fix: prevent escaping javascript and url in mustache

GemeenteNijmegen · Oct 13, 2022 · ab008fe · ab008fe
1 parent 2cdaad4
commit ab008fe
Show file tree

Hide file tree

Showing 8 changed files with 58 additions and 32 deletions.
diff --git a/.projen/deps.json b/.projen/deps.json
diff --git a/.projenrc.js b/.projenrc.js
@@ -28,6 +28,7 @@ const project = new awscdk.AwsCdkTypeScriptApp({
     'openid-client',
     '@types/cookie',
     'cookie',
+    'date-fns',
 
   ], /* Runtime dependencies of this module. */
   // description: undefined,  /* The description is just a string that helps people understand the purpose of the package. */

diff --git a/package.json b/package.json
diff --git a/src/app/code/IrmaApi.ts b/src/app/code/IrmaApi.ts
@@ -4,6 +4,7 @@ import {
 } from '@aws-sdk/client-secrets-manager';
 import { aws4Interceptor } from 'aws4-axios';
 import * as axios from 'axios';
+import { parse, differenceInYears } from 'date-fns';
 
 export class IrmaApi {
 
@@ -109,43 +110,57 @@ export class IrmaApi {
   }
 
   constructIrmaIssueRequest(brpData: any) {
-    console.log(brpData);
+
+    // Get persoonsgegevens
+    const gegevens = brpData.Persoon.Persoonsgegevens;
+
+    // Calculate age attributes
+    const birthDateStr: string = gegevens.Geboortedatum;
+    const birthDate = parse(birthDateStr, 'dd-MM-yyyy', new Date());
+    const age = differenceInYears(birthDate, new Date());
+    const over12 = age >= 12 ? 'yes' : 'no';
+    const over16 = age >= 16 ? 'yes' : 'no';
+    const over18 = age >= 18 ? 'yes' : 'no';
+    const over21 = age >= 21 ? 'yes' : 'no';
+    const over65 = age >= 65 ? 'yes' : 'no';
+
+    // Return the issue request
     return {
       type: 'issuing',
       credentials: [
         {
           credential: this.demo ? 'irma-demo.gemeente.address' : 'irma.gemeente.address',
-          validity: 1678455605,
+          validity: 1678455605, // TODO check if up to date
           attributes: {
-            street: 'Kortestraat',
-            houseNumber: '6',
-            zipcode: '6511PP',
-            municipality: 'Nijmegen',
-            city: 'Nijmegen',
+            street: brpData.Persoon.Adres.Straat,
+            houseNumber: brpData.Persoon.Adres.Huisnummer,
+            zipcode: brpData.Persoon.Adres.Postcode,
+            municipality: brpData.Persoon.Adres.Gemeente,
+            city: brpData.Persoon.Adres.Woonplaats,
           },
         },
         {
           credential: this.demo ? 'irma-demo.gemeente.personalData' : 'irma.gemeente.personalData',
-          validity: 1678455605,
+          validity: 1678455605, // TODO check if up to date
           attributes: {
-            initials: '',
-            firstnames: 'Test',
-            prefix: '',
-            familyname: 'Test',
-            fullname: 'Test Test',
-            dateofbirth: '20-10-1996',
-            gender: 'M',
-            nationality: 'yes',
-            surname: 'Test',
-            cityofbirth: 'Nijmegen',
-            countryofbirth: 'Nederland',
-            over12: 'yes',
-            over16: 'yes',
-            over18: 'yes',
-            over21: 'yes',
-            over65: 'no',
-            bsn: '1234',
-            digidlevel: '12',
+            initials: gegevens.Voorletters,
+            firstnames: gegevens.Voornamen,
+            prefix: gegevens.Voorvoegsel,
+            familyname: gegevens.Achternaam,
+            fullname: gegevens.Naam,
+            dateofbirth: gegevens.Geboortedatum,
+            gender: gegevens.Geslacht,
+            nationality: gegevens.NederlandseNationaliteit == 'Ja' ? 'yes' : 'no',
+            surname: gegevens.Achternaam,
+            cityofbirth: gegevens.Geboorteplaats,
+            countryofbirth: gegevens.Geboorteland,
+            over12: over12,
+            over16: over16,
+            over18: over18,
+            over21: over21,
+            over65: over65,
+            bsn: brpData.Persoon.BSN.BSN,
+            digidlevel: '12', // TODO check what this should be?
           },
         },
       ],

diff --git a/src/app/issue/homeRequestHandler.ts b/src/app/issue/homeRequestHandler.ts
@@ -45,7 +45,7 @@ async function handleLoggedinRequest(session: Session, brpClient: ApiClient, irm
     title: 'overzicht',
     shownav: true,
     volledigenaam: naam,
-    irmaSession: irmaSession,
+    irmaSession: JSON.stringify(irmaSession),
     irmaServer: `https://${irmaApi.getHost()}`,
     sessionResultEndpoint: `https://${process.env.APPLICATION_URL_BASE}/result`,
   };

diff --git a/src/app/templates/issue.mustache b/src/app/templates/issue.mustache
@@ -24,9 +24,9 @@
 
 <script>
 
-    const session = {{{irmaSession}}};
-    const irmaServer = '{{irmaServer}}';
-    const sessionResultEndpoint = '{{sessionResultEndpoint}}';
+    const session = JSON.parse('{{{irmaSession}}}');
+    const irmaServer = '{{{irmaServer}}}';
+    const sessionResultEndpoint = '{{{sessionResultEndpoint}}}';
 
     const exampleWeb = irma.newWeb({
             debugging: true,

diff --git a/test/__snapshots__/main.test.ts.snap b/test/__snapshots__/main.test.ts.snap
diff --git a/yarn.lock b/yarn.lock