@boxyhq/saml-jackson 1.0.4 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/controller/oauth.js +13 -3
  2. package/dist/controller/utils.d.ts +1 -1
  3. package/dist/controller/utils.js +2 -2
  4. package/dist/typings.d.ts +2 -1
  5. package/package.json +15 -14
package/dist/controller/oauth.js CHANGED
@@ -50,7 +50,7 @@ const redirect = __importStar(require("./oauth/redirect"));
50
50
  const utils_1 = require("./utils");
51
51
  const deflateRawAsync = (0, util_1.promisify)(zlib_1.deflateRaw);
52
52
  const validateResponse = (rawResponse, validateOpts) => __awaiter(void 0, void 0, void 0, function* () {
53
- const profile = yield saml20_1.default.validateAsync(rawResponse, validateOpts);
53
+ const profile = yield saml20_1.default.validate(rawResponse, validateOpts);
54
54
  if (profile && profile.claims) {
55
55
  // we map claims to our attributes id, email, firstName, lastName where possible. We also map original claims to raw
56
56
  profile.claims = claims_1.default.map(profile.claims);
@@ -237,6 +237,7 @@ class OAuthController {
237
237
  error: 'unsupported_response_type',
238
238
  error_description: 'Only Authorization Code grant is supported',
239
239
  redirect_uri,
240
+ state,
240
241
  }),
241
242
  };
242
243
  }
@@ -258,6 +259,7 @@ class OAuthController {
258
259
  error: 'invalid_request',
259
260
  error_description: 'SAML binding could not be retrieved',
260
261
  redirect_uri,
262
+ state,
261
263
  }),
262
264
  };
263
265
  }
@@ -323,12 +325,14 @@ class OAuthController {
323
325
  error: 'server_error',
324
326
  error_description: (0, utils_1.getErrorMessage)(err),
325
327
  redirect_uri,
328
+ state,
326
329
  }),
327
330
  };
328
331
  }
329
332
  });
330
333
  }
331
334
  samlResponse(body) {
335
+ var _a, _b;
332
336
  return __awaiter(this, void 0, void 0, function* () {
333
337
  const { SAMLResponse, idp_hint } = body;
334
338
  let RelayState = body.RelayState || ''; // RelayState will contain the sessionId from earlier quasi-oauth flow
@@ -339,10 +343,13 @@ class OAuthController {
339
343
  }
340
344
  RelayState = RelayState.replace(utils_1.relayStatePrefix, '');
341
345
  const rawResponse = Buffer.from(SAMLResponse, 'base64').toString();
342
- const parsedResp = yield saml20_1.default.parseAsync(rawResponse);
346
+ const issuer = saml20_1.default.parseIssuer(rawResponse);
347
+ if (!issuer) {
348
+ throw new error_1.JacksonError('Issuer not found.', 403);
349
+ }
343
350
  const samlConfigs = yield this.configStore.getByIndex({
344
351
  name: utils_1.IndexNames.EntityID,
345
- value: parsedResp === null || parsedResp === void 0 ? void 0 : parsedResp.issuer,
352
+ value: issuer,
346
353
  });
347
354
  if (!samlConfigs || samlConfigs.length === 0) {
348
355
  throw new error_1.JacksonError('SAML configuration not found.', 403);
@@ -382,6 +389,7 @@ class OAuthController {
382
389
  const validateOpts = {
383
390
  thumbprint: samlConfig.idpMetadata.thumbprint,
384
391
  audience: this.opts.samlAudience,
392
+ privateKey: samlConfig.certs.privateKey,
385
393
  };
386
394
  if (session && session.redirect_uri && !allowed.redirect(session.redirect_uri, samlConfig.redirectUrl)) {
387
395
  throw new error_1.JacksonError('Redirect URL is not allowed.', 403);
@@ -401,6 +409,7 @@ class OAuthController {
401
409
  error: 'access_denied',
402
410
  error_description: (0, utils_1.getErrorMessage)(err),
403
411
  redirect_uri,
412
+ state: (_a = session === null || session === void 0 ? void 0 : session.requested) === null || _a === void 0 ? void 0 : _a.state,
404
413
  }),
405
414
  };
406
415
  }
@@ -425,6 +434,7 @@ class OAuthController {
425
434
  error: 'server_error',
426
435
  error_description: (0, utils_1.getErrorMessage)(err),
427
436
