@opengovsg/mockpass 2.7.8 → 2.8.0

package/README.md

@@ -59,7 +59,7 @@ $ export MOCKPASS_PORT=5156
 $ export MOCKPASS_NRIC=S8979373D
 $ export MOCKPASS_UEN=123456789A
 
-$ export SHOW_LOGIN_PAGE=true # Optional, defaults to `false`
+$ export SHOW_LOGIN_PAGE=true # Optional, defaults to `false`; can be overridden per request using `X-Show-Login-Page` HTTP header
 
 # Disable signing/encryption (Optional, by default `true`)
 $ export SIGN_ASSERTION=false

package/index.js

@@ -61,7 +61,9 @@ const options = {
       assertEndpoint: process.env.CORPPASS_ASSERT_ENDPOINT,
     },
   },
-  showLoginPage: process.env.SHOW_LOGIN_PAGE === 'true',
+  showLoginPage: (req) => {
+    return process.env.SHOW_LOGIN_PAGE === 'true' || req.header('X-Show-Login-Page') === 'true'
+  },
   encryptMyInfo: process.env.ENCRYPT_MYINFO === 'true',
   cryptoConfig,
 }

package/lib/express/oidc.js

@@ -30,7 +30,7 @@ function config(app, { showLoginPage, idpConfig, serviceProvider }) {
     app.get(`/${idp.toLowerCase()}/authorize`, (req, res) => {
       const redirectURI = req.query.redirect_uri
       const state = encodeURIComponent(req.query.state)
-      if (showLoginPage) {
+      if (showLoginPage(req)) {
         const oidc = assertions.oidc[idp]
         const values = oidc.map((rawId, index) => {
           const code = encodeURIComponent(

package/lib/express/saml.js

@@ -45,7 +45,7 @@ function config(
           : idpConfig[idp].assertEndpoint || req.query.PartnerId
       const relayState = req.query.Target
       const partnerId = idpConfig[idp].id
-      if (showLoginPage) {
+      if (showLoginPage(req)) {
         const saml = assertions.saml[idp]
         const values = saml.map((rawId, index) => {
           const samlArt = encodeURIComponent(samlArtifact(partnerId, index))

package/lib/express/sgid.js

@@ -30,7 +30,7 @@ function config(app, { showLoginPage, idpConfig, serviceProvider }) {
   app.get(`${PATH_PREFIX}/authorize`, (req, res) => {
     const redirectURI = req.query.redirect_uri
     const state = encodeURIComponent(req.query.state)
-    if (showLoginPage) {
+    if (showLoginPage(req)) {
       const oidc = assertions.oidc.singPass
       const values = oidc
         .filter((rawId) => assertions.myinfo.v3.personas[rawId])
@@ -92,6 +92,9 @@ function config(app, { showLoginPage, idpConfig, serviceProvider }) {
             nonce,
             accessToken,
           )
+        // Change sub from `s=${nric},u=${uuid}`
+        // to `u=${uuid}` to be consistent with userinfo sub
+        idTokenClaims.sub = idTokenClaims.sub.split(',')[1]
 
         const signingKey = await jose.JWK.asKey(signingPem, 'pem')
         const idToken = await jose.JWS.createSign(
@@ -106,7 +109,7 @@ function config(app, { showLoginPage, idpConfig, serviceProvider }) {
           refresh_token: refreshToken,
           expires_in: 24 * 60 * 60,
           scope: 'openid',
-          token_type: 'bearer',
+          token_type: 'Bearer',
           id_token: idToken,
         })
       } catch (error) {
@@ -129,13 +132,22 @@ function config(app, { showLoginPage, idpConfig, serviceProvider }) {
       alg: 'A256GCM',
     })
 
-    const encryptedNric = await jose.JWE.createEncrypt(payloadKey)
+    const encryptedNric = await jose.JWE.createEncrypt(
+      { format: 'compact' },
+      payloadKey,
+    )
       .update(nric)
       .final()
-    const encryptedName = await jose.JWE.createEncrypt(payloadKey)
+    const encryptedName = await jose.JWE.createEncrypt(
+      { format: 'compact' },
+      payloadKey,
+    )
       .update(name)
       .final()
-    const encryptedDateOfBirth = await jose.JWE.createEncrypt(payloadKey)
+    const encryptedDateOfBirth = await jose.JWE.createEncrypt(
+      { format: 'compact' },
+      payloadKey,
+    )
       .update(dateOfBirth)
       .final()
     const data = {
@@ -143,11 +155,14 @@ function config(app, { showLoginPage, idpConfig, serviceProvider }) {
       'myinfo.name': encryptedName,
       'myinfo.date_of_birth': encryptedDateOfBirth,
     }
-    const encryptionKey = await jose.JWK.asKey(serviceProvider.cert, 'pem')
+    const encryptionKey = await jose.JWK.asKey(serviceProvider.pubKey, 'pem')
 
     const plaintextPayloadKey = JSON.stringify(payloadKey.toJSON(true))
     console.log(plaintextPayloadKey)
-    const encryptedPayloadKey = await jose.JWE.createEncrypt(encryptionKey)
+    const encryptedPayloadKey = await jose.JWE.createEncrypt(
+      { format: 'compact' },
+      encryptionKey,
+    )
       .update(plaintextPayloadKey)
       .final()
     res.json({

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opengovsg/mockpass",
-  "version": "2.7.8",
+  "version": "2.8.0",
   "description": "A mock SingPass/CorpPass server for dev purposes",
   "main": "index.js",
   "bin": {
@@ -36,10 +36,10 @@
     "node": ">=8.0.0"
   },
   "dependencies": {
-    "@xmldom/xmldom": "^0.7.2",
+    "@xmldom/xmldom": "^0.8.0",
     "base-64": "^1.0.0",
     "cookie-parser": "^1.4.3",
-    "dotenv": "^10.0.0",
+    "dotenv": "^16.0.0",
     "expiry-map": "^1.1.0",
     "express": "^4.16.3",
     "jsonwebtoken": "^8.4.0",
@@ -50,20 +50,20 @@
     "node-jose": "^2.0.0",
     "uuid": "^8.0.0",
     "xml-crypto": "^2.1.2",
-    "xml-encryption": "^1.2.4",
+    "xml-encryption": "^2.0.0",
     "xpath": "0.0.32"
   },
   "devDependencies": {
-    "@commitlint/cli": "^13.1.0",
-    "@commitlint/config-conventional": "^13.1.0",
-    "@commitlint/travis-cli": "^13.1.0",
+    "@commitlint/cli": "^16.0.1",
+    "@commitlint/config-conventional": "^16.0.0",
+    "@commitlint/travis-cli": "^16.0.1",
     "commitizen": "^4.2.4",
     "cz-conventional-changelog": "^3.2.0",
-    "eslint": "^7.25.0",
+    "eslint": "^8.0.0",
     "eslint-config-prettier": "^8.3.0",
-    "eslint-plugin-prettier": "^3.4.0",
+    "eslint-plugin-prettier": "^4.0.0",
     "husky": "^7.0.0",
-    "lint-staged": "^11.0.0",
+    "lint-staged": "^12.0.2",
     "nodemon": "^2.0.4",
     "pinst": "^2.1.6",
     "prettier": "^2.0.5"