From b20522f1505bf7278fa23d5e2ab6cfca645aed9d Mon Sep 17 00:00:00 2001
From: Wikid82 <jhatfield82@gmail.com>
Date: Tue, 25 Nov 2025 23:06:05 +0000
Subject: [PATCH] feat: add IdentityStore support to security app configuration

---
 backend/internal/caddy/config.go      |  8 +++++---
 backend/internal/caddy/config_test.go | 18 +++++++++---------
 backend/internal/caddy/types.go       | 11 ++++++++++-
 3 files changed, 24 insertions(+), 13 deletions(-)

diff --git a/backend/internal/caddy/config.go b/backend/internal/caddy/config.go
index 1128ffca..2a965994 100644
--- a/backend/internal/caddy/config.go
+++ b/backend/internal/caddy/config.go
@@ -341,6 +341,7 @@ func generateSecurityApp(authUsers []models.AuthUser, authProviders []models.Aut
 	securityConfig := &SecurityConfig{
 		AuthenticationPortals: make([]*AuthPortal, 0),
 		IdentityProviders:     make([]*IdentityProvider, 0),
+		IdentityStores:        make([]*IdentityStore, 0),
 		AuthorizationPolicies: make([]*AuthzPolicy, 0),
 	}
 
@@ -361,11 +362,12 @@ func generateSecurityApp(authUsers []models.AuthUser, authProviders []models.Aut
 			"profile_enabled": true,
 		},
 		IdentityProviders: make([]string, 0),
+		IdentityStores:    make([]string, 0),
 	}
 
 	// Add local backend if we have local users
 	if len(authUsers) > 0 {
-		localProvider := &IdentityProvider{
+		localStore := &IdentityStore{
 			Name: "local",
 			Kind: "local",
 			Params: map[string]interface{}{
@@ -373,8 +375,8 @@ func generateSecurityApp(authUsers []models.AuthUser, authProviders []models.Aut
 				"users": convertAuthUsersToConfig(authUsers),
 			},
 		}
-		securityConfig.IdentityProviders = append(securityConfig.IdentityProviders, localProvider)
-		portal.IdentityProviders = append(portal.IdentityProviders, "local")
+		securityConfig.IdentityStores = append(securityConfig.IdentityStores, localStore)
+		portal.IdentityStores = append(portal.IdentityStores, "local")
 	}
 
 	// Add OAuth providers
diff --git a/backend/internal/caddy/config_test.go b/backend/internal/caddy/config_test.go
index 055e5975..9c30880b 100644
--- a/backend/internal/caddy/config_test.go
+++ b/backend/internal/caddy/config_test.go
@@ -253,17 +253,17 @@ func TestGenerateSecurityApp(t *testing.T) {
 		require.NotNil(t, app)
 		require.NotNil(t, app.Config)
 
-		// Check Identity Providers
-		require.Len(t, app.Config.IdentityProviders, 1)
-		localProvider := app.Config.IdentityProviders[0]
-		require.Equal(t, "local", localProvider.Name)
-		require.Equal(t, "local", localProvider.Kind)
+		// Check Identity Stores
+		require.Len(t, app.Config.IdentityStores, 1)
+		localStore := app.Config.IdentityStores[0]
+		require.Equal(t, "local", localStore.Name)
+		require.Equal(t, "local", localStore.Kind)
 
 		// Check Portal
 		require.Len(t, app.Config.AuthenticationPortals, 1)
 		portal := app.Config.AuthenticationPortals[0]
 		require.Equal(t, "cpmp_portal", portal.Name)
-		require.Contains(t, portal.IdentityProviders, "local")
+		require.Contains(t, portal.IdentityStores, "local")
 	})
 
 	t.Run("with disabled users", func(t *testing.T) {
@@ -273,10 +273,10 @@ func TestGenerateSecurityApp(t *testing.T) {
 		}
 		app := generateSecurityApp(users, nil, nil)
 
-		require.Len(t, app.Config.IdentityProviders, 1)
-		localProvider := app.Config.IdentityProviders[0]
+		require.Len(t, app.Config.IdentityStores, 1)
+		localStore := app.Config.IdentityStores[0]
 
-		usersConfig := localProvider.Params["users"].([]map[string]interface{})
+		usersConfig := localStore.Params["users"].([]map[string]interface{})
 		require.Len(t, usersConfig, 1)
 		require.Equal(t, "active", usersConfig[0]["username"])
 	})
diff --git a/backend/internal/caddy/types.go b/backend/internal/caddy/types.go
index 558231dd..e42c35c5 100644
--- a/backend/internal/caddy/types.go
+++ b/backend/internal/caddy/types.go
@@ -246,6 +246,7 @@ type SecurityConfig struct {
 	AuthenticationPortals []*AuthPortal       `json:"authentication_portals,omitempty"`
 	AuthorizationPolicies []*AuthzPolicy      `json:"authorization_policies,omitempty"`
 	IdentityProviders     []*IdentityProvider `json:"identity_providers,omitempty"`
+	IdentityStores        []*IdentityStore    `json:"identity_stores,omitempty"`
 }
 
 // AuthPortal represents an authentication portal configuration.
@@ -255,6 +256,7 @@ type AuthPortal struct {
 	CookieDomain          string                 `json:"cookie_domain,omitempty"`
 	CookieConfig          map[string]interface{} `json:"cookie_config,omitempty"`
 	IdentityProviders     []string               `json:"identity_providers,omitempty"`
+	IdentityStores        []string               `json:"identity_stores,omitempty"`
 	TokenValidatorOptions map[string]interface{} `json:"token_validator_options,omitempty"`
 	CryptoKeyStoreConfig  map[string]interface{} `json:"crypto_key_store_config,omitempty"`
 	TokenGrantorOptions   map[string]interface{} `json:"token_grantor_options,omitempty"`
@@ -267,7 +269,14 @@ type AuthPortal struct {
 // IdentityProvider represents an identity provider configuration.
 type IdentityProvider struct {
 	Name   string                 `json:"name"`
-	Kind   string                 `json:"kind"` // "oauth", "local", etc.
+	Kind   string                 `json:"kind"` // "oauth", "saml"
+	Params map[string]interface{} `json:"params,omitempty"`
+}
+
+// IdentityStore represents an identity store configuration.
+type IdentityStore struct {
+	Name   string                 `json:"name"`
+	Kind   string                 `json:"kind"` // "local", "ldap"
 	Params map[string]interface{} `json:"params,omitempty"`
 }