@boxyhq/saml-jackson 0.3.7-beta.727 → 0.3.7-beta.731

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/controller/api.d.ts +2 -2
  2. package/dist/controller/api.js +2 -2
  3. package/dist/controller/oauth.d.ts +1 -0
  4. package/dist/controller/oauth.js +31 -7
  5. package/dist/controller/utils.d.ts +1 -0
  6. package/dist/controller/utils.js +25 -1
  7. package/dist/saml/saml.js +1 -1
  8. package/dist/typings.d.ts +2 -1
  9. package/package.json +1 -4
package/dist/controller/api.d.ts CHANGED
@@ -28,13 +28,13 @@ export declare class APIController implements IAPIController {
28
28
  * in: formData
29
29
  * required: true
30
30
  * type: string
31
- * example: http://localhost:3366/login/saml
31
+ * example: http://localhost:3000/login/saml
32
32
  * - name: redirectUrl
33
33
  * description: JSON encoded array containing a list of allowed redirect URLs
34
34
  * in: formData
35
35
  * required: true
36
36
  * type: string
37
- * example: '["http://localhost:3366/*"]'
37
+ * example: '["http://localhost:3000/*"]'
38
38
  * - name: tenant
39
39
  * description: Tenant
40
40
  * in: formData
package/dist/controller/api.js CHANGED
@@ -84,13 +84,13 @@ class APIController {
84
84
  * in: formData
85
85
  * required: true
86
86
  * type: string
87
- * example: http://localhost:3366/login/saml
87
+ * example: http://localhost:3000/login/saml
88
88
  * - name: redirectUrl
89
89
  * description: JSON encoded array containing a list of allowed redirect URLs
90
90
  * in: formData
91
91
  * required: true
92
92
  * type: string
93
- * example: '["http://localhost:3366/*"]'
93
+ * example: '["http://localhost:3000/*"]'
94
94
  * - name: tenant
95
95
  * description: Tenant
96
96
  * in: formData
package/dist/controller/oauth.d.ts CHANGED
@@ -14,6 +14,7 @@ export declare class OAuthController implements IOAuthController {
14
14
  });
15
15
  authorize(body: OAuthReqBody): Promise<{
16
16
  redirect_url: string;
17
+ authorize_form: string;
17
18
  }>;
18
19
  samlResponse(body: SAMLResponsePayload): Promise<{
19
20
  redirect_url: string;
package/dist/controller/oauth.js CHANGED
@@ -121,7 +121,20 @@ class OAuthController {
121
121
  if (!allowed.redirect(redirect_uri, samlConfig.redirectUrl)) {
122
122
  throw new error_1.JacksonError('Redirect URL is not allowed.', 403);
123
123
  }
124
+ let ssoUrl;
125
+ let post = false;
126
+ const { sso } = samlConfig.idpMetadata;
127
+ if ('redirectUrl' in sso) {
128
+ // HTTP Redirect binding
129
+ ssoUrl = sso.redirectUrl;
130
+ }
131
+ else if ('postUrl' in sso) {
132
+ // HTTP-POST binding
133
+ ssoUrl = sso.postUrl;
134
+ post = true;
135
+ }
124
136
  const samlReq = saml_1.default.request({
137
+ ssoUrl,
125
138
  entityID: this.opts.samlAudience,
126
139
  callbackUrl: this.opts.externalUrl + this.opts.samlPath,
127
140
  signingKey: samlConfig.certs.privateKey,
@@ -135,13 +148,24 @@ class OAuthController {
135
148
  code_challenge,
136
149
  code_challenge_method,
137
150
  });
138
- // deepak: When supporting HTTP-POST skip deflate
139
- const samlReqEnc = yield deflateRawAsync(samlReq.request);
140
- const redirectUrl = redirect.success(samlConfig.idpMetadata.sso.redirectUrl, {
141
- RelayState: relayStatePrefix + sessionId,
142
- SAMLRequest: Buffer.from(samlReqEnc).toString('base64'),
143
- });
144
- return { redirect_url: redirectUrl };
151
+ const relayState = relayStatePrefix + sessionId;
152
+ let redirectUrl;
153
+ let authorizeForm;
154
+ if (!post) {
155
+ // HTTP Redirect binding
156
+ redirectUrl = redirect.success(ssoUrl, {
157
+ RelayState: relayState,
158
+ SAMLRequest: Buffer.from(yield deflateRawAsync(samlReq.request)).toString('base64'),
