@boxyhq/saml-jackson 0.1.5-beta.119 → 0.1.5-beta.121
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/controller/oauth.js +0 -5
- package/src/saml/claims.js +40 -0
- package/src/saml/saml.js +14 -0
package/package.json
CHANGED
package/src/controller/oauth.js
CHANGED
|
@@ -186,11 +186,6 @@ const samlResponse = async (req, res) => {
|
|
|
186
186
|
}
|
|
187
187
|
|
|
188
188
|
const profile = await saml.validateAsync(rawResponse, validateOpts);
|
|
189
|
-
|
|
190
|
-
// some providers don't return the id in the assertion, we set it to a sha256 hash of the email
|
|
191
|
-
if (profile && profile.claims && !profile.claims.id) {
|
|
192
|
-
profile.claims.id = crypto.createHash('sha256').update(profile.claims.email).digest('hex');
|
|
193
|
-
}
|
|
194
189
|
|
|
195
190
|
// store details against a code
|
|
196
191
|
const code = crypto.randomBytes(20).toString('hex');
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
const mapping = [
|
|
2
|
+
{
|
|
3
|
+
attribute: 'id',
|
|
4
|
+
schema:
|
|
5
|
+
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier',
|
|
6
|
+
},
|
|
7
|
+
{
|
|
8
|
+
attribute: 'email',
|
|
9
|
+
schema:
|
|
10
|
+
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',
|
|
11
|
+
},
|
|
12
|
+
{
|
|
13
|
+
attribute: 'firstName',
|
|
14
|
+
schema: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname',
|
|
15
|
+
},
|
|
16
|
+
{
|
|
17
|
+
attribute: 'lastName',
|
|
18
|
+
schema: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname',
|
|
19
|
+
},
|
|
20
|
+
];
|
|
21
|
+
|
|
22
|
+
const map = (claims) => {
|
|
23
|
+
const profile = {
|
|
24
|
+
raw: claims,
|
|
25
|
+
};
|
|
26
|
+
|
|
27
|
+
mapping.forEach((m) => {
|
|
28
|
+
if (claims[m.attribute]) {
|
|
29
|
+
profile[m.attribute] = claims[m.attribute];
|
|
30
|
+
} else if (claims[m.schema]) {
|
|
31
|
+
profile[m.attribute] = claims[m.schema];
|
|
32
|
+
}
|
|
33
|
+
});
|
|
34
|
+
|
|
35
|
+
return profile;
|
|
36
|
+
};
|
|
37
|
+
|
|
38
|
+
module.exports = {
|
|
39
|
+
map,
|
|
40
|
+
};
|
package/src/saml/saml.js
CHANGED
|
@@ -5,6 +5,7 @@ const thumbprint = require('thumbprint');
|
|
|
5
5
|
const xmlbuilder = require('xmlbuilder');
|
|
6
6
|
const crypto = require('crypto');
|
|
7
7
|
const xmlcrypto = require('xml-crypto');
|
|
8
|
+
const claims = require('./claims');
|
|
8
9
|
|
|
9
10
|
const idPrefix = '_';
|
|
10
11
|
const authnXPath =
|
|
@@ -120,6 +121,19 @@ module.exports = {
|
|
|
120
121
|
return;
|
|
121
122
|
}
|
|
122
123
|
|
|
124
|
+
if (profile && profile.claims) {
|
|
125
|
+
// we map claims to our attributes id, email, firstName, lastName where possible. We also map original claims to raw
|
|
126
|
+
profile.claims = claims.map(profile.claims);
|
|
127
|
+
|
|
128
|
+
// some providers don't return the id in the assertion, we set it to a sha256 hash of the email
|
|
129
|
+
if (!profile.claims.id) {
|
|
130
|
+
profile.claims.id = crypto
|
|
131
|
+
.createHash('sha256')
|
|
132
|
+
.update(profile.claims.email)
|
|
133
|
+
.digest('hex');
|
|
134
|
+
}
|
|
135
|
+
}
|
|
136
|
+
|
|
123
137
|
resolve(profile);
|
|
124
138
|
}
|
|
125
139
|
);
|