security enhancements

Author: CIS Guru

1-Aquiis.Infrastructure/Data/ApplicationDbContext.cs

@@ -176,7 +176,11 @@ protected override void OnModelCreating(ModelBuilder modelBuilder)
                     .HasForeignKey(i => i.DocumentId)
                     .OnDelete(DeleteBehavior.SetNull);
 
-                entity.HasIndex(e => e.InvoiceNumber).IsUnique();
+                // Unique constraint on (OrganizationId, InvoiceNumber) for multi-tenant isolation
+                entity.HasIndex(e => new { e.OrganizationId, e.InvoiceNumber })
+                    .IsUnique()
+                    .HasDatabaseName("IX_Invoice_OrgId_InvoiceNumber");
+                    
                 entity.Property(e => e.Amount).HasPrecision(18, 2);
                 entity.Property(e => e.AmountPaid).HasPrecision(18, 2);
 
@@ -200,6 +204,11 @@ protected override void OnModelCreating(ModelBuilder modelBuilder)
                     .HasForeignKey(p => p.DocumentId)
                     .OnDelete(DeleteBehavior.SetNull);
 
+                // Unique constraint on (OrganizationId, PaymentNumber) for multi-tenant isolation
+                entity.HasIndex(e => new { e.OrganizationId, e.PaymentNumber })
+                    .IsUnique()
+                    .HasDatabaseName("IX_Payment_OrgId_PaymentNumber");
+
                 entity.Property(e => e.Amount).HasPrecision(18, 2);
 
                 // Configure relationship with User

1-Aquiis.Infrastructure/Data/Migrations/20260209120000_FixInvoicePaymentUniqueIndexes.cs

@@ -0,0 +1,56 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace Aquiis.Infrastructure.Migrations
+{
+    /// <inheritdoc />
+    public partial class FixInvoicePaymentUniqueIndexes : Migration
+    {
+        /// <inheritdoc />
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            // Drop the incorrect single-column unique index on Invoices.InvoiceNumber
+            // This index was preventing different organizations from using the same invoice numbers
+            migrationBuilder.DropIndex(
+                name: "IX_Invoices_InvoiceNumber",
+                table: "Invoices");
+
+            // Create correct composite unique index on Invoices(OrganizationId, InvoiceNumber)
+            // This allows different organizations to have the same invoice number (multi-tenant safe)
+            migrationBuilder.CreateIndex(
+                name: "IX_Invoice_OrgId_InvoiceNumber",
+                table: "Invoices",
+                columns: new[] { "OrganizationId", "InvoiceNumber" },
+                unique: true);
+
+            // Create composite unique index on Payments(OrganizationId, PaymentNumber)
+            // This ensures payment numbers are unique within each organization
+            migrationBuilder.CreateIndex(
+                name: "IX_Payment_OrgId_PaymentNumber",
+                table: "Payments",
+                columns: new[] { "OrganizationId", "PaymentNumber" },
+                unique: true);
+        }
+
+        /// <inheritdoc />
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            // Drop the composite unique indexes
+            migrationBuilder.DropIndex(
+                name: "IX_Invoice_OrgId_InvoiceNumber",
+                table: "Invoices");
+
+            migrationBuilder.DropIndex(
+                name: "IX_Payment_OrgId_PaymentNumber",
+                table: "Payments");
+
+            // Restore the original (incorrect) single-column index
+            migrationBuilder.CreateIndex(
+                name: "IX_Invoices_InvoiceNumber",
+                table: "Invoices",
+                column: "InvoiceNumber",
+                unique: true);
+        }
+    }
+}

1-Aquiis.Infrastructure/Services/DatabaseUnlockState.cs

@@ -0,0 +1,16 @@
+namespace Aquiis.Infrastructure.Services;
+
+/// <summary>
+/// Singleton service tracking database encryption unlock state during app lifecycle
+/// </summary>
+public class DatabaseUnlockState
+{
+    public bool NeedsUnlock { get; set; }
+    public string? DatabasePath { get; set; }
+    public string? ConnectionString { get; set; }
+    
+    // Event to notify when unlock succeeds
+    public event Action? OnUnlockSuccess;
+    
+    public void NotifyUnlockSuccess() => OnUnlockSuccess?.Invoke();
+}

