fix(myinfo-consent): accept NRIC artifacts

- accept NRIC artifacts in consent so that if user manually enters NRIC that is linked to a MyInfo profile, it accepts it - ensure that the form to enter NRIC manually also transmits the SAML RelayState
opengovsg · Dec 1, 2020 · 2d12998 · 2d12998
1 parent cfa99a1
commit 2d12998
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 9 deletions.
diff --git a/lib/express/myinfo/consent.js b/lib/express/myinfo/consent.js
@@ -54,20 +54,26 @@ const authorizeViaOIDC = authorize(
 function config(app) {
   app.get(MYINFO_ASSERT_ENDPOINT, (req, res) => {
     const rawArtifact = req.query.SAMLart || req.query.code
-    const state = req.query.RelayState || req.query.state
     const artifact = rawArtifact.replace(/ /g, '+')
     const artifactBuffer = Buffer.from(artifact, 'base64')
     let index = artifactBuffer.readInt8(artifactBuffer.length - 1)
 
-    const assertionType = req.query.code ? 'oidc' : 'saml'
+    const state = req.query.RelayState || req.query.state
+    let id
+    const isRawNRIC = rawArtifact.length === 9
+    if (isRawNRIC) {
+      id = rawArtifact
+    } else {
+      const assertionType = req.query.code ? 'oidc' : 'saml'
 
-    // use env NRIC when SHOW_LOGIN_PAGE is false
-    if (index === -1) {
-      index = assertions[assertionType].singPass.indexOf(
-        assertions.singPassNric,
-      )
+      // use env NRIC when SHOW_LOGIN_PAGE is false
+      if (index === -1) {
+        index = assertions[assertionType].singPass.indexOf(
+          assertions.singPassNric,
+        )
+      }
+      id = assertions[assertionType].singPass[index]
     }
-    const id = assertions[assertionType].singPass[index]
     const persona = assertions.myinfo[req.query.code ? 'v3' : 'v2'].personas[id]
     if (!persona) {
       res.status(404).send({

diff --git a/lib/express/saml.js b/lib/express/saml.js
@@ -58,7 +58,11 @@ function config(
           const id = idGenerator[idp](rawId)
           return { id, assertURL }
         })
-        const response = render(LOGIN_TEMPLATE, { values, assertEndpoint })
+        const response = render(LOGIN_TEMPLATE, {
+          values,
+          assertEndpoint,
+          relayState,
+        })
         res.send(response)
       } else {
         const samlArt = encodeURIComponent(samlArtifact(idpConfig[idp].id))

diff --git a/static/html/login-page.html b/static/html/login-page.html
@@ -186,6 +186,7 @@
                                                         {{#assertEndpoint}}
                                                             <h6>or with your own user</h6>
                                                             <br>
+                                                            <input type="hidden" name="RelayState" value="{{ relayState }}" />
                                                             <input maxlength="9" name="SAMLart" placeholder="NRIC" value="S1234567A" style="width: 100%; border: 2px solid #ccc; border-radius: 5px; background: white; color: rgb(42, 45, 51); text-align: left;">
                                                             <button autofocus="" type="submit">Login</button>
                                                             <br>