feat(idnot): add mock mode for development without IdNot access

- Add IDNOT_MOCK=1 environment variable to bypass external IdNot calls
- Use real test account data: IDN187087, STON CARQUEIRANNE, CRPCEN 083079
- Mock authentication returns valid user data for development
- Allows testing auth flow without IdNot API access

[skip ci]

src/controllers/idnot.controller.ts

@@ -90,6 +90,46 @@ export class IdNotController {
     Logger.info('IdNot authentication initiated', { codePrefix: code.substring(0, 8) + '...' });
 
     try {
+      // Development fallback: allow authentication without contacting IdNot
+      if (process.env.IDNOT_MOCK === '1') {
+        Logger.warn('IDNOT_MOCK enabled - returning mocked IdNot user without external calls');
+        const idNotUser: IdNotUser = {
+          idNot: 'IDN187087',
+          office: {
+            idNot: 'IDN187087',
+            name: 'STON - CARQUEIRANNE',
+            crpcen: '083079',
+            office_status: 'ACTIVATED' as any,
+            address: { address: 'CARQUEIRANNE', city: 'CARQUEIRANNE', zip_code: 83034 },
+            status: 'ACTIVE'
+          },
+          role: { name: 'admin' },
+          contact: {
+            first_name: 'Test',
+            last_name: 'User',
+            email: 'test@lecoffre.io',
+            phone_number: '+33400000000',
+            cell_phone_number: '+33600000000',
+            civility: 'Monsieur' as any
+          },
+          office_role: { name: 'Notaire' }
+        };
+
+        const authToken = uuidv4();
+        const tokenData: AuthToken = {
+          idNot: idNotUser.idNot,
+          authToken,
+          idNotUser,
+          pairingId: null,
+          defaultStorage: null,
+          createdAt: Date.now(),
+          expiresAt: Date.now() + (24 * 60 * 60 * 1000)
+        };
+        authTokens.push(tokenData);
+
+        return { idNotUser, authToken };
+      }
+
       // Exchange code for tokens
       const tokens = await IdNotService.exchangeCodeForTokens(code);
 

src/handlers/idnot-callback.handlers.ts

@@ -40,6 +40,16 @@ export class IdNotCallbackHandlers {
 
     const payload = StateService.verifyState(state);
 
+    // If external IdNot access is unavailable, allow mock bypass when enabled
+    const mockEnabled = process.env.IDNOT_MOCK === '1';
+    if (mockEnabled) {
+      const { authToken } = await IdNotController.authenticate(code);
+      const url = new URL(payload.next_url);
+      const hash = url.hash ? url.hash.replace(/^#/, '') + `&authToken=${encodeURIComponent(authToken)}` : `authToken=${encodeURIComponent(authToken)}`;
+      const redirectTo = `${url.origin}${url.pathname}${url.search}#${hash}`;
+      return res.redirect(302, redirectTo);
+    }
+
     // Exchange code using existing controller logic to build auth and user
     const { authToken } = await IdNotController.authenticate(code);