@boxyhq/saml-jackson 1.18.2 → 1.18.4
Sign up to get free protection for your applications and to get access to all the features.
- package/dist/controller/logout.js +1 -20
- package/dist/controller/logout.js.map +1 -1
- package/dist/controller/sso-handler.js +1 -2
- package/dist/controller/sso-handler.js.map +1 -1
- package/dist/ee/federated-saml/sso.js +5 -6
- package/dist/ee/federated-saml/sso.js.map +1 -1
- package/dist/saml/lib.d.ts +1 -20
- package/dist/saml/lib.js +1 -143
- package/dist/saml/lib.js.map +1 -1
- package/dist/typings.d.ts +1 -1
- package/package.json +7 -8
|
@@ -38,7 +38,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
38
38
|
exports.LogoutController = void 0;
|
|
39
39
|
const crypto_1 = __importDefault(require("crypto"));
|
|
40
40
|
const util_1 = require("util");
|
|
41
|
-
const xml2js_1 = __importDefault(require("xml2js"));
|
|
42
41
|
const xmlbuilder_1 = __importDefault(require("xmlbuilder"));
|
|
43
42
|
const zlib_1 = require("zlib");
|
|
44
43
|
const dbutils = __importStar(require("../db/utils"));
|
|
@@ -121,7 +120,7 @@ class LogoutController {
|
|
|
121
120
|
if (!session) {
|
|
122
121
|
throw new error_1.JacksonError('Unable to validate state from the origin request.', 403);
|
|
123
122
|
}
|
|
124
|
-
const parsedResponse = yield
|
|
123
|
+
const parsedResponse = yield saml20_1.default.parseLogoutResponse(rawResponse);
|
|
125
124
|
if (parsedResponse.status !== 'urn:oasis:names:tc:SAML:2.0:status:Success') {
|
|
126
125
|
throw new error_1.JacksonError(`SLO failed with status ${parsedResponse.status}.`, 400);
|
|
127
126
|
}
|
|
@@ -177,24 +176,6 @@ const buildRequestXML = (nameId, providerName, sloUrl) => {
|
|
|
177
176
|
xml: xmlbuilder_1.default.create(xml).end({}),
|
|
178
177
|
};
|
|
179
178
|
};
|
|
180
|
-
// Parse SAMLResponse
|
|
181
|
-
const parseSAMLResponse = (rawResponse) => __awaiter(void 0, void 0, void 0, function* () {
|
|
182
|
-
return new Promise((resolve, reject) => {
|
|
183
|
-
xml2js_1.default.parseString(rawResponse, { tagNameProcessors: [xml2js_1.default.processors.stripPrefix] }, (err, { LogoutResponse }) => {
|
|
184
|
-
if (err) {
|
|
185
|
-
reject(err);
|
|
186
|
-
return;
|
|
187
|
-
}
|
|
188
|
-
resolve({
|
|
189
|
-
issuer: LogoutResponse.Issuer[0]._,
|
|
190
|
-
id: LogoutResponse.$.ID,
|
|
191
|
-
status: LogoutResponse.Status[0].StatusCode[0].$.Value,
|
|
192
|
-
destination: LogoutResponse.$.Destination,
|
|
193
|
-
inResponseTo: LogoutResponse.$.InResponseTo,
|
|
194
|
-
});
|
|
195
|
-
});
|
|
196
|
-
});
|
|
197
|
-
});
|
|
198
179
|
// Sign the XML
|
|
199
180
|
const signXML = (xml, signingKey, publicKey) => __awaiter(void 0, void 0, void 0, function* () {
|
|
200
181
|
return yield saml20_1.default.sign(xml, signingKey, publicKey, logoutXPath);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logout.js","sourceRoot":"","sources":["../../src/controller/logout.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAA4B;AAC5B,+BAAiC;AACjC,
|
|
1
|
+
{"version":3,"file":"logout.js","sourceRoot":"","sources":["../../src/controller/logout.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAA4B;AAC5B,+BAAiC;AACjC,4DAAoC;AACpC,+BAAkC;AAClC,qDAAuC;AAEvC,4DAAkC;AAElC,mCAAuC;AACvC,2DAA6C;AAC7C,mCAAqC;AACrC,uCAAqD;AAErD,MAAM,eAAe,GAAG,IAAA,gBAAS,EAAC,iBAAU,CAAC,CAAC;AAE9C,MAAM,gBAAgB,GAAG,iBAAiB,CAAC;AAC3C,MAAM,WAAW,GAAG,mCAAmC,CAAC;AAExD,MAAa,gBAAgB;IAK3B,YAAY,EAAE,eAAe,EAAE,YAAY,EAAE,IAAI,EAAE;QACjD,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;QACvC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnC,CAAC;IAED,qBAAqB;IACR,aAAa,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAoB;;YACnF,IAAI,cAAc,GAA0B,IAAI,CAAC;YAEjD,IAAI,MAAM,IAAI,OAAO,EAAE,CAAC;gBACtB,MAAM,eAAe,GAAG,CACtB,MAAM,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC;oBACpC,IAAI,EAAE,kBAAU,CAAC,aAAa;oBAC9B,KAAK,EAAE,OAAO,CAAC,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC;iBAC7C,CAAC,CACH,CAAC,IAAI,CAAC;gBAEP,IAAI,CAAC,eAAe,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACrD,MAAM,IAAI,oBAAY,CAAC,4BAA4B,EAAE,GAAG,CAAC,CAAC;gBAC5D,CAAC;gBAED,cAAc,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,MAAM,IAAI,oBAAY,CAAC,4BAA4B,EAAE,GAAG,CAAC,CAAC;YAC5D,CAAC;YAED,MAAM,EACJ,WAAW,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,GAC/B,GAAG,cAAc,CAAC;YAEnB,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,MAAM,IAAA,4BAAqB,GAAE,CAAC;YAEhE,IAAI,aAAa,IAAI,GAAG,KAAK,KAAK,IAAI,SAAS,