@boxyhq/saml-jackson 0.3.7-beta.757 → 0.3.7-beta.758

package/dist/controller/oauth.d.ts

@@ -14,6 +14,7 @@ export declare class OAuthController implements IOAuthController {
     });
     authorize(body: OAuthReqBody): Promise<{
         redirect_url: string;
+        authorize_form: string;
     }>;
     samlResponse(body: SAMLResponsePayload): Promise<{
         redirect_url: string;

package/dist/controller/oauth.js

@@ -121,7 +121,20 @@ class OAuthController {
             if (!allowed.redirect(redirect_uri, samlConfig.redirectUrl)) {
                 throw new error_1.JacksonError('Redirect URL is not allowed.', 403);
             }
+            let ssoUrl;
+            let post = false;
+            const { sso } = samlConfig.idpMetadata;
+            if ('redirectUrl' in sso) {
+                // HTTP Redirect binding
+                ssoUrl = sso.redirectUrl;
+            }
+            else if ('postUrl' in sso) {
+                // HTTP-POST binding
+                ssoUrl = sso.postUrl;
+                post = true;
+            }
             const samlReq = saml_1.default.request({
+                ssoUrl,
                 entityID: this.opts.samlAudience,
                 callbackUrl: this.opts.externalUrl + this.opts.samlPath,
                 signingKey: samlConfig.certs.privateKey,
@@ -135,13 +148,24 @@ class OAuthController {
                 code_challenge,
                 code_challenge_method,
             });
-            // deepak: When supporting HTTP-POST skip deflate
-            const samlReqEnc = yield deflateRawAsync(samlReq.request);
-            const redirectUrl = redirect.success(samlConfig.idpMetadata.sso.redirectUrl, {
-                RelayState: relayStatePrefix + sessionId,
-                SAMLRequest: Buffer.from(samlReqEnc).toString('base64'),
-            });
-            return { redirect_url: redirectUrl };
+            const relayState = relayStatePrefix + sessionId;
+            let redirectUrl;
+            let authorizeForm;
+            if (!post) {
+                // HTTP Redirect binding
+                redirectUrl = redirect.success(ssoUrl, {
+                    RelayState: relayState,
+                    SAMLRequest: Buffer.from(yield deflateRawAsync(samlReq.request)).toString('base64'),
+                });
+            }
+            else {
+                // HTTP POST binding
+                authorizeForm = (0, utils_1.createAuthorizeForm)(relayState, encodeURI(Buffer.from(samlReq.request).toString('base64')), ssoUrl);
+            }
+            return {
+                redirect_url: redirectUrl,
+                authorize_form: authorizeForm,
+            };
         });
     }
     samlResponse(body) {

package/dist/controller/utils.d.ts

@@ -2,3 +2,4 @@ export declare enum IndexNames {
     EntityID = "entityID",
     TenantProduct = "tenantProduct"
 }
+export declare const createAuthorizeForm: (relayState: string, samlReqEnc: string, postUrl: string) => string;

package/dist/controller/utils.js

@@ -1,8 +1,32 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.IndexNames = void 0;
+exports.createAuthorizeForm = exports.IndexNames = void 0;
 var IndexNames;
 (function (IndexNames) {
     IndexNames["EntityID"] = "entityID";
     IndexNames["TenantProduct"] = "tenantProduct";
 })(IndexNames = exports.IndexNames || (exports.IndexNames = {}));
+const createAuthorizeForm = (relayState, samlReqEnc, postUrl) => {
+    const formElements = [
+        '<!DOCTYPE html>',
+        '<html>',
+        '<head>',
+        '<meta charset="utf-8">',
+        '<meta http-equiv="x-ua-compatible" content="ie=edge">',
+        '</head>',
+        '<body onload="document.forms[0].submit()">',
+        '<noscript>',
+        '<p>Note: Since your browser does not support JavaScript, you must press the Continue button once to proceed.</p>',
+        '</noscript>',
+        '<form method="post" action="' + encodeURI(postUrl) + '">',
+        '<input type="hidden" name="RelayState" value="' + relayState + '"/>',
+        '<input type="hidden" name="SAMLRequest" value="' + samlReqEnc + '"/>',
+        '<input type="submit" value="Continue" />',
+        '</form>',
+        '<script>document.forms[0].style.display="none";</script>',
+        '</body>',
+        '</html>',
+    ];
+    return formElements.join('');
+};
+exports.createAuthorizeForm = createAuthorizeForm;

package/dist/saml/saml.js

@@ -68,7 +68,7 @@ const request = ({ ssoUrl, entityID, callbackUrl, isPassive = false, forceAuthn
             '@ID': id,
             '@Version': '2.0',
             '@IssueInstant': date,
-            '@ProtocolBinding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
+            '@ProtocolBinding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
             '@Destination': ssoUrl,
             'saml:Issuer': {
                 '@xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion',

package/dist/typings.d.ts

@@ -27,7 +27,8 @@ export interface IAPIController {
 }
 export interface IOAuthController {
     authorize(body: OAuthReqBody): Promise<{
-        redirect_url: string;
+        redirect_url?: string;
+        authorize_form?: string;
     }>;
     samlResponse(body: SAMLResponsePayload): Promise<{
         redirect_url: string;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@boxyhq/saml-jackson",
-  "version": "0.3.7-beta.757",
+  "version": "0.3.7-beta.758",
   "description": "SAML 2.0 service",
   "keywords": [
     "SAML 2.0"
@@ -40,8 +40,6 @@
     "@opentelemetry/api-metrics": "0.27.0",
     "@peculiar/webcrypto": "1.2.3",
     "@peculiar/x509": "1.6.1",
-    "cors": "2.8.5",
-    "express": "4.17.2",
     "mongodb": "4.3.1",
     "mysql2": "2.3.3",
     "pg": "8.7.3",
@@ -56,7 +54,6 @@
     "xmlbuilder": "15.1.1"
   },
   "devDependencies": {
-    "@types/express": "4.17.13",
     "@types/node": "17.0.17",
     "@types/sinon": "10.0.11",
     "@types/tap": "15.0.5",