From 34d5d44d68069f359ce30c6addf727e1cc89c26a Mon Sep 17 00:00:00 2001
From: Kris Charbonneau <71025360+krischarbonneau@users.noreply.github.com>
Date: Thu, 8 Aug 2024 10:53:03 -0400
Subject: [PATCH] Update next-auth config to validate  SIN and UID (#710)

---
 pages/api/auth/[...nextauth].ts | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/pages/api/auth/[...nextauth].ts b/pages/api/auth/[...nextauth].ts
index ce10224e8..ee9cb6928 100644
--- a/pages/api/auth/[...nextauth].ts
+++ b/pages/api/auth/[...nextauth].ts
@@ -100,6 +100,15 @@ export const authOptions: NextAuthOptions = {
       checks: ['state', 'nonce'],
       profile: async (profile) => {
         profile = await decryptJwe(profile.userinfo_token, jwk)
+
+        //Validate SIN and UID to ensure they are not null and are alphanumeric
+        const sinRegex = /^[a-zA-Z0-9]+$/
+        if (profile.sin === null || !sinRegex.test(profile.sin)) {
+          logger.error('SIN is not valid')
+        } else if (profile.uid === null || !sinRegex.test(profile.uid)) {
+          logger.error('UID is not valid')
+        }
+
         //Make call to msca-ng API to create user if it doesn't exist
         axios
           .post(