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;gBACjE,MAAM,IAAI,oBAAY,CAAC,GAAG,QAAQ,0CAA0C,EAAE,GAAG,CAAC,CAAC;YACrF,CAAC;YAED,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,eAAe,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,YAAa,EAAE,GAAG,CAAC,WAAqB,CAAC,CAAC;YAChG,MAAM,SAAS,GAAG,gBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAEzD,IAAI,SAAS,GAAkB,IAAI,CAAC;YACpC,IAAI,UAAU,GAAkB,IAAI,CAAC;YAErC,MAAM,UAAU,GAAG,gBAAgB,GAAG,SAAS,CAAC;YAChD,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;YAE5D,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE;gBACrC,EAAE;gBACF,WAAW;aACZ,CAAC,CAAC;YAEH,wBAAwB;YACxB,IAAI,aAAa,IAAI,GAAG,EAAE,CAAC;gBACzB,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,WAAqB,EAAE;oBACtD,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,eAAe,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBAC7E,UAAU,EAAE,UAAU;iBACvB,CAAC,CAAC;YACL,CAAC;YAED,oBAAoB;YACpB,IAAI,SAAS,IAAI,GAAG,EAAE,CAAC;gBACrB,UAAU,GAAG,gBAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAiB,EAAE;oBACtD;wBACE,IAAI,EAAE,YAAY;wBAClB,KAAK,EAAE,UAAU;qBAClB;oBACD;wBACE,IAAI,EAAE,aAAa;wBACnB,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;qBACjD;iBACF,CAAC,CAAC;YACL,CAAC;YAED,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;QACnC,CAAC;KAAA;IAED,sBAAsB;IACT,cAAc,CAAC,EAAE,YAAY,EAAE,UAAU,EAAuB;;;YAC3E,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;YAEnE,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;YAC3D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAEvD,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,oBAAY,CAAC,mDAAmD,EAAE,GAAG,CAAC,CAAC;YACnF,CAAC;YAED,MAAM,cAAc,GAAG,MAAM,gBAAI,CAAC,mBAAmB,CAAC,WAAW,CAAC,CAAC;YAEnE,IAAI,cAAc,CAAC,MAAM,KAAK,4CAA4C,EAAE,CAAC;gBAC3E,MAAM,IAAI,oBAAY,CAAC,0BAA0B,cAAc,CAAC,MAAM,GAAG,EAAE,GAAG,CAAC,CAAC;YAClF,CAAC;YAED,IAAI,cAAc,CAAC,YAAY,KAAK,OAAO,CAAC,EAAE,EAAE,CAAC;gBAC/C,MAAM,IAAI,oBAAY,CAAC,wCAAwC,EAAE,GAAG,CAAC,CAAC;YACxE,CAAC;YAED,MAAM,eAAe,GAAG,CACtB,MAAM,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC;gBACpC,IAAI,EAAE,kBAAU,CAAC,QAAQ;gBACzB,KAAK,EAAE,cAAc,CAAC,MAAM;aAC7B,CAAC,CACH,CAAC,IAAI,CAAC;YAEP,IAAI,CAAC,eAAe,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACrD,MAAM,IAAI,oBAAY,CAAC,4BAA4B,EAAE,GAAG,CAAC,CAAC;YAC5D,CAAC;YAED,MAAM,EAAE,WAAW,EAAE,kBAAkB,EAAE,GAAmB,eAAe,CAAC,CAAC,CAAC,CAAC;YAE/E,IAAI,CAAC,CAAC,MAAM,gBAAI,CAAC,iBAAiB,CAAC,WAAW,EAAE,IAAI,EAAE,WAAW,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;gBAC/E,MAAM,IAAI,oBAAY,CAAC,oBAAoB,EAAE,GAAG,CAAC,CAAC;YACpD,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC5C,CAAC;YAAC,OAAO,IAAI,EAAE,CAAC;gBACd,SAAS;YACX,CAAC;YAED,OAAO;gBACL,WAAW,EAAE,MAAA,OAAO,CAAC,WAAW,mCAAI,kBAAkB;aACvD,CAAC;;KACH;CACF;AAnID,4CAmIC;AAED,qCAAqC;AACrC,MAAM,eAAe,GAAG,CAAC,MAAc,EAAE,YAAoB,EAAE,MAAc,EAAE,EAAE;IAC/E,MAAM,EAAE,GAAG,GAAG,GAAG,gBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAExD,MAAM,GAAG,GAAwB;QAC/B,qBAAqB,EAAE;YACrB,cAAc,EAAE,sCAAsC;YACtD,aAAa,EAAE,uCAAuC;YACtD,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,KAAK;YACjB,eAAe,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACzC,cAAc,EAAE,MAAM;YACtB,aAAa,EAAE;gBACb,OAAO,EAAE,YAAY;aACtB;YACD,aAAa,EAAE;gBACb,SAAS,EAAE,uDAAuD;gBAClE,OAAO,EAAE,MAAM;aAChB;SACF;KACF,CAAC;IAEF,OAAO;QACL,EAAE;QACF,GAAG,EAAE,oBAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;KACpC,CAAC;AACJ,CAAC,CAAC;AAEF,eAAe;AACf,MAAM,OAAO,GAAG,CAAO,GAAW,EAAE,UAAkB,EAAE,SAAiB,EAAmB,EAAE;IAC5F,OAAO,MAAM,gBAAI,CAAC,IAAI,CAAC,GAAG,EAAE,UAAU,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;AAClE,CAAC,CAAA,CAAC"}
|
|
@@ -46,7 +46,6 @@ const dbutils = __importStar(require("../db/utils"));
|
|
|
46
46
|
const error_1 = require("./error");
|
|
47
47
|
const utils_1 = require("./utils");
|
|
48
48
|
const utils_2 = require("./utils");
|
|
49
|
-
const lib_1 = require("../saml/lib");
|
|
50
49
|
const redirect = __importStar(require("./oauth/redirect"));
|
|
51
50
|
const oidc_issuer_1 = require("./oauth/oidc-issuer");
|
|
52
51
|
const deflateRawAsync = (0, util_1.promisify)(zlib_1.deflateRaw);
|
|
@@ -55,7 +54,7 @@ class SSOHandler {
|
|
|
55
54
|
this.createSAMLResponse = ({ profile, session }) => __awaiter(this, void 0, void 0, function* () {
|
|
56
55
|
const certificate = yield (0, x509_1.getDefaultCertificate)();
|
|
57
56
|
try {
|
|
58
|
-
const responseSigned = yield
|
|
57
|
+
