@boxyhq/saml-jackson 1.3.12 → 1.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/controller/analytics.d.ts +12 -0
- package/dist/controller/analytics.js +66 -0
- package/dist/controller/analytics.js.map +1 -0
- package/dist/controller/api.d.ts +2 -1
- package/dist/controller/api.js +21 -0
- package/dist/controller/api.js.map +1 -1
- package/dist/controller/connection/oidc.js +1 -1
- package/dist/controller/connection/oidc.js.map +1 -1
- package/dist/controller/connection/saml.js +24 -3
- package/dist/controller/connection/saml.js.map +1 -1
- package/dist/controller/oauth.d.ts +3 -2
- package/dist/controller/oauth.js +133 -281
- package/dist/controller/oauth.js.map +1 -1
- package/dist/controller/saml-handler.d.ts +38 -0
- package/dist/controller/saml-handler.js +166 -0
- package/dist/controller/saml-handler.js.map +1 -0
- package/dist/controller/setup-link.d.ts +12 -0
- package/dist/controller/setup-link.js +134 -0
- package/dist/controller/setup-link.js.map +1 -0
- package/dist/controller/utils.d.ts +16 -1
- package/dist/controller/utils.js +48 -3
- package/dist/controller/utils.js.map +1 -1
- package/dist/db/mem.js +6 -2
- package/dist/db/mem.js.map +1 -1
- package/dist/db/utils.js +0 -1
- package/dist/db/utils.js.map +1 -1
- package/dist/directory-sync/Base.js +2 -2
- package/dist/directory-sync/Base.js.map +1 -1
- package/dist/directory-sync/WebhookEventsLogger.d.ts +4 -1
- package/dist/directory-sync/WebhookEventsLogger.js +3 -3
- package/dist/directory-sync/WebhookEventsLogger.js.map +1 -1
- package/dist/ee/common/checkLicense.d.ts +2 -0
- package/dist/ee/common/checkLicense.js +19 -0
- package/dist/ee/common/checkLicense.js.map +1 -0
- package/dist/ee/federated-saml/app.d.ts +19 -0
- package/dist/ee/federated-saml/app.js +126 -0
- package/dist/ee/federated-saml/app.js.map +1 -0
- package/dist/ee/federated-saml/index.d.ts +12 -0
- package/dist/ee/federated-saml/index.js +56 -0
- package/dist/ee/federated-saml/index.js.map +1 -0
- package/dist/ee/federated-saml/sso.d.ts +17 -0
- package/dist/ee/federated-saml/sso.js +76 -0
- package/dist/ee/federated-saml/sso.js.map +1 -0
- package/dist/ee/federated-saml/types.d.ts +18 -0
- package/dist/ee/federated-saml/types.js +3 -0
- package/dist/ee/federated-saml/types.js.map +1 -0
- package/dist/index.d.ts +9 -0
- package/dist/index.js +21 -1
- package/dist/index.js.map +1 -1
- package/dist/saml/lib.d.ts +31 -0
- package/dist/saml/lib.js +217 -0
- package/dist/saml/lib.js.map +1 -0
- package/dist/typings.d.ts +37 -4
- package/dist/typings.js +15 -0
- package/dist/typings.js.map +1 -1
- package/package.json +15 -14
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
import type { SAMLProfile } from '@boxyhq/saml20/dist/typings';
|
|
2
|
+
export declare const extractSAMLResponseAttributes: (decodedResponse: string, validateOpts: ValidateOption) => Promise<SAMLProfile>;
|
|
3
|
+
export declare const extractSAMLRequestAttributes: (samlRequest: string) => Promise<{
|
|
4
|
+
id: string;
|
|
5
|
+
acsUrl: string;
|
|
6
|
+
entityId: string;
|
|
7
|
+
publicKey: string;
|
|
8
|
+
providerName: string;
|
|
9
|
+
}>;
|
|
10
|
+
export declare const createMetadataXML: ({ ssoUrl, entityId, x509cert, }: {
