From 58f2dfab5214eca71e37fdbe5afe6d540e2b1da8 Mon Sep 17 00:00:00 2001
From: dev4 <dev4@4nkweb.com>
Date: Fri, 19 Sep 2025 08:17:39 +0000
Subject: [PATCH] ci: docker_tag=ext chore(back): v1.0.5 token claims +
 validation profile_idn

---
 CHANGELOG.md                        |  5 +++++
 package.json                        |  2 +-
 src/controllers/idnot.controller.ts | 15 ++++++++++++++-
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9c589b5..2e09f7b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -36,3 +36,8 @@
     - `getUserData`
     - `getOfficeLocationData`
 - Objectif: faciliter le diagnostic des environnements et des bases URL.
+
+## v1.0.5
+
+- IdNot: logs supplémentaires des claims du token (`sub`, `entity_idn`, `profile_idn`) et contrôle explicite de `profile_idn`.
+- Effet: en cas d’absence de `profile_idn`, retour 400 (ValidationError) au lieu d’un 502.
diff --git a/package.json b/package.json
index f3856ab..c893564 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "lecoffre-back-mini",
-  "version": "1.0.4",
+  "version": "1.0.5",
   "description": "Mini serveur avec une route /api/ping",
   "main": "dist/server.js",
   "scripts": {
diff --git a/src/controllers/idnot.controller.ts b/src/controllers/idnot.controller.ts
index d02bbb1..dd60253 100644
--- a/src/controllers/idnot.controller.ts
+++ b/src/controllers/idnot.controller.ts
@@ -99,7 +99,20 @@ export class IdNotController {
       }
 
       // Decode JWT payload
-      const payload = JSON.parse(Buffer.from(jwt.split('.')[1], 'base64').toString('utf8'));
+      const payload = JSON.parse(Buffer.from(jwt.split('.') [1], 'base64').toString('utf8'));
+
+      // Log non-sensible claims for diagnostics
+      Logger.info('IdNot token payload summary', {
+        keys: Object.keys(payload || {}),
+        sub: payload?.sub,
+        entity_idn: payload?.entity_idn,
+        profile_idn: payload?.profile_idn
+      });
+
+      // Validate essential claim
+      if (!payload?.profile_idn || typeof payload.profile_idn !== 'string') {
+        throw new ValidationError('Missing profile_idn in IdNot token');
+      }
 
       // Get user data
       const userData = await IdNotService.getUserData(payload.profile_idn);