Read and customize the username reported by `neopass-server`

Okay, `sub` seems to be a pretty standard place for user identifiers. Let's start with that assumption! I override the `oauth2-mock-server`'s default of `johndoe` with `theneopetsteam`, just to be cute :3
2024-03-14 18:19:45 -07:00 · 2024-03-14 18:19:45 -07:00 · 31a11a04fa
parent 9cbeee0acd
commit 31a11a04fa
2 changed files with 15 additions and 12 deletions
--- a/app/controllers/devise/omniauth_callbacks_controller.rb
+++ b/app/controllers/devise/omniauth_callbacks_controller.rb
@ -1,6 +1,6 @@
 class Devise::OmniauthCallbacksController < ApplicationController
 	def neopass
-		render plain: "Success!"
+		render plain: request.env["omniauth.auth"].uid
 	end

 	def failure
--- a/bin/neopass-server
+++ b/bin/neopass-server
@ -21,6 +21,10 @@ const urlLib = require("node:url");
 const { OAuth2Server } = require("oauth2-mock-server");
 const express = require("express");

+// This is the Neopets username we'll report back to DTI when you authenticate
+// through here.
+const USERNAME = "theneopetsteam";
+
 const certPath = pathLib.join(__dirname, "..", "tmp", "localhost.pem");
 const keyPath = pathLib.join(__dirname, "..", "tmp", "localhost-key.pem");

@ -43,13 +47,11 @@ async function ensureCertsExist() {
 				"the Rails tmp dir, to serve over HTTPS.",
 		);

-		const mkcertProc = spawn("mkcert", [
-			"-cert-file",
-			certPath,
-			"-key-file",
-			keyPath,
-			"localhost",
-		], {stdio: ["ignore", process.stdout, process.stderr]});
+		const mkcertProc = spawn(
+			"mkcert",
+			["-cert-file", certPath, "-key-file", keyPath, "localhost"],
+			{ stdio: ["ignore", process.stdout, process.stderr] },
+		);

 		// Wait for the process to finish, raising an error if it fails.
 		await new Promise((resolve, reject) => {
@ -68,10 +70,7 @@ async function ensureCertsExist() {
 }

 async function startServer(port) {
-	const server = new OAuth2Server(
-		keyPath,
-		certPath,
-	);
+	const server = new OAuth2Server(keyPath, certPath);
 	await server.issuer.keys.add({
 		// A key we generated for the NeoPass test server. It's okay for its
 		// "secret" info to be here, because it's for development only!
@ -89,6 +88,10 @@ async function startServer(port) {
 		n: "svVfGU4NGcfBCmQiIOW5uzg5SAN2CWSIQSstnhqZoCdjy5OoKpKVR8O9TbDvxixrvkFyAav90Q0Xse8iFTcjfCKuqINYiuYMXhCvfBlc_DVVOQca9pMpN03LaDofd5Ll4_BFTtt1nSPahwWU7xDM-Bkkh_TcS2qS4N2xbpEGi0q0ZkrJN4WyiDBC2k9WbK-YHr4Rj4JKypFVSeBIrjxVPmlPzgfqlLGGIB0l92SnJDXDMlkWcCCTyLgqSBM04nkxGDSykq_ei76qCdRd7b10wMBaoS9DeBThAyHpur2LoPdH3gxbcwoWExi-jPlNP1LdKVZD8b95OY3CRyMAAMGdKQ",
 	});

+	server.service.on("beforeTokenSigning", (token, req) => {
+		token.payload.sub = USERNAME;
+	});
+
 	await server.start(port, "localhost");
 	console.log(`Started NeoPass development server at: ${server.issuer.url}`);
 }