|
|
11
|
+
ssoUrl: string;
|
|
12
|
+
entityId: string;
|
|
13
|
+
x509cert: string;
|
|
14
|
+
}) => Promise<string>;
|
|
15
|
+
export declare const decodeBase64: (string: string, isDeflated: boolean) => Promise<string>;
|
|
16
|
+
export declare const createSAMLResponse: ({ audience, issuer, acsUrl, profile, requestId, privateKey, publicKey, }: {
|
|
17
|
+
audience: string;
|
|
18
|
+
issuer: string;
|
|
19
|
+
acsUrl: string;
|
|
20
|
+
profile: SAMLProfile;
|
|
21
|
+
requestId: string;
|
|
22
|
+
privateKey: string;
|
|
23
|
+
publicKey: string;
|
|
24
|
+
}) => Promise<string>;
|
|
25
|
+
type ValidateOption = {
|
|
26
|
+
thumbprint: string;
|
|
27
|
+
audience: string;
|
|
28
|
+
privateKey: string;
|
|
29
|
+
inResponseTo?: string;
|
|
30
|
+
};
|
|
31
|
+
export {};
|
package/dist/saml/lib.js
ADDED
|
@@ -0,0 +1,217 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
12
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.createSAMLResponse = exports.decodeBase64 = exports.createMetadataXML = exports.extractSAMLRequestAttributes = exports.extractSAMLResponseAttributes = void 0;
|
|
16
|
+
const crypto_1 = __importDefault(require("crypto"));
|
|
17
|
+
const xml2js_1 = __importDefault(require("xml2js"));
|
|
18
|
+
const zlib_1 = require("zlib");
|
|
19
|
+
const util_1 = require("util");
|
|
20
|
+
const saml20_1 = __importDefault(require("@boxyhq/saml20"));
|
|
21
|
+
const xmlbuilder_1 = __importDefault(require("xmlbuilder"));
|
|
22
|
+
const claims_1 = __importDefault(require("../saml/claims"));
|
|
23
|
+
// Validate the SAMLResponse and extract the user profile
|
|
24
|
+
const extractSAMLResponseAttributes = (decodedResponse, validateOpts) => __awaiter(void 0, void 0, void 0, function* () {
|
|
25
|
+
const attributes = yield saml20_1.default.validate(decodedResponse, validateOpts);
|
|
26
|
+
if (attributes && attributes.claims) {
|
|
27
|
+
// We map claims to our attributes id, email, firstName, lastName where possible. We also map original claims to raw
|
|
28
|
+
attributes.claims = claims_1.default.map(attributes.claims);
|
|
29
|
+
// Some providers don't return the id in the assertion, we set it to a sha256 hash of the email
|
|
30
|
+
if (!attributes.claims.id && attributes.claims.email) {
|
|
31
|
+
attributes.claims.id = crypto_1.default.createHash('sha256').update(attributes.claims.email).digest('hex');
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
return attributes;
|
|
35
|
+
});
|
|
36
|
+
exports.extractSAMLResponseAttributes = extractSAMLResponseAttributes;
|
|
37
|
+
const extractSAMLRequestAttributes = (samlRequest) => __awaiter(void 0, void 0, void 0, function* () {
|
|
38
|
+
const decodeRequest = yield (0, exports.decodeBase64)(samlRequest, true);
|
|
39
|
+
const result = yield parseXML(decodeRequest);
|
|
40
|
+
const publicKey = result['samlp:AuthnRequest']['Signature']
|
|
41
|
+
? result['samlp:AuthnRequest']['Signature'][0]['KeyInfo'][0]['X509Data'][0]['X509Certificate'][0]
|
|
42
|
+
: null;
|
|
43
|
+
const attributes = result['samlp:AuthnRequest']['$'];
|
|
44
|
+
const id = attributes.ID;
|
|
45
|
+
const providerName = attributes.ProviderName;
|
|
46
|
+
