kai/ColaFlow
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
6046bad12e05035dd3907868a797038549a57181
ColaFlow/colaflow-api/tests/ColaFlow.Application.Tests/Queries/GetTaskById/GetTaskByIdQueryHandlerTests.cs
Yaojia Wang 6046bad12e fix(backend): Add explicit TenantId validation to Epic/Story/Task Query/Command Handlers 
CRITICAL SECURITY FIX: Implemented Defense in Depth security pattern by adding
explicit TenantId verification to all Epic/Story/Task Query and Command Handlers.

Security Impact:
- BEFORE: Relied solely on EF Core global query filters (single layer)
- AFTER: Explicit TenantId validation + EF Core filters (defense in depth)

This ensures that even if EF Core query filters are accidentally disabled or bypassed,
tenant isolation is still maintained at the application layer.

Changes:

Query Handlers (6 handlers):
- GetEpicByIdQueryHandler: Added ITenantContext injection + explicit TenantId check
- GetStoryByIdQueryHandler: Added ITenantContext injection + explicit TenantId check
- GetTaskByIdQueryHandler: Added ITenantContext injection + explicit TenantId check
- GetEpicsByProjectIdQueryHandler: Verify Project.TenantId before querying Epics
- GetStoriesByEpicIdQueryHandler: Verify Epic.TenantId before querying Stories
- GetTasksByStoryIdQueryHandler: Verify Story.TenantId before querying Tasks

Command Handlers (5 handlers):
- UpdateEpicCommandHandler: Verify Project.TenantId before updating
- UpdateStoryCommandHandler: Verify Project.TenantId before updating
- UpdateTaskCommandHandler: Verify Project.TenantId before updating
- DeleteStoryCommandHandler: Verify Project.TenantId before deleting
- DeleteTaskCommandHandler: Verify Project.TenantId before deleting

Unit Tests:
- Updated 5 unit test files to mock ITenantContext
- All 32 unit tests passing
- All 7 multi-tenant isolation integration tests passing

Defense Layers (Security in Depth):
Layer 1: EF Core global query filters (database level)
Layer 2: Application-layer explicit TenantId validation (handler level)
Layer 3: Integration tests verifying tenant isolation (test level)

Test Results:
- Unit Tests: 32/32 PASSING
- Integration Tests: 7/7 PASSING (multi-tenant isolation)

This fix addresses a critical security vulnerability where we relied on a single
layer of defense (EF Core query filters) for tenant data isolation. Now we have
multiple layers ensuring no cross-tenant data leaks can occur.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-04 20:30:24 +01:00

79 lines
2.9 KiB
C#
Raw Blame History

using FluentAssertions;
using Moq;
using ColaFlow.Modules.ProjectManagement.Application.Queries.GetTaskById;
using ColaFlow.Modules.ProjectManagement.Application.Common.Interfaces;
using ColaFlow.Modules.ProjectManagement.Domain.Aggregates.ProjectAggregate;
using ColaFlow.Modules.ProjectManagement.Domain.Repositories;
using ColaFlow.Modules.ProjectManagement.Domain.ValueObjects;
using ColaFlow.Modules.ProjectManagement.Domain.Exceptions;
namespace ColaFlow.Application.Tests.Queries.GetTaskById;
public class GetTaskByIdQueryHandlerTests
{
private readonly Mock<IProjectRepository> _projectRepositoryMock;
private readonly Mock<ITenantContext> _tenantContextMock;
private readonly GetTaskByIdQueryHandler _handler;
private readonly Guid _tenantId;
public GetTaskByIdQueryHandlerTests()
{
_projectRepositoryMock = new Mock<IProjectRepository>();
_tenantContextMock = new Mock<ITenantContext>();
_tenantId = Guid.NewGuid();
// Setup default tenant context
_tenantContextMock.Setup(x => x.GetCurrentTenantId()).Returns(_tenantId);
_handler = new GetTaskByIdQueryHandler(_projectRepositoryMock.Object, _tenantContextMock.Object);
}
[Fact]
public async Task Should_Return_Task_Details()
{
// Arrange
var userId = UserId.Create();
var project = Project.Create(TenantId.Create(_tenantId), "Test Project", "Description", "TST", userId);
var epic = project.CreateEpic("Test Epic", "Epic Description", userId);
var story = epic.CreateStory("Test Story", "Story Description", TaskPriority.Medium, userId);
var task = story.CreateTask("Test Task", "Task Description", TaskPriority.High, userId);
_projectRepositoryMock
.Setup(x => x.GetTaskByIdReadOnlyAsync(task.Id, It.IsAny<CancellationToken>()))
.ReturnsAsync(task);
var query = new GetTaskByIdQuery(task.Id.Value);
// Act
var result = await _handler.Handle(query, CancellationToken.None);
// Assert
result.Should().NotBeNull();
result.Id.Should().Be(task.Id.Value);
result.Title.Should().Be("Test Task");
result.Description.Should().Be("Task Description");
result.StoryId.Should().Be(story.Id.Value);
result.Status.Should().Be("To Do");
result.Priority.Should().Be("High");
}
[Fact]
public async Task Should_Fail_When_Task_Not_Found()
{
// Arrange
var taskId = TaskId.Create();
_projectRepositoryMock
.Setup(x => x.GetTaskByIdReadOnlyAsync(taskId, It.IsAny<CancellationToken>()))
.ReturnsAsync((WorkTask?)null);
var query = new GetTaskByIdQuery(taskId.Value);
// Act
Func<Task> act = async () => await _handler.Handle(query, CancellationToken.None);
// Assert
await act.Should().ThrowAsync<NotFoundException>()
.WithMessage("*Task*");
}
}
Reference in New Issue View Git Blame Copy Permalink