@opengovsg/mockpass 4.1.0 → 4.3.3

package/.github/workflows/publish.yml

@@ -0,0 +1,46 @@
+name: Publish
+
+on:
+  release:
+    types: [created]
+
+jobs:
+  publish-npm:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 'lts/*'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+          registry-url: https://registry.npmjs.org/
+      - run: npm ci
+      - run: npm publish --access public
+        env:
+          NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
+  publish-docker:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 'lts/*'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+          registry-url: https://registry.npmjs.org/
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_PASS }}
+      - run: echo TAGNAME=`echo ${{ github.ref_name }} | sed 's/v//'` >> ${GITHUB_ENV}
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          tags: |
+            opengovsg/mockpass:latest
+            opengovsg/mockpass:${{ env.TAGNAME }}

package/.husky/install.mjs

@@ -0,0 +1,6 @@
+// Skip Husky install in production and CI
+if (process.env.NODE_ENV === 'production' || process.env.CI === 'true') {
+  process.exit(0)
+}
+const husky = (await import('husky')).default
+console.log(husky())

package/.husky/pre-commit

@@ -1,4 +1 @@
-#!/bin/sh
-. "$(dirname "$0")/_/husky.sh"
-
 npx lint-staged

package/.husky/pre-push

@@ -1,4 +1 @@
-#!/bin/sh
-. "$(dirname "$0")/_/husky.sh"
-
 npx commitlint --from origin/main --to HEAD --verbose

package/Dockerfile

@@ -4,6 +4,8 @@ WORKDIR /usr/src/mockpass
 
 COPY package* ./
 
+COPY ./.husky ./.husky
+
 RUN npm ci
 
 COPY . ./

package/README.md

@@ -84,13 +84,13 @@ Configure your application (or MockPass) with certificates/keys:
 MockPass accepts any value for `client_id`, `redirect_uri` and `sp_esvcId`.
 The `client_secret` value will be checked if configured, see below.
 
-Only the profiles (NRICs) that have entries in Mockpass' static dataset will
+Only the profiles (NRICs) that have entries in Mockpass' personas dataset will
 succeed, using other NRICs will result in an error. See the list of personas in
 [static/myinfo/v3.json](static/myinfo/v3.json).
 
 | Configuration item | Explanation |
 |---|---|
-| Client certificate | **Overview:** When client makes any request, what certificate is used to verify the request signature, and what certificate is used to encrypt the data payload. <br> **Default:** static certificate/key `static/certs/(server.crt|key.pub)` are used. <br> **How to configure:** Set the env var `SERVICE_PROVIDER_PUB_KEY` to the path to a public key PEM file, and `SERVICE_PROVIDER_CERT_PATH` to the path to a certificate PEM file. (A certificate PEM file can also be provided to `SERVICE_PROVIDER_PUB_KEY`, despite the env var name.) |
+| Client certificate | **Overview:** When client makes any request, what certificate is used to verify the request signature, and what certificate is used to encrypt the data payload. <br> **Default:** static certificate/key `static/certs/(server.crt\|key.pub)` are used. <br> **How to configure:** Set the env var `SERVICE_PROVIDER_PUB_KEY` to the path to a public key PEM file, and `SERVICE_PROVIDER_CERT_PATH` to the path to a certificate PEM file. (A certificate PEM file can also be provided to `SERVICE_PROVIDER_PUB_KEY`, despite the env var name.) |
 | Client secret | **Overview:** When client makes a Token request, whether MockPass verifies the request signature. <br> **Default:** Disabled. <br> **How to configure:** Enable for all requests by setting the env var `SERVICE_PROVIDER_MYINFO_SECRET` to some non-blank string. Provide this value to your application as well. |
 | Payload encryption | **Overview:** When client makes a Person or Person-Basic request, whether MockPass encrypts the data payload. When client makes a Person request, whether MockPass verifies the request signature. <br> **Default:** Disabled. <br> **How to configure:** Enable for all requests by setting the env var `ENCRYPT_MYINFO` to `true`. |
 
@@ -119,10 +119,19 @@ Configure your application (or MockPass) with certificates/keys:
 
 MockPass accepts any value for `client_id`, `client_secret` and `redirect_uri`.
 
-Only the profiles (NRICs) that have entries in Mockpass' static dataset will
+Only the profiles (NRICs) that have entries in Mockpass' personas dataset will
 succeed, using other NRICs will result in an error. See the list of personas in 
 [static/myinfo/v3.json](static/myinfo/v3.json).
 
