fb Query for MySQL defaults instead of assuming them in charset test 2026-05-04 11:54:45 +02:00
lukinovec
2b3466f951 Check the current DB name instead of configured one in harden() 2026-05-04 11:48:55 +02:00
lukinovec
405aaafb4e Handle MySQL charset and collation 
Make createDatabase execute CREATE DATABASE without passing charset and collation so that if these parameters are null, the MySQL server's defaults will be used. Only add charset and collation to the statement if they're not null.
 2026-05-04 11:15:51 +02:00
lukinovec
ea20eb13b6 Validate in-memory DBs outside of isInMemory 
isInMemory should check if the name looks ilke an in-memory database name and return bool (it shouldn't throw validation errors).

Also, make the validation methods non-static.
 2026-05-01 15:22:40 +02:00
lukinovec
429e0985fd Improve code quality and comments 2026-05-01 15:17:38 +02:00
lukinovec
26c161a940 Add regression test for makeConnectionConfig not working correctly with custom $path 
In makeConnectionConfig, changing the $this->getPath($databaseName) line back to `$baseConfig['database'] = database_path($databaseName);` will make the added test fail.
 2026-05-01 15:16:54 +02:00
lukinovec
7660ddd3ab Improve readability of harden() call 2026-05-01 14:43:27 +02:00
lukinovec
7f93f4460a Test that the SQLite DB manager recognizes in-memory DBs 2026-05-01 14:35:18 +02:00
lukinovec
9a9adc0d99 Use getPath() in makeConnectionConfig() 
makeConnectionConfig() would use database_path() to generate the DB path, which is correct only when the $path static property is null.
 2026-05-01 14:27:56 +02:00
lukinovec
e48d822772 Validate SQLite DB name unconditionally in getPath() 2026-05-01 14:15:47 +02:00
github-actions[bot]
7683befa54 Fix code style (php-cs-fixer) 2026-05-01 12:10:13 +00:00
lukinovec
48b4837905 Validate in-memory db names, move SQLite-specific methods to the SQLiteManager 2026-05-01 14:09:56 +02:00
lukinovec
7363318f6e Make in-memory DB detection more strict 
In-memory DBs have to start with "file:_tenancy_inmemory_". This prevents path traversal.
 2026-05-01 13:09:37 +02:00
lukinovec
b1f0d0a43c
Get central DB from config in harden test 
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 2026-05-01 12:34:28 +02:00
lukinovec
2ae1f79d50 Cover empty string parameters 2026-05-01 12:32:03 +02:00
lukinovec
0ce3d863ce DATABASE_URL test: set config for both datasets 2026-05-01 12:11:00 +02:00
lukinovec
52f6857302 If harden throws an exception, revert connection back to central 2026-05-01 12:08:02 +02:00
lukinovec
f5f5f1d4aa Fix DB bootstrapper test 
"database tenancy bootstrapper throws an exception if DATABASE_URL is set" was failing with the null $databaseUrl because the tenant DB was never created. This test was ignored during test runs because the test file lacked the 'Test' suffix.
 2026-05-01 11:53:27 +02:00
github-actions[bot]
fc6a931a32 Fix code style (php-cs-fixer) 2026-05-01 09:50:30 +00:00
lukinovec
fbd1e02564 Correct DatabaseTenancyBootstrapper test filename 
DatabaseTenancyBootstrapper is ignored by ./t, it should be suffixed with 'Test'.
 2026-05-01 11:50:01 +02:00
lukinovec
665404e7fa Add DatabaseTenancyBootstrapper::$harden 
Since It's possible to update tenant's db_name to the central DB or the DB of another tenant. Setting $harden to true prevents tenants from connecting to the wrong databases.
 2026-05-01 11:44:56 +02:00
lukinovec
1a01164b87 Make validateFilename accept string instead of ?string 2026-05-01 10:46:37 +02:00
lukinovec
2bdda23a56 Disallow empty strings as filenames 2026-05-01 10:37:22 +02:00
github-actions[bot]
f3836cc623 Fix code style (php-cs-fixer) 2026-05-01 07:34:32 +00:00
lukinovec
9611a05f35 Skip null parameters, throw for other non-string parameters 2026-05-01 09:34:11 +02:00
lukinovec
e8168eb0b9 Add string check to validateFilename, swap validation order 
Validate characters first, only then throw if the filename is a directory.
 2026-05-01 09:16:17 +02:00
lukinovec
d3607f84bf Use 'allowedCharacters' instead of 'allowlist', code quality 2026-05-01 09:11:55 +02:00
lukinovec
76c324d758 Add validateFilename() 
Use validateFilename instead of validateParameter in SQLiteDatabaseManager. Directories are no longer considered valid SQLite database names.
 2026-05-01 09:03:50 +02:00
lukinovec
2bd3a868ec Quote database parameter in GRANT statement for consistency 
The database name is always quoted in statements (without binding) now.
 2026-04-30 16:14:06 +02:00
lukinovec
37a4c7dd27 Check if paremeter is string 2026-04-30 15:08:46 +02:00
lukinovec
bacbf934e1 Improve validation exception message 2026-04-30 14:52:53 +02:00
lukinovec
50ea524ad2 Simplify test, improve comments 2026-04-30 11:16:39 +02:00
lukinovec
4bdb877ca4 Cover null parameter skipping 
Also cover that in-memory db names aren't validated in databaseExists
 2026-04-30 10:45:29 +02:00
lukinovec
46f73c42ad Improve ValidatesDatabaseParameters comments, delete extra early return 2026-04-30 10:44:36 +02:00
lukinovec
322257f456 Validate SQLite filename in databaseExists 
Add validation so that a malicious tenant DB name can't be used to detect if a file exists.
 2026-04-30 09:49:03 +02:00
lukinovec
75b74f2e6c Make validateParameter have void return type 2026-04-30 09:28:48 +02:00
lukinovec
f3f1ab977a
Skip null parameters in validateParameter 
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 2026-04-30 09:15:18 +02:00
lukinovec
85929493d5 Improve ValidatesDatabaseParameters docblocks 2026-04-29 17:35:11 +02:00
lukinovec
740d53e9cc Rename ValidatesSqlParameters to ValidatesDatabaseParameters 2026-04-29 17:35:11 +02:00
lukinovec
4a3e6bae00 Test invalid passwords, improve test name and comments 2026-04-29 17:35:11 +02:00
lukinovec
0fdb8b2041 Validate user passwords in DB managers 
Also, make the validateParameter method ignore null parameters, e.g. for cases when tenants are created using Tenant::make() without tenancy_db_username set -- $databaseConfig->getUsername() allows null, same should go for the validate method whose only concern is checking strings for invalid characters.
 2026-04-29 17:35:11 +02:00
lukinovec
db03997339 Validate SQLite DB names in create/deleteDatabase() 
Also stop skipping the validation test for sqlite.
 2026-04-29 17:35:11 +02:00
lukinovec
d5087d19c5 Extract parameter validation into a trait 
Also, use parameterAllowlist() instead of the static property (so that we can e.g. override it later in SQLiteDatabaseManager, since overriding the static property doesn't work).
 2026-04-29 17:35:11 +02:00