feat: MyInfo over sgID backend

shared/types/converter.ts

@@ -0,0 +1,37 @@
+export interface MyInfoDataTransformer<T, U> {
+
+  /**
+   * NRIC/FIN.
+   */
+  getUinFin(): string
+
+  /**
+   * Formats the sgID information to a string.
+   */
+  _formatFieldValue(attr: T): string | undefined
+
+  /**
+   * Determine if frontend should lock the field to prevent it from being
+   * editable. The field is locked if it is government-verified and if it
+   * does not contain marriage-related information (decision by SNDGO & MSF due to
+   * overseas unregistered marriages).
+   * 
+   * @param attr The field/attribute name directly obtained from the sgID
+   *    information source.
+   * @param fieldValue FormSG field value. 
+   */
+  _isDataReadOnly(
+    attr: T,
+    fieldValue: string | undefined,
+  ): boolean
+
+  /**
+   * Retrieves the fieldValue for the givern internal
+   * sgID-compatible attribute.
+   * @param attr Internal FormSG sgID attribute.
+   */
+  getFieldValueForAttr(attr: U): {
+    fieldValue: string | undefined
+    isReadOnly: boolean
+  }
+}

shared/types/form/form.ts

@@ -51,6 +51,7 @@ export enum FormAuthType {
   CP = 'CP',
   MyInfo = 'MyInfo',
   SGID = 'SGID',
+  SGID_MyInfo = 'SGID_MyInfo',
 }
 
 export enum FormStatus {

shared/types/index.ts

@@ -11,3 +11,4 @@ export * from './submission'
 export * from './user'
 export * from './utils'
 export * from './payment'
+export * from './converter'

src/app/models/form.server.model.ts

@@ -264,7 +264,8 @@ const compileFormModel = (db: Mongoose): IFormModel => {
             )
             return (
               myInfoFieldCount === 0 ||
-              (this.authType === FormAuthType.MyInfo &&
+              ((this.authType === FormAuthType.MyInfo ||
+                this.authType == FormAuthType.SGID_MyInfo) &&
                 this.responseMode === FormResponseMode.Email &&
                 myInfoFieldCount <= 30)
             )
@@ -559,7 +560,10 @@ const compileFormModel = (db: Mongoose): IFormModel => {
 
   // Method to return myInfo attributes
   FormSchema.methods.getUniqueMyInfoAttrs = function () {
-    if (this.authType !== FormAuthType.MyInfo) {
+    if (
+      this.authType !== FormAuthType.MyInfo &&
+      this.authType !== FormAuthType.SGID_MyInfo
+    ) {
       return []
     }
 