const responseSigned = yield saml20_1.default.createSAMLResponse(Object.assign({ audience: session.requested.entityId, acsUrl: session.requested.acsUrl, requestId: session.requested.id, issuer: `${this.opts.samlAudience}`, claims: profile.claims }, certificate));
|
|
59
58
|
const responseForm = saml20_1.default.createPostForm(session.requested.acsUrl, [
|
|
60
59
|
{
|
|
61
60
|
name: 'RelayState',
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sso-handler.js","sourceRoot":"","sources":["../../src/controller/sso-handler.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,4DAAkC;AAClC,oDAA4B;AAC5B,+BAAiC;AACjC,+BAAkC;AAElC,iDAA2C;AAG3C,uCAAqD;AACrD,qDAAuC;AACvC,mCAAuC;AACvC,mCAAqC;AACrC,mCAA2C;AAC3C,
|
|
1
|
+
{"version":3,"file":"sso-handler.js","sourceRoot":"","sources":["../../src/controller/sso-handler.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,4DAAkC;AAClC,oDAA4B;AAC5B,+BAAiC;AACjC,+BAAkC;AAElC,iDAA2C;AAG3C,uCAAqD;AACrD,qDAAuC;AACvC,mCAAuC;AACvC,mCAAqC;AACrC,mCAA2C;AAC3C,2DAA6C;AAC7C,qDAAyD;AAEzD,MAAM,eAAe,GAAG,IAAA,gBAAS,EAAC,iBAAU,CAAC,CAAC;AAE9C,MAAa,UAAU;IAKrB,YAAY,EACV,UAAU,EACV,OAAO,EACP,IAAI,GAKL;QAsPD,uBAAkB,GAAG,CAAO,EAAE,OAAO,EAAE,OAAO,EAA0C,EAAE,EAAE;YAC1F,MAAM,WAAW,GAAG,MAAM,IAAA,4BAAqB,GAAE,CAAC;YAElD,IAAI,CAAC;gBACH,MAAM,cAAc,GAAG,MAAM,gBAAI,CAAC,kBAAkB,iBAClD,QAAQ,EAAE,OAAO,CAAC,SAAS,CAAC,QAAQ,EACpC,MAAM,EAAE,OAAO,CAAC,SAAS,CAAC,MAAM,EAChC,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,EAAE,EAC/B,MAAM,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,EACnC,MAAM,EAAE,OAAO,CAAC,MAAM,IACnB,WAAW,EACd,CAAC;gBAEH,MAAM,YAAY,GAAG,gBAAI,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,CAAC,MAAM,EAAE;oBACjE;wBACE,IAAI,EAAE,YAAY;wBAClB,KAAK,EAAE,OAAO,CAAC,SAAS,CAAC,UAAU;qBACpC;oBACD;wBACE,IAAI,EAAE,cAAc;wBACpB,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;qBACtD;iBACF,CAAC,CAAC;gBAEH,OAAO,EAAE,YAAY,EAAE,CAAC;YAC1B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,oDAAoD;gBACpD,MAAM,IAAI,oBAAY,CAAC,mCAAmC,EAAE,GAAG,CAAC,CAAC;YACnE,CAAC;QACH,CAAC,CAAA,CAAC;QAEF,uDAAuD;QAC/C,kBAAa,GAAG,CAAO,EAC7B,SAAS,EACT,SAAS,EACT,gBAAgB,EAChB,SAAS,GAMV,EAAE,EAAE;YACH,MAAM,SAAS,GAAG,gBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAEzD,MAAM,OAAO,GAAG;gBACd,EAAE,EAAE,SAAS;gBACb,SAAS;gBACT,aAAa,EAAE,IAAI;aACpB,CAAC;YAEF,IAAI,gBAAgB,EAAE,CAAC;gBACrB,OAAO,CAAC,kBAAkB,CAAC,GAAG,gBAAgB,CAAC;YACjD,CAAC;YAED,IAAI,SAAS,EAAE,CAAC;gBACd,OAAO,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC;YACnC,CAAC;YAED,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAE3C,OAAO,GAAG,wBAAgB,GAAG,SAAS,EAAE,CAAC;QAC3C,CAAC,CAAA,CAAC;QAnTA,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;IAED,+GAA+G;IAC/G,4EAA4E;IAC5E,yDAAyD;IACnD,iBAAiB,CAAC,MASvB;;YAWC,MAAM,EACJ,QAAQ,EACR,cAAc,EACd,MAAM,EACN,OAAO,EACP,QAAQ,EACR,QAAQ,EACR,OAAO,EACP,YAAY,GAAG,EAAE,GAClB,GAAG,MAAM,CAAC;YAEX,IAAI,WAAW,GAA6C,IAAI,CAAC;YAEjE,oCAAoC;YACpC,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,EAAE,CAAC;gBAC7C,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,GAAG,CAC9B,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CACrB,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;oBACzB,IAAI,EAAE,kBAAU,CAAC,aAAa;oBAC9B,KAAK,EAAE,OAAO,CAAC,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC;iBAC7C,CAAC,CACH,CACF,CAAC;gBAEF,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAC9C,CAAC;iBAAM,IAAI,MAAM,IAAI,OAAO,EAAE,CAAC;gBAC7B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;oBAC9C,IAAI,EAAE,kBAAU,CAAC,aAAa;oBAC9B,KAAK,EAAE,OAAO,CAAC,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC;iBAC7C,CAAC,CAAC;gBAEH,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC;YAC5B,CAAC;iBAAM,IAAI,QAAQ,EAAE,CAAC;gBACpB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;oBAC9C,IAAI,EAAE,kBAAU,CAAC,QAAQ;oBACzB,KAAK,EAAE,QAAQ;iBAChB,CAAC,CAAC;gBAEH,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC;YAC5B,CAAC;YAED,MAAM,yBAAyB,GAAG,0BAA0B,CAAC;YAE7D,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC7C,MAAM,IAAI,oBAAY,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;YACzD,CAAC;YAED,2DAA2D;YAC3D,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,UAAU,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;gBAEpE,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,MAAM,IAAI,oBAAY,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;gBACzD,CAAC;gBAED,OAAO,EAAE,UAAU,EAAE,CAAC;YACxB,CAAC;YAED,8DAA8D;YAC9D,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC3B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC,CAAC;gBAE7E,oBAAoB;gBACpB,