feat: implement T09, T15, T21 — userinfo endpoint, LLDAP export, negative tests

- T09: /userinfo with RS256 JWT validation, scope-filtered claims
- T15: LLDAP→canonical export tool with validation, migration_event telemetry
- T21: Negative test suite (Scenario D) — all 7 unsupported features verified

All go tests passing.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-03-13 02:08:03 +01:00
parent 4097a7de8b
commit 3ee8090a98
9 changed files with 1156 additions and 2 deletions

View File

@@ -16,6 +16,10 @@ type UserRepository interface {
// Returns false (not an error) for wrong credentials; errors indicate
// infrastructure failures (network, config, etc.).
ValidatePassword(ctx context.Context, username, password string) (bool, error)
// ListUsers returns all user records from the directory.
// Used by migration and export tooling; not required for the OIDC flow.
ListUsers(ctx context.Context) ([]User, error)
}
// ErrUserNotFound is returned by UserRepository.LookupUser when the