Open
Description
Hi, there seems to be a bug in the console script for manipulating/deleting tenants.
Specifing either an ID or a UUID leads to a SQL query syntax error.
The value cannot be an integer and a string at the same time.
The backend database is PostgreSQL. Maybe other databases are more lenient with this
but Postgres unfortunately not.
j@dev:~/vgp [saml2*]$ ./artisan saml2:delete-tenant 1a86e4e9-d8d0-4411-ac66-f4743f0250c6
Illuminate\Database\QueryException
SQLSTATE[22P02]: Invalid text representation: 7 ERROR: invalid input syntax for integer: "1a86e4e9-d8d0-4411-ac66-f4743f0250c6" (SQL: select * from "saml2_tenants" where ("id" = 1a86e4e9-d8d0-4411-ac66-f4743f0250c6 or "key" = 1a86e4e9-d8d0-4411-ac66-f4743f0250c6 or "uuid" = 1a86e4e9-d8d0-4411-ac66-f4743f0250c6) and "saml2_tenants"."deleted_at" is null)
at vendor/laravel/framework/src/Illuminate/Database/Connection.php:692
688▕ // If an exception occurs when attempting to run a query, we'll format the error
689▕ // message to include the bindings with SQL, which will make this exception a
690▕ // lot more helpful to the developer instead of just the database's errors.
691▕ catch (Exception $e) {
➜ 692▕ throw new QueryException(
693▕ $query, $this->prepareBindings($bindings), $e
694▕ );
695▕ }
696▕ }
+29 vendor frames
30 artisan:37
Illuminate\Foundation\Console\Kernel::handle()
j@dev:~/vgp [saml2*]$
The problem seems to lie in this method in class Slides\Saml2\Repositories\TenantRepository:
/**
* Find a tenant by any identifier.
*
* @param int|string $key ID, key or UUID
* @param bool $withTrashed Whether need to include safely deleted records.
*
* @return Tenant[]|\Illuminate\Database\Eloquent\Collection
*/
public function findByAnyIdentifier($key, bool $withTrashed = true)
{
return $this->query($withTrashed)
->where('id', $key)
->orWhere('key', $key)
->orWhere('uuid', $key)
->get();
}
Looks like a check is missing if $key is an integer (for 'id') or a text value (for 'uuid', or 'key').
Thanks.