archtechx/tenancy
1
0
Fork 0
mirror of https://github.com/archtechx/tenancy.git synced 2025-12-12 14:14:04 +00:00
Code Activity
tenancy/tests/PreventAccessFromUnwantedDomainsTest.php
Abrar Ahmad 1d0ca27bc8
Central routes without Route::domain(), configurable tenant/central routes by default for domain/subdomain identification, allow accessing central routes in early identification for path & request data middleware (#3) 
* Update url binding bootstrapper test

* Fix parent::temporarySignedRoute() call

* Add universal route tests for all identification types

* Improve determineContextFromRequest()

* Add setting `TenancyUrlGenerator::$prefixRouteNames` to true in TSP stub

* Delete seemingly redundant test (making one route universal won't make all routes universal in any case)

* Use collection syntax in ReregisterUniversalRoutes

* Improve comments

* Add domain identification MW annotation

* Update condition in GloballyUsable

* Set `tenancy.bootstrappers` instead of adding the bootstrappers using `tenancy.bootstrappers.x`, move test

* Revert GloballyUsable condition change

* Delete assigning bootstrappers to tenancy.bootstrappers.x

* Exclude cache prefixing bootstrapper from the initial configuration

* Fix test

* Unset bypass parameter

* Set static kernel identification-related properties in TestCase

* Update bootstrapper name in annotation

* Move unset() into a condition

* Update TenancyUrlGenerator condition

* Set static properties without instantiating Tenancy

* Fix unsetting bypass parameter

* formatting changes

* add a comment

* improve docblock

* add docblock to TenancyUrlGenerator [ci skip]

* docblock changes [ci skip]

* Update TenancyUrlGenerator (rename variable, allow bypassing prefixing temporarySignedRoute name)

* Improve determineContextFromRequest

* Only return the new url generator instance when extending 'url' in UrlBindingBootstrapper

* Check route's MW groups for the path ID MW

* Remove extra imports from config

* Rename MiddlewareContext to Context, add condition for skipping ID MW

* Set only the needed bootstrappers in TestCase

* Fix code style (php-cs-fixer)

* Remove condition

* Use correct return type

* Fix PHPStan issue

* Update comment

* Check for tenant parameter instead of prefix

* Update shouldBeSkipped condition for universal routes

* Don't remove the 'universal' MW group after route re-registration, update test

* Fix code style (php-cs-fixer)

* Fix typo

* Add test for mixing placement of access prevention and identification MW

* Add test for mixing placement of access prevention and identification MW

* Update docblock

* Add setting the session and key resolvers in UrlBindingBootstrapper (required with LW file uploads)

* Update stub

* Update variable name in route reregistering action

* Add trailing comma

* Fix code style (php-cs-fixer)

* Require routes using path identification to be flagged as tenant in order to be recognized as tenant routes

* Add tenant flag while re-registering routes

* Update determineContextFromRequest condition (wip)

* Fix code style (php-cs-fixer)

* Update the middleware context logic so that universal routes have to be flagged as tenant instead of just having ID MW

* Update path identification condition

* Fix re-registering the LW localized route (add 'tenant' MW)

* Update docblock

* Simplify LW route re-registration

* Add comment

* Update comment

* Simplify determineContextFromRequest, add comment

* Improve stub

* Add skipRoute method + test

* Fix typo

* Update assets/TenancyServiceProvider.stub.php

* Update src/Concerns/DealsWithEarlyIdentification.php

* Fix typo

Co-authored-by: Samuel Štancl <samuel.stancl@gmail.com>

* Improve comment

* Update test structure

* Restructure Fortify test

* code style

* Fix typo

* Update ReregisterUniversalRoutes annotation

* Only prefix route  name if it wasn't already prefixed

* Add todo@docs

* Delete `Tenancy::$kernelAccessPreventionSkipped` and related logic

* Delete test tenant cleanup

* Test MW group unpacking, restructure and improve test

* Test that tenancy isn't initialized after visiting a central route with the tenant parameter

* Delete "in both central and tenant contexts" from test names

* Test that re-registering works with controllers too

* Set misc route properties during re-registering

* Determine context instead of guessing, update universal route tests

* Use randomly generated tenant ID instead of hardcoding `acme`

* Remove setting route validators

* Rename and update determine context method, add comments

* Update ForgetTenantParameter annotation

* Add comment

* Delete comment, delete variable assignment

* Update early domain identification test

* Improve domain identification tests (test defaulting accurately)