const acsUrl = attributes.AssertionConsumerServiceURL;
|
|
47
|
+
const entityId = result['samlp:AuthnRequest']['saml:Issuer'][0];
|
|
48
|
+
if (!entityId) {
|
|
49
|
+
throw new Error("Missing 'Entity ID' in SAML Request.");
|
|
50
|
+
}
|
|
51
|
+
if (!acsUrl) {
|
|
52
|
+
throw new Error("Missing 'ACS URL' in SAML Request.");
|
|
53
|
+
}
|
|
54
|
+
return {
|
|
55
|
+
id,
|
|
56
|
+
acsUrl,
|
|
57
|
+
entityId,
|
|
58
|
+
publicKey,
|
|
59
|
+
providerName,
|
|
60
|
+
};
|
|
61
|
+
});
|
|
62
|
+
exports.extractSAMLRequestAttributes = extractSAMLRequestAttributes;
|
|
63
|
+
// Create Metadata XML
|
|
64
|
+
const createMetadataXML = ({ ssoUrl, entityId, x509cert, }) => __awaiter(void 0, void 0, void 0, function* () {
|
|
65
|
+
x509cert = saml20_1.default.stripCertHeaderAndFooter(x509cert);
|
|
66
|
+
const today = new Date();
|
|
67
|
+
const nodes = {
|
|
68
|
+
'md:EntityDescriptor': {
|
|
69
|
+
'@xmlns:md': 'urn:oasis:names:tc:SAML:2.0:metadata',
|
|
70
|
+
'@entityID': entityId,
|
|
71
|
+
'@validUntil': new Date(today.setFullYear(today.getFullYear() + 10)).toISOString(),
|
|
72
|
+
'md:IDPSSODescriptor': {
|
|
73
|
+
'@WantAuthnRequestsSigned': false,
|
|
74
|
+
'@protocolSupportEnumeration': 'urn:oasis:names:tc:SAML:2.0:protocol',
|
|
75
|
+
'md:KeyDescriptor': {
|
|
76
|
+
'@use': 'signing',
|
|
77
|
+
'ds:KeyInfo': {
|
|
78
|
+
'@xmlns:ds': 'http://www.w3.org/2000/09/xmldsig#',
|
|
79
|
+
'ds:X509Data': {
|
|
80
|
+
'ds:X509Certificate': {
|
|
81
|
+
'#text': x509cert,
|
|
82
|
+
},
|
|
83
|
+
},
|
|
84
|
+
},
|
|
85
|
+
},
|
|
86
|
+
'md:NameIDFormat': {
|
|
87
|
+
'#text': 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
|
|
88
|
+
},
|
|
89
|
+
'md:SingleSignOnService': [
|
|
90
|
+
{
|
|
91
|
+
'@Binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
|
|
92
|
+
'@Location': ssoUrl,
|
|
93
|
+
},
|
|
94
|
+
{
|
|
95
|
+
'@Binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
|
|
96
|
+
'@Location': ssoUrl,
|
|
97
|
+
},
|
|
98
|
+
],
|
|
99
|
+
},
|
|
100
|
+
},
|
|
101
|
+
};
|
|
102
|
+
return xmlbuilder_1.default.create(nodes, { encoding: 'UTF-8', standalone: false }).end({ pretty: true });
|
|
103
|
+
});
|
|
104
|
+
exports.createMetadataXML = createMetadataXML;
|
|
105
|
+
// Decode the base64 string
|
|
106
|
+
const decodeBase64 = (string, isDeflated) => __awaiter(void 0, void 0, void 0, function* () {
|
|
107
|
+
const inflateRawAsync = (0, util_1.promisify)(zlib_1.inflateRaw);
|
|
108
|
+
return isDeflated
|
|
109
|
+
? (yield inflateRawAsync(Buffer.from(string, 'base64'))).toString()
|
|
110
|
+
: Buffer.from(string, 'base64').toString();
|
|
111
|
+
});
|
|
112
|
+
exports.decodeBase64 = decodeBase64;
|
|
113
|
+
// Parse XML
|
|
114
|
+
const parseXML = (xml) => __awaiter(void 0, void 0, void 0, function* () {
|
|
115
|
+
return new Promise((resolve, reject) => {
|
|
116
|
+
xml2js_1.default.parseString(xml, (err, result) => {
|
|
117
|
+
if (err) {
|
|
118
|
+
reject(err);
|
|
119
|
+
}
|
|
120
|
+
resolve(result);
|
|
121
|
+
});
|
|
122
|
+
});
|
|
123
|
+
});
|
|
124
|
+
const randomId = () => {
|
|
125
|
+
return '_' + crypto_1.default.randomBytes(10).toString('hex');
|
|
126
|
+
};
|
|
127
|