src/app/modules/form/public-form/public-form.controller.ts

@@ -33,6 +33,12 @@ import {
   extractAuthCode,
   validateMyInfoForm,
 } from '../../myinfo/myinfo.util'
+import { SGIDMyInfoData } from '../../sgid/sgid.adapter'
+import {
+  SGID_COOKIE_NAME,
+  SGID_MYINFO_COOKIE_NAME,
+  SGID_MYINFO_LOGIN_COOKIE_NAME,
+} from '../../sgid/sgid.constants'
 import { SgidInvalidJwtError, SgidVerifyJwtError } from '../../sgid/sgid.errors'
 import { SgidService } from '../../sgid/sgid.service'
 import { validateSgidForm } from '../../sgid/sgid.util'
@@ -299,7 +305,9 @@ export const handleGetPublicForm: ControllerHandler<
         })
     }
     case FormAuthType.SGID:
-      return SgidService.extractSgidJwtPayload(req.cookies.jwtSgid)
+      return SgidService.extractSgidSingpassJwtPayload(
+        req.cookies[SGID_COOKIE_NAME],
+      )
         .map((spcpSession) => {
           return res.json({
             form: publicForm,
@@ -321,6 +329,56 @@ export const handleGetPublicForm: ControllerHandler<
           }
           return res.json({ form: publicForm, isIntranetUser })
         })
+    case FormAuthType.SGID_MyInfo: {
+      const accessTokenCookie = req.cookies[SGID_MYINFO_COOKIE_NAME]
+      if (!accessTokenCookie) {
+        return res.json({
+          form: publicForm,
+          isIntranetUser,
+        })
+      }
+      res.clearCookie(SGID_MYINFO_COOKIE_NAME)
+      res.clearCookie(SGID_MYINFO_LOGIN_COOKIE_NAME)
+      return SgidService.extractSgidJwtMyInfoPayload(accessTokenCookie)
+        .asyncAndThen((auth) =>
+          SgidService.retrieveUserInfo({ accessToken: auth.accessToken }),
+        )
+        .andThen((userInfo) => {
+          const data = new SGIDMyInfoData(userInfo.data)
+          return MyInfoService.prefillAndSaveMyInfoFields(
+            form._id,
+            data,
+            form.toJSON().form_fields,
+          ).map((prefilledFields) => {
+            return res
+              .cookie(
+                SGID_MYINFO_LOGIN_COOKIE_NAME,
+                createMyInfoLoginCookie(data.getUinFin()),
+                MYINFO_LOGIN_COOKIE_OPTIONS,
+              )
+              .json({
+                form: {
+                  ...publicForm,
+                  form_fields: prefilledFields as FormFieldDto[],
+                },
+                spcpSession: { userName: data.getUinFin() },
+                isIntranetUser,
+              })
+          })
+        })
+        .mapErr((error) => {
+          logger.error({
+            message: 'sgID: MyInfo login error',
+            meta: logMeta,
+            error,
+          })
+          return res.json({
+            form: publicForm,
+            myInfoError: true,
+            isIntranetUser,
+          })
+        })
+    }
     default:
       return new UnreachableCaseError(authType)
   }
@@ -403,6 +461,16 @@ export const _handleFormAuthRedirect: ControllerHandler<
             return SgidService.createRedirectUrl(
               formId,
               Boolean(isPersistentLogin),
+              [],
+              encodedQuery,
+            )
+          })
+        case FormAuthType.SGID_MyInfo:
+          return validateSgidForm(form).andThen(() => {
+            return SgidService.createRedirectUrl(
+              formId,
+              false,
+              form.getUniqueMyInfoAttrs(),
               encodedQuery,
             )
           })
@@ -468,6 +536,7 @@ export const _handlePublicAuthLogout: ControllerHandler<
       | FormAuthType.CP
       | FormAuthType.MyInfo
       | FormAuthType.SGID
+      | FormAuthType.SGID_MyInfo
   },
   PublicFormAuthLogoutDto
 > = (req, res) => {
@@ -494,6 +563,7 @@ export const handlePublicAuthLogout = [
           FormAuthType.CP,
           FormAuthType.MyInfo,
           FormAuthType.SGID,
+          FormAuthType.SGID_MyInfo,
         )
         .required(),
     }),

src/app/modules/form/public-form/public-form.service.ts

@@ -8,7 +8,10 @@ import getFormModel from '../../../models/form.server.model'
 import getFormFeedbackModel from '../../../models/form_feedback.server.model'
 import { DatabaseError } from '../../core/core.errors'
 import { MYINFO_LOGIN_COOKIE_NAME } from '../../myinfo/myinfo.constants'
-import { SGID_COOKIE_NAME } from '../../sgid/sgid.constants'
+import {
+  SGID_COOKIE_NAME,
+  SGID_MYINFO_LOGIN_COOKIE_NAME,
+} from '../../sgid/sgid.constants'
 import { JwtName } from '../../spcp/spcp.types'
 import { FormNotFoundError } from '../form.errors'
 
@@ -73,9 +76,12 @@ export const getCookieNameByAuthType = (
     | FormAuthType.SP
     | FormAuthType.CP
     | FormAuthType.MyInfo
-    | FormAuthType.SGID,
+    | FormAuthType.SGID
+    | FormAuthType.SGID_MyInfo,
 ): string => {
   switch (authType) {
+    case FormAuthType.SGID_MyInfo:
+      return SGID_MYINFO_LOGIN_COOKIE_NAME
     case FormAuthType.MyInfo:
       return MYINFO_LOGIN_COOKIE_NAME
     case FormAuthType.SGID:

src/app/modules/myinfo/myinfo.adapter.ts

@@ -6,7 +6,10 @@ import {
   MyInfoSource,
 } from '@opengovsg/myinfo-gov-client'
 