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,MAAM,IAAI,OAAO,EAAE,CAAC;oBAC9D,MAAM,MAAM,GAAG,IAAI,eAAe,iBAChC,MAAM;wBACN,OAAO,EACP,QAAQ,EAAE,cAAc,EACxB,YAAY,IACT,cAAc,EACjB,CAAC;oBAEH,OAAO,EAAE,WAAW,EAAE,GAAG,GAAG,IAAI,MAAM,EAAE,EAAE,CAAC;gBAC7C,CAAC;gBAED,qBAAqB;gBACrB,IAAI,QAAQ,KAAK,eAAe,IAAI,QAAQ,EAAE,CAAC;oBAC7C,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;wBACjC,QAAQ;wBACR,QAAQ;qBACT,CAAC,CAAC;oBAEH,MAAM,QAAQ,GAAG,gBAAI,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,gBAAgB,IAAI,MAAM,EAAE,EAAE;wBAC9E;4BACE,IAAI,EAAE,cAAc;4BACpB,KAAK,EAAE,cAAc,CAAC,YAAY;yBACnC;qBACF,CAAC,CAAC;oBAEH,OAAO,EAAE,QAAQ,EAAE,CAAC;gBACtB,CAAC;YACH,CAAC;YAED,mCAAmC;YACnC,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC;QACxC,CAAC;KAAA;IAEK,iBAAiB,CAAC,EACtB,UAAU,EACV,aAAa,GAId;;YACC,8DAA8D;YAC9D,MAAM,WAAW,GAAG,MAAM,IAAA,4BAAqB,GAAE,CAAC;YAElD,MAAM,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC,WAAW,CAAC;YAEvC,IAAI,MAAM,CAAC;YACX,IAAI,IAAI,GAAG,KAAK,CAAC;YAEjB,IAAI,aAAa,IAAI,GAAG,EAAE,CAAC;gBACzB,MAAM,GAAG,GAAG,CAAC,WAAW,CAAC;YAC3B,CAAC;iBAAM,IAAI,SAAS,IAAI,GAAG,EAAE,CAAC;gBAC5B,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC;gBACrB,IAAI,GAAG,IAAI,CAAC;YACd,CAAC;YAED,MAAM,WAAW,GAAG,gBAAI,CAAC,OAAO,CAAC;gBAC/B,MAAM;gBACN,QAAQ,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE;gBACrC,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ;gBACvD,UAAU,EAAE,WAAW,CAAC,UAAU;gBAClC,SAAS,EAAE,WAAW,CAAC,SAAS;gBAChC,UAAU,EAAE,CAAC,CAAC,UAAU,CAAC,UAAU;gBACnC,gBAAgB,EAAE,UAAU,CAAC,gBAAgB;oBAC3C,CAAC,CAAC,UAAU,CAAC,gBAAgB;oBAC7B,CAAC,CAAC,wDAAwD;aAC7D,CAAC,CAAC;YAEH,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC;gBAC1C,SAAS,EAAE,WAAW,CAAC,EAAE;gBACzB,SAAS,kCACJ,aAAa,KAChB,SAAS,EAAE,UAAU,CAAC,QAAQ,GAC/B;aACF,CAAC,CAAC;YAEH,IAAI,WAAW,CAAC;YAChB,IAAI,aAAa,CAAC;YAElB,2DAA2D;YAC3D,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;oBACrC,UAAU,EAAE,UAAU;oBACtB,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,eAAe,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;iBACxF,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,aAAa,GAAG,gBAAI,CAAC,cAAc,CAAC,MAAM,EAAE;oBAC1C;wBACE,IAAI,EAAE,YAAY;wBAClB,KAAK,EAAE,UAAU;qBAClB;oBACD;wBACE,IAAI,EAAE,aAAa;wBACnB,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;qBAC3D;iBACF,CAAC,CAAC;YACL,CAAC;YAED,OAAO;gBACL,YAAY,EAAE,WAAW;gBACzB,cAAc,EAAE,aAAa;aAC9B,CAAC;QACJ,CAAC;KAAA;IAEK,iBAAiB,CAAC,EACtB,UAAU,EACV,aAAa,GAId;;YACC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACxB,MAAM,IAAI,oBAAY,CAAC,oDAAoD,EAAE,GAAG,CAAC,CAAC;YACpF,CAAC;YAED,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,UAAU,CAAC,YAAY,CAAC;YAEnF,IAAI,CAAC;gBACH,MAAM,UAAU,GAAG,MAAM,IAAA,gCAAkB,EAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;gBACpE,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC;oBACvC,SAAS,EAAE,QAAS;oBACpB,aAAa,EAAE,YAAY;oBAC3B,aAAa,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC;oBAC3D,cAAc,EAAE,CAAC,MAAM,CAAC;iBACzB,CAAC,CAAC;gBAEH,MAAM,gBAAgB,GAAG,0BAAU,CAAC,YAAY,EAAE,CAAC;gBACnD,MAAM,cAAc,GAAG,0BAAU,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC;gBAClE,MAAM,SAAS,GAAG,0BAAU,CAAC,KAAK,EAAE,CAAC;gBAErC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC;oBAC1C,SAAS,EAAE,UAAU,CAAC,QAAQ;oBAC9B,SAAS,EAAE,aAAa;oBACxB,gBAAgB;oBAChB,SAAS;iBACV,CAAC,CAAC;gBAEH,MAAM,MAAM,GAAG,UAAU,CAAC,gBAAgB,CAAC;oBACzC,KAAK,EAAE,sBAAsB;oBAC7B,cAAc;oBACd,qBAAqB,EAAE,MAAM;oBAC7B,KAAK,EAAE,UAAU;oBACjB,KAAK,EAAE,SAAS;iBACjB,CAAC,CAAC;gBAEH,OAAO;oBACL,YAAY,EAAE,MAAM;iBACrB,CAAC;YACJ,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACnB,MAAM,IAAI,oBAAY,CAAC,sCAAsC,GAAG,CAAC,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;YACnF,CAAC;QACH,CAAC;KAAA;CAiEF;AAlUD,gCAkUC"}
|
|
@@ -15,7 +15,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
15
15
|
exports.SSO = void 0;
|
|
16
16
|
const saml20_1 = __importDefault(require("@boxyhq/saml20"));
|
|
17
17
|
const error_1 = require("../../controller/error");
|
|
18
|
-
const lib_1 = require("../../saml/lib");
|
|
19
18
|
const utils_1 = require("../../controller/utils");
|
|
20
19
|
const checkLicense_1 = require("../common/checkLicense");
|
|
21
20
|
const isSAMLConnection = (connection) => {
|
|
@@ -30,18 +29,18 @@ class SSO {
|
|
|
30
29
|
let app;
|
|
31
30
|
let id, acsUrl, entityId, publicKey, providerName, decodedRequest;
|
|
32
31
|
try {
|
|
33
|
-
|
|
32
|
+
decodedRequest = yield saml20_1.default.decodeBase64(request, true);
|
|
33
|
+
