npm - @boxyhq/saml-jackson - Versions diffs - 1.1.3 → 1.1.6 - Mend

@boxyhq/saml-jackson 1.1.3 → 1.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/controller/oauth.js +18 -4
package/dist/controller/sp-config.d.ts +21 -0
package/dist/controller/sp-config.js +74 -0
package/dist/db/mem.js +0 -1
package/dist/index.d.ts +2 -0
package/dist/index.js +3 -0
package/dist/typings.d.ts +15 -2
package/package.json +15 -14

package/dist/controller/oauth.js CHANGED Viewed

@@ -161,6 +161,10 @@ class OAuthController {
                     state,
                     tenant,
                     product,
+                    access_type,
+                    resource,
+                    scope,
+                    nonce,
                     code_challenge,
                     code_challenge_method,
                     provider,
@@ -206,6 +210,10 @@ class OAuthController {
                         state,
                         tenant,
                         product,
+                        access_type,
+                        resource,
+                        scope,
+                        nonce,
                         code_challenge,
                         code_challenge_method,
                         provider,
@@ -294,7 +302,7 @@ class OAuthController {
                     publicKey: samlConfig.certs.publicKey,
                 });
                 const sessionId = crypto_1.default.randomBytes(16).toString('hex');
-                const requested = { client_id, state };
+                const requested = { client_id, state, redirect_uri };
                 if (requestedTenant) {
                     requested.tenant = requestedTenant;
                 }
@@ -542,8 +550,9 @@ class OAuthController {
      *             expires_in: 300
      */
     token(body) {
+        var _a, _b, _c;
         return __awaiter(this, void 0, void 0, function* () {
-            const { client_id, client_secret, code_verifier, code, grant_type = 'authorization_code' } = body;
+            const { client_id, client_secret, code_verifier, code, grant_type = 'authorization_code', redirect_uri, } = body;
             metrics.increment('oauthToken');
             if (grant_type !== 'authorization_code') {
                 throw new error_1.JacksonError('Unsupported grant_type', 400);
@@ -555,6 +564,11 @@ class OAuthController {
             if (!codeVal || !codeVal.profile) {
                 throw new error_1.JacksonError('Invalid code', 403);
             }
+            if ((_a = codeVal.requested) === null || _a === void 0 ? void 0 : _a.redirect_uri) {
+                if (redirect_uri !== codeVal.requested.redirect_uri) {
+                    throw new error_1.JacksonError(`Invalid request: ${!redirect_uri ? 'redirect_uri missing' : 'redirect_uri mismatch'}`, 400);
+                }
+            }
             if (code_verifier) {
                 // PKCE flow
                 let cv = code_verifier;
@@ -594,8 +608,8 @@ class OAuthController {
             // store details against a token
             const token = crypto_1.default.randomBytes(20).toString('hex');
             const tokenVal = Object.assign(Object.assign({}, codeVal.profile), { requested: codeVal.requested });
-            const requestedOIDCFlow = !!codeVal.requested.oidc;
-            const requestHasNonce = !!codeVal.requested.nonce;
+            const requestedOIDCFlow = !!((_b = codeVal.requested) === null || _b === void 0 ? void 0 : _b.oidc);
+            const requestHasNonce = !!((_c = codeVal.requested) === null || _c === void 0 ? void 0 : _c.nonce);
             if (requestedOIDCFlow) {
                 const { jwtSigningKeys, jwsAlg } = this.opts.openid;
                 if (!jwtSigningKeys || !(0, utils_1.isJWSKeyPairLoaded)(jwtSigningKeys)) {

package/dist/controller/sp-config.d.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import type { JacksonOption } from '../typings';
+export declare class SPSAMLConfig {
+    private opts;
+    constructor(opts: JacksonOption);
+    private get acsUrl();
+    private get entityId();
+    private get responseSigned();
+    private get assertionSignature();
+    private get signatureAlgorithm();
+    private get assertionEncryption();
+    get(): {
+        acsUrl: string;
+        entityId: string;
+        response: string;
+        assertionSignature: string;
+        signatureAlgorithm: string;
+        assertionEncryption: string;
+    };
+    toMarkdown(): string;
+    toHTML(): string;
+}

