kai/ColaFlow
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
6046bad12e05035dd3907868a797038549a57181
ColaFlow/colaflow-api/tests/ColaFlow.Application.Tests/Queries/GetStoryById/GetStoryByIdQueryHandlerTests.cs
Yaojia Wang 6046bad12e fix(backend): Add explicit TenantId validation to Epic/Story/Task Query/Command Handlers 
CRITICAL SECURITY FIX: Implemented Defense in Depth security pattern by adding
explicit TenantId verification to all Epic/Story/Task Query and Command Handlers.

Security Impact:
- BEFORE: Relied solely on EF Core global query filters (single layer)
- AFTER: Explicit TenantId validation + EF Core filters (defense in depth)

This ensures that even if EF Core query filters are accidentally disabled or bypassed,
tenant isolation is still maintained at the application layer.

Changes:

Query Handlers (6 handlers):
- GetEpicByIdQueryHandler: Added ITenantContext injection + explicit TenantId check
- GetStoryByIdQueryHandler: Added ITenantContext injection + explicit TenantId check
- GetTaskByIdQueryHandler: Added ITenantContext injection + explicit TenantId check
- GetEpicsByProjectIdQueryHandler: Verify Project.TenantId before querying Epics
- GetStoriesByEpicIdQueryHandler: Verify Epic.TenantId before querying Stories
- GetTasksByStoryIdQueryHandler: Verify Story.TenantId before querying Tasks

Command Handlers (5 handlers):
- UpdateEpicCommandHandler: Verify Project.TenantId before updating
- UpdateStoryCommandHandler: Verify Project.TenantId before updating
- UpdateTaskCommandHandler: Verify Project.TenantId before updating
- DeleteStoryCommandHandler: Verify Project.TenantId before deleting
- DeleteTaskCommandHandler: Verify Project.TenantId before deleting

Unit Tests:
- Updated 5 unit test files to mock ITenantContext
- All 32 unit tests passing
- All 7 multi-tenant isolation integration tests passing

Defense Layers (Security in Depth):
Layer 1: EF Core global query filters (database level)
Layer 2: Application-layer explicit TenantId validation (handler level)
Layer 3: Integration tests verifying tenant isolation (test level)

Test Results:
- Unit Tests: 32/32 PASSING
- Integration Tests: 7/7 PASSING (multi-tenant isolation)

This fix addresses a critical security vulnerability where we relied on a single
layer of defense (EF Core query filters) for tenant data isolation. Now we have
multiple layers ensuring no cross-tenant data leaks can occur.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-04 20:30:24 +01:00

79 lines
3.1 KiB
C#
Raw Blame History

using FluentAssertions;
using Moq;
using ColaFlow.Modules.ProjectManagement.Application.Queries.GetStoryById;
using ColaFlow.Modules.ProjectManagement.Application.Common.Interfaces;
using ColaFlow.Modules.ProjectManagement.Domain.Aggregates.ProjectAggregate;
using ColaFlow.Modules.ProjectManagement.Domain.Repositories;
using ColaFlow.Modules.ProjectManagement.Domain.ValueObjects;
using ColaFlow.Modules.ProjectManagement.Domain.Exceptions;
namespace ColaFlow.Application.Tests.Queries.GetStoryById;
public class GetStoryByIdQueryHandlerTests
{
private readonly Mock<IProjectRepository> _projectRepositoryMock;
private readonly Mock<ITenantContext> _tenantContextMock;
private readonly GetStoryByIdQueryHandler _handler;
private readonly Guid _tenantId;
public GetStoryByIdQueryHandlerTests()
{
_projectRepositoryMock = new Mock<IProjectRepository>();
_tenantContextMock = new Mock<ITenantContext>();
_tenantId = Guid.NewGuid();
_tenantContextMock.Setup(x => x.GetCurrentTenantId()).Returns(_tenantId);
_handler = new GetStoryByIdQueryHandler(_projectRepositoryMock.Object, _tenantContextMock.Object);
}
[Fact]
public async Task Should_Return_Story_With_Tasks()
{
// Arrange
var userId = UserId.Create();
var project = Project.Create(TenantId.Create(_tenantId), "Test Project", "Description", "TST", userId);
var epic = project.CreateEpic("Test Epic", "Epic Description", userId);
var story = epic.CreateStory("Test Story", "Story Description", TaskPriority.High, userId);
var task1 = story.CreateTask("Task 1", "Description 1", TaskPriority.Medium, userId);
var task2 = story.CreateTask("Task 2", "Description 2", TaskPriority.Low, userId);
_projectRepositoryMock
.Setup(x => x.GetStoryByIdReadOnlyAsync(story.Id, It.IsAny<CancellationToken>()))
.ReturnsAsync(story);
var query = new GetStoryByIdQuery(story.Id.Value);
// Act
var result = await _handler.Handle(query, CancellationToken.None);
// Assert
result.Should().NotBeNull();
result.Id.Should().Be(story.Id.Value);
result.Title.Should().Be("Test Story");
result.Description.Should().Be("Story Description");
result.Priority.Should().Be("High");
result.Tasks.Should().HaveCount(2);
result.Tasks.Should().Contain(t => t.Id == task1.Id.Value);
result.Tasks.Should().Contain(t => t.Id == task2.Id.Value);
}
[Fact]
public async Task Should_Fail_When_Story_Not_Found()
{
// Arrange
var storyId = StoryId.Create();
_projectRepositoryMock
.Setup(x => x.GetStoryByIdReadOnlyAsync(storyId, It.IsAny<CancellationToken>()))
.ReturnsAsync((Story?)null);
var query = new GetStoryByIdQuery(storyId.Value);
// Act
Func<Task> act = async () => await _handler.Handle(query, CancellationToken.None);
// Assert
await act.Should().ThrowAsync<NotFoundException>()
.WithMessage("*Story*");
}
}
Reference in New Issue View Git Blame Copy Permalink