const parsedSAMLRequest = yield saml20_1.default.parseSAMLRequest(decodedRequest, false);
|
|
34
34
|
id = parsedSAMLRequest.id;
|
|
35
|
-
|
|
36
|
-
entityId = parsedSAMLRequest.entityId;
|
|
35
|
+
entityId = parsedSAMLRequest.audience;
|
|
37
36
|
publicKey = parsedSAMLRequest.publicKey;
|
|
38
37
|
providerName = parsedSAMLRequest.providerName;
|
|
39
|
-
decodedRequest = parsedSAMLRequest.decodedRequest;
|
|
40
38
|
// Verify the request if it is signed
|
|
41
39
|
if (publicKey && !saml20_1.default.hasValidSignature(request, publicKey, null)) {
|
|
42
40
|
throw new error_1.JacksonError('Invalid SAML Request signature.', 400);
|
|
43
41
|
}
|
|
44
42
|
app = yield this.app.getByEntityId(entityId);
|
|
43
|
+
acsUrl = parsedSAMLRequest.acsUrl || app.acsUrl; // acsUrl is optional in the SAMLRequest
|
|
45
44
|
if (app.acsUrl !== acsUrl) {
|
|
46
45
|
throw new error_1.JacksonError("Assertion Consumer Service URL doesn't match.", 400);
|
|
47
46
|
}
|
|
@@ -107,7 +106,7 @@ class SSO {
|
|
|
107
106
|
providerName,
|
|
108
107
|
acsUrl,
|
|
109
108
|
entityId,
|
|
110
|
-
samlRequest: decodedRequest,
|
|
109
|
+
samlRequest: decodedRequest || request,
|
|
111
110
|
},
|
|
112
111
|
});
|
|
113
112
|
throw err;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sso.js","sourceRoot":"","sources":["../../../src/ee/federated-saml/sso.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,4DAAkC;AAGlC,kDAAsD;AAStD,
|
|
1
|
+
{"version":3,"file":"sso.js","sourceRoot":"","sources":["../../../src/ee/federated-saml/sso.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,4DAAkC;AAGlC,kDAAsD;AAStD,kDAA6E;AAC7E,yDAA+D;AAE/D,MAAM,gBAAgB,GAAG,CAAC,UAAyC,EAA+B,EAAE;IAClG,OAAO,aAAa,IAAI,UAAU,CAAC;AACrC,CAAC,CAAC;AAEF,MAAa,GAAG;IAMd,YAAY,EACV,GAAG,EACH,UAAU,EACV,SAAS,EACT,IAAI,GAML;QAOD,+GAA+G;QACxG,oBAAe,GAAG,CAAO,EAC9B,OAAO,EACP,UAAU,EACV,QAAQ,GAKT,EAAE,EAAE;YACH,MAAM,IAAA,oCAAqB,EAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAExD,IAAI,UAAqD,CAAC;YAC1D,IAAI,GAAkC,CAAC;YACvC,IAAI,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,YAAY,EAAE,cAAc,CAAC;YAElE,IAAI,CAAC;gBACH,cAAc,GAAG,MAAM,gBAAI,CAAC,YAAY,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;gBAExD,MAAM,iBAAiB,GAAG,MAAM,gBAAI,CAAC,gBAAgB,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;gBAE7E,EAAE,GAAG,iBAAiB,CAAC,EAAE,CAAC;gBAC1B,QAAQ,GAAG,iBAAiB,CAAC,QAAQ,CAAC;gBACtC,SAAS,GAAG,iBAAiB,CAAC,SAAS,CAAC;gBACxC,YAAY,GAAG,iBAAiB,CAAC,YAAY,CAAC;gBAE9C,qCAAqC;gBACrC,IAAI,SAAS,IAAI,CAAC,gBAAI,CAAC,iBAAiB,CAAC,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC;oBACnE,MAAM,IAAI,oBAAY,CAAC,iCAAiC,EAAE,GAAG,CAAC,CAAC;gBACjE,CAAC;gBAED,GAAG,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;gBAC7C,MAAM,GAAG,iBAAiB,CAAC,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,wCAAwC;gBAEzF,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;oBAC1B,MAAM,IAAI,oBAAY,CAAC,+CAA+C,EAAE,GAAG,CAAC,CAAC;gBAC/E,CAAC;gBAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC;oBACvD,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,OAAO,EAAE,GAAG,CAAC,OAAO;oBACpB,QAAQ;oBACR,QAAQ,EAAE,MAAM;oBAChB,YAAY,EAAE,GAAG,CAAC,EAAE;oBACpB,cAAc,EAAE;wBACd,UAAU,EAAE,UAAU;wBACtB,WAAW,EAAE,OAAO;qBACrB;oBACD,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBAEH,mEAAmE;gBACnE,IAAI,aAAa,IAAI,QAAQ,EAAE,CAAC;oBAC9B,OAAO;wBACL,YAAY,EAAE,QAAQ,CAAC,WAAW;wBAClC,cAAc,EAAE,IAAI;qBACrB,CAAC;gBACJ,CAAC;gBAED,gDAAgD;gBAChD,IAAI,YAAY,IAAI,QAAQ,EAAE,CAAC;oBAC7B,UAAU,GAAG,QAAQ,CAAC,UAAU,CAAC;gBACnC,CAAC;gBAED,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,MAAM,IAAI,oBAAY,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC;gBAC1D,CAAC;gBAED,IAAI,CAAC,IAAA,0BAAkB,EAAC,UAAU,CAAC,EAAE,CAAC;oBACpC,MAAM,IAAI,oBAAY,CAAC,mEAAmE,EAAE,GAAG,CAAC,CAAC;gBACnG,CAAC;gBAED,MAAM,aAAa,GAAG;oBACpB,EAAE;oBACF,MAAM;oBACN,QAAQ;oBACR,SAAS;oBACT,YAAY;oBACZ,UAAU;oBACV,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC;gBAEF,OAAO,gBAAgB,CAAC,UAAU,CAAC;oBACjC,CAAC,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC;wBACtC,UAAU;wBACV,aAAa;qBACd,CAAC;oBACJ,CAAC,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC;wBACtC,UAAU;wBACV,aAAa;qBACd,CAAC,CAAC;YACT,CAAC;YAAC,OAAO,GAAY,EAAE,CAAC;gBACtB,MAAM,iBAAiB,GAAG,IAAA,uBAAe,EAAC,GAAG,CAAC,CAAC;gBAE/C,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC;oBACvB,KAAK,EAAE,iBAAiB;oBACxB,OAAO,EAAE;wBACP,MAAM,EAAE,CAAA,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,MAAM,KAAI,EAAE;wBACzB,OAAO,EAAE,CAAA,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,OAAO,KAAI,EAAE;wBAC3B,QAAQ,EAAE,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,QAAQ,KAAI,EAAE;wBACpC,eAAe,EAAE,IAAI;wBACrB,UAAU;wBACV,YAAY;wBACZ,MAAM;wBACN,QAAQ;wBACR,WAAW,EAAE,cAAc,IAAI,OAAO;qBACvC;iBACF,CAAC,CAAC;gBAEH,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC,CAAA,CAAC;QAtHA,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;CAmHF;AAxID,kBAwIC"}