+
// Create SAML Response and sign it
|
|
128
|
+
const createSAMLResponse = ({ audience, issuer, acsUrl, profile, requestId, privateKey, publicKey, }) => __awaiter(void 0, void 0, void 0, function* () {
|
|
129
|
+
const authDate = new Date();
|
|
130
|
+
const authTimestamp = authDate.toISOString();
|
|
131
|
+
authDate.setMinutes(authDate.getMinutes() - 5);
|
|
132
|
+
const notBefore = authDate.toISOString();
|
|
133
|
+
authDate.setMinutes(authDate.getMinutes() + 10);
|
|
134
|
+
const notAfter = authDate.toISOString();
|
|
135
|
+
const nodes = {
|
|
136
|
+
'samlp:Response': {
|
|
137
|
+
'@xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',
|
|
138
|
+
'@Version': '2.0',
|
|
139
|
+
'@ID': randomId(),
|
|
140
|
+
'@Destination': acsUrl,
|
|
141
|
+
'@InResponseTo': requestId,
|
|
142
|
+
'@IssueInstant': authTimestamp,
|
|
143
|
+
'saml:Issuer': {
|
|
144
|
+
'@xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion',
|
|
145
|
+
'@Format': 'urn:oasis:names:tc:SAML:2.0:assertion',
|
|
146
|
+
'#text': issuer,
|
|
147
|
+
},
|
|
148
|
+
'samlp:Status': {
|
|
149
|
+
'samlp:StatusCode': {
|
|
150
|
+
'@Value': 'urn:oasis:names:tc:SAML:2.0:status:Success',
|
|
151
|
+
},
|
|
152
|
+
},
|
|
153
|
+
'saml:Assertion': {
|
|
154
|
+
'@xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion',
|
|
155
|
+
'@Version': '2.0',
|
|
156
|
+
'@ID': randomId(),
|
|
157
|
+
'@IssueInstant': authTimestamp,
|
|
158
|
+
'saml:Issuer': {
|
|
159
|
+
'#text': issuer,
|
|
160
|
+
},
|
|
161
|
+
'saml:Subject': {
|
|
162
|
+
'@xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion',
|
|
163
|
+
'saml:NameID': {
|
|
164
|
+
'@Format': 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
|
|
165
|
+
'#text': profile.claims.email,
|
|
166
|
+
},
|
|
167
|
+
'saml:SubjectConfirmation': {
|
|
168
|
+
'@Method': 'urn:oasis:names:tc:SAML:2.0:cm:bearer',
|
|
169
|
+
'saml:SubjectConfirmationData': {
|
|
170
|
+
'@Recipient': acsUrl,
|
|
171
|
+
'@NotOnOrAfter': notAfter,
|
|
172
|
+
'@InResponseTo': requestId,
|
|
173
|
+
},
|
|
174
|
+
},
|
|
175
|
+
},
|
|
176
|
+
'saml:Conditions': {
|
|
177
|
+
'@NotBefore': notBefore,
|
|
178
|
+
'@NotOnOrAfter': notAfter,
|
|
179
|
+
'saml:AudienceRestriction': {
|
|
180
|
+
'saml:Audience': {
|
|
181
|
+
'#text': audience,
|
|
182
|
+
},
|
|
183
|
+
},
|
|
184
|
+
},
|
|
185
|
+
'saml:AuthnStatement': {
|
|
186
|
+
'@AuthnInstant': authTimestamp,
|
|
187
|
+
'@SessionIndex': '_YIlFoNFzLMDYxdwf-T_BuimfkGa5qhKg',
|
|
188
|
+
'saml:AuthnContext': {
|
|
189
|
+
'saml:AuthnContextClassRef': {
|
|
190
|
+
'#text': 'urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified',
|
|
191
|
+
},
|
|
192
|
+
},
|
|
193
|
+
},
|
|
194
|
+
'saml:AttributeStatement': {
|
|
195
|
+
'@xmlns:xs': 'http://www.w3.org/2001/XMLSchema',
|
|
196
|
+
'@xmlns:xsi': 'http://www.w3.org/2001/XMLSchema-instance',
|
|
197
|
+
'saml:Attribute': Object.keys(profile.claims.raw).map((attributeName) => {
|
|
198
|
+
return {
|
|
199
|
+
'@Name': attributeName,
|
|
200
|
+
'@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
|
|
201
|
+
'saml:AttributeValue': {
|
|
202
|
+
'@xmlns:xs': 'http://www.w3.org/2001/XMLSchema',
|
|
203
|
+
