kai/ColaFlow
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
d48b5cdd37c98bd08fa86acf099529a7dc7fafd4
ColaFlow/colaflow-api/tests/Modules/ProjectManagement/ColaFlow.Modules.ProjectManagement.IntegrationTests/Infrastructure/PMWebApplicationFactory.cs
Yaojia Wang d48b5cdd37 fix(backend): Add ITenantContext registration + multi-tenant isolation tests (3/7 passing) 
CRITICAL FIX: Added missing ITenantContext and HttpContextAccessor registration
in ProjectManagement module extension. This was causing DI resolution failures.

Multi-Tenant Security Testing:
- Created 7 comprehensive multi-tenant isolation tests
- 3 tests PASSING (tenant cannot delete/list/update other tenants' data)
- 4 tests need API route fixes (Epic/Story/Task endpoints)

Changes:
- Added ITenantContext registration in ModuleExtensions
- Added HttpContextAccessor registration
- Created MultiTenantIsolationTests with 7 test scenarios
- Updated PMWebApplicationFactory to properly replace DbContext options

Test Results (Partial):
 Tenant_Cannot_Delete_Other_Tenants_Project
 Tenant_Cannot_List_Other_Tenants_Projects
 Tenant_Cannot_Update_Other_Tenants_Project
⚠️ Project_Should_Be_Isolated_By_TenantId (route issue)
⚠️ Epic_Should_Be_Isolated_By_TenantId (endpoint not found)
⚠️ Story_Should_Be_Isolated_By_TenantId (endpoint not found)
⚠️ Task_Should_Be_Isolated_By_TenantId (endpoint not found)

Security Impact:
- Multi-tenant isolation now properly tested
- TenantId injection from JWT working correctly
- Global Query Filters validated via integration tests

Next Steps:
- Fix API routes for Epic/Story/Task tests
- Complete remaining 4 tests
- Add CRUD integration tests (Phase 3.3)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-04 20:02:14 +01:00

113 lines
4.1 KiB
C#
Raw Blame History

using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Mvc.Testing;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using ColaFlow.Modules.Identity.Infrastructure.Persistence;
using ColaFlow.Modules.IssueManagement.Infrastructure.Persistence;
using ColaFlow.Modules.ProjectManagement.Infrastructure.Persistence;
namespace ColaFlow.Modules.ProjectManagement.IntegrationTests.Infrastructure;
/// <summary>
/// Custom WebApplicationFactory for ProjectManagement Integration Tests
/// Supports In-Memory database for fast, isolated tests
/// </summary>
public class PMWebApplicationFactory : WebApplicationFactory<Program>
{
private readonly string _testDatabaseName = $"PMTestDb_{Guid.NewGuid()}";
protected override void ConfigureWebHost(IWebHostBuilder builder)
{
// Set environment to Testing
builder.UseEnvironment("Testing");
// Configure test-specific settings
builder.ConfigureAppConfiguration((context, config) =>
{
// Clear existing connection strings to prevent PostgreSQL registration
config.Sources.Clear();
// Add minimal config for testing
config.AddInMemoryCollection(new Dictionary<string, string?>
{
["ConnectionStrings:DefaultConnection"] = "",
["ConnectionStrings:PMDatabase"] = "",
["ConnectionStrings:IMDatabase"] = "",
["Jwt:SecretKey"] = "test-secret-key-for-integration-tests-minimum-32-characters",
["Jwt:Issuer"] = "ColaFlow.Test",
["Jwt:Audience"] = "ColaFlow.Test",
["Jwt:AccessTokenExpirationMinutes"] = "15",
["Jwt:RefreshTokenExpirationDays"] = "7"
});
});
builder.ConfigureServices(services =>
{
// Remove existing DbContext registrations
var descriptorsToRemove = services.Where(d =>
d.ServiceType == typeof(DbContextOptions<IdentityDbContext>) ||
d.ServiceType == typeof(DbContextOptions<PMDbContext>) ||
d.ServiceType == typeof(DbContextOptions<IssueManagementDbContext>))
.ToList();
foreach (var descriptor in descriptorsToRemove)
{
services.Remove(descriptor);
}
// Register test databases with In-Memory provider
// Use the same database name for cross-context data consistency
services.AddDbContext<IdentityDbContext>(options =>
{
options.UseInMemoryDatabase(_testDatabaseName);
options.EnableSensitiveDataLogging();
});
services.AddDbContext<PMDbContext>(options =>
{
options.UseInMemoryDatabase(_testDatabaseName);
options.EnableSensitiveDataLogging();
});
services.AddDbContext<IssueManagementDbContext>(options =>
{
options.UseInMemoryDatabase(_testDatabaseName);
options.EnableSensitiveDataLogging();
});
});
}
protected override IHost CreateHost(IHostBuilder builder)
{
var host = base.CreateHost(builder);
// Initialize databases after host is created
using var scope = host.Services.CreateScope();
var services = scope.ServiceProvider;
try
{
// Initialize Identity database
var identityDb = services.GetRequiredService<IdentityDbContext>();
identityDb.Database.EnsureCreated();
// Initialize ProjectManagement database
var pmDb = services.GetRequiredService<PMDbContext>();
pmDb.Database.EnsureCreated();
// Initialize IssueManagement database
var imDb = services.GetRequiredService<IssueManagementDbContext>();
imDb.Database.EnsureCreated();
}
catch (Exception ex)
{
Console.WriteLine($"Error initializing test database: {ex.Message}");
throw;
}
return host;
}
}
Reference in New Issue View Git Blame Copy Permalink