2-Aquiis.Application/DependencyInjection.cs

@@ -34,6 +34,7 @@ public static IServiceCollection AddApplication(
         services.AddScoped<DigestService>();
         services.AddScoped<DocumentNotificationService>();
         services.AddScoped<DocumentService>();
+        services.AddScoped<DatabasePreviewService>();
         services.AddScoped<EmailService>();
         services.AddScoped<EmailSettingsService>();
         services.AddScoped<FinancialReportService>();
@@ -55,6 +56,7 @@ public static IServiceCollection AddApplication(
         services.AddScoped<ProspectiveTenantService>();
         services.AddScoped<RentalApplicationService>();
         services.AddScoped<RepairService>();
+        services.AddScoped<SampleDataWorkflowService>();
         services.AddScoped<ScheduledTaskService>();
         services.AddScoped<SchemaValidationService>();
         services.AddScoped<ScreeningService>();

2-Aquiis.Application/Models/DTOs/DatabasePreviewDTOs.cs

@@ -0,0 +1,76 @@
+namespace Aquiis.Application.Models.DTOs;
+
+/// <summary>
+/// DTO for database preview summary data
+/// </summary>
+public class DatabasePreviewData
+{
+    public int PropertyCount { get; set; }
+    public int TenantCount { get; set; }
+    public int LeaseCount { get; set; }
+    public int InvoiceCount { get; set; }
+    public int PaymentCount { get; set; }
+    
+    public List<PropertyPreview> Properties { get; set; } = new();
+    public List<TenantPreview> Tenants { get; set; } = new();
+    public List<LeasePreview> Leases { get; set; } = new();
+}
+
+/// <summary>
+/// DTO for property preview in read-only database view
+/// </summary>
+public class PropertyPreview
+{
+    public Guid Id { get; set; }
+    public string Address { get; set; } = string.Empty;
+    public string City { get; set; } = string.Empty;
+    public string State { get; set; } = string.Empty;
+    public string ZipCode { get; set; } = string.Empty;
+    public string PropertyType { get; set; } = string.Empty;
+    public string Status { get; set; } = string.Empty;
+    public int? Units { get; set; }
+    public decimal? MonthlyRent { get; set; }
+}
+
+/// <summary>
+/// DTO for tenant preview in read-only database view
+/// </summary>
+public class TenantPreview
+{
+    public Guid Id { get; set; }
+    public string FirstName { get; set; } = string.Empty;
+    public string LastName { get; set; } = string.Empty;
+    public string FullName => $"{FirstName} {LastName}";
+    public string Email { get; set; } = string.Empty;
+    public string Phone { get; set; } = string.Empty;
+    public DateTime CreatedOn { get; set; }
+}
+
+/// <summary>
+/// DTO for lease preview in read-only database view
+/// </summary>
+public class LeasePreview
+{
+    public Guid Id { get; set; }
+    public string PropertyAddress { get; set; } = string.Empty;
+    public string TenantName { get; set; } = string.Empty;
+    public DateTime StartDate { get; set; }
+    public DateTime EndDate { get; set; }
+    public decimal MonthlyRent { get; set; }
+    public string Status { get; set; } = string.Empty;
+}
+
+/// <summary>
+/// Result object for database operations
+/// </summary>
+public class DatabaseOperationResult
+{
+    public bool Success { get; set; }
+    public string Message { get; set; } = string.Empty;
+    
+    public static DatabaseOperationResult SuccessResult(string message = "Operation successful")
+        => new() { Success = true, Message = message };
+    
+    public static DatabaseOperationResult FailureResult(string message)
+        => new() { Success = false, Message = message };
+}