npm - @opengovsg/mockpass - Versions diffs - 3.1.2 → 3.1.3 - Mend

@opengovsg/mockpass 3.1.2 → 3.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/.eslintrc.json CHANGED Viewed

@@ -4,7 +4,7 @@
     "plugin:prettier/recommended"
   ],
   "parserOptions": {
-    "ecmaVersion": 2018
+    "ecmaVersion": 2020
   },
   "env": {
     "node": true,

package/lib/auth-code.js CHANGED Viewed

@@ -4,9 +4,9 @@ const crypto = require('crypto')
 const AUTH_CODE_TIMEOUT = 5 * 60 * 1000
 const profileAndNonceStore = new ExpiryMap(AUTH_CODE_TIMEOUT)
-const generateAuthCode = ({ profile, nonce }) => {
+const generateAuthCode = ({ profile, scopes, nonce }) => {
   const authCode = crypto.randomBytes(45).toString('base64')
-  profileAndNonceStore.set(authCode, { profile, nonce })
+  profileAndNonceStore.set(authCode, { profile, scopes, nonce })
   return authCode
 }

package/lib/express/sgid.js CHANGED Viewed

@@ -35,11 +35,13 @@ function config(app, { showLoginPage, serviceProvider }) {
   app.get(`${PATH_PREFIX}/authorize`, (req, res) => {
     const { redirect_uri: redirectURI, state, nonce } = req.query
+    const scopes = req.query.scope ?? 'openid'
+    console.info(`Requested scope ${scopes}`)
     if (showLoginPage(req)) {
       const values = profiles
         .filter((profile) => assertions.myinfo.v3.personas[profile.nric])
         .map((profile) => {
-          const authCode = generateAuthCode({ profile, nonce })
+          const authCode = generateAuthCode({ profile, scopes, nonce })
           const assertURL = buildAssertURL(redirectURI, authCode, state)
           const id = idGenerator.singPass(profile)
           return { id, assertURL }
@@ -48,9 +50,9 @@ function config(app, { showLoginPage, serviceProvider }) {
       res.send(response)
     } else {
       const profile = defaultProfile
-      const authCode = generateAuthCode({ profile, nonce })
+      const authCode = generateAuthCode({ profile, scopes, nonce })
       const assertURL = buildAssertURL(redirectURI, authCode, state)
-      console.warn(
+      console.info(
         `Redirecting login from ${req.query.client_id} to ${assertURL}`,
       )
       res.redirect(assertURL)
@@ -65,13 +67,16 @@ function config(app, { showLoginPage, serviceProvider }) {
       console.log(req.body)
       const { client_id: aud, code: authCode } = req.body
-      console.warn(
+      console.info(
         `Received auth code ${authCode} from ${aud} and ${req.body.redirect_uri}`,
       )
-      try {
-        const { profile, nonce } = lookUpByAuthCode(authCode)
-        const accessToken = profile.uuid
+      try {
+        const { profile, scopes, nonce } = lookUpByAuthCode(authCode)
+        console.info(
+          `Profile ${JSON.stringify(profile)} with token scope ${scopes}`,
+        )
+        const accessToken = authCode
         const iss = `${req.protocol}://${req.get('host')}`
         const { idTokenClaims, refreshToken } = assertions.oidc.create.singPass(
@@ -97,7 +102,7 @@ function config(app, { showLoginPage, serviceProvider }) {
           access_token: accessToken,
           refresh_token: refreshToken,
           expires_in: 24 * 60 * 60,
-          scope: 'openid',
+          scope: scopes,
           token_type: 'Bearer',
           id_token: idToken,
         })
@@ -109,45 +114,44 @@ function config(app, { showLoginPage, serviceProvider }) {
   )
   app.get(`${PATH_PREFIX}/userinfo`, async (req, res) => {
-    const uuid = (
+    const authCode = (
       req.headers.authorization || req.headers.Authorization
     ).replace('Bearer ', '')
+    // eslint-disable-next-line no-unused-vars
+    const { profile, scopes, unused } = lookUpByAuthCode(authCode)
+    const uuid = profile.uuid
     const nric = assertions.oidc.singPass.find((p) => p.uuid === uuid).nric
     const persona = assertions.myinfo.v3.personas[nric]
-    const name = persona.name.value