'@xmlns:xsi': 'http://www.w3.org/2001/XMLSchema-instance',
|
|
204
|
+
'@xsi:type': 'xs:string',
|
|
205
|
+
'#text': profile.claims.raw[attributeName],
|
|
206
|
+
},
|
|
207
|
+
};
|
|
208
|
+
}),
|
|
209
|
+
},
|
|
210
|
+
},
|
|
211
|
+
},
|
|
212
|
+
};
|
|
213
|
+
const xml = xmlbuilder_1.default.create(nodes, { encoding: 'UTF-8' }).end();
|
|
214
|
+
return yield saml20_1.default.sign(xml, privateKey, publicKey, '/*[local-name(.)="Response" and namespace-uri(.)="urn:oasis:names:tc:SAML:2.0:protocol"]');
|
|
215
|
+
});
|
|
216
|
+
exports.createSAMLResponse = createSAMLResponse;
|
|
217
|
+
//# sourceMappingURL=lib.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"lib.js","sourceRoot":"","sources":["../../src/saml/lib.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,oDAA4B;AAC5B,oDAA4B;AAC5B,+BAAkC;AAClC,+BAAiC;AACjC,4DAAkC;AAClC,4DAAoC;AAGpC,4DAAoC;AAEpC,yDAAyD;AAClD,MAAM,6BAA6B,GAAG,CAC3C,eAAuB,EACvB,YAA4B,EAC5B,EAAE;IACF,MAAM,UAAU,GAAG,MAAM,gBAAI,CAAC,QAAQ,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;IAEtE,IAAI,UAAU,IAAI,UAAU,CAAC,MAAM,EAAE;QACnC,oHAAoH;QACpH,UAAU,CAAC,MAAM,GAAG,gBAAM,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAElD,+FAA+F;QAC/F,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,KAAK,EAAE;YACpD,UAAU,CAAC,MAAM,CAAC,EAAE,GAAG,gBAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;SAClG;KACF;IAED,OAAO,UAAU,CAAC;AACpB,CAAC,CAAA,CAAC;AAjBW,QAAA,6BAA6B,iCAiBxC;AAEK,MAAM,4BAA4B,GAAG,CAAO,WAAmB,EAAE,EAAE;IACxE,MAAM,aAAa,GAAG,MAAM,IAAA,oBAAY,EAAC,WAAW,EAAE,IAAI,CAAC,CAAC;IAC5D,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,aAAa,CAAC,CAAC;IAE7C,MAAM,SAAS,GAAW,MAAM,CAAC,oBAAoB,CAAC,CAAC,WAAW,CAAC;QACjE,CAAC,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC;QACjG,CAAC,CAAC,IAAI,CAAC;IAET,MAAM,UAAU,GAAG,MAAM,CAAC,oBAAoB,CAAC,CAAC,GAAG,CAAC,CAAC;IAErD,MAAM,EAAE,GAAW,UAAU,CAAC,EAAE,CAAC;IACjC,MAAM,YAAY,GAAW,UAAU,CAAC,YAAY,CAAC;IACrD,MAAM,MAAM,GAAW,UAAU,CAAC,2BAA2B,CAAC;IAC9D,MAAM,QAAQ,GAAW,MAAM,CAAC,oBAAoB,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;IAExE,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;KACzD;IAED,IAAI,CAAC,MAAM,EAAE;QACX,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;KACvD;IAED,OAAO;QACL,EAAE;QACF,MAAM;QACN,QAAQ;QACR,SAAS;QACT,YAAY;KACb,CAAC;AACJ,CAAC,CAAA,CAAC;AA9BW,QAAA,4BAA4B,gCA8BvC;AAEF,sBAAsB;AACf,MAAM,iBAAiB,GAAG,CAAO,EACtC,MAAM,EACN,QAAQ,EACR,QAAQ,GAKT,EAAmB,EAAE;IACpB,QAAQ,GAAG,gBAAI,CAAC,wBAAwB,CAAC,QAAQ,CAAC,CAAC;IAEnD,MAAM,KAAK,GAAG,IAAI,IAAI,EAAE,CAAC;IACzB,MAAM,KAAK,GAAG;QACZ,qBAAqB,EAAE;YACrB,WAAW,EAAE,sCAAsC;YACnD,WAAW,EAAE,QAAQ;YACrB,aAAa,EAAE,IAAI,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE;YAClF,qBAAqB,EAAE;gBACrB,0BAA0B,EAAE,KAAK;gBACjC,6BAA6B,EAAE,sCAAsC;gBACrE,kBAAkB,EAAE;oBAClB,MAAM,EAAE,SAAS;oBACjB,YAAY,EAAE;wBACZ,WAAW,EAAE,oCAAoC;wBACjD,aAAa,EAAE;4BACb,oBAAoB,EAAE;gCACpB,OAAO,EAAE,QAAQ;6BAClB;yBACF;qBACF;iBACF;gBACD,iBAAiB,EAAE;oBACjB,OAAO,EAAE,wDAAwD;iBAClE;gBACD,wBAAwB,EAAE;oBACxB;wBACE,UAAU,EAAE,oDAAoD;wBAChE,WAAW,EAAE,MAAM;qBACpB;oBACD;wBACE,UAAU,EAAE,gDAAgD;wBAC5D,WAAW,EAAE,MAAM;qBACpB;iBACF;aACF;SACF;KACF,CAAC;IAEF,OAAO,oBAAU,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;AAClG,CAAC,CAAA,CAAC;AAjDW,QAAA,iBAAiB,qBAiD5B;AAEF,2BAA2B;AACpB,MAAM,YAAY,GAAG,CAAO,MAAc,EAAE,UAAmB,EAAE,EAAE;IACxE,MAAM,eAAe,GAAG,IAAA,gBAAS,EAAC,iBAAU,CAAC,CAAC;IAE9C,OAAO,UAAU;QACf,CAAC,CAAC,CAAC,MAAM,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;QACnE,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;AAC/C,CAAC,CAAA,CAAC;AANW,QAAA,YAAY,gBAMvB;AAEF,YAAY;AACZ,MAAM,QAAQ,GAAG,CAAO,GAAW,EAAmC,EAAE;IACtE,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,gBAAM,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC,GAAiB,EAAE,MAAW,EAAE,EAAE;YACzD,IAAI,GAAG,EAAE;gBACP,MAAM,CAAC,GAAG,CAAC,CAAC;aACb;YAED,OAAO,CAAC,MAAM,CAAC,CAAC;QAClB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAA,CAAC;AAEF,MAAM,QAAQ,GAAG,GAAG,EAAE;IACpB,OAAO,GAAG,GAAG,gBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACtD,CAAC,CAAC;AAEF,mCAAmC;AAC5B,MAAM,kBAAkB,GAAG,CAAO,EACvC,QAAQ,EACR,MAAM,EACN,MAAM,EACN,OAAO,EACP,SAAS,EACT,UAAU,EACV,SAAS,GASV,EAAmB,EAAE;IACpB,MAAM,QAAQ,GAAG,IAAI,IAAI,EAAE,CAAC;IAC5B,MAAM,aAAa,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IAE7C,QAAQ,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC;IAC/C,MAAM,SAAS,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IAEzC,QAAQ,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC;IAChD,MAAM,QAAQ,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IAExC,MAAM,KAAK,GAAG;QACZ,gBAAgB,EAAE;YAChB,cAAc,EAAE,sCAAsC;YACtD,UAAU,EAAE,KAAK;YACjB,KAAK,EAAE,QAAQ,EAAE;YACjB,cAAc,EAAE,MAAM;YACtB,eAAe,EAAE,SAAS;YAC1B,eAAe,EAAE,aAAa;YAC9B,aAAa,EAAE;gBACb,aAAa,EAAE,uCAAuC;gBACtD,SAAS,EAAE,uCAAuC;gBAClD,OAAO,EAAE,MAAM;aAChB;YACD,cAAc,EAAE;gBACd,kBAAkB,EAAE;oBAClB,QAAQ,EAAE,4CAA4C;iBACvD;aACF;YACD,gBAAgB,EAAE;gBAChB,aAAa,EAAE,uCAAuC;gBACtD,UAAU,EAAE,KAAK;gBACjB,KAAK,EAAE,QAAQ,EAAE;gBACjB,eAAe,EAAE,aAAa;gBAC9B,aAAa,EAAE;oBACb,OAAO,EAAE,MAAM;iBAChB;gBACD,cAAc,EAAE;oBACd,aAAa,EAAE,uCAAuC;oBACtD,aAAa,EAAE;wBACb,SAAS,EAAE,wDAAwD;wBACnE,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK;qBAC9B;oBACD,0BAA0B,EAAE;wBAC1B,SAAS,EAAE,uCAAuC;wBAClD,8BAA8B,EAAE;4BAC9B,YAAY,EAAE,MAAM;4BACpB,eAAe,EAAE,QAAQ;4BACzB,eAAe,EAAE,SAAS;yBAC3B;qBACF;iBACF;gBACD,iBAAiB,EAAE;oBACjB,YAAY,EAAE,SAAS;oBACvB,eAAe,EAAE,QAAQ;oBACzB,0BAA0B,EAAE;wBAC1B,eAAe,EAAE;4BACf,OAAO,EAAE,QAAQ;yBAClB;qBACF;iBACF;gBACD,qBAAqB,EAAE;oBACrB,eAAe,EAAE,aAAa;oBAC9B,eAAe,EAAE,mCAAmC;oBACpD,mBAAmB,EAAE;wBACnB,2BAA2B,EAAE;4BAC3B,OAAO,EAAE,oDAAoD;yBAC9D;qBACF;iBACF;gBACD,yBAAyB,EAAE;oBACzB,WAAW,EAAE,kCAAkC;oBAC/C,YAAY,EAAE,2CAA2C;oBACzD,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,aAAa,EAAE,EAAE;wBACtE,OAAO;4BACL,OAAO,EAAE,aAAa;4BACtB,aAAa,EAAE,mDAAmD;4BAClE,qBAAqB,EAAE;gCACrB,WAAW,EAAE,kCAAkC;gCAC/C,YAAY,EAAE,2CAA2C;gCACzD,WAAW,EAAE,WAAW;gCACxB,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC;6BAC3C;yBACF,CAAC;oBACJ,CAAC,CAAC;iBACH;aACF;SACF;KACF,CAAC;IAEF,MAAM,GAAG,GAAG,oBAAU,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC;IAElE,OAAO,MAAM,gBAAI,CAAC,IAAI,CACpB,GAAG,EACH,UAAU,EACV,SAAS,EACT,0FAA0F,CAC3F,CAAC;AACJ,CAAC,CAAA,CAAC;AAjHW,QAAA,kBAAkB,sBAiH7B"}
|
package/dist/typings.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { type JWK } from 'jose';
|
|
2
|
+
export * from '../src/ee/federated-saml/types';
|
|
2
3
|
interface SSOConnection {