|
package/dist/saml/lib.d.ts
CHANGED
|
@@ -1,28 +1,9 @@
|
|
|
1
|
-
|
|
2
|
-
export declare const extractSAMLResponseAttributes: (decodedResponse: string, validateOpts: ValidateOption) => Promise<SAMLProfile>;
|
|
3
|
-
export declare const extractSAMLRequestAttributes: (samlRequest: string) => Promise<{
|
|
4
|
-
id: string;
|
|
5
|
-
acsUrl: string;
|
|
6
|
-
entityId: string;
|
|
7
|
-
publicKey: string;
|
|
8
|
-
providerName: string;
|
|
9
|
-
decodedRequest: string;
|
|
10
|
-
}>;
|
|
1
|
+
export declare const extractSAMLResponseAttributes: (decodedResponse: string, validateOpts: ValidateOption) => Promise<import("@boxyhq/saml20/dist/typings").SAMLProfile>;
|
|
11
2
|
export declare const createMetadataXML: ({ ssoUrl, entityId, x509cert, }: {
|
|
12
3
|
ssoUrl: string;
|
|
13
4
|
entityId: string;
|
|
14
5
|
x509cert: string;
|
|
15
6
|
}) => Promise<string>;
|
|
16
|
-
export declare const decodeBase64: (string: string, isDeflated: boolean) => Promise<string>;
|
|
17
|
-
export declare const createSAMLResponse: ({ audience, issuer, acsUrl, profile, requestId, privateKey, publicKey, }: {
|
|
18
|
-
audience: string;
|
|
19
|
-
issuer: string;
|
|
20
|
-
acsUrl: string;
|
|
21
|
-
profile: SAMLProfile;
|
|
22
|
-
requestId: string;
|
|
23
|
-
privateKey: string;
|
|
24
|
-
publicKey: string;
|
|
25
|
-
}) => Promise<string>;
|
|
26
7
|
export type ValidateOption = {
|
|
27
8
|
thumbprint?: string;
|
|
28
9
|
publicKey?: string;
|
package/dist/saml/lib.js
CHANGED
|
@@ -35,11 +35,8 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
35
35
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
36
36
|
};
|
|
37
37
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
38
|
-
exports.
|
|
38
|
+
exports.createMetadataXML = exports.extractSAMLResponseAttributes = void 0;
|
|
39
39
|
const crypto_1 = __importDefault(require("crypto"));
|
|
40
|
-
const xml2js_1 = __importDefault(require("xml2js"));
|
|
41
|
-
const zlib_1 = require("zlib");
|
|
42
|
-
const util_1 = require("util");
|
|
43
40
|
const saml20_1 = __importDefault(require("@boxyhq/saml20"));
|
|
44
41
|
const xmlbuilder_1 = __importDefault(require("xmlbuilder"));
|
|
45
42
|
const dbutils = __importStar(require("../db/utils"));
|
|
@@ -60,33 +57,6 @@ const extractSAMLResponseAttributes = (decodedResponse, validateOpts) => __await
|
|
|
60
57
|
return attributes;
|
|
61
58
|
});
|
|
62
59
|
exports.extractSAMLResponseAttributes = extractSAMLResponseAttributes;
|
|
63
|
-
const extractSAMLRequestAttributes = (samlRequest) => __awaiter(void 0, void 0, void 0, function* () {
|
|
64
|
-
const decodedRequest = yield (0, exports.decodeBase64)(samlRequest, true);
|
|
65
|
-
const result = yield parseXML(decodedRequest);
|
|
66
|
-
const publicKey = result['samlp:AuthnRequest']['Signature']
|
|
67
|
-
? result['samlp:AuthnRequest']['Signature'][0]['KeyInfo'][0]['X509Data'][0]['X509Certificate'][0]
|
|
68
|
-
: null;
|
|
69
|
-
const attributes = result['samlp:AuthnRequest']['$'];
|
|
70
|
-
const id = attributes.ID;
|
|
71
|
-
const providerName = attributes.ProviderName;
|
|
72
|
-
const acsUrl = attributes.AssertionConsumerServiceURL;
|
|
73
|
-
const entityId = result['samlp:AuthnRequest']['saml:Issuer'][0];
|
|
74
|
-
if (!entityId) {
|
|
75
|
-
throw new Error("Missing 'Entity ID' in SAML Request.");
|
|
76
|
-
}
|
|
77
|
-
if (!acsUrl) {
|
|
78
|
-
throw new Error("Missing 'ACS URL' in SAML Request.");
|
|
79
|
-
}
|
|
80
|
-
return {
|
|
81
|
-
id,
|
|
82
|
-
acsUrl,
|
|
83
|
-
entityId,
|
|
84
|
-
publicKey,
|
|
85
|
-
providerName,
|
|
86
|
-
decodedRequest,
|
|
87
|
-
};
|
|
88
|
-
});
|
|
89
|
-
exports.extractSAMLRequestAttributes = extractSAMLRequestAttributes;
|
|
90
60
|
// Create Metadata XML
|
|
91
61
|
const createMetadataXML = ({ ssoUrl, entityId, x509cert, }) => __awaiter(void 0, void 0, void 0, function* () {
|
|
92
62
|
x509cert = saml20_1.default.stripCertHeaderAndFooter(x509cert);
|
|
@@ -129,116 +99,4 @@ const createMetadataXML = ({ ssoUrl, entityId, x509cert, }) => __awaiter(void 0,
|
|
|
129
99
|