-import { MyInfoAttribute as InternalAttr } from '../../../../shared/types'
+import {
+  MyInfoAttribute as InternalAttr,
+  MyInfoDataTransformer,
+} from '../../../../shared/types'
 
 import {
   formatAddress,
@@ -155,7 +158,9 @@ export const internalAttrListToScopes = (
  * extract the correct data by translating internal FormSG attributes
  * to the correct keys in the data.
  */
-export class MyInfoData {
+export class MyInfoData
+  implements MyInfoDataTransformer<ExternalAttr, InternalAttr>
+{
   #personData: IPerson
   #uinFin: string
 

src/app/modules/myinfo/myinfo.service.ts

@@ -27,6 +27,7 @@ import {
   AuthTypeMismatchError,
   FormAuthNoEsrvcIdError,
 } from '../form/form.errors'
+import { SGIDMyInfoData } from '../sgid/sgid.adapter'
 import { ProcessedFieldResponse } from '../submission/submission.types'
 
 import { internalAttrListToScopes, MyInfoData } from './myinfo.adapter'
@@ -241,7 +242,7 @@ export class MyInfoServiceClass {
    */
   prefillAndSaveMyInfoFields(
     formId: string,
-    myInfoData: MyInfoData,
+    myInfoData: MyInfoData | SGIDMyInfoData,
     currFormFields: LeanDocument<IFieldSchema[]>,
   ): ResultAsync<PossiblyPrefilledField[], MyInfoHashingError | DatabaseError> {
     const prefilledFields = currFormFields.map((field) => {

src/app/modules/myinfo/myinfo.util.ts

@@ -24,6 +24,7 @@ import {
   FormAuthNoEsrvcIdError,
   FormNotFoundError,
 } from '../form/form.errors'
+import { SGID_MYINFO_LOGIN_COOKIE_NAME } from '../sgid/sgid.constants'
 import { ProcessedFieldResponse } from '../submission/submission.types'
 
 import { MYINFO_LOGIN_COOKIE_NAME } from './myinfo.constants'
@@ -299,8 +300,14 @@ export const isMyInfoAuthCodeCookie = (
  */
 export const extractMyInfoLoginJwt = (
   cookies: Record<string, unknown>,
+  authType: FormAuthType.MyInfo | FormAuthType.SGID_MyInfo,
 ): Result<string, MyInfoMissingLoginCookieError> => {
-  const jwt = cookies[MYINFO_LOGIN_COOKIE_NAME]
+  const jwt =
+    cookies[
+      authType === FormAuthType.MyInfo
+        ? MYINFO_LOGIN_COOKIE_NAME
+        : SGID_MYINFO_LOGIN_COOKIE_NAME
+    ]
   if (typeof jwt === 'string' && !!jwt) {
     return ok(jwt)
   }

src/app/modules/sgid/__tests__/sgid.controller.spec.ts

@@ -61,7 +61,7 @@ describe('sgid.controller', () => {
         okAsync(MOCK_TOKEN_RESULT),
       )
       SgidService.retrieveUserInfo.mockReturnValue(okAsync(MOCK_USER_INFO))
-      SgidService.createJwt.mockReturnValue(
+      SgidService.createSgidSingpassJwt.mockReturnValue(
         ok({ jwt: MOCK_JWT, maxAge: MOCK_COOKIE_AGE }),
       )
       SgidService.getCookieSettings.mockReturnValue(MOCK_COOKIE_SETTINGS)
@@ -77,7 +77,7 @@ describe('sgid.controller', () => {
       expect(FormService.retrieveFullFormById).not.toHaveBeenCalled()
       expect(SgidService.retrieveAccessToken).not.toHaveBeenCalled()
       expect(SgidService.retrieveUserInfo).not.toHaveBeenCalled()
-      expect(SgidService.createJwt).not.toHaveBeenCalled()
+      expect(SgidService.createSgidSingpassJwt).not.toHaveBeenCalled()
       expect(SgidService.getCookieSettings).not.toHaveBeenCalled()
     })
 