|
|
3
4
|
defaultRedirectUrl: string;
|
|
4
5
|
redirectUrl: string[] | string;
|
|
@@ -64,7 +65,14 @@ type TenantQuery = {
|
|
|
64
65
|
product: string;
|
|
65
66
|
strategy?: ConnectionType;
|
|
66
67
|
};
|
|
67
|
-
|
|
68
|
+
type TenantProduct = {
|
|
69
|
+
tenant: string;
|
|
70
|
+
product: string;
|
|
71
|
+
};
|
|
72
|
+
export type GetConnectionsQuery = ClientIDQuery | TenantQuery | {
|
|
73
|
+
entityId: string;
|
|
74
|
+
};
|
|
75
|
+
export type GetIDPEntityIDBody = TenantProduct;
|
|
68
76
|
export type DelConnectionsQuery = (ClientIDQuery & {
|
|
69
77
|
clientSecret: string;
|
|
70
78
|
}) | TenantQuery;
|
|
@@ -95,6 +103,7 @@ export interface IConnectionAPIController {
|
|
|
95
103
|
clientSecret: string;
|
|
96
104
|
}): Promise<void>;
|
|
97
105
|
getConnections(body: GetConnectionsQuery): Promise<Array<SAMLSSORecord | OIDCSSORecord>>;
|
|
106
|
+
getIDPEntityID(body: GetIDPEntityIDBody): string;
|
|
98
107
|
/**
|
|
99
108
|
* @deprecated Use `getConnections` instead.
|
|
100
109
|
*/
|
|
@@ -113,6 +122,7 @@ export interface IOAuthController {
|
|
|
113
122
|
samlResponse(body: SAMLResponsePayload): Promise<{
|
|
114
123
|
redirect_url?: string;
|
|
115
124
|
app_select_form?: string;
|
|
125
|
+
responseForm?: string;
|
|
116
126
|
}>;
|
|
117
127
|
oidcAuthzResponse(body: OIDCAuthzResponsePayload): Promise<{
|
|
118
128
|
redirect_url?: string;
|
|
@@ -245,7 +255,7 @@ export interface DatabaseDriver {
|
|
|
245
255
|
getByIndex(namespace: string, idx: Index): Promise<any>;
|
|
246
256
|
}
|
|
247
257
|
export interface Storable {
|
|
248
|
-
getAll(pageOffset?: number, pageLimit?: number): Promise<
|
|
258
|
+
getAll(pageOffset?: number, pageLimit?: number): Promise<any[]>;
|
|
249
259
|
get(key: string): Promise<any>;
|
|
250
260
|
put(key: string, val: any, ...indexes: Index[]): Promise<any>;
|
|
251
261
|
delete(key: string): Promise<any>;
|
|
@@ -295,6 +305,12 @@ export interface JacksonOption {
|
|
|
295
305
|
publicKey: string;
|
|
296
306
|
privateKey: string;
|
|
297
307
|
};
|
|
308
|
+
boxyhqLicenseKey?: string;
|
|
309
|
+
retraced?: {
|
|
310
|
+
host?: string;
|
|
311
|
+
adminToken?: string;
|
|
312
|
+
};
|
|
313
|
+
noAnalytics?: boolean;
|
|
298
314
|
}
|
|
299
315
|
export interface SLORequestParams {
|
|
300
316
|
nameId: string;
|
|
@@ -540,7 +556,10 @@ export interface IDirectoryGroups {
|
|
|
540
556
|
}
|
|
541
557
|
export interface IWebhookEventsLogger extends Base {
|
|
542
558
|
log(directory: Directory, event: DirectorySyncEvent): Promise<WebhookEventLog>;
|
|
543
|
-
getAll(
|
|
559
|
+
getAll({ pageOffset, pageLimit }: {
|
|
560
|
+
pageOffset?: number;
|
|
561
|
+
pageLimit?: number;
|
|
562
|
+
}): Promise<WebhookEventLog[]>;
|
|
544
563
|
get(id: string): Promise<WebhookEventLog>;
|
|
545
564
|
clear(): Promise<void>;
|
|
546
565
|
delete(id: string): Promise<void>;
|
|
@@ -605,4 +624,18 @@ export interface WebhookEventLog extends DirectorySyncEvent {
|
|
|
605
624
|
status_code?: number;
|
|
606
625
|
delivered?: boolean;
|
|
607
626
|
}
|
|
608
|
-
export {
|
|
627
|
+
export type SetupLinkCreatePayload = {
|
|
628
|
+
tenant: string;
|
|
629
|
+
product: string;
|