-    const dateOfBirth = persona.dob.value
+    console.info(`userinfo scopes ${scopes}`)
     const payloadKey = await jose.JWK.createKey('oct', 256, {
       alg: 'A256GCM',
     })
-    const encryptedNric = await jose.JWE.createEncrypt(
-      { format: 'compact' },
-      payloadKey,
-    )
-      .update(nric)
-      .final()
-    const encryptedName = await jose.JWE.createEncrypt(
-      { format: 'compact' },
-      payloadKey,
-    )
-      .update(name)
-      .final()
-    const encryptedDateOfBirth = await jose.JWE.createEncrypt(
-      { format: 'compact' },
-      payloadKey,
-    )
-      .update(dateOfBirth)
-      .final()
-    const data = {
-      'myinfo.nric_number': encryptedNric,
-      'myinfo.name': encryptedName,
-      'myinfo.date_of_birth': encryptedDateOfBirth,
+    const encryptPayload = async (field) => {
+      return await jose.JWE.createEncrypt({ format: 'compact' }, payloadKey)
+        .update(field)
+        .final()
     }
+    const encryptedNric = await encryptPayload(nric)
+    const scopesArr = scopes
+      .split(' ')
+      .filter((field) => field !== 'openid' && field !== 'myinfo.nric_number')
+    console.info(`userinfo scopesArr ${scopesArr}`)
+    const myInfoFields = await Promise.all(
+      scopesArr.map((scope) =>
+        encryptPayload(sgIDScopeToMyInfoField(persona, scope)),
+      ),
+    )
+    const data = {}
+    scopesArr.forEach((name, index) => {
+      data[name] = myInfoFields[index]
+    })
+    data['myinfo.nric_number'] = encryptedNric
     const encryptionKey = await jose.JWK.asKey(serviceProvider.pubKey, 'pem')
     const plaintextPayloadKey = JSON.stringify(payloadKey.toJSON(true))
-    console.log(plaintextPayloadKey)
     const encryptedPayloadKey = await jose.JWE.createEncrypt(
       { format: 'compact' },
       encryptionKey,
@@ -179,6 +183,9 @@ function config(app, { showLoginPage, serviceProvider }) {
       jwks_uri: `${issuer}/.well-known/jwks.json`,
       response_types_supported: ['code'],
       grant_types_supported: ['authorization_code'],
+      // Note: some of these scopes are not yet officially documented
+      // in https://docs.id.gov.sg/data-catalog
+      // So they are not officially supported yet.
       scopes_supported: [
         'openid',
         'myinfo.nric_number',
@@ -203,4 +210,43 @@ function config(app, { showLoginPage, serviceProvider }) {
   })
 }
+const concatMyInfoRegAddr = (regadd) => {
+  const line1 =
+    !!regadd.block.value || !!regadd.street.value
+      ? `${regadd.block.value} ${regadd.street.value}`
+      : ''
+  const line2 =
+    !!regadd.floor.value || !!regadd.unit.value
+      ? `#${regadd.floor.value}-${regadd.unit.value}`
+      : ''
+  const line3 =
+    !!regadd.country.desc || !!regadd.postal.value
+      ? `${regadd.country.desc} ${regadd.postal.value}`
+      : ''
+  return `${line1}\n${line2}\n${line3}`
+}
+// Refer to https://docs.id.gov.sg/data-catalog
+const sgIDScopeToMyInfoField = (persona, scope) => {
+  switch (scope) {
+    // No NRIC as that is always returned by default
+    case 'myinfo.name':
+      return persona.name.value
+    case 'myinfo.email':
+      return persona.email.value
+    case 'myinfo.mobile_number':
+      return persona.mobileno.nbr.value
+    case 'myinfo.registered_address':
+      return concatMyInfoRegAddr(persona.regadd)
+    case 'myinfo.date_of_birth':
+      return persona.dob.value
+    case 'myinfo.passport_number':
+      return persona.passportnumber.value
+    case 'myinfo.passport_expiry_date':
+      return persona.passportexpirydate.value
+    default:
+      return ''
+  }
+}
 module.exports = config

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@opengovsg/mockpass",
-  "version": "3.1.2",
+  "version": "3.1.3",
   "description": "A mock SingPass/CorpPass server for dev purposes",
   "main": "index.js",
   "bin": {