package auth

import "testing"

func TestNewLDAPAuthenticatorDefaultsFilter(t *testing.T) {
	authenticator, err := NewLDAPAuthenticator(LDAPConfig{UsernameAttribute: "uid"})
	if err != nil {
		t.Fatalf("NewLDAPAuthenticator returned error: %v", err)
	}
	if authenticator.cfg.UserFilter != "({username_attribute}={username})" {
		t.Fatalf("unexpected filter: %q", authenticator.cfg.UserFilter)
	}
}

func TestNewLDAPAuthenticatorRejectsUnsafeAttribute(t *testing.T) {
	_, err := NewLDAPAuthenticator(LDAPConfig{UsernameAttribute: "uid)(|(uid=*"})
	if err == nil {
		t.Fatal("expected unsafe attribute error")
	}
}

func TestRenderFilter(t *testing.T) {
	got := renderFilter("({username_attribute}={username})", map[string]string{
		"username_attribute": "uid",
		"username":           "alice",
	})
	if got != "(uid=alice)" {
		t.Fatalf("unexpected filter: %q", got)
	}
}