From eea67454a494459175c8ccfd6635cbfa89d74b67 Mon Sep 17 00:00:00 2001 From: deskoh Date: Thu, 5 Sep 2019 19:52:09 +0800 Subject: [PATCH 1/4] Allow assertion endpoint to be specified using query parameter. --- README.md | 2 +- index.js | 5 +---- lib/express/spcp.js | 2 +- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 13a9b36..7d022c1 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ Alternatively, provide the paths to your app cert as env vars $ npm install @opengovsg/mockpass # Some familiarity with SAML Artifact Binding is assumed -# Configure where MockPass should send SAML artifact to +# Optional: Configure where MockPass should send SAML artifact to, default endpoint will be `PartnerId` in request query parameter. $ export SINGPASS_ASSERT_ENDPOINT=http://localhost:5000/singpass/assert $ export CORPPASS_ASSERT_ENDPOINT=http://localhost:5000/corppass/assert diff --git a/index.js b/index.js index a27378f..917e0f8 100755 --- a/index.js +++ b/index.js @@ -8,9 +8,6 @@ const { configSpcp, configMyInfo } = require('./lib/express') const PORT = process.env.MOCKPASS_PORT || process.env.PORT || 5156 -if (!process.env.SINGPASS_ASSERT_ENDPOINT && !process.env.CORPPASS_ASSERT_ENDPOINT) { - throw new Error('Either SINGPASS_ASSERT_ENDPOINT or CORPPASS_ASSERT_ENDPOINT must be set') -} const serviceProvider = { cert: fs.readFileSync(path.resolve(__dirname, process.env.SERVICE_PROVIDER_CERT_PATH || './static/certs/server.crt')), pubKey: fs.readFileSync(path.resolve(__dirname, process.env.SERVICE_PROVIDER_PUB_KEY || './static/certs/key.pub')), @@ -35,7 +32,7 @@ const app = configSpcp(express(), { assertEndpoint: process.env.CORPPASS_ASSERT_ENDPOINT, }, }, - showLoginPage: process.env.SHOW_LOGIN_PAGE === 'true', + showLoginPage: process.env.SHOW_LOGIN_PAGE !== 'true', cryptoConfig, }) diff --git a/lib/express/spcp.js b/lib/express/spcp.js index ca802e4..ee6e517 100644 --- a/lib/express/spcp.js +++ b/lib/express/spcp.js @@ -27,7 +27,7 @@ function config (app, { showLoginPage, serviceProvider, idpConfig, cryptoConfig app.get(`/${idp.toLowerCase()}/logininitial`, (req, res) => { const assertEndpoint = req.query.esrvcID === 'MYINFO-CONSENTPLATFORM' && idp === 'singPass' ? MYINFO_ASSERT_ENDPOINT - : idpConfig[idp].assertEndpoint + : idpConfig[idp].assertEndpoint || req.query.PartnerId const relayState = encodeURIComponent(req.query.Target) if (showLoginPage) { const identities = assertions.identities[idp] From 149ba21bb64d7fb99c922cd3fa13d2c154e2aa3f Mon Sep 17 00:00:00 2001 From: Dylan Date: Fri, 6 Sep 2019 11:19:39 +0800 Subject: [PATCH 2/4] Additional corppass accounts --- lib/assertions.js | 7 +++++++ lib/express/spcp.js | 5 +++++ 2 files changed, 12 insertions(+) diff --git a/lib/assertions.js b/lib/assertions.js index 7019e91..a997f88 100644 --- a/lib/assertions.js +++ b/lib/assertions.js @@ -52,6 +52,13 @@ const identities = { ], corpPass: [ { NRIC: 'S8979373D', UEN: '123456789A' }, + { NRIC: 'S8116474F', UEN: '123456789A' }, + { NRIC: 'S8723211E', UEN: '123456789A' }, + { NRIC: 'S5062854Z', UEN: '123456789B' }, + { NRIC: 'T0066846F', UEN: '123456789B' }, + { NRIC: 'F9477325W', UEN: '123456789B' }, + { NRIC: 'S3000024B', UEN: '123456789C' }, + { NRIC: 'S6005040F', UEN: '123456789C' }, ], } diff --git a/lib/express/spcp.js b/lib/express/spcp.js index ee6e517..5085cf9 100644 --- a/lib/express/spcp.js +++ b/lib/express/spcp.js @@ -38,6 +38,11 @@ function config (app, { showLoginPage, serviceProvider, idpConfig, cryptoConfig if (assertions.myinfo.personas[id]) { id += ' [MyInfo]' } + if (idp === 'corpPass') { + const nric = id.NRIC; + const uen = id.UEN; + id += ' [NRIC:' + nric + ', UEN:' + uen + ']' + } return { id, assertURL } }) const response = render(LOGIN_TEMPLATE, values) From b8ca896bfc1df8b2be370bfaca5741a626bb283a Mon Sep 17 00:00:00 2001 From: deskoh Date: Fri, 6 Sep 2019 23:17:10 +0800 Subject: [PATCH 3/4] refactor: Code cleanup --- index.js | 2 +- lib/express/spcp.js | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/index.js b/index.js index 917e0f8..5e72bae 100755 --- a/index.js +++ b/index.js @@ -32,7 +32,7 @@ const app = configSpcp(express(), { assertEndpoint: process.env.CORPPASS_ASSERT_ENDPOINT, }, }, - showLoginPage: process.env.SHOW_LOGIN_PAGE !== 'true', + showLoginPage: process.env.SHOW_LOGIN_PAGE === 'true', cryptoConfig, }) diff --git a/lib/express/spcp.js b/lib/express/spcp.js index 5085cf9..5e07c9f 100644 --- a/lib/express/spcp.js +++ b/lib/express/spcp.js @@ -39,9 +39,7 @@ function config (app, { showLoginPage, serviceProvider, idpConfig, cryptoConfig id += ' [MyInfo]' } if (idp === 'corpPass') { - const nric = id.NRIC; - const uen = id.UEN; - id += ' [NRIC:' + nric + ', UEN:' + uen + ']' + id = `${id.NRIC} / UEN: ${id.UEN}` } return { id, assertURL } }) From f42b188a9159ec9fe206525d4d2a1e0dfea2b52d Mon Sep 17 00:00:00 2001 From: deskoh Date: Mon, 16 Sep 2019 18:37:33 +0800 Subject: [PATCH 4/4] Code review fix. --- index.js | 6 ++++++ lib/express/spcp.js | 12 +++++------- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/index.js b/index.js index 5e72bae..588a75f 100755 --- a/index.js +++ b/index.js @@ -8,6 +8,12 @@ const { configSpcp, configMyInfo } = require('./lib/express') const PORT = process.env.MOCKPASS_PORT || process.env.PORT || 5156 +if (!process.env.SINGPASS_ASSERT_ENDPOINT && !process.env.CORPPASS_ASSERT_ENDPOINT) { + console.warn('SINGPASS_ASSERT_ENDPOINT or CORPPASS_ASSERT_ENDPOINT is not set. ' + + 'Value of `PartnerId` request query parameter in redirect URL will be used.' + ) +} + const serviceProvider = { cert: fs.readFileSync(path.resolve(__dirname, process.env.SERVICE_PROVIDER_CERT_PATH || './static/certs/server.crt')), pubKey: fs.readFileSync(path.resolve(__dirname, process.env.SERVICE_PROVIDER_PUB_KEY || './static/certs/key.pub')), diff --git a/lib/express/spcp.js b/lib/express/spcp.js index 5e07c9f..0df0e31 100644 --- a/lib/express/spcp.js +++ b/lib/express/spcp.js @@ -31,16 +31,14 @@ function config (app, { showLoginPage, serviceProvider, idpConfig, cryptoConfig const relayState = encodeURIComponent(req.query.Target) if (showLoginPage) { const identities = assertions.identities[idp] + const generateIdFrom = idp === 'corpPass' + ? rawId => `${rawId.NRIC} / UEN: ${rawId.UEN}` + : rawId => assertions.myinfo.personas[rawId] ? `${rawId} [MyInfo]` : rawId const values = identities - .map((id, index) => { + .map((rawId, index) => { const samlArt = encodeURIComponent(samlArtifact(idpConfig[idp].id, index)) const assertURL = `${assertEndpoint}?SAMLart=${samlArt}&RelayState=${relayState}` - if (assertions.myinfo.personas[id]) { - id += ' [MyInfo]' - } - if (idp === 'corpPass') { - id = `${id.NRIC} / UEN: ${id.UEN}` - } + const id = generateIdFrom(rawId) return { id, assertURL } }) const response = render(LOGIN_TEMPLATE, values)