From c79d7ac551dfd8f988567bc7a95f7fd8240109a5 Mon Sep 17 00:00:00 2001 From: Daniel Heimburg <5831617+danielheimburg@users.noreply.github.com> Date: Wed, 8 Apr 2026 19:01:18 +0200 Subject: [PATCH] Make Microsoft directory sync group filter case-insensitive --- .../enterprise/directory_sync/microsoft.rs | 22 ++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/crates/defguard_core/src/enterprise/directory_sync/microsoft.rs b/crates/defguard_core/src/enterprise/directory_sync/microsoft.rs index 7e02645e7f..a634cb01fc 100644 --- a/crates/defguard_core/src/enterprise/directory_sync/microsoft.rs +++ b/crates/defguard_core/src/enterprise/directory_sync/microsoft.rs @@ -228,6 +228,12 @@ impl MicrosoftDirectorySync { result } + fn matches_group_filter(&self, display_name: &str) -> bool { + self.group_filter + .iter() + .any(|filter| filter.eq_ignore_ascii_case(display_name)) + } + async fn query_test_connection(&self) -> Result<(), DirectorySyncError> { let access_token = self .access_token @@ -421,7 +427,7 @@ impl MicrosoftDirectorySync { ); combined_response.value.retain(|group| { if let Some(display_name) = &group.display_name { - self.group_filter.contains(display_name) + self.matches_group_filter(display_name) } else { warn!( "Group with ID {} doesn't have a display name set, skipping its synchronization.", @@ -728,4 +734,18 @@ mod tests { assert_eq!(users[0].email, "email@email.com".to_string()); assert_eq!(users[1].email, "email2@email.com".to_string()); } + + #[test] + fn test_group_filter_match_is_case_insensitive() { + let client = MicrosoftDirectorySync::new( + "client_id".to_string(), + "client_secret".to_string(), + "https://login.microsoftonline.com/tenant/v2.0".to_string(), + vec!["developers".to_string()], + ); + + assert!(client.matches_group_filter("Developers")); + assert!(client.matches_group_filter("developers")); + assert!(!client.matches_group_filter("Infra")); + } }