npm - @opengovsg/mockpass - Versions diffs - 2.7.10 → 2.8.1 - Mend

@opengovsg/mockpass 2.7.10 → 2.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -59,7 +59,7 @@ $ export MOCKPASS_PORT=5156
 $ export MOCKPASS_NRIC=S8979373D
 $ export MOCKPASS_UEN=123456789A
-$ export SHOW_LOGIN_PAGE=true # Optional, defaults to `false`
+$ export SHOW_LOGIN_PAGE=true # Optional, defaults to `false`; can be overridden per request using `X-Show-Login-Page` HTTP header
 # Disable signing/encryption (Optional, by default `true`)
 $ export SIGN_ASSERTION=false

package/index.js CHANGED Viewed

@@ -61,7 +61,9 @@ const options = {
       assertEndpoint: process.env.CORPPASS_ASSERT_ENDPOINT,
     },
   },
-  showLoginPage: process.env.SHOW_LOGIN_PAGE === 'true',
+  showLoginPage: (req) => {
+    return process.env.SHOW_LOGIN_PAGE === 'true' || req.header('X-Show-Login-Page') === 'true'
+  },
   encryptMyInfo: process.env.ENCRYPT_MYINFO === 'true',
   cryptoConfig,
 }

package/lib/express/oidc.js CHANGED Viewed

@@ -30,7 +30,7 @@ function config(app, { showLoginPage, idpConfig, serviceProvider }) {
     app.get(`/${idp.toLowerCase()}/authorize`, (req, res) => {
       const redirectURI = req.query.redirect_uri
       const state = encodeURIComponent(req.query.state)
-      if (showLoginPage) {
+      if (showLoginPage(req)) {
         const oidc = assertions.oidc[idp]
         const values = oidc.map((rawId, index) => {
           const code = encodeURIComponent(

package/lib/express/saml.js CHANGED Viewed

@@ -45,7 +45,7 @@ function config(
           : idpConfig[idp].assertEndpoint || req.query.PartnerId
       const relayState = req.query.Target
       const partnerId = idpConfig[idp].id
-      if (showLoginPage) {
+      if (showLoginPage(req)) {
         const saml = assertions.saml[idp]
         const values = saml.map((rawId, index) => {
           const samlArt = encodeURIComponent(samlArtifact(partnerId, index))

package/lib/express/sgid.js CHANGED Viewed

@@ -30,7 +30,7 @@ function config(app, { showLoginPage, idpConfig, serviceProvider }) {
   app.get(`${PATH_PREFIX}/authorize`, (req, res) => {
     const redirectURI = req.query.redirect_uri
     const state = encodeURIComponent(req.query.state)
-    if (showLoginPage) {
+    if (showLoginPage(req)) {
       const oidc = assertions.oidc.singPass
       const values = oidc
         .filter((rawId) => assertions.myinfo.v3.personas[rawId])
@@ -92,6 +92,9 @@ function config(app, { showLoginPage, idpConfig, serviceProvider }) {
             nonce,
             accessToken,
           )
+        // Change sub from `s=${nric},u=${uuid}`
+        // to `u=${uuid}` to be consistent with userinfo sub
+        idTokenClaims.sub = idTokenClaims.sub.split(',')[1]
         const signingKey = await jose.JWK.asKey(signingPem, 'pem')
         const idToken = await jose.JWS.createSign(
@@ -106,7 +109,7 @@ function config(app, { showLoginPage, idpConfig, serviceProvider }) {
           refresh_token: refreshToken,
           expires_in: 24 * 60 * 60,
           scope: 'openid',
-          token_type: 'bearer',
+          token_type: 'Bearer',
           id_token: idToken,
         })
       } catch (error) {
@@ -129,13 +132,22 @@ function config(app, { showLoginPage, idpConfig, serviceProvider }) {
       alg: 'A256GCM',
     })
-    const encryptedNric = await jose.JWE.createEncrypt(payloadKey)
+    const encryptedNric = await jose.JWE.createEncrypt(
+      { format: 'compact' },
+      payloadKey,
+    )
       .update(nric)
       .final()
-    const encryptedName = await jose.JWE.createEncrypt(payloadKey)
+    const encryptedName = await jose.JWE.createEncrypt(
+      { format: 'compact' },
+      payloadKey,
+    )
       .update(name)
       .final()
-    const encryptedDateOfBirth = await jose.JWE.createEncrypt(payloadKey)
+    const encryptedDateOfBirth = await jose.JWE.createEncrypt(
+      { format: 'compact' },
+      payloadKey,
+    )
       .update(dateOfBirth)
       .final()
     const data = {
@@ -143,11 +155,14 @@ function config(app, { showLoginPage, idpConfig, serviceProvider }) {
       'myinfo.name': encryptedName,
       'myinfo.date_of_birth': encryptedDateOfBirth,
     }
-    const encryptionKey = await jose.JWK.asKey(serviceProvider.cert, 'pem')
+    const encryptionKey = await jose.JWK.asKey(serviceProvider.pubKey, 'pem')
     const plaintextPayloadKey = JSON.stringify(payloadKey.toJSON(true))
     console.log(plaintextPayloadKey)
-    const encryptedPayloadKey = await jose.JWE.createEncrypt(encryptionKey)
+    const encryptedPayloadKey = await jose.JWE.createEncrypt(
+      { format: 'compact' },
+      encryptionKey,
+    )
       .update(plaintextPayloadKey)
       .final()
     res.json({

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@opengovsg/mockpass",
-  "version": "2.7.10",
+  "version": "2.8.1",
   "description": "A mock SingPass/CorpPass server for dev purposes",
   "main": "index.js",
   "bin": {
@@ -39,8 +39,8 @@
     "@xmldom/xmldom": "^0.8.0",
     "base-64": "^1.0.0",
     "cookie-parser": "^1.4.3",
-    "dotenv": "^10.0.0",
-    "expiry-map": "^1.1.0",
+    "dotenv": "^16.0.0",
+    "expiry-map": "^2.0.0",
     "express": "^4.16.3",
     "jsonwebtoken": "^8.4.0",
     "lodash": "^4.17.11",
@@ -50,7 +50,7 @@
     "node-jose": "^2.0.0",
     "uuid": "^8.0.0",
     "xml-crypto": "^2.1.2",
-    "xml-encryption": "^1.2.4",
+    "xml-encryption": "^2.0.0",
     "xpath": "0.0.32"
   },
   "devDependencies": {
@@ -65,7 +65,7 @@
     "husky": "^7.0.0",
     "lint-staged": "^12.0.2",
     "nodemon": "^2.0.4",
-    "pinst": "^2.1.6",
+    "pinst": "^3.0.0",
     "prettier": "^2.0.5"
   },
   "lint-staged": {