|
630
|
+
service: SetupLinkService;
|
|
631
|
+
regenerate?: boolean;
|
|
632
|
+
};
|
|
633
|
+
export type SetupLink = {
|
|
634
|
+
setupID: string;
|
|
635
|
+
tenant: string;
|
|
636
|
+
product: string;
|
|
637
|
+
url: string;
|
|
638
|
+
service: SetupLinkService;
|
|
639
|
+
validTill: number;
|
|
640
|
+
};
|
|
641
|
+
export type SetupLinkService = 'sso' | 'dsync';
|
package/dist/typings.js
CHANGED
|
@@ -1,6 +1,21 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
2
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
17
|
exports.DirectorySyncProviders = void 0;
|
|
18
|
+
__exportStar(require("../src/ee/federated-saml/types"), exports);
|
|
4
19
|
var DirectorySyncProviders;
|
|
5
20
|
(function (DirectorySyncProviders) {
|
|
6
21
|
DirectorySyncProviders["azure-scim-v2"] = "Azure SCIM v2.0";
|
package/dist/typings.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"typings.js","sourceRoot":"","sources":["../src/typings.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"typings.js","sourceRoot":"","sources":["../src/typings.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAEA,iEAA+C;AA0f/C,IAAY,sBAMX;AAND,WAAY,sBAAsB;IAChC,2DAAmC,CAAA;IACnC,iEAAyC,CAAA;IACzC,yDAAiC,CAAA;IACjC,8DAAsC,CAAA;IACtC,+DAAuC,CAAA;AACzC,CAAC,EANW,sBAAsB,GAAtB,8BAAsB,KAAtB,8BAAsB,QAMjC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@boxyhq/saml-jackson",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.5.0",
|
|
4
4
|
"description": "SAML Jackson library",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"SAML 2.0"
|
|
@@ -42,14 +42,15 @@
|
|
|
42
42
|
"dependencies": {
|
|
43
43
|
"@boxyhq/saml20": "1.1.0",
|
|
44
44
|
"@opentelemetry/api": "1.3.0",
|
|
45
|
-
"axios": "1.
|
|
46
|
-
"jose": "4.11.
|
|
47
|
-
"marked": "4.2.
|
|
48
|
-
"
|
|
45
|
+
"axios": "1.2.2",
|
|
46
|
+
"jose": "4.11.2",
|
|
47
|
+
"marked": "4.2.5",
|
|
48
|
+
"mixpanel": "0.17.0",
|
|
49
|
+
"mongodb": "4.13.0",
|
|
49
50
|
"mssql": "9.0.1",
|
|
50
51
|
"mysql2": "2.3.3",
|
|
51
52
|
"node-forge": "1.3.1",
|
|
52
|
-
"openid-client": "5.3.
|
|
53
|
+
"openid-client": "5.3.1",
|
|
53
54
|
"pg": "8.8.0",
|
|
54
55
|
"redis": "4.5.1",
|
|
55
56
|
"reflect-metadata": "0.1.13",
|
|
@@ -60,20 +61,20 @@
|
|
|
60
61
|
},
|
|
61
62
|
"devDependencies": {
|
|
62
63
|
"@faker-js/faker": "7.6.0",
|
|
63
|
-
"@types/node": "18.11.
|
|
64
|
+
"@types/node": "18.11.18",
|
|
64
65
|
"@types/sinon": "10.0.13",
|
|
65
66
|
"@types/tap": "15.0.7",
|
|
66
|
-
"@typescript-eslint/eslint-plugin": "5.
|
|
67
|
-
"@typescript-eslint/parser": "5.
|
|
67
|
+
"@typescript-eslint/eslint-plugin": "5.47.1",
|
|
68
|
+
"@typescript-eslint/parser": "5.47.1",
|
|
68
69
|
"cross-env": "7.0.3",
|
|
69
|
-
"eslint": "8.
|
|
70
|
+
"eslint": "8.31.0",
|
|
70
71
|
"eslint-config-prettier": "8.5.0",
|
|
71
|
-
"prettier": "2.8.
|
|
72
|
-
"sinon": "
|
|
72
|
+
"prettier": "2.8.1",
|
|
73
|
+
"sinon": "15.0.1",
|
|
73
74
|
"tap": "16.3.2",
|
|
74
75
|
"ts-node": "10.9.1",
|
|
75
|
-
"tsconfig-paths": "4.1.
|
|
76
|
-
"typescript": "4.9.
|
|
76
|
+
"tsconfig-paths": "4.1.2",
|
|
77
|
+
"typescript": "4.9.4"
|
|
77
78
|
},
|
|
78
79
|
"engines": {
|
|
79
80
|
"node": ">=14.18.1 <=18.x"
|