+If the Public Officer Employment Details data item is requested, the 
+`pocdex.public_officer_details` scope data is sourced from the
+`publicofficerdetails` data key (where present) on personas.
+Most personas do not have this data key configured, and will result in a `"NA"`
+response instead of an stringified array. As these personas are not identified
+in the login page dropdown, please check the personas dataset linked above to
+identify them.
+The `pocdex.number_of_employments` scope is not supported.
+
 | Configuration item | Explanation |
 |---|---|
 | Client certificate | **Overview:** When client makes any request, what certificate is used to verify the request signature, and what certificate is used to encrypt the data payload. <br> **Default:** static key `static/certs/key.pub` is used. <br> **How to configure:** Set the env var `SERVICE_PROVIDER_PUB_KEY` to the path to a public key PEM file. (A certificate PEM file can also be provided, despite the env var name.) |

package/eslint.config.mjs

@@ -0,0 +1,24 @@
+import globals from "globals";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+import js from "@eslint/js";
+import { FlatCompat } from "@eslint/eslintrc";
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+const compat = new FlatCompat({
+    baseDirectory: __dirname,
+    recommendedConfig: js.configs.recommended,
+    allConfig: js.configs.all
+});
+
+export default [...compat.extends("eslint:recommended", "plugin:prettier/recommended"), {
+    languageOptions: {
+        globals: {
+            ...globals.node,
+        },
+
+        ecmaVersion: 2020,
+        sourceType: "commonjs",
+    },
+}];

package/lib/express/myinfo/consent.js

@@ -20,13 +20,7 @@ const CONSENT_TEMPLATE = fs.readFileSync(
 const authorizations = {}
 
 const authorize = (redirectTo) => (req, res) => {
-  const {
-    client_id, // eslint-disable-line camelcase
-    redirect_uri, // eslint-disable-line camelcase
-    attributes,
-    purpose,
-    state,
-  } = req.query
+  const { client_id, redirect_uri, attributes, purpose, state } = req.query
   const relayStateParams = qs.stringify({
     client_id,
     redirect_uri,

package/lib/express/sgid.js

@@ -268,6 +268,10 @@ const formatVehicles = (vehicles) => {
   return vehicleObjects
 }
 
+const formatJsonStringify = (value) => {
+  return value == undefined ? 'NA' : JSON.stringify(value)
+}
+
 const defaultUndefinedToNA = (value) => {
   return value || 'NA'
 }
@@ -320,6 +324,8 @@ const sgIDScopeToMyInfoField = (persona, scope) => {
       return defaultUndefinedToNA(persona.marital?.desc)
     case 'myinfo.mobile_number_with_country_code':
       return formatMobileNumberWithPrefix(persona.mobileno)
+    case 'pocdex.public_officer_details':
+      return formatJsonStringify(persona.publicofficerdetails)
     default:
       return 'NA'
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opengovsg/mockpass",
-  "version": "4.1.0",
+  "version": "4.3.3",
   "description": "A mock SingPass/CorpPass server for dev purposes",
   "main": "app.js",
   "bin": {
@@ -12,7 +12,7 @@
     "cz": "git-cz",
     "lint": "eslint lib",
     "lint-fix": "eslint --fix lib",
-    "_postinstall": "husky install",
+    "prepare": "node .husky/install.mjs",
     "prepublishOnly": "pinst --disable",
     "postpublish": "pinst --enable"
   },
@@ -41,7 +41,7 @@
     "dotenv": "^16.0.0",
     "expiry-map": "^2.0.0",
     "express": "^4.16.3",
-    "jose": "^4.14.4",
+    "jose": "^5.2.3",
     "jsonwebtoken": "^9.0.0",
     "lodash": "^4.17.11",
     "morgan": "^1.9.1",
@@ -50,16 +50,19 @@
     "uuid": "^9.0.0"
   },
   "devDependencies": {
-    "@commitlint/cli": "^17.1.2",
-    "@commitlint/config-conventional": "^17.1.0",
-    "@commitlint/travis-cli": "^17.1.2",
+    "@commitlint/cli": "^19.1.0",
+    "@commitlint/config-conventional": "^19.0.3",
+    "@commitlint/travis-cli": "^19.0.3",
+    "@eslint/eslintrc": "^3.1.0",
+    "@eslint/js": "^9.8.0",
     "commitizen": "^4.2.4",
     "cz-conventional-changelog": "^3.2.0",
-    "eslint": "^8.0.0",
-    "eslint-config-prettier": "^8.3.0",
+    "eslint": "^9.8.0",
+    "eslint-config-prettier": "^9.1.0",
     "eslint-plugin-prettier": "^4.0.0",
-    "husky": "^8.0.1",
-    "lint-staged": "^14.0.1",
+    "globals": "^15.9.0",
+    "husky": "^9.0.11",
+    "lint-staged": "^15.2.2",
     "nodemon": "^3.0.1",
     "pinst": "^3.0.0",
     "prettier": "^2.0.5"