* Improve readability

* Simplify domain early ID test

* Use randomly generated tenant instead of 'acme'

* Simplify request data ID test, use random tenant instead of 'acme'

* Simplify defaulting domain identification test

* Use RouteFacade alias for the Route facade, improve test code

* Add defaulting to the request data and path ID tests

* Merge path identification tenant parameter removal tests, clean up

* Correct wording

Co-authored-by: Samuel Štancl <samuel.stancl@gmail.com>

* Delete debugging things from UniversalRouteTest

* Update annotation

* Add `// Creates a matrix`

* Improve comment wording

* Add MiddlewareUsableWithUniversalRoutes, refactor code accordingly

* Fix code style (php-cs-fixer)

* Delete debugging leftovers

* Delete unused import

* Update universal route GloballyUsable condition

* Don't implement the universal route interface in access prevention MW

* Check if request host is in the central domains in domain ID MW

* Test universal routes with domain identification without access prevent MW

* Test that universal routes work only with identification MW implementing the universal route interface

* Fix code style (php-cs-fixer)

* Rename GloballyUsable to UsableWithEarlyIdentification

* Fix annotation

* Update requestHasTenant annotations

* Update comment

* Add `with()` comments

* Add with() comments where missing

* Rename interface, update/add comments

* Rename exception, update its default message

* Fix code style (php-cs-fixer)

* Fix interface name

* Delete redundant code from subdomain ID MW

* Change domainOrSubdomain ID MW so that instead of passing the identification to other MWs, it happens in the domainOrSubdomain MW

* Test domainOrSubdomain identification with universal routes

* Fix code style (php-cs-fixer)

* Rename universal routes interface

* Fix code style (php-cs-fixer)

* Try explaining forgetting the tenant parameter better

* update interface name reference

* uncouple example from query parameters

* Update ForgetTenantParameter.php

* Update ForgetTenantParameter annotation

* Check both routeHasMiddleware and routeHasIdentificationMiddleware in the route MW detection test

* Hardcode tenant subdomain

* Delete redundant event listening code

* Delete unused imports

* Delete misuse of `tenancy()->getMiddlewareContext()` from conditions

* Delete unused variable

* Update comment

* Correct request data identification test (defaulting)

* Fix defaulting in path id test

* Move default route context configuration in domian id test

* Rename and update the tenant parameter test

* Delete extra tenant parameter test

* Use `tenant-domain.test` instead of `127.0.0.2`

* Add `default_to_universal_routes` config key

* Deal with defaulting to universal routes in the reregistering action

* Update logic to make defaulting to universal routes possible

* Test defaulting to universal routes

* Fix code style (php-cs-fixer)

* Delete extra tests

* Delete "without access prevention" from datasets

* Add defaulting to universal routes to datasets

* Override universal flag by central/tenant flag

* Add universal flag overriding test

* Update "a route can be universal in both route modes" so that the name corresponds with the tested thing

* Ignore the PHPStan error

* Reset `InitializeTenancyByPath::$onFail` in PathIdentificationTest

* Simplify expression

* Use 'Tenancy (not) initialized.' in instead of `tenant()?->getTenantKey()` for better assertions

* Properly test removing tenant parameter

* Reset static properties in tests

* Correct comments in EarlyIdentificationTest

* Add comment

* Add detail to annotation

* Throw exception if payload isn't string or null in request data ID MW

* Fix code style (php-cs-fixer)

* Delete static `$kernelIdentificationSkipped` property, use `$request->attributes` instead

* Use 'default_route_mode' instead of 'default_to_tenant/universal_routes'

* Fix code style (php-cs-fixer)

* Make path identification MW, tenantParameterName and tenantRouteNamePrefix configurable in ReregisterUniversalRoutes

* Delete unused import

* Add `$passTenantParameterToRoute` to TenancyUrlGenerator

* Use `$passTenantParameterToRoute` in BootstrapperTest

* Bypass tenant parameter passing

* Improve TenancyUrlGenerator so that both ID methods work

* Fix code style (php-cs-fixer)