  redirect_uri,
437
+ state: (_b = session === null || session === void 0 ? void 0 : session.requested) === null || _b === void 0 ? void 0 : _b.state,
428
438
  }),
429
439
  };
430
440
  }
package/dist/controller/utils.d.ts CHANGED
@@ -5,5 +5,5 @@ export declare enum IndexNames {
5
5
  }
6
6
  export declare const relayStatePrefix = "boxyhq_jackson_";
7
7
  export declare const validateAbsoluteUrl: (url: any, message: any) => void;
8
- export declare const OAuthErrorResponse: ({ error, error_description, redirect_uri }: OAuthErrorHandlerParams) => string;
8
+ export declare const OAuthErrorResponse: ({ error, error_description, redirect_uri, state, }: OAuthErrorHandlerParams) => string;
9
9
  export declare function getErrorMessage(error: unknown): string;
package/dist/controller/utils.js CHANGED
@@ -41,8 +41,8 @@ const validateAbsoluteUrl = (url, message) => {
41
41
  }
42
42
  };
43
43
  exports.validateAbsoluteUrl = validateAbsoluteUrl;
44
- const OAuthErrorResponse = ({ error, error_description, redirect_uri }) => {
45
- return redirect.success(redirect_uri, { error, error_description });
44
+ const OAuthErrorResponse = ({ error, error_description, redirect_uri, state, }) => {
45
+ return redirect.success(redirect_uri, { error, error_description, state });
46
46
  };
47
47
  exports.OAuthErrorResponse = OAuthErrorResponse;
48
48
  // https://kentcdodds.com/blog/get-a-catch-block-error-message-with-typescript
package/dist/typings.d.ts CHANGED
@@ -144,7 +144,7 @@ interface Metadata {
144
144
  };
145
145
  entityID: string;
146
146
  thumbprint: string;
147
- loginType: 'idp';
147
+ loginType: 'idp' | 'sp';
148
148
  provider: string;
149
149
  }
150
150
  export interface SAMLConfig {
@@ -166,5 +166,6 @@ export interface OAuthErrorHandlerParams {
166
166
  error: 'invalid_request' | 'access_denied' | 'unauthorized_client' | 'unsupported_response_type' | 'invalid_scope' | 'server_error' | 'temporarily_unavailable';
167
167
  error_description: string;
168
168
  redirect_uri: string;
169
+ state?: string;
169
170
  }
170
171
  export {};
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@boxyhq/saml-jackson",
3
- "version": "1.0.4",
3
+ "version": "1.0.5",
4
4
  "description": "SAML Jackson library",
5
5
  "keywords": [
6
6
  "SAML 2.0"
@@ -36,35 +36,36 @@
36
36
  "statements": 70
37
37
  },
38
38
  "dependencies": {
39
- "@boxyhq/saml20": "1.0.2",
39
+ "@boxyhq/saml20": "1.0.3",
40
40
  "@opentelemetry/api-metrics": "0.27.0",
41
+ "@opentelemetry/api": "1.0.4",
41
42
  "@peculiar/webcrypto": "1.4.0",
42
- "@peculiar/x509": "1.6.3",
43
- "mongodb": "4.6.0",
43
+ "@peculiar/x509": "1.7.2",
44
+ "mongodb": "4.7.0",
44
45
  "mysql2": "2.3.3",
45
46
  "pg": "8.7.3",
46
47
  "redis": "4.0.6",
47
48
  "reflect-metadata": "0.1.13",
48
49
  "ripemd160": "2.0.2",
49
- "typeorm": "0.3.6",
50
+ "typeorm": "0.3.7",
50
51
  "xml2js": "0.4.23",
51
52
  "xmlbuilder": "15.1.1"
52
53
  },
53
54
  "devDependencies": {
54
- "@types/node": "17.0.34",
55
- "@types/sinon": "10.0.11",
55
+ "@types/node": "18.0.1",
56
+ "@types/sinon": "10.0.12",
56
57
  "@types/tap": "15.0.7",
57
- "@typescript-eslint/eslint-plugin": "5.25.0",
58
- "@typescript-eslint/parser": "5.25.0",
58
+ "@typescript-eslint/eslint-plugin": "5.30.5",
59
+ "@typescript-eslint/parser": "5.30.5",
59
60
  "cross-env": "7.0.3",
60
- "eslint": "8.15.0",
61
+ "eslint": "8.19.0",
61
62
  "eslint-config-prettier": "8.5.0",
62
- "prettier": "2.6.2",
63
+ "prettier": "2.7.1",
63
64
  "sinon": "14.0.0",
64
- "tap": "16.2.0",
65
- "ts-node": "10.7.0",
65
+ "tap": "16.3.0",
66
+ "ts-node": "10.8.2",
66
67
  "tsconfig-paths": "4.0.0",
67
- "typescript": "4.6.4"
68
+ "typescript": "4.7.4"
68
69
  },
69
70
  "engines": {
70
71
  "node": ">=14.18.1 <=16.x"