@boxyhq/saml-jackson 0.1.5-beta.107 → 0.1.5-beta.111
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/controller/oauth.js +2 -12
- package/src/controller/utils.js +11 -0
- package/src/env.js +3 -0
- package/src/jackson.js +11 -0
- package/src/saml/saml.js +15 -3
package/package.json
CHANGED
package/src/controller/oauth.js
CHANGED
|
@@ -2,7 +2,7 @@ const crypto = require('crypto');
|
|
|
2
2
|
|
|
3
3
|
const saml = require('../saml/saml.js');
|
|
4
4
|
const codeVerifier = require('./oauth/code-verifier.js');
|
|
5
|
-
const { indexNames } = require('./utils.js');
|
|
5
|
+
const { indexNames, extractAuthToken } = require('./utils.js');
|
|
6
6
|
const dbutils = require('../db/utils.js');
|
|
7
7
|
const redirect = require('./oauth/redirect.js');
|
|
8
8
|
const allowed = require('./oauth/allowed.js');
|
|
@@ -15,16 +15,6 @@ let options;
|
|
|
15
15
|
|
|
16
16
|
const relayStatePrefix = 'boxyhq_jackson_';
|
|
17
17
|
|
|
18
|
-
const extractBearerToken = (req) => {
|
|
19
|
-
const authHeader = req.get('authorization');
|
|
20
|
-
const parts = (authHeader || '').split(' ');
|
|
21
|
-
if (parts.length > 1) {
|
|
22
|
-
return parts[1];
|
|
23
|
-
}
|
|
24
|
-
|
|
25
|
-
return null;
|
|
26
|
-
};
|
|
27
|
-
|
|
28
18
|
function getEncodedClientId(client_id) {
|
|
29
19
|
try {
|
|
30
20
|
const sp = new URLSearchParams(client_id);
|
|
@@ -303,7 +293,7 @@ const token = async (req, res) => {
|
|
|
303
293
|
};
|
|
304
294
|
|
|
305
295
|
const userInfo = async (req, res) => {
|
|
306
|
-
let token =
|
|
296
|
+
let token = extractAuthToken(req);
|
|
307
297
|
|
|
308
298
|
// check for query param
|
|
309
299
|
if (!token) {
|
package/src/controller/utils.js
CHANGED
|
@@ -3,6 +3,17 @@ const indexNames = {
|
|
|
3
3
|
tenantProduct: 'tenantProduct',
|
|
4
4
|
};
|
|
5
5
|
|
|
6
|
+
const extractAuthToken = (req) => {
|
|
7
|
+
const authHeader = req.get('authorization');
|
|
8
|
+
const parts = (authHeader || '').split(' ');
|
|
9
|
+
if (parts.length > 1) {
|
|
10
|
+
return parts[1];
|
|
11
|
+
}
|
|
12
|
+
|
|
13
|
+
return null;
|
|
14
|
+
};
|
|
15
|
+
|
|
6
16
|
module.exports = {
|
|
7
17
|
indexNames,
|
|
18
|
+
extractAuthToken,
|
|
8
19
|
};
|
package/src/env.js
CHANGED
|
@@ -7,6 +7,8 @@ const samlPath = process.env.SAML_PATH || '/oauth/saml';
|
|
|
7
7
|
const internalHostUrl = process.env.INTERNAL_HOST_URL || 'localhost';
|
|
8
8
|
const internalHostPort = (process.env.INTERNAL_HOST_PORT || '6000') * 1;
|
|
9
9
|
|
|
10
|
+
const apiKeys = (process.env.API_KEYS || '').split(',');
|
|
11
|
+
|
|
10
12
|
const samlAudience = process.env.SAML_AUDIENCE;
|
|
11
13
|
const preLoadedConfig = process.env.PRE_LOADED_CONFIG;