package/dist/controller/sp-config.js ADDED Viewed

@@ -0,0 +1,74 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SPSAMLConfig = void 0;
+const marked_1 = require("marked");
+// Service Provider SAML Configuration
+class SPSAMLConfig {
+    constructor(opts) {
+        this.opts = opts;
+    }
+    get acsUrl() {
+        return `${this.opts.externalUrl}${this.opts.samlPath}`;
+    }
+    get entityId() {
+        return `${this.opts.samlAudience}`;
+    }
+    get responseSigned() {
+        return 'Signed';
+    }
+    get assertionSignature() {
+        return 'Signed';
+    }
+    get signatureAlgorithm() {
+        return 'RSA-SHA256';
+    }
+    get assertionEncryption() {
+        return 'Unencrypted';
+    }
+    get() {
+        return {
+            acsUrl: this.acsUrl,
+            entityId: this.entityId,
+            response: this.responseSigned,
+            assertionSignature: this.assertionSignature,
+            signatureAlgorithm: this.signatureAlgorithm,
+            assertionEncryption: this.assertionEncryption,
+        };
+    }
+    toMarkdown() {
+        return markdownTemplate
+            .replace('{{acsUrl}}', this.acsUrl)
+            .replace('{{entityId}}', this.entityId)
+            .replace('{{responseSigned}}', this.responseSigned)
+            .replace('{{assertionSignature}}', this.assertionSignature)
+            .replace('{{signatureAlgorithm}}', this.signatureAlgorithm)
+            .replace('{{assertionEncryption}}', this.assertionEncryption);
+    }
+    toHTML() {
+        return marked_1.marked.parse(this.toMarkdown());
+    }
+}
+exports.SPSAMLConfig = SPSAMLConfig;
+const markdownTemplate = `
+## Service Provider (SP) SAML Configuration
+Your Identity Provider (IdP) will ask for the following information while configuring the SAML application. Share this information with your IT administrator.
+**ACS (Assertion Consumer Service) URL / Single Sign-On URL / Destination URL** <br />
+{{acsUrl}}
+**SP Entity ID / Identifier / Audience URI / Audience Restriction** <br />
+{{entityId}}
+**Response** <br />
+{{responseSigned}}
+**Assertion Signature** <br />
+{{assertionSignature}}
+**Signature Algorithm** <br />
+{{signatureAlgorithm}}
+**Assertion Encryption** <br />
+{{assertionEncryption}}
+`;

package/dist/db/mem.js CHANGED Viewed

@@ -108,7 +108,6 @@ class Mem {
         return __awaiter(this, void 0, void 0, function* () {
             const k = dbutils.key(namespace, key);
             this.store[k] = val;
-            // console.log(this.store)
             if (ttl) {
                 this.ttlStore[k] = {
                     namespace,

package/dist/index.d.ts CHANGED Viewed

@@ -4,6 +4,7 @@ import { OAuthController } from './controller/oauth';
 import { HealthCheckController } from './controller/health-check';
 import { LogoutController } from './controller/logout';
 import { OidcDiscoveryController } from './controller/oidc-discovery';
+import { SPSAMLConfig } from './controller/sp-config';
 import { JacksonOption } from './typings';
 export declare const controllers: (opts: JacksonOption) => Promise<{
     apiController: APIController;
@@ -12,6 +13,7 @@ export declare const controllers: (opts: JacksonOption) => Promise<{
     logoutController: LogoutController;
     healthCheckController: HealthCheckController;
     oidcDiscoveryController: OidcDiscoveryController;
+    spConfig: SPSAMLConfig;
 }>;
 export default controllers;
 export * from './typings';

