build: Release 5.19.0 #2310

tshuli · 2021-07-06T02:08:06Z

New

feat(auth): support sgID for form submissions #1986

Improvements

feat: Set SP/CP JWT cookie to HttpOnly #2193
refactor: revert the revert of encapsulate parsedResponses #2278

Fixes

feat: Remove self from collaborator list #2212
fix: allow duplicating email field with PDF to storage mode #2303

Dependency Changes

fix(deps): bump aws-sdk from 2.936.0 to 2.937.0 #2287
fix(deps): bump aws-sdk from 2.937.0 to 2.939.0 #2293
fix(deps): bump express-rate-limit from 5.2.6 to 5.3.0 #2288
fix(deps): bump libphonenumber-js from 1.9.20 to 1.9.21 #2291
fix(deps): bump neverthrow from 4.2.1 to 4.2.2 #2297
fix(deps): bump twilio from 3.64.0 to 3.65.0 #2284
fix(deps): bump zod from 3.2.0 to 3.3.3 #2296
fix(deps): bump zod from 3.3.3 to 3.3.4 #2299
fix(deps): unpin typescript #2305
chore(deps-dev): bump @types/mongodb from 3.6.18 to 3.6.19 #2286
chore(deps-dev): bump @types/uuid from 8.3.0 to 8.3.1 #2294
chore(deps-dev): bump @types/validator from 13.1.4 to 13.6.2 #2298
chore(deps-dev): bump @typescript-eslint/eslint-plugin #2307
chore(deps-dev): bump @typescript-eslint/parser from 4.28.1 to 4.28.2 #2306
chore(deps-dev): bump eslint from 7.29.0 to 7.30.0 #2295
chore(deps-dev): bump ts-node-dev from 1.1.7 to 1.1.8 #2285

Bumps [twilio](https://github.com/twilio/twilio-node) from 3.64.0 to 3.65.0. - [Release notes](https://github.com/twilio/twilio-node/releases) - [Changelog](https://github.com/twilio/twilio-node/blob/main/CHANGES.md) - [Commits](twilio/twilio-node@3.64.0...3.65.0) --- updated-dependencies: - dependency-name: twilio dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [@types/mongodb](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/mongodb) from 3.6.18 to 3.6.19. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/mongodb) --- updated-dependencies: - dependency-name: "@types/mongodb" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.936.0 to 2.937.0. - [Release notes](https://github.com/aws/aws-sdk-js/releases) - [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md) - [Commits](aws/aws-sdk-js@v2.936.0...v2.937.0) --- updated-dependencies: - dependency-name: aws-sdk dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [ts-node-dev](https://github.com/whitecolor/ts-node-dev) from 1.1.7 to 1.1.8. - [Release notes](https://github.com/whitecolor/ts-node-dev/releases) - [Changelog](https://github.com/wclr/ts-node-dev/blob/master/CHANGELOG.md) - [Commits](wclr/ts-node-dev@v1.1.7...v1.1.8) --- updated-dependencies: - dependency-name: ts-node-dev dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [express-rate-limit](https://github.com/nfriedly/express-rate-limit) from 5.2.6 to 5.3.0. - [Release notes](https://github.com/nfriedly/express-rate-limit/releases) - [Commits](express-rate-limit/express-rate-limit@v5.2.6...v5.3.0) --- updated-dependencies: - dependency-name: express-rate-limit dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

This reverts commit 5237a0b.

