@boxyhq/saml-jackson 0.2.0-beta.149 → 0.2.1-beta.154
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -0
- package/package.json +5 -5
- package/src/controller/oauth.js +27 -20
- package/src/db/sql/sql.js +2 -4
package/README.md
CHANGED
|
@@ -236,6 +236,8 @@ https://localhost:5000/oauth/authorize
|
|
|
236
236
|
|
|
237
237
|
- response_type=code: This is the only supported type for now but maybe extended in the future
|
|
238
238
|
- client_id: Use the client_id returned by the SAML config API or use `tenant=<tenantID>&product=<productID>` to use the tenant and product IDs instead. **Note:** Please don't forget to URL encode the query parameters including `client_id`.
|
|
239
|
+
- tenant: Optionally you can provide a dummy `client_id` and specify the `tenant` and `product` custom attributes (if your OAuth 2.0 library allows it).
|
|
240
|
+
- product: Should be specified if specifying `tenant` above
|
|
239
241
|
- redirect_uri: This is where the user will be taken back once the authorization flow is complete
|
|
240
242
|
- state: Use a randomly generated string as the state, this will be echoed back as a query parameter when taking the user back to the `redirect_uri` above. You should validate the state to prevent XSRF attacks
|
|
241
243
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@boxyhq/saml-jackson",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.1-beta.154",
|
|
4
4
|
"license": "Apache 2.0",
|
|
5
5
|
"description": "SAML 2.0 service",
|
|
6
6
|
"main": "src/index.js",
|
|
@@ -17,9 +17,9 @@
|
|
|
17
17
|
"scripts": {
|
|
18
18
|
"start": "cross-env IDP_ENABLED=true node src/jackson.js",
|
|
19
19
|
"dev": "cross-env IDP_ENABLED=true nodemon src/jackson.js",
|
|
20
|
-
"mongo": "cross-env DB_ENGINE=mongo DB_URL=mongodb://localhost:27017/jackson nodemon src/jackson.js",
|
|
21
|
-
"pre-loaded": "cross-env DB_ENGINE=mem PRE_LOADED_CONFIG='./_config' nodemon src/jackson.js",
|
|
22
|
-
"pre-loaded-db": "cross-env PRE_LOADED_CONFIG='./_config' nodemon src/jackson.js",
|
|
20
|
+
"mongo": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=mongo DB_URL=mongodb://localhost:27017/jackson nodemon src/jackson.js",
|
|
21
|
+
"pre-loaded": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=mem PRE_LOADED_CONFIG='./_config' nodemon src/jackson.js",
|
|
22
|
+
"pre-loaded-db": "cross-env JACKSON_API_KEYS=secret PRE_LOADED_CONFIG='./_config' nodemon src/jackson.js",
|
|
23
23
|
"test": "tap --timeout=100 src/**/*.test.js",
|
|
24
24
|
"dev-dbs": "docker-compose -f ./_dev/docker-compose.yml up -d",
|
|
25
25
|
"dev-dbs-destroy": "docker-compose -f ./_dev/docker-compose.yml down --volumes --remove-orphans"
|
|
@@ -64,4 +64,4 @@
|
|
|
64
64
|
"*.js": "eslint --cache --fix",
|
|
65
65
|
"*.{js,css,md}": "prettier --write"
|
|
66
66
|
}
|
|
67
|
-
}
|
|
67
|
+
}
|
package/src/controller/oauth.js
CHANGED
|
@@ -61,7 +61,19 @@ const authorize = async (body) => {
|
|
|
61
61
|
|
|
62
62
|
let samlConfig;
|
|
63
63
|
|
|
64
|
-
if (
|
|
64
|
+
if (tenant && product) {
|
|
65
|
+
const samlConfigs = await configStore.getByIndex({
|
|
66
|
+
name: indexNames.tenantProduct,
|
|
67
|
+
value: dbutils.keyFromParts(tenant, product),
|
|
68
|
+
});
|
|
69
|
+
|
|
70
|
+
if (!samlConfigs || samlConfigs.length === 0) {
|
|
71
|
+
throw new JacksonError('SAML configuration not found.', 403);
|
|
72
|
+
}
|
|
73
|
+
|
|
74
|
+
// TODO: Support multiple matches
|
|
75
|
+
samlConfig = samlConfigs[0];
|
|
76
|
+
} else if (
|
|
65
77
|
client_id &&
|
|
66
78
|
client_id !== '' &&
|
|
67
79
|
client_id !== 'undefined' &&
|
|
@@ -85,17 +97,10 @@ const authorize = async (body) => {
|
|
|
85
97
|
samlConfig = await configStore.get(client_id);
|
|
86
98
|
}
|
|
87
99
|
} else {
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
if (!samlConfigs || samlConfigs.length === 0) {
|
|
94
|
-
throw new JacksonError('SAML configuration not found.', 403);
|
|
95
|
-
}
|
|
96
|
-
|
|
97
|
-
// TODO: Support multiple matches
|
|
98
|
-
samlConfig = samlConfigs[0];
|
|
100
|
+
throw new JacksonError(
|
|
101
|
+
'You need to specify client_id or tenant & product',
|
|
102
|
+
403
|
|
103
|
+
);
|
|
99
104
|
}
|
|
100
105
|
|
|
101
106
|
if (!samlConfig) {
|
|
@@ -253,14 +258,16 @@ const token = async (body) => {
|
|
|
253
258
|
|
|
254
259
|
if (client_id && client_secret) {
|
|
255
260
|
// check if we have an encoded client_id
|
|
256
|
-
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
261
|
+
if (client_id !== 'dummy' && client_secret !== 'dummy') {
|
|
262
|
+
const sp = getEncodedClientId(client_id);
|
|
263
|
+
if (!sp) {
|
|
264
|
+
// OAuth flow
|
|
265
|
+
if (
|
|
266
|
+
client_id !== codeVal.clientID ||
|
|
267
|
+
client_secret !== codeVal.clientSecret
|
|
268
|
+
) {
|
|
269
|
+
throw new JacksonError('Invalid client_id or client_secret', 401);
|
|
270
|
+
}
|
|
264
271
|
}
|
|
265
272
|
}
|
|
266
273
|
} else if (code_verifier) {
|
package/src/db/sql/sql.js
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
/*eslint no-constant-condition: ["error", { "checkLoops": false }]*/
|
|
2
|
+
|
|
1
3
|
require('reflect-metadata');
|
|
2
4
|
const typeorm = require('typeorm');
|
|
3
5
|
const JacksonStore = require('./model/JacksonStore.js');
|
|
@@ -99,10 +101,6 @@ class Sql {
|
|
|
99
101
|
});
|
|
100
102
|
}
|
|
101
103
|
|
|
102
|
-
if (res && res.store) {
|
|
103
|
-
return JSON.parse(res.store.value);
|
|
104
|
-
}
|
|
105
|
-
|
|
106
104
|
return ret;
|
|
107
105
|
}
|
|
108
106
|
|