@boxyhq/saml-jackson 0.3.5 → 0.3.6-beta.360

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/controller/api.d.ts +136 -1
  2. package/dist/controller/api.js +135 -0
  3. package/dist/controller/oauth.d.ts +84 -0
  4. package/dist/controller/oauth.js +95 -3
  5. package/package.json +1 -1
package/dist/controller/api.d.ts CHANGED
@@ -1,16 +1,151 @@
1
- import { IdPConfig, IAPIController, OAuth } from '../typings';
1
+ import { IAPIController, IdPConfig, OAuth } from '../typings';
2
2
  export declare class APIController implements IAPIController {
3
3
  private configStore;
4
4
  constructor({ configStore }: {
5
5
  configStore: any;
6
6
  });
7
7
  private _validateIdPConfig;
8
+ /**
9
+ * @swagger
10
+ *
11
+ * /api/v1/saml/config:
12
+ * post:
13
+ * summary: Create SAML configuration
14
+ * operationId: create-saml-config
15
+ * tags: [SAML Config]
16
+ * produces:
17
+ * - application/json
18
+ * consumes:
19
+ * - application/x-www-form-urlencoded
20
+ * parameters:
21
+ * - name: encodedRawMetadata
22
+ * description: Base64 encoding of the XML metadata
23
+ * in: formData
24
+ * required: true
25
+ * type: string
26
+ * - name: defaultRedirectUrl
27
+ * description: The redirect URL to use in the IdP login flow
28
+ * in: formData
29
+ * required: true
30
+ * type: string
31
+ * example: http://localhost:3000/login/saml
32
+ * - name: redirectUrl
33
+ * description: JSON encoded array containing a list of allowed redirect URLs
34
+ * in: formData
35
+ * required: true
36
+ * type: string
37
+ * example: '["http://localhost:3000/*"]'
38
+ * - name: tenant
39
+ * description: Tenant
40
+ * in: formData
41
+ * required: true
42
+ * type: string
43
+ * example: boxyhq.com
44
+ * - name: product
45
+ * description: Product
46
+ * in: formData
47
+ * required: true
48
+ * type: string
49
+ * example: demo
50
+ * responses:
51
+ * 200:
52
+ * description: Success
53
+ * schema:
54
+ * type: object
55
+ * properties:
56
+ * client_id:
57
+ * type: string
58
+ * client_secret:
59
+ * type: string
60
+ * provider:
61
+ * type: string
62
+ * example:
63
+ * client_id: 8958e13053832b5af58fdf2ee83f35f5d013dc74
64
+ * client_secret: 13f01f4df5b01770c616e682d14d3ba23f20948cfa89b1d7
65
+ * type: accounts.google.com
66
+ * 401:
67
+ * description: Unauthorized
68
+ */
8
69
  config(body: IdPConfig): Promise<OAuth>;
70
+ /**
71
+ * @swagger
72
+ *
73
+ * /api/v1/saml/config:
74
+ * get:
75
+ * summary: Get SAML configuration
76
+ * operationId: get-saml-config
77
+ * tags:
78
+ * - SAML Config
79
+ * parameters:
80
+ * - in: query
81
+ * name: tenant
82
+ * type: string
83
+ * description: Tenant
84
+ * example: boxyhq.com
85
+ * - in: query
86
+ * name: product
87
+ * type: string
88
+ * description: Product
89
+ * example: demo
90
+ * - in: query
91
+ * name: clientID
92
+ * type: string
93
+ * description: Client ID
94
+ * responses:
95
+ * '200':
96
+ * description: Success
97
+ * schema:
98
+ * type: object
99
+ * properties:
100
+ * provider:
101
+ * type: string
102
+ * example:
103
+ * type: accounts.google.com
104
+ * '401':
105
+ * description: Unauthorized
106
+ */
9
107
  getConfig(body: {
10
108
  clientID: string;
11
109
  tenant: string;
12
110
  product: string;
13
111
  }): Promise<Partial<OAuth>>;
112
+ /**
113
+ * @swagger
114
+ * /api/v1/saml/config:
115
+ * delete:
116
+ * summary: Delete SAML configuration
117
+ * operationId: delete-saml-config
118
+ * tags:
119
+ * - SAML Config
120
+ * consumes:
121
+ * - application/x-www-form-urlencoded
122
+ * parameters:
123
+ * - name: clientID
124
+ * in: formData
125
+ * type: string
126
+ * required: true
127
+ * description: Client ID
128
+ * - name: clientSecret
129
+ * in: formData
130