return xmlbuilder_1.default.create(nodes, { encoding: 'UTF-8', standalone: false }).end({ pretty: true });
|
|
130
100
|
});
|
|
131
101
|
exports.createMetadataXML = createMetadataXML;
|
|
132
|
-
// Decode the base64 string
|
|
133
|
-
const decodeBase64 = (string, isDeflated) => __awaiter(void 0, void 0, void 0, function* () {
|
|
134
|
-
const inflateRawAsync = (0, util_1.promisify)(zlib_1.inflateRaw);
|
|
135
|
-
return isDeflated
|
|
136
|
-
? (yield inflateRawAsync(Buffer.from(string, 'base64'))).toString()
|
|
137
|
-
: Buffer.from(string, 'base64').toString();
|
|
138
|
-
});
|
|
139
|
-
exports.decodeBase64 = decodeBase64;
|
|
140
|
-
// Parse XML
|
|
141
|
-
const parseXML = (xml) => __awaiter(void 0, void 0, void 0, function* () {
|
|
142
|
-
return new Promise((resolve, reject) => {
|
|
143
|
-
xml2js_1.default.parseString(xml, (err, result) => {
|
|
144
|
-
if (err) {
|
|
145
|
-
reject(err);
|
|
146
|
-
}
|
|
147
|
-
resolve(result);
|
|
148
|
-
});
|
|
149
|
-
});
|
|
150
|
-
});
|
|
151
|
-
const randomId = () => {
|
|
152
|
-
return '_' + crypto_1.default.randomBytes(10).toString('hex');
|
|
153
|
-
};
|
|
154
|
-
// Create SAML Response and sign it
|
|
155
|
-
const createSAMLResponse = ({ audience, issuer, acsUrl, profile, requestId, privateKey, publicKey, }) => __awaiter(void 0, void 0, void 0, function* () {
|
|
156
|
-
const authDate = new Date();
|
|
157
|
-
const authTimestamp = authDate.toISOString();
|
|
158
|
-
authDate.setMinutes(authDate.getMinutes() - 5);
|
|
159
|
-
const notBefore = authDate.toISOString();
|
|
160
|
-
authDate.setMinutes(authDate.getMinutes() + 10);
|
|
161
|
-
const notAfter = authDate.toISOString();
|
|
162
|
-
const nodes = {
|
|
163
|
-
'samlp:Response': {
|
|
164
|
-
'@xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',
|
|
165
|
-
'@Version': '2.0',
|
|
166
|
-
'@ID': randomId(),
|
|
167
|
-
'@Destination': acsUrl,
|
|
168
|
-
'@InResponseTo': requestId,
|
|
169
|
-
'@IssueInstant': authTimestamp,
|
|
170
|
-
'saml:Issuer': {
|
|
171
|
-
'@xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion',
|
|
172
|
-
'@Format': 'urn:oasis:names:tc:SAML:2.0:assertion',
|
|
173
|
-
'#text': issuer,
|
|
174
|
-
},
|
|
175
|
-
'samlp:Status': {
|
|
176
|
-
'samlp:StatusCode': {
|
|
177
|
-
'@Value': 'urn:oasis:names:tc:SAML:2.0:status:Success',
|
|
178
|
-
},
|
|
179
|
-
},
|
|
180
|
-
'saml:Assertion': {
|
|
181
|
-
'@xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion',
|
|
182
|
-
'@Version': '2.0',
|
|
183
|
-
'@ID': randomId(),
|
|
184
|
-
'@IssueInstant': authTimestamp,
|
|
185
|
-
'saml:Issuer': {
|
|
186
|
-
'#text': issuer,
|
|
187
|
-
},
|
|
188
|
-
'saml:Subject': {
|
|
189
|
-
'@xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion',
|
|
190
|
-
'saml:NameID': {
|
|
191
|
-
'@Format': 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
|
|
192
|
-
'#text': profile.claims.email,
|
|
193
|
-
},
|
|
194
|
-
'saml:SubjectConfirmation': {
|
|
195
|
-
'@Method': 'urn:oasis:names:tc:SAML:2.0:cm:bearer',
|
|
196
|
-
'saml:SubjectConfirmationData': {
|
|
197
|
-
'@Recipient': acsUrl,
|
|
198
|
-
'@NotOnOrAfter': notAfter,
|
|
199
|
-
'@InResponseTo': requestId,
|
|
200
|
-
},
|
|
201
|
-
},
|
|
202
|
-
},
|
|
203
|
-
'saml:Conditions': {
|
|
204
|
-
'@NotBefore': notBefore,
|
|
205
|
-
'@NotOnOrAfter': notAfter,
|
|
206
|
-
'saml:AudienceRestriction': {
|
|
207
|
-
'saml:Audience': {
|
|
208
|
-
'#text': audience,
|
|
209
|
-
},
|
|
210
|
-
},
|
|
211
|
-
},
|
|
212
|
-
'saml:AuthnStatement': {
|
|
213
|
-
'@AuthnInstant': authTimestamp,
|
|
214
|
-
'@SessionIndex': '_YIlFoNFzLMDYxdwf-T_BuimfkGa5qhKg',
|
|
215
|
-
'saml:AuthnContext': {
|
|
216
|
-
'saml:AuthnContextClassRef': {
|
|
217
|
-
'#text': 'urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified',
|
|
218
|
-
},
|
|
219
|
-
},
|
|
220
|
-
},
|
|
221
|
-
'saml:AttributeStatement': {
|
|
222
|
-
'@xmlns:xs': 'http://www.w3.org/2001/XMLSchema',
|
|
223
|
-
'@xmlns:xsi': 'http://www.w3.org/2001/XMLSchema-instance',
|
|
224
|
-
'saml:Attribute': Object.keys(profile.claims.raw).map((attributeName) => {
|
|
225
|
-
return {
|
|
226
|
-
'@Name': attributeName,
|
|
227
|
-
'@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
|
|
228
|
-
'saml:AttributeValue': {
|
|
229
|
-
'@xmlns:xs': 'http://www.w3.org/2001/XMLSchema',
|
|
230
|
-
'@xmlns:xsi': 'http://www.w3.org/2001/XMLSchema-instance',
|
|
231
|
-
'@xsi:type': 'xs:string',
|
|
232
|
-