159
+ });
160
+ }
161
+ else {
162
+ // HTTP POST binding
163
+ authorizeForm = (0, utils_1.createAuthorizeForm)(relayState, encodeURI(Buffer.from(samlReq.request).toString('base64')), ssoUrl);
164
+ }
165
+ return {
166
+ redirect_url: redirectUrl,
167
+ authorize_form: authorizeForm,
168
+ };
145
169
  });
146
170
  }
147
171
  samlResponse(body) {
package/dist/controller/utils.d.ts CHANGED
@@ -2,3 +2,4 @@ export declare enum IndexNames {
2
2
  EntityID = "entityID",
3
3
  TenantProduct = "tenantProduct"
4
4
  }
5
+ export declare const createAuthorizeForm: (relayState: string, samlReqEnc: string, postUrl: string) => string;
package/dist/controller/utils.js CHANGED
@@ -1,8 +1,32 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.IndexNames = void 0;
3
+ exports.createAuthorizeForm = exports.IndexNames = void 0;
4
4
  var IndexNames;
5
5
  (function (IndexNames) {
6
6
  IndexNames["EntityID"] = "entityID";
7
7
  IndexNames["TenantProduct"] = "tenantProduct";
8
8
  })(IndexNames = exports.IndexNames || (exports.IndexNames = {}));
9
+ const createAuthorizeForm = (relayState, samlReqEnc, postUrl) => {
10
+ const formElements = [
11
+ '<!DOCTYPE html>',
12
+ '<html>',
13
+ '<head>',
14
+ '<meta charset="utf-8">',
15
+ '<meta http-equiv="x-ua-compatible" content="ie=edge">',
16
+ '</head>',
17
+ '<body onload="document.forms[0].submit()">',
18
+ '<noscript>',
19
+ '<p>Note: Since your browser does not support JavaScript, you must press the Continue button once to proceed.</p>',
20
+ '</noscript>',
21
+ '<form method="post" action="' + encodeURI(postUrl) + '">',
22
+ '<input type="hidden" name="RelayState" value="' + relayState + '"/>',
23
+ '<input type="hidden" name="SAMLRequest" value="' + samlReqEnc + '"/>',
24
+ '<input type="submit" value="Continue" />',
25
+ '</form>',
26
+ '<script>document.forms[0].style.display="none";</script>',
27
+ '</body>',
28
+ '</html>',
29
+ ];
30
+ return formElements.join('');
31
+ };
32
+ exports.createAuthorizeForm = createAuthorizeForm;
package/dist/saml/saml.js CHANGED
@@ -68,7 +68,7 @@ const request = ({ ssoUrl, entityID, callbackUrl, isPassive = false, forceAuthn
68
68
  '@ID': id,
69
69
  '@Version': '2.0',
70
70
  '@IssueInstant': date,
71
- '@ProtocolBinding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
71
+ '@ProtocolBinding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
72
72
  '@Destination': ssoUrl,
73
73
  'saml:Issuer': {
74
74
  '@xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion',
package/dist/typings.d.ts CHANGED
@@ -27,7 +27,8 @@ export interface IAPIController {
27
27
  }
28
28
  export interface IOAuthController {
29
29
  authorize(body: OAuthReqBody): Promise<{
30
- redirect_url: string;
30
+ redirect_url?: string;
31
+ authorize_form?: string;
31
32
  }>;
32
33
  samlResponse(body: SAMLResponsePayload): Promise<{
33
34
  redirect_url: string;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@boxyhq/saml-jackson",
3
- "version": "0.3.7-beta.727",
3
+ "version": "0.3.7-beta.731",
4
4
  "description": "SAML 2.0 service",
5
5
  "keywords": [
6
6
  "SAML 2.0"
@@ -40,8 +40,6 @@
40
40
  "@opentelemetry/api-metrics": "0.27.0",
41
41
  "@peculiar/webcrypto": "1.2.3",
42
42
  "@peculiar/x509": "1.6.1",
43
- "cors": "2.8.5",
44
- "express": "4.17.2",
45
43
  "mongodb": "4.3.1",
46
44
  "mysql2": "2.3.3",
47
45
  "pg": "8.7.3",
@@ -56,7 +54,6 @@
56
54
  "xmlbuilder": "15.1.1"
57
55
  },
58
56
  "devDependencies": {
59
- "@types/express": "4.17.13",
60
57
  "@types/node": "17.0.17",
61
58
  "@types/sinon": "10.0.11",
62
59
  "@types/tap": "15.0.5",