Joseph Doherty
544a6ddb77
Resolves the 35 findings from the 2026-06-01 baseline (commit 26ba1c7),
test-first for every behavioral change. +51 tests (331 -> 382 passing, 0 failed).
- Telemetry-001 (HIGH): RedactionEnricher now honours property removal, so a
redactor that drops a key actually scrubs the secret from the event.
- Auth: LDAP validator ValidateOnStart; API-key verify no longer fails on a
best-effort MarkUsed write or a corrupt scopes column (fail-closed); LDAP cert
validation hook; KeyPrefix persistence aligned; README algorithm corrected.
- Health: Akka checks return Degraded (not throw) when the cluster isn't up yet;
GrpcDependencyHealthCheck catch-all; null 'description' rendered; composite
endpoint builder; XML docs shipped.
- Audit: CompositeAuditWriter no longer re-throws OperationCanceledException;
TruncatingAuditRedactor over-redact scrubs Target + safe negative max; options
record; XML docs shipped.
- Configuration: TryAddEnumerable idempotent registration; consistent port
quoting; strict invariant port parsing; XML docs + README packaged.
- Theme: mobile toggle is now CSS-only (no Bootstrap JS); token/CSS hygiene;
XML docs on the public parameter surface.
Shared-contract/spec docs updated where the code was the source of truth
(observability service.instance.id, MapZbMetrics, redactor reach). All changes
additive/back-compatible at v0.1.0. code-reviews bookkeeping follows separately.
55 lines
2.2 KiB
C#
55 lines
2.2 KiB
C#
namespace ZB.MOM.WW.Auth.Ldap.Internal;
|
|
|
|
using System.Net.Security;
|
|
using ZB.MOM.WW.Auth.Abstractions.Ldap;
|
|
|
|
/// <summary>
|
|
/// A single LDAP search result entry: its DN and a flat attribute bag.
|
|
/// </summary>
|
|
internal sealed record LdapSearchEntry(
|
|
string Dn,
|
|
IReadOnlyDictionary<string, IReadOnlyList<string>> Attributes);
|
|
|
|
/// <summary>
|
|
/// Abstraction over a single LDAP connection. Allows unit-testing
|
|
/// <c>LdapAuthService</c> without a live directory server.
|
|
/// </summary>
|
|
internal interface ILdapConnection : IDisposable
|
|
{
|
|
/// <summary>
|
|
/// Opens (and optionally upgrades to TLS) a connection to the given host.
|
|
/// </summary>
|
|
/// <param name="host">The LDAP server hostname or IP.</param>
|
|
/// <param name="port">The LDAP server port.</param>
|
|
/// <param name="transport">The transport security mode.</param>
|
|
/// <param name="allowInsecure">
|
|
/// When <see langword="true"/> AND no <paramref name="serverCertificateValidationCallback"/> is
|
|
/// supplied, TLS server-certificate validation is bypassed (dev/test only). Ignored when a
|
|
/// validation callback is supplied (the callback wins) or for plaintext transport.
|
|
/// </param>
|
|
/// <param name="timeoutMs">The connection/operation timeout in milliseconds.</param>
|
|
/// <param name="serverCertificateValidationCallback">
|
|
/// Optional TLS server-certificate validation callback. When <see langword="null"/>, the OS trust
|
|
/// store is used (the client does not blind-accept).
|
|
/// </param>
|
|
void Connect(
|
|
string host,
|
|
int port,
|
|
LdapTransport transport,
|
|
bool allowInsecure,
|
|
int timeoutMs,
|
|
RemoteCertificateValidationCallback? serverCertificateValidationCallback);
|
|
|
|
/// <summary>Binds with the supplied DN and password. Throws <c>LdapException</c> on bad credentials.</summary>
|
|
void Bind(string dn, string password);
|
|
|
|
/// <summary>Executes a subtree search and returns all matching entries.</summary>
|
|
IReadOnlyList<LdapSearchEntry> Search(string searchBase, string filter, IReadOnlyList<string> attributes);
|
|
}
|
|
|
|
/// <summary>Factory that produces <see cref="ILdapConnection"/> instances.</summary>
|
|
internal interface ILdapConnectionFactory
|
|
{
|
|
ILdapConnection Create();
|
|
}
|