* Improve TenancyUrlGenerator readability

* Add modifyBehavior() to TenancyUrlGenerator

* Fix code style (php-cs-fixer)

* Improve comment

* Toggle route name prefixing in path/request data ID MW (route-level identification)

* Fix code style (php-cs-fixer)

* Add path identification MW config key, add `getTenantParameterName()` to ForgetTenantParameter

* Fix code style (php-cs-fixer)

* Fix modifyBehavior and routeBehaviorModificationBypassed

* Add type to `$parameters` parameter

* Split modifyBehavior into two methods, don't pass name and parameters by reference

* Update UrlBindingBootstrapper annotation

* Correct naming in tests (request data -> query string identification)

* Add info to annotation

* Pass arrays to the behavior modification methods instead of `mixed`

* Fix default value of static property in Fortify bootstrapper

* Fix code style (php-cs-fixer)

* Correct annotation

* Enable prefixing routes directly using path identification MW

* Test re-registration of routes with path ID MW

* Prefix names of routes directly using path ID MW

* Fix code style (php-cs-fixer)

* Add Livewire v3 integration example to TSP stub

* Prefix route name only if it's not prefixed already

* Rename ReregisterUniversalRoutes to ReregisterRoutesAsTenant

* Fix code style (php-cs-fixer)

* Improve ReregisterRoutesAsTenant

* Add/update TenancyUrlGenerator docblocks

* Update action name in comments/test names

* Update reregister action annotation

* Delete unused imports

* Improve comments

* Make method protected

* Improve TenancyUrlGenerator code

* Test bypass parameter removal

* Fix comment

* Update annotation

* Improve shouldReregisterRoute

* Fix typo, delete redundant comment

* Improve skipRoute

* Improve shouldBeSkipped

* Add and test `$passTenantParameterToRoutes`

* add a comment

* Fix typo in comment

* Pass array as $parameters in prepareRouteInputs

* Make path_identification_middleware an array

* Fix code style (php-cs-fixer)

* Fix ReregisterRouteAsTenant

* Move tenantParameterName and tenantRouteNamePrefix getting to PathIdentificationManager

* Make PathIdentificationManager properties `Closure|null`

* Fix code style (php-cs-fixer)

* Fix PathIdentificationManager

* Update comments

* Use foreach for dataset definition

* Extract repetitive inGlobalStack and routeHasMiddleware calls

* Refactor PathIdentificationManager

* Update TenancyUrlGenerator annotation

* Add $skippedRoutes, refactor ReregisterRoutesAsTenant

* Improve reregisterRoute

* Update re-register action annotation

* update test name

* Make PathIdentificationManager methods static again, update comments

* Add test comment

* Update ForgetTenantParameter annotation

* Improve route re-registration condition, add comment

* Change "re-register" to "clone"

* minor code improvements

---------

Co-authored-by: lukinovec <lukinovec@gmail.com>
Co-authored-by: Samuel Štancl <samuel.stancl@gmail.com>
Co-authored-by: PHP CS Fixer <phpcsfixer@example.com>
2023-08-03 00:23:26 +02:00

