generated from coulomb/repo-seed
tegwick
3ee8090a98
- T09: /userinfo with RS256 JWT validation, scope-filtered claims - T15: LLDAP→canonical export tool with validation, migration_event telemetry - T21: Negative test suite (Scenario D) — all 7 unsupported features verified All go tests passing. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
32 lines
1.3 KiB
Go
32 lines
1.3 KiB
Go
package domain
|
|
|
|
import "context"
|
|
|
|
// UserRepository is the adapter interface between the OIDC layer and the identity directory.
|
|
// The server/ layer sees ONLY this interface — no LDAP types leak through.
|
|
type UserRepository interface {
|
|
// LookupUser retrieves the canonical User record for the given username.
|
|
// Returns an error wrapping ErrUserNotFound when the user does not exist.
|
|
LookupUser(ctx context.Context, username string) (*User, error)
|
|
|
|
// LookupGroups retrieves all groups the user (identified by their LDAP DN) belongs to.
|
|
LookupGroups(ctx context.Context, userDN string) ([]Group, error)
|
|
|
|
// ValidatePassword returns true when the username and password are correct.
|
|
// Returns false (not an error) for wrong credentials; errors indicate
|
|
// infrastructure failures (network, config, etc.).
|
|
ValidatePassword(ctx context.Context, username, password string) (bool, error)
|
|
|
|
// ListUsers returns all user records from the directory.
|
|
// Used by migration and export tooling; not required for the OIDC flow.
|
|
ListUsers(ctx context.Context) ([]User, error)
|
|
}
|
|
|
|
// ErrUserNotFound is returned by UserRepository.LookupUser when the
|
|
// requested user does not exist in the directory.
|
|
const ErrUserNotFound = userNotFound("user not found")
|
|
|
|
type userNotFound string
|
|
|
|
func (e userNotFound) Error() string { return string(e) }
|