@@ -93,7 +93,7 @@ describe('sgid.controller', () => {
       expect(MOCK_RESPONSE.redirect).not.toHaveBeenCalled()
       expect(SgidService.retrieveAccessToken).not.toHaveBeenCalled()
       expect(SgidService.retrieveUserInfo).not.toHaveBeenCalled()
-      expect(SgidService.createJwt).not.toHaveBeenCalled()
+      expect(SgidService.createSgidSingpassJwt).not.toHaveBeenCalled()
       expect(SgidService.getCookieSettings).not.toHaveBeenCalled()
     })
 
@@ -109,7 +109,7 @@ describe('sgid.controller', () => {
       expect(MOCK_RESPONSE.redirect).toHaveBeenCalledWith(MOCK_DESTINATION)
       expect(SgidService.retrieveAccessToken).not.toHaveBeenCalled()
       expect(SgidService.retrieveUserInfo).not.toHaveBeenCalled()
-      expect(SgidService.createJwt).not.toHaveBeenCalled()
+      expect(SgidService.createSgidSingpassJwt).not.toHaveBeenCalled()
       expect(SgidService.getCookieSettings).not.toHaveBeenCalled()
     })
 
@@ -126,7 +126,7 @@ describe('sgid.controller', () => {
         MOCK_AUTH_CODE,
       )
       expect(SgidService.retrieveUserInfo).not.toHaveBeenCalled()
-      expect(SgidService.createJwt).not.toHaveBeenCalled()
+      expect(SgidService.createSgidSingpassJwt).not.toHaveBeenCalled()
       expect(SgidService.getCookieSettings).not.toHaveBeenCalled()
     })
 
@@ -145,12 +145,14 @@ describe('sgid.controller', () => {
       )
       expect(MOCK_RESPONSE.cookie).toHaveBeenCalledWith('isLoginError', true)
       expect(MOCK_RESPONSE.redirect).toHaveBeenCalledWith(MOCK_DESTINATION)
-      expect(SgidService.createJwt).not.toHaveBeenCalled()
+      expect(SgidService.createSgidSingpassJwt).not.toHaveBeenCalled()
       expect(SgidService.getCookieSettings).not.toHaveBeenCalled()
     })
 
     it('should set isLoginError cookie and redirect when createJWT errors', async () => {
-      SgidService.createJwt.mockReturnValue(err(new ApplicationError()))
+      SgidService.createSgidSingpassJwt.mockReturnValue(
+        err(new ApplicationError()),
+      )
       await SgidController.handleLogin(MOCK_LOGIN_REQ, MOCK_RESPONSE, jest.fn())
       expect(SgidService.parseState).toHaveBeenCalledWith(MOCK_STATE)
       expect(FormService.retrieveFullFormById).toHaveBeenCalledWith(MOCK_TARGET)
@@ -160,7 +162,7 @@ describe('sgid.controller', () => {
       expect(SgidService.retrieveUserInfo).toHaveBeenCalledWith(
         MOCK_TOKEN_RESULT,
       )
-      expect(SgidService.createJwt).toHaveBeenCalledWith(
+      expect(SgidService.createSgidSingpassJwt).toHaveBeenCalledWith(
         MOCK_USER_INFO.data,
         MOCK_REMEMBER_ME,
       )
@@ -178,7 +180,7 @@ describe('sgid.controller', () => {
       expect(SgidService.retrieveUserInfo).toHaveBeenCalledWith(
         MOCK_TOKEN_RESULT,
       )
-      expect(SgidService.createJwt).toHaveBeenCalledWith(
+      expect(SgidService.createSgidSingpassJwt).toHaveBeenCalledWith(
         MOCK_USER_INFO.data,
         MOCK_REMEMBER_ME,
       )