Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sgID userinfo endpoint returns HTTP 500 when myinfo.registered_address requested on non-Singapore address #659

Open
cflee opened this issue Apr 29, 2024 · 0 comments
Open

sgID userinfo endpoint returns HTTP 500 when myinfo.registered_address requested on non-Singapore address #659

cflee opened this issue Apr 29, 2024 · 0 comments

Comments

@cflee
Copy link
Contributor

cflee commented Apr 29, 2024

Describe the bug
When an sgID client requests for the scope myinfo.registered_address on an Myinfo profile with non-Singapore address, such as this below regadd block from an existing profile S9912364H, then an HTTP 500 response is sent.

    {
      "regadd": {
        "lastupdated": "2020-04-16",
        "source": "1",
        "classification": "C",
        "type": "Unformatted",
        "line2": {
          "value": "MALAYSIA"
        },
        "line1": {
          "value": "75 KG SG RAMAL LUAR"
        }
      }
    }

To Reproduce
Steps to reproduce the behavior:

  1. Authorize for a request including the myinfo.registered_address scope
  2. Use the authcode to make a request to the token endpoint
  3. Use the access token to make a request to the userinfo endpoint
  4. See a HTTP 500 response from userinfo endpoint

Or to an Mockpass instance in stateless mode,

ACCESS_TOKEN=$(curl -s -X POST -H "Content-type: application/json" -d '{"grant_type":"authorization_code","client_id":"test_id","client_secret":"test_secret_value","code_verifier":"value","code":"eyJwcm9maWxlIjp7Im5yaWMiOiJTOTkxMjM2NEgiLCJ1dWlkIjoiZTcwZTlmZWEtNjBmMS0zNmFhLTYzNDYtNjM1MDMyZDM4MmM5In0sInNjb3BlcyI6Im9wZW5pZCBteWluZm8ubnJpY19udW1iZXIgbXlpbmZvLm5hbWUgbXlpbmZvLmVtYWlsIG15aW5mby5tb2JpbGVfbnVtYmVyIG15aW5mby5kYXRlX29mX2JpcnRoIG15aW5mby5yZXNpZGVudGlhbHN0YXR1cyBteWluZm8ucmVnaXN0ZXJlZF9hZGRyZXNzIG15aW5mby5zZXggbXlpbmZvLnJhY2UgbXlpbmZvLm5hdGlvbmFsaXR5Iiwibm9uY2UiOiJDcDdWSTZUTVlrUk1PZE1paDdJa2g1VVJ5R2ZhalpWZ1hpbExDODVObWU0In0="}' https://mockpass.app.airbase.sg/v2/oauth/token | jq -r '.access_token') curl -s -H "Authorization: Bearer ${ACCESS_TOKEN}" https://mockpass.app.airbase.sg/v2/oauth/userinfo

Expected behavior
Mockpass should support testing with non-Singapore address, so it should do whatever sgID does with non-Singapore addresses. Presumably that is to return a non-error response containing some string for the registered address? (I have no idea what sgID actually does in this case. Hopefully it does not also return an error?)

Additional context
Log message:

/var/task/lib/express/sgid.js:238
!!regadd.block.value || !!regadd.street.value
^
TypeError: Cannot read properties of undefined (reading 'value')
at concatMyInfoRegAddr (/var/task/lib/express/sgid.js:238:20)
at sgIDScopeToMyInfoField (/var/task/lib/express/sgid.js:292:14)
at /var/task/lib/express/sgid.js:156:24
at Array.map (<anonymous>)
at /var/task/lib/express/sgid.js:155:17
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cflee