+ * type: string
131
+ * required: true
132
+ * description: Client Secret
133
+ * - name: tenant
134
+ * in: formData
135
+ * type: string
136
+ * description: Tenant
137
+ * example: boxyhq.com
138
+ * - name: product
139
+ * in: formData
140
+ * type: string
141
+ * description: Product
142
+ * example: demo
143
+ * responses:
144
+ * '200':
145
+ * description: Success
146
+ * '401':
147
+ * description: Unauthorized
148
+ */
14
149
  deleteConfig(body: {
15
150
  clientID: string;
16
151
  clientSecret: string;
package/dist/controller/api.js CHANGED
@@ -60,6 +60,67 @@ class APIController {
60
60
  throw new error_1.JacksonError('Please provide product', 400);
61
61
  }
62
62
  }
63
+ /**
64
+ * @swagger
65
+ *
66
+ * /api/v1/saml/config:
67
+ * post:
68
+ * summary: Create SAML configuration
69
+ * operationId: create-saml-config
70
+ * tags: [SAML Config]
71
+ * produces:
72
+ * - application/json
73
+ * consumes:
74
+ * - application/x-www-form-urlencoded
75
+ * parameters:
76
+ * - name: encodedRawMetadata
77
+ * description: Base64 encoding of the XML metadata
78
+ * in: formData
79
+ * required: true
80
+ * type: string
81
+ * - name: defaultRedirectUrl
82
+ * description: The redirect URL to use in the IdP login flow
83
+ * in: formData
84
+ * required: true
85
+ * type: string
86
+ * example: http://localhost:3000/login/saml
87
+ * - name: redirectUrl
88
+ * description: JSON encoded array containing a list of allowed redirect URLs
89
+ * in: formData
90
+ * required: true
91
+ * type: string
92
+ * example: '["http://localhost:3000/*"]'
93
+ * - name: tenant
94
+ * description: Tenant
95
+ * in: formData
96
+ * required: true
97
+ * type: string
98
+ * example: boxyhq.com
99
+ * - name: product
100
+ * description: Product
101
+ * in: formData
102
+ * required: true
103
+ * type: string
104
+ * example: demo
105
+ * responses:
106
+ * 200:
107
+ * description: Success
108
+ * schema:
109
+ * type: object
110
+ * properties:
111
+ * client_id:
112
+ * type: string
113
+ * client_secret:
114
+ * type: string
115
+ * provider:
116
+ * type: string
117
+ * example:
118
+ * client_id: 8958e13053832b5af58fdf2ee83f35f5d013dc74
119
+ * client_secret: 13f01f4df5b01770c616e682d14d3ba23f20948cfa89b1d7
120
+ * type: accounts.google.com
121
+ * 401:
122
+ * description: Unauthorized
123
+ */
63
124
  config(body) {
64
125
  return __awaiter(this, void 0, void 0, function* () {
65
126
  const { encodedRawMetadata, rawMetadata, defaultRedirectUrl, redirectUrl, tenant, product } = body;
@@ -113,6 +174,43 @@ class APIController {
113
174
  };
114
175
  });
115
176
  }
177
+ /**
178
+ * @swagger
179
+ *
180
+ * /api/v1/saml/config:
181
+ * get:
182
+ * summary: Get SAML configuration
183
+ * operationId: get-saml-config
184
+ * tags:
185
+ * - SAML Config
186
+ * parameters:
187
+ * - in: query
188
+ * name: tenant
189
+ * type: string
190
+ * description: Tenant
191
+ * example: boxyhq.com
192
+ * - in: query
193
+ * name: product
194
+ * type: string
195
+ * description: Product
196
+ * example: demo
197
+ * - in: query
198
+ * name: clientID
199
+ * type: string
200
+ * description: Client ID
201
+ * responses:
202
+ * '200':
203
+ * description: Success
204
+ * schema:
205
+ * type: object
206
+ * properties:
207
+ * provider:
208
+ * type: string
209
+ * example:
210
+ * type: accounts.google.com
211
+ * '401':
212
+ * description: Unauthorized
213
+ */
116
214
  getConfig(body) {
117
215
  return __awaiter(this, void 0, void 0, function* () {
118
216
  const { clientID, tenant, product } = body;
@@ -133,6 +231,43 @@ class APIController {
133
231
  throw new error_1.JacksonError('Please provide `clientID` or `tenant` and `product`.', 400);
134
232
  });
