Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat/better resolution events #897

Merged
merged 5 commits into from
Nov 10, 2024
Merged

Feat/better resolution events #897

merged 5 commits into from
Nov 10, 2024

Conversation

AndrewTriesToCode
Copy link
Contributor

  • OnStrategyResolveCompleted - Called after each strategy has attempted to resolve a tenant identifier. The
    IdentifierFound property will be true if the strategy resolved a tenant identifier. The Identifier property
    contains the resolved tenant identifier and can be changed by the event handler to override the strategy's result
  • OnStoreResolveCompleted - Called after each store has attempted to resolve a tenant. The TenantFound property
    will be true if the store resolved a tenant. The TenantInfo property contains the resolved tenant and can be
    changed by the event handler to override the store's result. A non-null TenantInfo object will stop the resolver
    from trying additional strategies and stores.
  • OnTenantResolveCompleted - Called once after a tenant has been resolved. The MultiTenantContext property
    contains the resolved multi-tenant context and can be changed by the event handler to override the resolver's
    result.

@AndrewTriesToCode AndrewTriesToCode mentioned this pull request Nov 10, 2024
Open
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 10, 2024
View reviewed changes
src/Finbuckle.MultiTenant/TenantResolver.cs
if (options.CurrentValue.IgnoredIdentifiers.Contains(identifier, StringComparer.OrdinalIgnoreCase))
{
(loggerFactory?.CreateLogger(GetType()) ?? NullLogger.Instance).LogInformation(
"Ignored identifier: {Identifier}", identifier);
tenantResoloverLogger.LogDebug("Ignored identifier: {Identifier}", identifier);

Check failure

Code scanning / CodeQL

Log entries created from user input High

This log entry depends on a
user-provided value
Loading
.

Copilot Autofix AI about 2 months ago

To fix the problem, we need to sanitize the identifier before logging it. Since the log entries are plain text, we should remove any newline characters from the identifier to prevent log forging attacks. This can be done using the String.Replace method to replace newline characters with an empty string.

Suggested changeset 1
src/Finbuckle.MultiTenant/TenantResolver.cs

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/Finbuckle.MultiTenant/TenantResolver.cs b/src/Finbuckle.MultiTenant/TenantResolver.cs
--- a/src/Finbuckle.MultiTenant/TenantResolver.cs
+++ b/src/Finbuckle.MultiTenant/TenantResolver.cs
@@ -68,3 +68,3 @@
             {
-                tenantResoloverLogger.LogDebug("Ignored identifier: {Identifier}", identifier);
+                tenantResoloverLogger.LogDebug("Ignored identifier: {Identifier}", identifier?.Replace(Environment.NewLine, "").Replace("\n", "").Replace("\r", ""));
                 identifier = null;
EOF
@@ -68,3 +68,3 @@
{
tenantResoloverLogger.LogDebug("Ignored identifier: {Identifier}", identifier);
tenantResoloverLogger.LogDebug("Ignored identifier: {Identifier}", identifier?.Replace(Environment.NewLine, "").Replace("\n", "").Replace("\r", ""));
identifier = null;
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
@AndrewTriesToCode AndrewTriesToCode merged commit 956ca36 into main Nov 10, 2024
8 of 9 checks passed
github-actions bot pushed a commit that referenced this pull request Nov 13, 2024
@semantic-release-bot
chore: 9.0.0 [skip ci]
17ab2a2 
# [9.0.0](v8.0.0...v9.0.0) (2024-11-13)

* multitenant db factory ([#894](#894)) ([ea216ff](ea216ff))

### Bug Fixes

* remove deprecated dotnet ([#891](#891)) ([1429cbf](1429cbf))

### Features

* add multitenant db factory method ([#896](#896)) ([8728447](8728447))
* better tenant resolution events ([#897](#897)) ([956ca36](956ca36))
* dotnet 9 support ([#893](#893)) ([4be1b88](4be1b88))
* Make builds deterministic and set latest GH actions ([#889](#889)) ([d82f89d](d82f89d))

### Reverts

* Revert "multitenant db factory ([#894](#894))" ([#895](#895)) ([0e164a8](0e164a8))

### BREAKING CHANGES

* `OnTenantResolved` and `OnTenantNotResolved` are no longer used. Use the `OnStrategyResolveCompleted`, `OnStoreResolveCompleted`, and `OnTenantResolveCompleted` events instead.
* `MultiTenantDbContext` constructors accepting ITenantInfo removed, use `MultiTenantDbContext.Create` factory method
* `MultiTenantDbContext` constructors accepting ITenantInfo removed, use `MultiTenantDbContext .Create` factory method instead
* net6.0 and net7.0 are no longer supported targets.
* Dotnet runtime specific dependencies now float to the latest patch version and are locked at release time with a NuGet lock file. This is a security mitigation and may break some builds not on the latest SDKs.
@AndrewTriesToCode
Copy link
Contributor Author

🎉 This PR is included in version 9.0.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
released
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@AndrewTriesToCode