Fail closed on malformed local auth

2026-04-11 16:29:53 +02:00
parent 6a223a4b70
commit 09e96ce381
6 changed files with 90 additions and 19 deletions
@@ -32,16 +32,16 @@ namespace JobTrackerApi.Data
        base.OnModelCreating(modelBuilder);

        modelBuilder.Entity<Company>()
-            .HasQueryFilter(c => CurrentUserId == null || c.OwnerUserId == CurrentUserId);
+            .HasQueryFilter(c => CurrentUserId != null && c.OwnerUserId == CurrentUserId);

        modelBuilder.Entity<JobApplication>()
-            .HasQueryFilter(j => CurrentUserId == null || j.OwnerUserId == CurrentUserId);
+            .HasQueryFilter(j => CurrentUserId != null && j.OwnerUserId == CurrentUserId);

        modelBuilder.Entity<UserRuleSettings>()
            .HasKey(x => x.OwnerUserId);

        modelBuilder.Entity<UserRuleSettings>()
-            .HasQueryFilter(x => CurrentUserId == null || x.OwnerUserId == CurrentUserId);
+            .HasQueryFilter(x => CurrentUserId != null && x.OwnerUserId == CurrentUserId);

        modelBuilder.Entity<RuleSettings>()
            .HasData(new RuleSettings { Id = 1 });
@@ -65,10 +65,10 @@ namespace JobTrackerApi.Data
            .OnDelete(DeleteBehavior.Cascade);

        modelBuilder.Entity<GmailConnection>()
-            .HasQueryFilter(x => CurrentUserId == null || x.OwnerUserId == CurrentUserId);
+            .HasQueryFilter(x => CurrentUserId != null && x.OwnerUserId == CurrentUserId);

        modelBuilder.Entity<GmailReviewDecision>()
-            .HasQueryFilter(x => CurrentUserId == null || x.OwnerUserId == CurrentUserId);
+            .HasQueryFilter(x => CurrentUserId != null && x.OwnerUserId == CurrentUserId);

        modelBuilder.Ignore<CorrespondenceAttachmentMetadata>();

@@ -92,13 +92,13 @@ namespace JobTrackerApi.Data
            .OnDelete(DeleteBehavior.Cascade);

        modelBuilder.Entity<CvUploadArtifact>()
-            .HasQueryFilter(x => CurrentUserId == null || x.OwnerUserId == CurrentUserId);
+            .HasQueryFilter(x => CurrentUserId != null && x.OwnerUserId == CurrentUserId);

        modelBuilder.Entity<CvUploadArtifact>()
            .HasIndex(x => new { x.OwnerUserId, x.UploadedAtUtc });

        modelBuilder.Entity<CvExtractionRun>()
-            .HasQueryFilter(x => CurrentUserId == null || x.OwnerUserId == CurrentUserId);
+            .HasQueryFilter(x => CurrentUserId != null && x.OwnerUserId == CurrentUserId);

        modelBuilder.Entity<CvExtractionRun>()
            .HasIndex(x => new { x.OwnerUserId, x.StartedAtUtc });
@@ -110,7 +110,7 @@ namespace JobTrackerApi.Data
            .OnDelete(DeleteBehavior.SetNull);

        modelBuilder.Entity<TailoredCvDraft>()
-            .HasQueryFilter(x => CurrentUserId == null || x.OwnerUserId == CurrentUserId);
+            .HasQueryFilter(x => CurrentUserId != null && x.OwnerUserId == CurrentUserId);

        modelBuilder.Entity<TailoredCvDraft>()
            .HasIndex(x => new { x.OwnerUserId, x.JobApplicationId })