kai/ColaFlow
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
6046bad12e05035dd3907868a797038549a57181
ColaFlow/colaflow-api/src/Modules/ProjectManagement/ColaFlow.Modules.ProjectManagement.Application/Queries/GetTaskById/GetTaskByIdQueryHandler.cs
Yaojia Wang 6046bad12e fix(backend): Add explicit TenantId validation to Epic/Story/Task Query/Command Handlers 
CRITICAL SECURITY FIX: Implemented Defense in Depth security pattern by adding
explicit TenantId verification to all Epic/Story/Task Query and Command Handlers.

Security Impact:
- BEFORE: Relied solely on EF Core global query filters (single layer)
- AFTER: Explicit TenantId validation + EF Core filters (defense in depth)

This ensures that even if EF Core query filters are accidentally disabled or bypassed,
tenant isolation is still maintained at the application layer.

Changes:

Query Handlers (6 handlers):
- GetEpicByIdQueryHandler: Added ITenantContext injection + explicit TenantId check
- GetStoryByIdQueryHandler: Added ITenantContext injection + explicit TenantId check
- GetTaskByIdQueryHandler: Added ITenantContext injection + explicit TenantId check
- GetEpicsByProjectIdQueryHandler: Verify Project.TenantId before querying Epics
- GetStoriesByEpicIdQueryHandler: Verify Epic.TenantId before querying Stories
- GetTasksByStoryIdQueryHandler: Verify Story.TenantId before querying Tasks

Command Handlers (5 handlers):
- UpdateEpicCommandHandler: Verify Project.TenantId before updating
- UpdateStoryCommandHandler: Verify Project.TenantId before updating
- UpdateTaskCommandHandler: Verify Project.TenantId before updating
- DeleteStoryCommandHandler: Verify Project.TenantId before deleting
- DeleteTaskCommandHandler: Verify Project.TenantId before deleting

Unit Tests:
- Updated 5 unit test files to mock ITenantContext
- All 32 unit tests passing
- All 7 multi-tenant isolation integration tests passing

Defense Layers (Security in Depth):
Layer 1: EF Core global query filters (database level)
Layer 2: Application-layer explicit TenantId validation (handler level)
Layer 3: Integration tests verifying tenant isolation (test level)

Test Results:
- Unit Tests: 32/32 PASSING
- Integration Tests: 7/7 PASSING (multi-tenant isolation)

This fix addresses a critical security vulnerability where we relied on a single
layer of defense (EF Core query filters) for tenant data isolation. Now we have
multiple layers ensuring no cross-tenant data leaks can occur.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-04 20:30:24 +01:00

56 lines
2.3 KiB
C#
Raw Blame History

using MediatR;
using ColaFlow.Modules.ProjectManagement.Application.DTOs;
using ColaFlow.Modules.ProjectManagement.Application.Common.Interfaces;
using ColaFlow.Modules.ProjectManagement.Domain.Repositories;
using ColaFlow.Modules.ProjectManagement.Domain.ValueObjects;
using ColaFlow.Modules.ProjectManagement.Domain.Exceptions;
using ColaFlow.Modules.ProjectManagement.Domain.Aggregates.ProjectAggregate;
namespace ColaFlow.Modules.ProjectManagement.Application.Queries.GetTaskById;
/// <summary>
/// Handler for GetTaskByIdQuery
/// </summary>
public sealed class GetTaskByIdQueryHandler(
IProjectRepository projectRepository,
ITenantContext tenantContext)
: IRequestHandler<GetTaskByIdQuery, TaskDto>
{
private readonly IProjectRepository _projectRepository = projectRepository ?? throw new ArgumentNullException(nameof(projectRepository));
private readonly ITenantContext _tenantContext = tenantContext ?? throw new ArgumentNullException(nameof(tenantContext));
public async Task<TaskDto> Handle(GetTaskByIdQuery request, CancellationToken cancellationToken)
{
// Get current tenant ID (Defense in Depth - Layer 2)
var currentTenantId = _tenantContext.GetCurrentTenantId();
// Use read-only method for query (AsNoTracking for better performance)
var taskId = TaskId.From(request.TaskId);
var task = await _projectRepository.GetTaskByIdReadOnlyAsync(taskId, cancellationToken);
if (task == null)
throw new NotFoundException("Task", request.TaskId);
// CRITICAL SECURITY: Explicit TenantId validation (Defense in Depth)
if (task.TenantId.Value != currentTenantId)
throw new NotFoundException("Task", request.TaskId);
// Map to DTO
return new TaskDto
{
Id = task.Id.Value,
Title = task.Title,
Description = task.Description,
StoryId = task.StoryId.Value,
Status = task.Status.Name,
Priority = task.Priority.Name,
AssigneeId = task.AssigneeId?.Value,
EstimatedHours = task.EstimatedHours,
ActualHours = task.ActualHours,
CreatedBy = task.CreatedBy.Value,
CreatedAt = task.CreatedAt,
UpdatedAt = task.UpdatedAt
};
}
}
Reference in New Issue View Git Blame Copy Permalink