package/dist/index.js CHANGED Viewed

@@ -33,6 +33,7 @@ const oauth_1 = require("./controller/oauth");
 const health_check_1 = require("./controller/health-check");
 const logout_1 = require("./controller/logout");
 const oidc_discovery_1 = require("./controller/oidc-discovery");
+const sp_config_1 = require("./controller/sp-config");
 const db_1 = __importDefault(require("./db/db"));
 const defaultDb_1 = __importDefault(require("./db/defaultDb"));
 const read_config_1 = __importDefault(require("./read-config"));
@@ -79,6 +80,7 @@ const controllers = (opts) => __awaiter(void 0, void 0, void 0, function* () {
         opts,
     });
     const oidcDiscoveryController = new oidc_discovery_1.OidcDiscoveryController({ opts });
+    const spConfig = new sp_config_1.SPSAMLConfig(opts);
     // write pre-loaded config if present
     if (opts.preLoadedConfig && opts.preLoadedConfig.length > 0) {
         const configs = yield (0, read_config_1.default)(opts.preLoadedConfig);
@@ -90,6 +92,7 @@ const controllers = (opts) => __awaiter(void 0, void 0, void 0, function* () {
     const type = opts.db.engine === 'sql' && opts.db.type ? ' Type: ' + opts.db.type : '';
     console.log(`Using engine: ${opts.db.engine}.${type}`);
     return {
+        spConfig,
         apiController,
         oauthController,
         adminController,

package/dist/typings.d.ts CHANGED Viewed

@@ -4,8 +4,8 @@ export declare type IdPConfig = {
     redirectUrl: string[] | string;
     tenant: string;
     product: string;
-    name: string;
-    description: string;
+    name?: string;
+    description?: string;
     rawMetadata?: string;
     encodedRawMetadata?: string;
 };
@@ -89,6 +89,7 @@ export interface OAuthTokenReq {
     code_verifier: string;
     code: string;
     grant_type: 'authorization_code';
+    redirect_uri?: string;
 }
 export interface OAuthTokenRes {
     access_token: string;
@@ -198,4 +199,16 @@ export interface OAuthErrorHandlerParams {
     redirect_uri: string;
     state?: string;
 }
+export interface ISPSAMLConfig {
+    get(): {
+        acsUrl: string;
+        entityId: string;
+        response: string;
+        assertionSignature: string;
+        signatureAlgorithm: string;
+        assertionEncryption: string;
+    };
+    toMarkdown(): string;
+    toHTML(): string;
+}
 export {};

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@boxyhq/saml-jackson",
-  "version": "1.1.3",
+  "version": "1.1.6",
   "description": "SAML Jackson library",
   "keywords": [
     "SAML 2.0"
@@ -39,36 +39,37 @@
   },
   "dependencies": {
     "@boxyhq/saml20": "1.0.6",
-    "@opentelemetry/api-metrics": "0.27.0",
     "@opentelemetry/api": "1.0.4",
+    "@opentelemetry/api-metrics": "0.27.0",
     "@peculiar/webcrypto": "1.4.0",
-    "@peculiar/x509": "1.8.1",
-    "jose": "4.8.3",
-    "mongodb": "4.8.1",
+    "@peculiar/x509": "1.8.3",
+    "jose": "4.9.2",
+    "marked": "4.1.0",
+    "mongodb": "4.9.1",
     "mysql2": "2.3.3",
-    "pg": "8.7.3",
-    "redis": "4.0.6",
+    "pg": "8.8.0",
+    "redis": "4.3.1",
     "reflect-metadata": "0.1.13",
     "ripemd160": "2.0.2",
-    "typeorm": "0.3.7",
+    "typeorm": "0.3.9",
     "xml2js": "0.4.23",
     "xmlbuilder": "15.1.1"
   },
   "devDependencies": {
-    "@types/node": "18.6.3",
+    "@types/node": "18.7.16",
     "@types/sinon": "10.0.13",
     "@types/tap": "15.0.7",
-    "@typescript-eslint/eslint-plugin": "5.31.0",
-    "@typescript-eslint/parser": "5.31.0",
+    "@typescript-eslint/eslint-plugin": "5.36.2",
+    "@typescript-eslint/parser": "5.36.2",
     "cross-env": "7.0.3",
-    "eslint": "8.21.0",
+    "eslint": "8.23.0",
     "eslint-config-prettier": "8.5.0",
     "prettier": "2.7.1",
     "sinon": "14.0.0",
     "tap": "16.3.0",
     "ts-node": "10.9.1",
-    "tsconfig-paths": "4.0.0",
-    "typescript": "4.7.4"
+    "tsconfig-paths": "4.1.0",
+    "typescript": "4.8.2"
   },
   "engines": {
     "node": ">=14.18.1 <=16.x"