'#text': profile.claims.raw[attributeName],
|
|
233
|
-
},
|
|
234
|
-
};
|
|
235
|
-
}),
|
|
236
|
-
},
|
|
237
|
-
},
|
|
238
|
-
},
|
|
239
|
-
};
|
|
240
|
-
const xml = xmlbuilder_1.default.create(nodes, { encoding: 'UTF-8' }).end();
|
|
241
|
-
return saml20_1.default.sign(xml, privateKey, publicKey, '/*[local-name(.)="Response" and namespace-uri(.)="urn:oasis:names:tc:SAML:2.0:protocol"]');
|
|
242
|
-
});
|
|
243
|
-
exports.createSAMLResponse = createSAMLResponse;
|
|
244
102
|
//# sourceMappingURL=lib.js.map
|
package/dist/saml/lib.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"lib.js","sourceRoot":"","sources":["../../src/saml/lib.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAA4B;AAC5B,
|
|
1
|
+
{"version":3,"file":"lib.js","sourceRoot":"","sources":["../../src/saml/lib.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAA4B;AAC5B,4DAAkC;AAClC,4DAAoC;AACpC,qDAAuC;AACvC,4DAAoC;AAEpC,yDAAyD;AAClD,MAAM,6BAA6B,GAAG,CAC3C,eAAuB,EACvB,YAA4B,EAC5B,EAAE;IACF,MAAM,UAAU,GAAG,MAAM,gBAAI,CAAC,QAAQ,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;IAEtE,IAAI,UAAU,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC;QACpC,oHAAoH;QACpH,UAAU,CAAC,MAAM,GAAG,gBAAM,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAElD,+FAA+F;QAC/F,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACrD,UAAU,CAAC,MAAM,CAAC,EAAE,GAAG,gBAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnG,CAAC;IACH,CAAC;IAED,wHAAwH;IACxH,UAAU,CAAC,MAAM,CAAC,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAEnE,OAAO,UAAU,CAAC;AACpB,CAAC,CAAA,CAAC;AApBW,QAAA,6BAA6B,iCAoBxC;AAEF,sBAAsB;AACf,MAAM,iBAAiB,GAAG,CAAO,EACtC,MAAM,EACN,QAAQ,EACR,QAAQ,GAKT,EAAmB,EAAE;IACpB,QAAQ,GAAG,gBAAI,CAAC,wBAAwB,CAAC,QAAQ,CAAC,CAAC;IAEnD,MAAM,KAAK,GAAG,IAAI,IAAI,EAAE,CAAC;IACzB,MAAM,KAAK,GAAG;QACZ,qBAAqB,EAAE;YACrB,WAAW,EAAE,sCAAsC;YACnD,WAAW,EAAE,QAAQ;YACrB,aAAa,EAAE,IAAI,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE;YAClF,qBAAqB,EAAE;gBACrB,0BAA0B,EAAE,KAAK;gBACjC,6BAA6B,EAAE,sCAAsC;gBACrE,kBAAkB,EAAE;oBAClB,MAAM,EAAE,SAAS;oBACjB,YAAY,EAAE;wBACZ,WAAW,EAAE,oCAAoC;wBACjD,aAAa,EAAE;4BACb,oBAAoB,EAAE;gCACpB,OAAO,EAAE,QAAQ;6BAClB;yBACF;qBACF;iBACF;gBACD,iBAAiB,EAAE;oBACjB,OAAO,EAAE,wDAAwD;iBAClE;gBACD,wBAAwB,EAAE;oBACxB;wBACE,UAAU,EAAE,oDAAoD;wBAChE,WAAW,EAAE,MAAM;qBACpB;oBACD;wBACE,UAAU,EAAE,gDAAgD;wBAC5D,WAAW,EAAE,MAAM;qBACpB;iBACF;aACF;SACF;KACF,CAAC;IAEF,OAAO,oBAAU,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;AAClG,CAAC,CAAA,CAAC;AAjDW,QAAA,iBAAiB,qBAiD5B"}
|
package/dist/typings.d.ts
CHANGED
|
@@ -388,7 +388,7 @@ export interface JacksonOption {
|
|
|
388
388
|
/** The number of days a setup link is valid for. Defaults to 3 days. */
|
|
389
389
|
setupLinkExpiryDays?: number;
|
|
390
390
|
boxyhqHosted?: boolean;
|
|
391
|
-
ory
|
|
391
|
+
ory?: {
|
|
392
392
|
projectId: string | undefined;
|
|
393
393
|
sdkToken: string | undefined;
|
|
394
394
|
};
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@boxyhq/saml-jackson",
|
|
3
|
-
"version": "1.18.
|
|
3
|
+
"version": "1.18.4",
|
|
4
4
|
"description": "SAML Jackson library",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"SAML 2.0"
|
|
@@ -39,16 +39,16 @@
|
|
|
39
39
|
"coverage-map": "map.js"
|
|
40
40
|
},
|
|
41
41
|
"dependencies": {
|
|
42
|
-
"@aws-sdk/client-dynamodb": "3.
|
|
43
|
-
"@aws-sdk/credential-providers": "3.504.
|
|
44
|
-
"@aws-sdk/util-dynamodb": "3.
|
|
42
|
+
"@aws-sdk/client-dynamodb": "3.506.0",
|
|
43
|
+
"@aws-sdk/credential-providers": "3.504.1",
|
|
44
|
+
"@aws-sdk/util-dynamodb": "3.506.0",
|
|
45
45
|
"@boxyhq/error-code-mnemonic": "0.1.1",
|
|
46
46
|
"@boxyhq/metrics": "0.2.6",
|
|
47
|
-
"@boxyhq/saml20": "1.4.
|
|
47
|
+
"@boxyhq/saml20": "1.4.9",
|
|
48
48
|
"@googleapis/admin": "15.0.0",
|
|
49
49
|
"axios": "1.6.7",
|
|
50
50
|
"encoding": "0.1.13",
|
|
51
|
-
"jose": "5.2.
|
|
51
|
+
"jose": "5.2.1",
|
|
52
52
|
"lodash": "4.17.21",
|
|
53
53
|
"mixpanel": "0.18.0",
|
|
54
54
|
"mongodb": "6.3.0",
|
|
@@ -61,13 +61,12 @@
|
|
|
61
61
|
"reflect-metadata": "0.2.1",
|
|
62
62
|
"ripemd160": "2.0.2",
|
|
63
63
|
"typeorm": "0.3.20",
|
|
64
|
-
"xml2js": "0.6.2",
|
|
65
64
|
"xmlbuilder": "15.1.1"
|
|
66
65
|
},
|
|
67
66
|
"devDependencies": {
|
|
68
67
|
"@faker-js/faker": "8.4.0",
|
|
69
68
|
"@types/lodash": "4.14.202",
|
|
70
|
-
"@types/node": "20.11.
|
|
69
|
+
"@types/node": "20.11.16",
|
|
71
70
|
"@types/sinon": "17.0.3",
|
|
72
71
|
"@types/tap": "15.0.11",
|
|
73
72
|
"cross-env": "7.0.3",
|