Merge pull request #10 from cabinetoffice/NTRNL-499-extract-user-emai…

…l-from-cola-jwt Ntrnl 499 extract user email from cola jwt
cabinetoffice · Jul 1, 2024 · 899e25e · 899e25e
2 parents 7977e41 + d82d8a8
commit 899e25e
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 3 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@co-digital/login",
-  "version": "1.0.3",
+  "version": "1.0.4",
   "description": "A login library for Node.JS applications in CO Digital.",
   "homepage": "https://github.com/cabinetoffice/node-login#README.md",
   "main": "./lib/index.js",

diff --git a/src/middleware/cola/authentication.middleware.ts b/src/middleware/cola/authentication.middleware.ts
@@ -8,6 +8,7 @@ import {
 import {
     getCookieValue,
     getUnsignedCookie,
+    getUserEmailFromColaJwt,
     validateUnsignedCookie
 } from '../../utils/cookie';
 
@@ -19,6 +20,8 @@ export const authentication = ( req: Request, res: Response, next: NextFunction
         const unsignedCookie = getUnsignedCookie(cookieSignedValue, COOKIE_PARSER_SECRET);
 
         if (validateUnsignedCookie(unsignedCookie)) {
+            const userEmailAuth = getUserEmailFromColaJwt(unsignedCookie as string);
+            res.locals.userEmailAuth = userEmailAuth;
             log.debugRequest(req, `Successfully verified signature for ${COOKIE_ID_NAME}, cookie value: ${unsignedCookie}`);
         } else {
             log.errorRequest(req, `Failed to verify signature for ${COOKIE_ID_NAME}, cookie value: ${cookieSignedValue}, redirect to ${AUTH_SIGN_IN_URL}`);

diff --git a/test/unit/middleware/cola/authentication.middleware.spec.ts b/test/unit/middleware/cola/authentication.middleware.spec.ts
@@ -16,7 +16,8 @@ import { log } from '../../../../src/utils/logger';
 import {
     getCookieValue,
     getUnsignedCookie,
-    validateUnsignedCookie
+    validateUnsignedCookie,
+    getUserEmailFromColaJwt,
 } from '../../../../src/utils/cookie';
 import { cookieSignedValue, req } from '../../../mock/data.mock';
 
@@ -26,10 +27,12 @@ const logErrorRequestMock = log.errorRequest as jest.Mock;
 const getCookieValueMock = getCookieValue as jest.Mock;
 const getUnsignedCookieMock = getUnsignedCookie as jest.Mock;
 const validateUnsignedCookieMock = validateUnsignedCookie as jest.Mock;
+const getUserEmailFromColaJwtMock = getUserEmailFromColaJwt as jest.Mock;
 
 export const mockResponse = () => {
     const res = {} as Response;
     res.redirect = jest.fn() as any;
+    res.locals = {};
     return res;
 };
 
@@ -88,6 +91,21 @@ describe('Cola Authentication Middleware test suites', () => {
         expect(res.redirect).toHaveBeenCalledTimes(0);
     });
 
+    test('should attach userEmailAuth property to res.locals if validation is successful', () => {
+        const unsignedCookie = 'xyz.123';
+        const email = '[email protected]';
+
+        getUnsignedCookieMock.mockReturnValueOnce(unsignedCookie);
+        validateUnsignedCookieMock.mockReturnValueOnce(true);
+        getUserEmailFromColaJwtMock.mockReturnValueOnce(email);
+
+        authentication(req, res, next);
+
+        expect(getUserEmailFromColaJwtMock).toHaveBeenCalledTimes(1);
+        expect(getUserEmailFromColaJwtMock).toHaveBeenCalledWith(unsignedCookie);
+        expect(res.locals.userEmailAuth).toBe(email);
+    });
+
     test('should call next with error object if error is thrown', () => {
         getCookieValueMock.mockReturnValueOnce(cookieSignedValue);
         validateUnsignedCookieMock.mockReturnValueOnce(false);