Bumps [libphonenumber-js](https://gitlab.com/catamphetamine/libphonenumber-js) from 1.9.20 to 1.9.21. - [Release notes](https://gitlab.com/catamphetamine/libphonenumber-js/tags) - [Changelog](https://gitlab.com/catamphetamine/libphonenumber-js/blob/master/CHANGELOG.md) - [Commits](https://gitlab.com/catamphetamine/libphonenumber-js/compare/v1.9.20...v1.9.21) --- updated-dependencies: - dependency-name: libphonenumber-js dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.937.0 to 2.939.0. - [Release notes](https://github.com/aws/aws-sdk-js/releases) - [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md) - [Commits](aws/aws-sdk-js@v2.937.0...v2.939.0) --- updated-dependencies: - dependency-name: aws-sdk dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [@types/uuid](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/uuid) from 8.3.0 to 8.3.1. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/uuid) --- updated-dependencies: - dependency-name: "@types/uuid" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [eslint](https://github.com/eslint/eslint) from 7.29.0 to 7.30.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md) - [Commits](eslint/eslint@v7.29.0...v7.30.0) --- updated-dependencies: - dependency-name: eslint dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [zod](https://github.com/colinhacks/zod) from 3.2.0 to 3.3.3. - [Release notes](https://github.com/colinhacks/zod/releases) - [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md) - [Commits](https://github.com/colinhacks/zod/commits) --- updated-dependencies: - dependency-name: zod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [neverthrow](https://github.com/supermacro/neverthrow) from 4.2.1 to 4.2.2. - [Release notes](https://github.com/supermacro/neverthrow/releases) - [Commits](supermacro/neverthrow@v4.2.1...v4.2.2) --- updated-dependencies: - dependency-name: neverthrow dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [@types/validator](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/validator) from 13.1.4 to 13.6.2. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/validator) --- updated-dependencies: - dependency-name: "@types/validator" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [zod](https://github.com/colinhacks/zod) from 3.3.3 to 3.3.4. - [Release notes](https://github.com/colinhacks/zod/releases) - [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md) - [Commits](https://github.com/colinhacks/zod/commits) --- updated-dependencies: - dependency-name: zod dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* feat: add route and controller to clear cookie * feat: frontend to call logout endpoint to delete cookie * feat: backend to return spcpSssion msToExpiry in network response * feat: frontend uses spcpSession data from response instead of decoding jwt * feat: set spcp cookies to http only * chore: update tests * chore: add tests * feat: retain httpOnly as false for now for backward compatibility * chore: fix merge conflict * chore: rename to logoutOfSpcpSession * chore: rename route to /auth/:authType/logout * chore: rely on joi for authType validation * chore: clean up types, check cookie expiry directly against exp instead of msToExpiry * chore: use $q to wrap logout request * chore: update tests * refactor: combine conditionals * feat: set http only to true * chore: clean up types * chore: add defensive check for cookie exp before returning to client * chore: rename to handleSpcpLogout * chore: return spcpSession obj instead of destructuring * chore: add spcpSession properties for route test * chore: new type for jwt from cookie * refactor: combine response call * chore: tighten test for spcpsession, rename to CookieTimestamp

Fully flesh out sgID integrations with FormSG [config] - Add needed configuration to configure sgID authentication, driving most of these using env vars [modules] - add an sgid module, taking inspiration from spcp - add sgid-related entries alongside spcp equivalents in public-form and email-submission controllers - do likewise for frontend components [deps] - add @opengovsg/sgid-client fixup! feat(auth): enable sgID

- add sgid beta flag - add authType as argument to isDisableAuthType so that we can disable sgID if user does not have the appropriate beta flag - reword text for form submitters and admins so that they understand that sgID is in effect an extension of Singpass

* feat: Remove self from collaborator list * Fix typo in removeSelfFromCollaborators function * address mantariksh@'s comments

* fix: allow duplicating email field with PDF to storage mode Bug was due to regression caused in #1971 where the set hook was converted to a validator hook. Upon further examination, the set hook was needed to set includeFormSummary to false on encrypt-mode forms. The pre-validate hook will always pass if storage mode forms's email.includeFormSummary is always set to true, and is thus redundant and kept deleted. * test(emailField): add unit tests for includeFormSummary

Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 4.28.1 to 4.28.2. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/master/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v4.28.2/packages/eslint-plugin) --- updated-dependencies: - dependency-name: "@typescript-eslint/eslint-plugin" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…#2306) Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 4.28.1 to 4.28.2. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/master/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v4.28.2/packages/parser) --- updated-dependencies: - dependency-name: "@typescript-eslint/parser" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [@types/convict](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/convict) from 6.0.2 to 6.1.0. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/convict) --- updated-dependencies: - dependency-name: "@types/convict" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

tshuli · 2021-07-06T02:14:53Z

@mantariksh

Tests

feat: Set SP/CP JWT cookie to HttpOnly

Create form with singpass. Log in without selecting 'remember me'. Check that form can be submitted and logout works, with jwtSp cookie deleted upon logout
- Repeat the above with 'remember me' checked
Create form with corppass. Log in. Check that form can be submitted and logout works, with jwtCp cookie deleted upon logout
Create form with myinfo and check that myinfo form submission works normally

tshuli · 2021-07-06T02:15:40Z

@karrui

refactor(email-submission): encapsulate parsedResponses

Copy this email-mode form.

