update ldap

2026-04-21 11:00:40 +10:00
parent 361ba7719b
commit 4b1b985862
4 changed files with 174 additions and 39 deletions
@@ -37,3 +37,52 @@ func TestHasAnyGroup(t *testing.T) {
 		t.Fatal("expected empty required groups to allow")
 	}
 }
+
+func TestPrincipalCandidates(t *testing.T) {
+	tests := []struct {
+		name     string
+		username string
+		want     []string
+	}{
+		{
+			name:     "upn adds local part",
+			username: "L075239@corpau.wbcau.westpac.com.au",
+			want:     []string{"L075239@corpau.wbcau.westpac.com.au", "L075239"},
+		},
+		{
+			name:     "domain slash user adds sam",
+			username: `CORPAU\L075239`,
+			want:     []string{`CORPAU\L075239`, "L075239"},
+		},
+		{
+			name:     "plain username unchanged",
+			username: "L075239",
+			want:     []string{"L075239"},
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			got := principalCandidates(tc.username)
+			if len(got) != len(tc.want) {
+				t.Fatalf("unexpected candidate count: got=%d want=%d (%#v)", len(got), len(tc.want), got)
+			}
+			for i := range tc.want {
+				if got[i] != tc.want[i] {
+					t.Fatalf("unexpected candidate at %d: got=%q want=%q", i, got[i], tc.want[i])
+				}
+			}
+		})
+	}
+}
+
+func TestBuildGroupMembershipFilter(t *testing.T) {
+	filter := buildGroupMembershipFilter(
+		"CN=User,OU=Users,DC=corpau,DC=wbcau,DC=westpac,DC=com,DC=au",
+		[]string{"L075239@corpau.wbcau.westpac.com.au", "L075239"},
+	)
+	expected := "(|(member=CN=User,OU=Users,DC=corpau,DC=wbcau,DC=westpac,DC=com,DC=au)(uniqueMember=CN=User,OU=Users,DC=corpau,DC=wbcau,DC=westpac,DC=com,DC=au)(memberUid=L075239@corpau.wbcau.westpac.com.au)(memberUid=L075239))"
+	if filter != expected {
+		t.Fatalf("unexpected group filter:\n got: %s\nwant: %s", filter, expected)
+	}
+}