From f7fe0c6ea0e4c889d7aef1d5f5fdfd1ddf8e47ee Mon Sep 17 00:00:00 2001 From: Valentin Tolmer Date: Tue, 16 Sep 2025 14:18:33 +0200 Subject: [PATCH] ldap: fix swapped filter conditions --- crates/ldap/src/core/group.rs | 4 ++-- crates/ldap/src/core/user.rs | 4 ++-- crates/ldap/src/search.rs | 26 +++++++++----------------- 3 files changed, 13 insertions(+), 21 deletions(-) diff --git a/crates/ldap/src/core/group.rs b/crates/ldap/src/core/group.rs index 86b76a8..a4a467e 100644 --- a/crates/ldap/src/core/group.rs +++ b/crates/ldap/src/core/group.rs @@ -276,7 +276,7 @@ fn convert_group_filter( let res = filters .iter() .map(rec) - .filter(|f| !matches!(f, Ok(GroupRequestFilter::False))) + .filter(|f| !matches!(f, Ok(GroupRequestFilter::True))) .flat_map(|f| match f { Ok(GroupRequestFilter::And(v)) => v.into_iter().map(Ok).collect(), f => vec![f], @@ -294,7 +294,7 @@ fn convert_group_filter( let res = filters .iter() .map(rec) - .filter(|c| !matches!(c, Ok(GroupRequestFilter::True))) + .filter(|c| !matches!(c, Ok(GroupRequestFilter::False))) .flat_map(|f| match f { Ok(GroupRequestFilter::Or(v)) => v.into_iter().map(Ok).collect(), f => vec![f], diff --git a/crates/ldap/src/core/user.rs b/crates/ldap/src/core/user.rs index 20287e3..260efa3 100644 --- a/crates/ldap/src/core/user.rs +++ b/crates/ldap/src/core/user.rs @@ -222,7 +222,7 @@ fn convert_user_filter( let res = filters .iter() .map(rec) - .filter(|c| !matches!(c, Ok(UserRequestFilter::False))) + .filter(|c| !matches!(c, Ok(UserRequestFilter::True))) .flat_map(|f| match f { Ok(UserRequestFilter::And(v)) => v.into_iter().map(Ok).collect(), f => vec![f], @@ -240,7 +240,7 @@ fn convert_user_filter( let res = filters .iter() .map(rec) - .filter(|c| !matches!(c, Ok(UserRequestFilter::True))) + .filter(|c| !matches!(c, Ok(UserRequestFilter::False))) .flat_map(|f| match f { Ok(UserRequestFilter::Or(v)) => v.into_iter().map(Ok).collect(), f => vec![f], diff --git a/crates/ldap/src/search.rs b/crates/ldap/src/search.rs index 3d2d8e7..b0913d7 100644 --- a/crates/ldap/src/search.rs +++ b/crates/ldap/src/search.rs @@ -762,10 +762,7 @@ mod tests { let mut mock = MockTestBackendHandler::new(); mock.expect_list_users() .with( - eq(Some(UserRequestFilter::And(vec![ - UserRequestFilter::True, - UserRequestFilter::UserId(UserId::new("bob")), - ]))), + eq(Some(UserRequestFilter::UserId(UserId::new("bob")))), eq(false), ) .times(1) @@ -1108,12 +1105,9 @@ mod tests { GroupRequestFilter::DisplayName("group_1".into()), GroupRequestFilter::Member(UserId::new("bob")), GroupRequestFilter::DisplayName("rockstars".into()), + false.into(), GroupRequestFilter::Uuid(uuid!("04ac75e0-2900-3e21-926c-2f732c26b3fc")), - true.into(), - true.into(), - true.into(), - true.into(), - true.into(), + false.into(), GroupRequestFilter::DisplayNameSubString(SubStringFilter { initial: Some("iNIt".to_owned()), any: vec!["1".to_owned(), "2aA".to_owned()], @@ -1298,10 +1292,9 @@ mod tests { async fn test_search_group_as_scope() { let mut mock = MockTestBackendHandler::new(); mock.expect_list_groups() - .with(eq(Some(GroupRequestFilter::And(vec![ - GroupRequestFilter::True, - GroupRequestFilter::DisplayName("rockstars".into()), - ])))) + .with(eq(Some(GroupRequestFilter::DisplayName( + "rockstars".into(), + )))) .times(1) .return_once(|_| Ok(vec![])); let ldap_handler = setup_bound_readonly_handler(mock).await; @@ -1413,9 +1406,9 @@ mod tests { eq(Some(UserRequestFilter::Or(vec![ UserRequestFilter::Not(Box::new(UserRequestFilter::UserId(UserId::new("bob")))), UserRequestFilter::UserId("bob_1".to_string().into()), - false.into(), - false.into(), - false.into(), + true.into(), + true.into(), + true.into(), UserRequestFilter::AttributeEquality( AttributeName::from("first_name"), "FirstName".to_string().into(), @@ -1424,7 +1417,6 @@ mod tests { AttributeName::from("first_name"), "firstname".to_string().into(), ), - false.into(), UserRequestFilter::UserIdSubString(SubStringFilter { initial: Some("iNIt".to_owned()), any: vec!["1".to_owned(), "2aA".to_owned()],