235 lines
9.8 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
declare(strict_types=1);
use Stancl\Tenancy\RouteMode;
use Illuminate\Contracts\Http\Kernel;
use Illuminate\Support\Facades\Route;
use Stancl\Tenancy\Middleware\InitializeTenancyByDomain;
use Stancl\Tenancy\Middleware\InitializeTenancyBySubdomain;
use Stancl\Tenancy\Middleware\PreventAccessFromUnwantedDomains;
use Stancl\Tenancy\Middleware\InitializeTenancyByDomainOrSubdomain;
use Stancl\Tenancy\Tests\Etc\EarlyIdentification\ControllerWithMiddleware;
test('correct routes are accessible in route-level identification', function (RouteMode $defaultRouteMode) {
config()->set([
'tenancy.default_route_mode' => $defaultRouteMode,
]);
if ($defaultRouteMode === RouteMode::TENANT) {
// Apply `central` middleware to central routes if routes default to `tenant`
$centralMiddleware = ['central', PreventAccessFromUnwantedDomains::class];
$tenantMiddleware = [PreventAccessFromUnwantedDomains::class, InitializeTenancyByDomain::class];
} else {
// Apply `tenant` middleware to `tenant` routes if routes default to `central`
$centralMiddleware = [PreventAccessFromUnwantedDomains::class];
$tenantMiddleware = ['tenant', PreventAccessFromUnwantedDomains::class, InitializeTenancyByDomain::class];
}
// Central route
Route::get('central-route', function () {
return 'central-route';
})->middleware($centralMiddleware);
// Tenant route
Route::get('tenant-route', function () {
return 'tenant-route';
})->middleware($tenantMiddleware);
$tenant = Tenant::create();
$tenant->domains()->create([
'domain' => 'foo.localhost',
]);
// Accessing tenant routes on central domains and vice versa is not allowed
pest()->get('http://localhost/tenant-route')->assertNotFound();
pest()->get('http://foo.localhost/central-route')->assertNotFound();
// Accessing central routes from central domains and vice versa is allowed
pest()->get('http://localhost/central-route')->assertOk();
pest()->get('http://foo.localhost/tenant-route')->assertOk();
})->with([
'default to tenant routes' => RouteMode::TENANT,
'default to central routes' => RouteMode::CENTRAL,
]);
test('correct routes are accessible in kernel identification', function (RouteMode $defaultRouteMode) {
// Defaulting to tenant routes only works when using identification middleware globally
app(Kernel::class)->pushMiddleware(PreventAccessFromUnwantedDomains::class);
app(Kernel::class)->pushMiddleware(InitializeTenancyByDomain::class);
config()->set([
'tenancy.default_route_mode' => $defaultRouteMode,
]);
$defaultToTenantRoutes = $defaultRouteMode === RouteMode::TENANT;
// Test that if we're defaulting to a route mode, we don't have to specify the mode middleware ('tenant'/'central') explicitly
if ($defaultToTenantRoutes) {
// Apply `central` middleware to central routes if routes default to tenant context
$centralMiddleware = ['central'];
$tenantMiddleware = [];
} else {
// Apply `tenant` middleware to tenant routes if routes default to `central`
$centralMiddleware = [];
$tenantMiddleware = ['tenant'];
}
// Central route
Route::get('central-route', function () {
return 'central-route';
})->middleware($centralMiddleware);
// Tenant route
Route::get('tenant-route', function () {
return 'tenant-route';
})->middleware($tenantMiddleware);
// Route without the mode middleware
Route::get('package-route', function () {
return 'package-route';
});
$tenant = Tenant::create();
$tenant->domains()->create([
'domain' => 'foo.localhost',
]);
// Central route on central domain is accessible
pest()->get('http://localhost/central-route')->assertOk();
expect(tenancy()->initialized)->toBeFalse();
// Central route on tenant domain is not accessible
pest()->get('http://foo.localhost/central-route')->assertNotFound();
expect(tenancy()->initialized)->toBeFalse();
// Tenant route on tenant domain is accessible
pest()->get('http://foo.localhost/tenant-route')->assertOk();
expect(tenancy()->initialized)->toBeTrue();
tenancy()->end();
// Tenant route on central domain is not accessible
pest()->get('http://localhost/tenant-route')->assertNotFound();
expect(tenancy()->initialized)->toBeFalse();
if ($defaultToTenantRoutes) {
// Routes default to tenant package route is accessible from `tenant` domains
pest()->get('http://foo.localhost/package-route')->assertOk();
expect(tenancy()->initialized)->toBeTrue();
tenancy()->end();
// Package route isn't accessible from `central` domains
pest()->get('http://localhost/package-route')->assertNotFound();
} else {
// Routes default to central package route is accessible from `central` domains
pest()->get('http://localhost/package-route')->assertOk();