package/static/myinfo/v3.json

@@ -1203,7 +1203,16 @@
         "source": "1",
         "classification": "C",
         "desc": ""
-      }
+      },
+      "publicofficerdetails": [
+        {
+          "work_email": "lim_yong_xiang@was.gov.sg",
+          "agency_name": "Work Allocation Singapore",
+          "department_name": "Allocation Central",
+          "employment_type": "Fixed Term",
+          "employment_title": "Senior Software Engineer - LLv1 (Individual Contributor) (WAS)"
+        }
+      ]
     },
     "S9912370B": {
       "edulevel": {
@@ -1517,7 +1526,7 @@
         "code": "C",
         "source": "1",
         "classification": "C",
-        "desc": "Citizen"
+        "desc": "CITIZEN"
       },
       "cpfbalances": {
         "lastupdated": "2020-04-16",
@@ -2415,7 +2424,7 @@
         "code": "C",
         "source": "1",
         "classification": "C",
-        "desc": "Citizen"
+        "desc": "CITIZEN"
       },
       "cpfbalances": {
         "lastupdated": "2020-04-16",
@@ -7065,7 +7074,7 @@
         "code": "C",
         "source": "1",
         "classification": "C",
-        "desc": "Citizen"
+        "desc": "CITIZEN"
       },
       "cpfbalances": {
         "lastupdated": "2020-04-16",
@@ -8214,7 +8223,7 @@
         "code": "C",
         "source": "1",
         "classification": "C",
-        "desc": "Citizen"
+        "desc": "CITIZEN"
       },
       "cpfbalances": {
         "lastupdated": "2020-04-16",
@@ -9302,7 +9311,7 @@
         "code": "C",
         "source": "1",
         "classification": "C",
-        "desc": "Citizen"
+        "desc": "CITIZEN"
       },
       "cpfbalances": {
         "lastupdated": "2020-04-16",
@@ -10104,7 +10113,7 @@
         "code": "C",
         "source": "1",
         "classification": "C",
-        "desc": "Citizen"
+        "desc": "CITIZEN"
       },
       "cpfbalances": {
         "lastupdated": "2020-02-04",
@@ -12107,7 +12116,7 @@
         "code": "C",
         "source": "1",
         "classification": "C",
-        "desc": "Citizen"
+        "desc": "CITIZEN"
       },
       "cpfbalances": {
         "lastupdated": "2020-04-16",
@@ -13817,7 +13826,7 @@
         "code": "C",
         "source": "1",
         "classification": "C",
-        "desc": "Citizen"
+        "desc": "CITIZEN"
       },
       "cpfbalances": {
         "oa": {
@@ -14473,7 +14482,7 @@
         "code": "C",
         "source": "1",
         "classification": "C",
-        "desc": "Citizen"
+        "desc": "CITIZEN"
       },
       "cpfbalances": {
         "lastupdated": "2020-04-16",
@@ -15150,7 +15159,7 @@
         "code": "C",
         "source": "1",
         "classification": "C",
-        "desc": "Citizen"
+        "desc": "CITIZEN"
       },
       "cpfbalances": {
         "lastupdated": "2020-04-16",
@@ -16153,7 +16162,7 @@
         "code": "C",
         "source": "1",
         "classification": "C",
-        "desc": "Citizen"
+        "desc": "CITIZEN"
       },
       "cpfbalances": {
         "lastupdated": "2020-04-16",
@@ -19137,7 +19146,7 @@
         "code": "C",
         "source": "1",
         "classification": "C",
-        "desc": "Citizen"
+        "desc": "CITIZEN"
       },
       "cpfbalances": {
         "lastupdated": "2020-04-16",
@@ -24343,7 +24352,7 @@
         "code": "C",
         "source": "1",
         "classification": "C",
-        "desc": "Citizen"
+        "desc": "CITIZEN"
       },
       "cpfbalances": {
         "lastupdated": "2020-04-16",
@@ -26126,7 +26135,7 @@
         "code": "C",
         "source": "1",
         "classification": "C",
-        "desc": "Citizen"
+        "desc": "CITIZEN"
       },
       "cpfbalances": {
         "oa": {
@@ -26919,7 +26928,7 @@
         "code": "C",
         "source": "1",
         "classification": "C",
-        "desc": "Citizen"
+        "desc": "CITIZEN"
       },
       "cpfbalances": {
         "lastupdated": "2020-04-16",
@@ -27960,7 +27969,7 @@
         "code": "C",
         "source": "1",
         "classification": "C",
-        "desc": "Citizen"
+        "desc": "CITIZEN"
       },
       "cpfbalances": {
         "oa": {

package/.github/workflows/npmpublish.yml

@@ -1,22 +0,0 @@
-# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created
-# For more information see: https://help.github.com/actions/language-and-framework-guides/publishing-nodejs-packages
-
-name: Node.js Package
-
-on:
-  release:
-    types: [created]
-
-jobs:
-  publish-npm:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v1
-        with:
-          node-version: 12
-          registry-url: https://registry.npmjs.org/
-      - run: npm ci
-      - run: npm publish --access public
-        env:
-          NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}