Submit the form with valid inputs. Submission should go through.
Copy the request as a CURL, and modify the responses to have invalid information (like invalid email, phone number). The error you get is There is something wrong with your form submission. Please check your responses and try again.
Paste that same request you copied as CURL, this time deleting a compulsory field (like the decimal field). The error message is The form has been updated. Please refresh and submit again.

tshuli · 2021-07-06T02:16:05Z

feat: Remove self from collaborator list
@tshuli

Create a new form with collaborators, then login as the collaborators and manually remove themselves. It should succeed.

tshuli · 2021-07-06T02:16:22Z

fix: allow duplicating email field with PDF to storage mode
@tshuli

Create an email mode form, with email field that has the include PDF summary option toggled on.
- Duplicate that form to a storage mode form. Should duplicate successfully, but with the include PDF summary option in the email form toggled off.
- Duplicate that form to another email mode form. Should duplicate successfully and the include PDF summary option should still be toggled on.

build: merge release 5.18.0 into develop

feat(auth): support sgID for form submissions

tshuli · 2021-07-06T02:44:07Z

feat(auth): support sgID for form submissions
@karrui

~~Find an sgID developer who has access to a special build of the Singpass App that talks to sgID staging~~ Load Singpass in your mobile phone
Create a betaFlag - sgid - for a user
With this user, create a form with auth type set to Singpass (Lite)
Make the form public and attempt to log into the form
User is stuck at sgID login screen if he/she refuses to Send Details to FormSG

tshuli · 2021-07-08T01:58:21Z

Rolled back due to bug with cookie domain, hence preventing users from logging out from sp/cp on prod after #2193

dependabot bot and others added 26 commits July 1, 2021 17:29

refactor: revert the revert of encapsulate parsedResponses (#2278)

e0f3fb1

This reverts commit 5237a0b.

test(sgid): provide test coverage

cf12c15

fix(sgid): rework codebase in-line with review

876fe7a

feat: Remove self from collaborator list (#2212)

57940cf

* feat: Remove self from collaborator list * Fix typo in removeSelfFromCollaborators function * address mantariksh@'s comments

refactor(sgid): use httpOnly cookies, inject sgid config directly

b0ef879

fix(deps): unpin typescript (#2305)

1896bb7

tshuli and others added 3 commits July 6, 2021 10:28

Merge pull request #2311 from opengovsg/release-v5.18.0

0d2de31

build: merge release 5.18.0 into develop

Merge pull request #1986 from opengovsg/feat/auth/sgid

ff6bc19

feat(auth): support sgID for form submissions

chore: bump version to 5.19.0

5351be9

tshuli force-pushed the release-5.19.0 branch from f637f34 to 5351be9 Compare July 6, 2021 02:41

LoneRifle added 2 commits July 6, 2021 13:15

fix(types): recognise User.betaFlags in zod (#2314)

03b2268

fix(settings): reorder and reword auth options (#2315)

a5e719f

mantariksh approved these changes Jul 7, 2021

View reviewed changes

tshuli merged commit 9c3a54c into release Jul 7, 2021

This was referenced Jul 8, 2021

build: Release 5.19.1 #2341

Closed

build: Release 5.19.1 #2342

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build: Release 5.19.0 #2310

build: Release 5.19.0 #2310

tshuli commented Jul 6, 2021 •

edited

Loading

tshuli commented Jul 6, 2021 •

edited by mantariksh

Loading

tshuli commented Jul 6, 2021 •

edited by karrui

Loading

tshuli commented Jul 6, 2021 •

edited

Loading

tshuli commented Jul 6, 2021 •

edited

Loading

tshuli commented Jul 6, 2021 •

edited by LoneRifle

Loading

tshuli commented Jul 8, 2021

build: Release 5.19.0 #2310

build: Release 5.19.0 #2310

Conversation

tshuli commented Jul 6, 2021 • edited Loading

tshuli commented Jul 6, 2021 • edited by mantariksh Loading

Tests

tshuli commented Jul 6, 2021 • edited by karrui Loading

tshuli commented Jul 6, 2021 • edited Loading

tshuli commented Jul 6, 2021 • edited Loading

tshuli commented Jul 6, 2021 • edited by LoneRifle Loading

tshuli commented Jul 8, 2021

tshuli commented Jul 6, 2021 •

edited

Loading

tshuli commented Jul 6, 2021 •

edited by mantariksh

Loading

tshuli commented Jul 6, 2021 •

edited by karrui

Loading

tshuli commented Jul 6, 2021 •

edited

Loading

tshuli commented Jul 6, 2021 •

edited

Loading

tshuli commented Jul 6, 2021 •

edited by LoneRifle

Loading