expect(tenancy()->initialized)->toBeFalse();
// Package route isn't accessible from `tenant` domains
pest()->get('http://foo.localhost/package-route')->assertNotFound();
}
})->with([
'default to tenant routes' => RouteMode::TENANT,
'default to central routes' => RouteMode::CENTRAL,
]);
test('kernel PreventAccessFromUnwantedDomains does not get skipped when route level domain identification is used', function (string $domainIdentificationMiddleware, string $domain) {
// With route-level *domain identification* MW (without PreventAccessFromUnwantedDomains)
// PreventAccessFromUnwantedDomains shouldn't be skipped
config([
'tenancy.test_service_token' => 'token:central',
]);
app(Kernel::class)->pushMiddleware(PreventAccessFromUnwantedDomains::class);
Route::middlewareGroup('tenant', [$domainIdentificationMiddleware]);
Route::get('tenant-route', [ControllerWithMiddleware::class, 'index'])->middleware('tenant')->name('tenant-route');
Route::get('central-route', [ControllerWithMiddleware::class, 'index'])->middleware('central')->name('central-route');
$tenant = Tenant::create();
$tenant->domains()->create([
'domain' => $domain,
]);
if ($domain === 'foo') {
$domain = 'foo.localhost';
}
// Tenant route is not accessible on central domain
pest()->get('http://localhost/tenant-route')->assertNotFound();
expect(tenancy()->initialized)->toBeFalse();
// Central route is not accessible on tenant domain
pest()->get("http://$domain/central-route")->assertNotFound();
expect(tenancy()->initialized)->toBeFalse();
// Tenant route is accessible on tenant domain
pest()->get("http://$domain/tenant-route")->assertOk();
expect(tenancy()->initialized)->toBeTrue();
tenancy()->end();
// Central route is accessible on central domain
pest()->get('http://localhost/central-route')->assertOk();
expect(tenancy()->initialized)->toBeFalse();
})->with([
'domain identification mw' => [InitializeTenancyByDomain::class, 'foo.test'],
'subdomain identification mw' => [InitializeTenancyBySubdomain::class, 'foo'],
'domainOrSubdomain identification mw using domain' => [InitializeTenancyByDomainOrSubdomain::class, 'foo.test'],
'domainOrSubdomain identification mw using subdomain' => [InitializeTenancyByDomainOrSubdomain::class, 'foo'],
]);
test('placement of domain identification and access prevention middleware can get mixed', function (
array $globalMiddleware,
array $routeMiddleware,
array $centralRouteMiddleware
) {
config([
'tenancy.test_service_token' => 'token:central',
]);
foreach ($globalMiddleware as $middleware) {
app(Kernel::class)->pushMiddleware($middleware);
}
// Make sure the central route has the prevention MW
// If it isn't used globally and it's not passed in $centralRouteMiddleware
if (! in_array(PreventAccessFromUnwantedDomains::class, array_merge($centralRouteMiddleware, $globalMiddleware))) {
$centralRouteMiddleware[] = PreventAccessFromUnwantedDomains::class;
}
$tenant = Tenant::create();
$subdomain = $tenant->domains()->create(['domain' => 'foo'])->domain;
Route::get('tenant-route', fn () => 'tenant route')->middleware(['tenant', ...$routeMiddleware]);
Route::get('central-route', fn () => 'central route')->middleware($centralRouteMiddleware);
pest()->get("http://$subdomain.localhost/tenant-route")->assertOk();
expect(tenancy()->initialized)->toBeTrue();
tenancy()->end();
pest()->get("http://$subdomain.localhost/central-route")->assertNotFound();
pest()->get("http://localhost/tenant-route")->assertNotFound();
pest()->get("http://localhost/central-route")->assertOk();
expect(tenancy()->initialized)->toBeFalse();
})->with([
'kernel identification, route-level access prevention' => [
'global_middleware' => [InitializeTenancyBySubdomain::class],
'route_middleware' => [PreventAccessFromUnwantedDomains::class],
],
'route-level identification, kernel access prevention' => [
'global_middleware' => [PreventAccessFromUnwantedDomains::class],
'route_middleware' => [InitializeTenancyBySubdomain::class],
],
'kernel identification, kernel access prevention' => [
'global_middleware' => [PreventAccessFromUnwantedDomains::class, InitializeTenancyBySubdomain::class],
'route_middleware' => [],
],
'route-level identification, route-level access prevention' => [
'global_middleware' => [],
'route_middleware' => [PreventAccessFromUnwantedDomains::class, InitializeTenancyBySubdomain::class],
],
// Creates a matrix (multiple with())
])->with([
'central route middleware' => [['central']],
'central route middleware with access prevention' => [['central', PreventAccessFromUnwantedDomains::class]],
]);
View git blame Copy permalink