웍스 동기화 이력확인 기능추가

2026-06-02 10:41:33 +09:00
parent 75f192fb24
commit 565ef6b685
11 changed files with 3986 additions and 10 deletions
--- a/backend/internal/service/worksmobile_client_test.go
+++ b/backend/internal/service/worksmobile_client_test.go
@@ -671,7 +671,8 @@ func TestRedactWorksmobileOutboxPayloadsRemovesInitialPasswordFromOverview(t *te

 	redacted := redactWorksmobileOutboxPayloads(jobs)

-	require.Nil(t, redacted[0].Payload)
+	require.Equal(t, "tester@samaneng.com", redacted[0].Payload["loginEmail"])
+	require.NotContains(t, redacted[0].Payload, "initialPassword")
 }

 func TestCompareWorksmobileUsersHidesMatchedByDefault(t *testing.T) {
--- a/backend/internal/service/worksmobile_sync_service.go
+++ b/backend/internal/service/worksmobile_sync_service.go
@@ -180,13 +180,119 @@ func worksmobileDirectoryAuthConfigured() bool {

 func redactWorksmobileOutboxPayloads(jobs []domain.WorksmobileOutbox) []domain.WorksmobileOutbox {
 	for i := range jobs {
-		if jobs[i].Payload != nil {
-			jobs[i].Payload = nil
-		}
+		jobs[i].Payload = safeWorksmobileOutboxPayload(jobs[i].Payload)
 	}
 	return jobs
 }

+func safeWorksmobileOutboxPayload(payload domain.JSONMap) domain.JSONMap {
+	if payload == nil {
+		return nil
+	}
+	safe := domain.JSONMap{}
+	for _, key := range []string{
+		"tenantRootId",
+		"loginEmail",
+		"displayName",
+		"primaryLeafOrgName",
+		"credentialBatchId",
+		"credentialOperation",
+		"credentialBatchCreatedAt",
+		"worksmobileId",
+		"externalKey",
+		"domainId",
+		"name",
+		"email",
+		"matchLocalPart",
+		"baronStatus",
+	} {
+		if value, ok := payload[key]; ok && safeWorksmobilePayloadValue(value) != nil {
+			safe[key] = value
+		}
+	}
+	if summary := safeWorksmobileRequestSummary(payload["request"]); len(summary) > 0 {
+		safe["requestSummary"] = summary
+	}
+	return safe
+}
+
+func safeWorksmobilePayloadValue(value any) any {
+	switch v := value.(type) {
+	case string:
+		if strings.TrimSpace(v) == "" {
+			return nil
+		}
+		return v
+	case nil:
+		return nil
+	default:
+		return value
+	}
+}
+
+func safeWorksmobileRequestSummary(request any) domain.JSONMap {
+	switch v := request.(type) {
+	case WorksmobileUserPayload:
+		summary := domain.JSONMap{}
+		safeSetWorksmobileSummary(summary, "email", v.Email)
+		safeSetWorksmobileSummary(summary, "displayName", v.UserName.LastName)
+		safeSetWorksmobileSummary(summary, "userExternalKey", v.UserExternalKey)
+		safeSetWorksmobileSummary(summary, "cellPhone", v.CellPhone)
+		safeSetWorksmobileSummary(summary, "employeeNumber", v.EmployeeNumber)
+		safeSetWorksmobileSummary(summary, "task", v.Task)
+		return summary
+	case WorksmobilePasswordResetPayload:
+		summary := domain.JSONMap{}
+		safeSetWorksmobileSummary(summary, "email", v.Email)
+		return summary
+	case WorksmobileOrgUnitPayload:
+		summary := domain.JSONMap{}
+		safeSetWorksmobileSummary(summary, "email", v.Email)
+		safeSetWorksmobileSummary(summary, "orgUnitName", v.OrgUnitName)
+		safeSetWorksmobileSummary(summary, "orgUnitExternalKey", v.OrgUnitExternalKey)
+		safeSetWorksmobileSummary(summary, "parentOrgUnitId", v.ParentOrgUnitID)
+		if v.DomainID > 0 {
+			summary["domainId"] = v.DomainID
+		}
+		return summary
+	case map[string]any:
+		return safeWorksmobileRequestSummaryFromMap(v)
+	case domain.JSONMap:
+		return safeWorksmobileRequestSummaryFromMap(map[string]any(v))
+	default:
+		return nil
+	}
+}
+
+func safeWorksmobileRequestSummaryFromMap(request map[string]any) domain.JSONMap {
+	summary := domain.JSONMap{}
+	for _, key := range []string{
+		"email",
+		"userExternalKey",
+		"cellPhone",
+		"employeeNumber",
+		"task",
+		"orgUnitName",
+		"orgUnitExternalKey",
+		"parentOrgUnitId",
+		"domainId",
+	} {
+		if value, ok := request[key]; ok && safeWorksmobilePayloadValue(value) != nil {
+			summary[key] = value
+		}
+	}
+	if userName, ok := request["userName"].(map[string]any); ok {
+		safeSetWorksmobileSummary(summary, "displayName", stringValue(userName["lastName"]))
+	}
+	return summary
+}
+
+func safeSetWorksmobileSummary(summary domain.JSONMap, key string, value string) {
+	if value = strings.TrimSpace(value); value != "" {
+		summary[key] = value
+	}
+}
+
 func (s *worksmobileSyncService) GetComparison(ctx context.Context, tenantID string, includeMatched bool) (WorksmobileComparison, error) {
 	root, err := s.hanmacRoot(ctx, tenantID)
 	if err != nil {
--- a/backend/internal/service/worksmobile_sync_service_test.go
+++ b/backend/internal/service/worksmobile_sync_service_test.go
@@ -415,6 +415,85 @@ func TestWorksmobileSyncServiceOverviewExposesAdminTenantIDForPasswordManageLink
 	require.Equal(t, "works-tenant-1", overview.Config.AdminTenantID)
 }

