generated from coulomb/repo-seed
feat: implement T14, T10 — enforcement middleware, LLDAP adapter
- T14: Unsupported feature registry with 7 pre-registered profile boundaries - T10: LLDAP adapter implementing UserRepository; validator-gated reads 24 tests pass, go vet clean. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
27
src/internal/domain/repository.go
Normal file
27
src/internal/domain/repository.go
Normal file
@@ -0,0 +1,27 @@
|
||||
package domain
|
||||
|
||||
import "context"
|
||||
|
||||
// UserRepository is the adapter interface between the OIDC layer and the identity directory.
|
||||
// The server/ layer sees ONLY this interface — no LDAP types leak through.
|
||||
type UserRepository interface {
|
||||
// LookupUser retrieves the canonical User record for the given username.
|
||||
// Returns an error wrapping ErrUserNotFound when the user does not exist.
|
||||
LookupUser(ctx context.Context, username string) (*User, error)
|
||||
|
||||
// LookupGroups retrieves all groups the user (identified by their LDAP DN) belongs to.
|
||||
LookupGroups(ctx context.Context, userDN string) ([]Group, error)
|
||||
|
||||
// ValidatePassword returns true when the username and password are correct.
|
||||
// Returns false (not an error) for wrong credentials; errors indicate
|
||||
// infrastructure failures (network, config, etc.).
|
||||
ValidatePassword(ctx context.Context, username, password string) (bool, error)
|
||||
}
|
||||
|
||||
// ErrUserNotFound is returned by UserRepository.LookupUser when the
|
||||
// requested user does not exist in the directory.
|
||||
const ErrUserNotFound = userNotFound("user not found")
|
||||
|
||||
type userNotFound string
|
||||
|
||||
func (e userNotFound) Error() string { return string(e) }
|
||||
Reference in New Issue
Block a user