135
233
  }
234
+ /**
235
+ * @swagger
236
+ * /api/v1/saml/config:
237
+ * delete:
238
+ * summary: Delete SAML configuration
239
+ * operationId: delete-saml-config
240
+ * tags:
241
+ * - SAML Config
242
+ * consumes:
243
+ * - application/x-www-form-urlencoded
244
+ * parameters:
245
+ * - name: clientID
246
+ * in: formData
247
+ * type: string
248
+ * required: true
249
+ * description: Client ID
250
+ * - name: clientSecret
251
+ * in: formData
252
+ * type: string
253
+ * required: true
254
+ * description: Client Secret
255
+ * - name: tenant
256
+ * in: formData
257
+ * type: string
258
+ * description: Tenant
259
+ * example: boxyhq.com
260
+ * - name: product
261
+ * in: formData
262
+ * type: string
263
+ * description: Product
264
+ * example: demo
265
+ * responses:
266
+ * '200':
267
+ * description: Success
268
+ * '401':
269
+ * description: Unauthorized
270
+ */
136
271
  deleteConfig(body) {
137
272
  return __awaiter(this, void 0, void 0, function* () {
138
273
  const { clientID, clientSecret, tenant, product } = body;
package/dist/controller/oauth.d.ts CHANGED
@@ -18,6 +18,90 @@ export declare class OAuthController implements IOAuthController {
18
18
  samlResponse(body: SAMLResponsePayload): Promise<{
19
19
  redirect_url: string;
20
20
  }>;
21
+ /**
22
+ * @swagger
23
+ *
24
+ * /oauth/token:
25
+ * post:
26
+ * summary: Code exchange
27
+ * operationId: oauth-code-exchange
28
+ * tags:
29
+ * - OAuth
30
+ * consumes:
31
+ * - application/x-www-form-urlencoded
32
+ * parameters:
33
+ * - name: grant_type
34
+ * in: formData
35
+ * type: string
36
+ * description: Grant type should be 'authorization_code'
37
+ * default: authorization_code
38
+ * required: true
39
+ * - name: client_id
40
+ * in: formData
41
+ * type: string
42
+ * description: Use the client_id returned by the SAML config API
43
+ * required: true
44
+ * - name: client_secret
45
+ * in: formData
46
+ * type: string
47
+ * description: Use the client_secret returned by the SAML config API
48
+ * required: true
49
+ * - name: redirect_uri
50
+ * in: formData
51
+ * type: string
52
+ * description: Redirect URI
53
+ * required: true
54
+ * - name: code
55
+ * in: formData
56
+ * type: string
57
+ * description: Code
58
+ * required: true
59
+ * responses:
60
+ * '200':
61
+ * description: Success
62
+ * schema:
63
+ * type: object
64
+ * properties:
65
+ * access_token:
66
+ * type: string
67
+ * token_type:
68
+ * type: string
69
+ * expires_in:
70
+ * type: string
71
+ * example:
72
+ * access_token: 8958e13053832b5af58fdf2ee83f35f5d013dc74
73
+ * token_type: bearer
74
+ * expires_in: 300
75
+ */
21
76
  token(body: OAuthTokenReq): Promise<OAuthTokenRes>;
77
+ /**
78
+ * @swagger
79
+ *
80
+ * /oauth/userinfo:
81
+ * get:
82
+ * summary: Get profile
83
+ * operationId: oauth-get-profile
84
+ * tags:
85
+ * - OAuth
86
+ * responses:
87
+ * '200':
88
+ * description: Success
89
+ * schema:
90
+ * type: object
91
+ * properties:
92
+ * id:
93
+ * type: string
94
+ * email:
95
+ * type: string
96
+ * firstName:
97
+ * type: string
98
+ * lastName:
99
+ * type: string
100
+ * example:
101
+ * id: 32b5af58fdf
102
+ * email: jackson@coolstartup.com
103
+ * firstName: SAML
104
+ * lastName: Jackson
105
+ */
22
106
  userInfo(token: string): Promise<Profile>;
23
107
  }
package/dist/controller/oauth.js CHANGED
@@ -40,6 +40,9 @@ const allowed = __importStar(require("./oauth/allowed"));
40
40
  const codeVerifier = __importStar(require("./oauth/code-verifier"));
41
41
  const redirect = __importStar(require("./oauth/redirect"));
42
42
  const utils_1 = require("./utils");
43
+ const util_1 = require("util");
44
+ const zlib_1 = require("zlib");
45