|
|
12
14
|
|
|
@@ -27,6 +29,7 @@ module.exports = {
|
|
|
27
29
|
preLoadedConfig,
|
|
28
30
|
internalHostUrl,
|
|
29
31
|
internalHostPort,
|
|
32
|
+
apiKeys,
|
|
30
33
|
idpEnabled,
|
|
31
34
|
db,
|
|
32
35
|
useInternalServer: !(
|
package/src/jackson.js
CHANGED
|
@@ -2,6 +2,7 @@ const express = require('express');
|
|
|
2
2
|
const cors = require('cors');
|
|
3
3
|
|
|
4
4
|
const env = require('./env.js');
|
|
5
|
+
const { extractAuthToken } = require('./controller/utils.js');
|
|
5
6
|
|
|
6
7
|
let apiController;
|
|
7
8
|
let oauthController;
|
|
@@ -66,8 +67,18 @@ if (env.useInternalServer) {
|
|
|
66
67
|
internalApp.use(express.urlencoded({ extended: true }));
|
|
67
68
|
}
|
|
68
69
|
|
|
70
|
+
const validateApiKey = (token) => {
|
|
71
|
+
return env.apiKeys.includes(token);
|
|
72
|
+
};
|
|
73
|
+
|
|
69
74
|
internalApp.post(apiPath + '/config', async (req, res) => {
|
|
70
75
|
try {
|
|
76
|
+
const apiKey = extractAuthToken(req);
|
|
77
|
+
if (!validateApiKey(apiKey)) {
|
|
78
|
+
res.status(401).send('Unauthorized');
|
|
79
|
+
return;
|
|
80
|
+
}
|
|
81
|
+
|
|
71
82
|
res.json(await apiController.config(req.body));
|
|
72
83
|
} catch (err) {
|
|
73
84
|
res.status(500).json({
|
package/src/saml/saml.js
CHANGED
|
@@ -141,12 +141,20 @@ module.exports = {
|
|
|
141
141
|
let X509Certificate = null;
|
|
142
142
|
let ssoPostUrl = null;
|
|
143
143
|
let ssoRedirectUrl = null;
|
|
144
|
+
let loginType = 'idp';
|
|
144
145
|
|
|
145
|
-
|
|
146
|
-
|
|
146
|
+
let ssoDes = rambda.pathOr(
|
|
147
|
+
null,
|
|
147
148
|
'EntityDescriptor.IDPSSODescriptor',
|
|
148
149
|
res
|
|
149
150
|
);
|
|
151
|
+
if (!ssoDes) {
|
|
152
|
+
ssoDes = rambda.pathOr([], 'EntityDescriptor.SPSSODescriptor', res);
|
|
153
|
+
if (!ssoDes) {
|
|
154
|
+
loginType = 'sp';
|
|
155
|
+
}
|
|
156
|
+
}
|
|
157
|
+
|
|
150
158
|
for (const ssoDesRec of ssoDes) {
|
|
151
159
|
const keyDes = ssoDesRec['KeyDescriptor'];
|
|
152
160
|
for (const keyDesRec of keyDes) {
|
|
@@ -157,7 +165,10 @@ module.exports = {
|
|
|
157
165
|
}
|
|
158
166
|
}
|
|
159
167
|
|
|
160
|
-
const ssoSvc =
|
|
168
|
+
const ssoSvc =
|
|
169
|
+
ssoDesRec['SingleSignOnService'] ||
|
|
170
|
+
ssoDesRec['AssertionConsumerService'] ||
|
|
171
|
+
[];
|
|
161
172
|
for (const ssoSvcRec of ssoSvc) {
|
|
162
173
|
if (
|
|
163
174
|
rambda.pathOr('', '$.Binding', ssoSvcRec).endsWith('HTTP-POST')
|
|
@@ -188,6 +199,7 @@ module.exports = {
|
|
|
188
199
|
if (ssoRedirectUrl) {
|
|
189
200
|
ret.sso.redirectUrl = ssoRedirectUrl;
|
|
190
201
|
}
|
|
202
|
+
ret.loginType = loginType;
|
|
191
203
|
|
|
192
204
|
resolve(ret);
|
|
193
205
|
}
|