+func TestWorksmobileSyncServiceOverviewKeepsSafeRecentJobChangeLogPayload(t *testing.T) {
+	root := domain.Tenant{
+		ID:   "root-tenant",
+		Slug: HanmacFamilyTenantSlug,
+		Name: "한맥가족",
+	}
+	outboxRepo := &fakeWorksmobileOutboxRepo{
+		recent: []domain.WorksmobileOutbox{
+			{
+				ID:           "job-user-upsert",
+				ResourceType: domain.WorksmobileResourceUser,
+				ResourceID:   "user-1",
+				Action:       domain.WorksmobileActionUpsert,
+				Status:       domain.WorksmobileOutboxStatusProcessed,
+				Payload: domain.JSONMap{
+					"loginEmail":         "changed@example.com",
+					"displayName":        "변경 사용자",
+					"primaryLeafOrgName": "인재성장",
+					"initialPassword":    "Secret123!",
+					"request": WorksmobileUserPayload{
+						Email:           "changed@example.com",
+						UserExternalKey: "user-1",
+						UserName:        WorksmobileUserName{LastName: "변경 사용자"},
+						PasswordConfig:  WorksmobilePasswordConfig{Password: "Secret123!"},
+					},
+				},
+			},
+			{
+				ID:           "job-org-upsert",
+				ResourceType: domain.WorksmobileResourceOrgUnit,
+				ResourceID:   "org-1",
+				Action:       domain.WorksmobileActionUpsert,
+				Status:       domain.WorksmobileOutboxStatusProcessed,
+				Payload: domain.JSONMap{
+					"matchLocalPart": "people-growth",
+					"request": WorksmobileOrgUnitPayload{
+						OrgUnitName:        "인재성장",
+						Email:              "people-growth@example.com",
+						OrgUnitExternalKey: "org-1",
+						ParentOrgUnitID:    "externalKey:parent-1",
+					},
+				},
+			},
+		},
+	}
+	service := NewWorksmobileSyncService(
+		&fakeWorksmobileTenantService{tenants: map[string]domain.Tenant{root.ID: root}},
+		&fakeWorksmobileUserRepo{},
+		outboxRepo,
+		nil,
+	)
+
+	overview, err := service.GetTenantOverview(context.Background(), root.ID)
+
+	require.NoError(t, err)
+	require.Len(t, overview.RecentJobs, 2)
+	userPayload := overview.RecentJobs[0].Payload
+	require.Equal(t, "changed@example.com", userPayload["loginEmail"])
+	require.Equal(t, "변경 사용자", userPayload["displayName"])
+	require.Equal(t, "인재성장", userPayload["primaryLeafOrgName"])
+	require.NotContains(t, userPayload, "initialPassword")
+	require.NotContains(t, userPayload, "request")
+	require.Equal(t, domain.JSONMap{
+		"email":           "changed@example.com",
+		"displayName":     "변경 사용자",
+		"userExternalKey": "user-1",
+	}, userPayload["requestSummary"])
+
+	orgPayload := overview.RecentJobs[1].Payload
+	require.Equal(t, "people-growth", orgPayload["matchLocalPart"])
+	require.NotContains(t, orgPayload, "request")
+	require.Equal(t, domain.JSONMap{
+		"email":              "people-growth@example.com",
+		"orgUnitName":        "인재성장",
+		"orgUnitExternalKey": "org-1",
+		"parentOrgUnitId":    "externalKey:parent-1",
+	}, orgPayload["requestSummary"])
+}
+
 func TestCompareWorksmobileGroupsUsesOrganizationsAndBarongroupChildCompanies(t *testing.T) {
 	parentID := "root-tenant"
 	root := domain.Tenant{