+ const deflateRawAsync = (0, util_1.promisify)(zlib_1.deflateRaw);
43
46
  const relayStatePrefix = 'boxyhq_jackson_';
44
47
  function getEncodedClientId(client_id) {
45
48
  try {
@@ -130,9 +133,11 @@ class OAuthController {
130
133
  code_challenge,
131
134
  code_challenge_method,
132
135
  });
136
+ // deepak: When supporting HTTP-POST skip deflate
137
+ const samlReqEnc = yield deflateRawAsync(samlReq.request);
133
138
  const redirectUrl = redirect.success(samlConfig.idpMetadata.sso.redirectUrl, {
134
139
  RelayState: relayStatePrefix + sessionId,
135
- SAMLRequest: Buffer.from(samlReq.request).toString('base64'),
140
+ SAMLRequest: Buffer.from(samlReqEnc).toString('base64'),
136
141
  });
137
142
  return { redirect_url: redirectUrl };
138
143
  });
@@ -199,6 +204,61 @@ class OAuthController {
199
204
  return { redirect_url: redirectUrl };
200
205
  });
201
206
  }
207
+ /**
208
+ * @swagger
209
+ *
210
+ * /oauth/token:
211
+ * post:
212
+ * summary: Code exchange
213
+ * operationId: oauth-code-exchange
214
+ * tags:
215
+ * - OAuth
216
+ * consumes:
217
+ * - application/x-www-form-urlencoded
218
+ * parameters:
219
+ * - name: grant_type
220
+ * in: formData
221
+ * type: string
222
+ * description: Grant type should be 'authorization_code'
223
+ * default: authorization_code
224
+ * required: true
225
+ * - name: client_id
226
+ * in: formData
227
+ * type: string
228
+ * description: Use the client_id returned by the SAML config API
229
+ * required: true
230
+ * - name: client_secret
231
+ * in: formData
232
+ * type: string
233
+ * description: Use the client_secret returned by the SAML config API
234
+ * required: true
235
+ * - name: redirect_uri
236
+ * in: formData
237
+ * type: string
238
+ * description: Redirect URI
239
+ * required: true
240
+ * - name: code
241
+ * in: formData
242
+ * type: string
243
+ * description: Code
244
+ * required: true
245
+ * responses:
246
+ * '200':
247
+ * description: Success
248
+ * schema:
249
+ * type: object
250
+ * properties:
251
+ * access_token:
252
+ * type: string
253
+ * token_type:
254
+ * type: string
255
+ * expires_in:
256
+ * type: string
257
+ * example:
258
+ * access_token: 8958e13053832b5af58fdf2ee83f35f5d013dc74
259
+ * token_type: bearer
260
+ * expires_in: 300
261
+ */
202
262
  token(body) {
203
263
  return __awaiter(this, void 0, void 0, function* () {
204
264
  const { client_id, client_secret, code_verifier, code, grant_type = 'authorization_code' } = body;
@@ -247,10 +307,42 @@ class OAuthController {
247
307
  };
248
308
  });
249
309
  }
310
+ /**
311
+ * @swagger
312
+ *
313
+ * /oauth/userinfo:
314
+ * get:
315
+ * summary: Get profile
316
+ * operationId: oauth-get-profile
317
+ * tags:
318
+ * - OAuth
319
+ * responses:
320
+ * '200':
321
+ * description: Success
322
+ * schema:
323
+ * type: object
324
+ * properties:
325
+ * id:
326
+ * type: string
327
+ * email:
328
+ * type: string
329
+ * firstName:
330
+ * type: string
331
+ * lastName:
332
+ * type: string
333
+ * example:
334
+ * id: 32b5af58fdf
335
+ * email: jackson@coolstartup.com
336
+ * firstName: SAML
337
+ * lastName: Jackson
338
+ */
250
339
  userInfo(token) {
251
340
  return __awaiter(this, void 0, void 0, function* () {
252
- const { claims } = yield this.tokenStore.get(token);
253
- return claims;
341
+ const rsp = yield this.tokenStore.get(token);
342
+ if (!rsp || !rsp.claims) {
343
+ throw new error_1.JacksonError('Invalid token', 403);
344
+ }
345
+ return rsp.claims;
254
346
  });
255
347
  }
256
348
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@boxyhq/saml-jackson",
3
- "version": "0.3.5",
3
+ "version": "0.3.6-beta.360",
4
4
  "description": "SAML 2.0 service",
5
5
  "keywords": [
6
6
  "SAML 2.0"