@boxyhq/saml-jackson 1.3.6 → 1.3.7
Sign up to get free protection for your applications and to get access to all the features.
- package/dist/controller/api.d.ts +14 -0
- package/dist/controller/api.js +14 -0
- package/dist/controller/connection/saml.js +26 -9
- package/dist/controller/oauth.js +3 -0
- package/dist/controller/utils.js +3 -2
- package/dist/db/redis.js +16 -9
- package/dist/loadConnection.js +2 -1
- package/dist/typings.d.ts +27 -23
- package/package.json +11 -11
package/dist/controller/api.d.ts
CHANGED
|
@@ -56,6 +56,11 @@ export declare class ConnectionAPIController implements IConnectionAPIController
|
|
|
56
56
|
* description: Raw XML metadata
|
|
57
57
|
* in: formData
|
|
58
58
|
* type: string
|
|
59
|
+
* metadataUrlParamPost:
|
|
60
|
+
* name: metadataUrl
|
|
61
|
+
* description: URL containing raw XML metadata
|
|
62
|
+
* in: formData
|
|
63
|
+
* type: string
|
|
59
64
|
* defaultRedirectUrlParamPost:
|
|
60
65
|
* name: defaultRedirectUrl
|
|
61
66
|
* description: The redirect URL to use in the IdP login flow
|
|
@@ -111,6 +116,7 @@ export declare class ConnectionAPIController implements IConnectionAPIController
|
|
|
111
116
|
* - $ref: '#/parameters/descriptionParamPost'
|
|
112
117
|
* - $ref: '#/parameters/encodedRawMetadataParamPost'
|
|
113
118
|
* - $ref: '#/parameters/rawMetadataParamPost'
|
|
119
|
+
* - $ref: '#/parameters/metadataUrlParamPost'
|
|
114
120
|
* - $ref: '#/parameters/defaultRedirectUrlParamPost'
|
|
115
121
|
* - $ref: '#/parameters/redirectUrlParamPost'
|
|
116
122
|
* - $ref: '#/parameters/tenantParamPost'
|
|
@@ -141,6 +147,7 @@ export declare class ConnectionAPIController implements IConnectionAPIController
|
|
|
141
147
|
* - $ref: '#/parameters/descriptionParamPost'
|
|
142
148
|
* - $ref: '#/parameters/encodedRawMetadataParamPost'
|
|
143
149
|
* - $ref: '#/parameters/rawMetadataParamPost'
|
|
150
|
+
* - $ref: '#/parameters/metadataUrlParamPost'
|
|
144
151
|
* - $ref: '#/parameters/defaultRedirectUrlParamPost'
|
|
145
152
|
* - $ref: '#/parameters/redirectUrlParamPost'
|
|
146
153
|
* - $ref: '#/parameters/tenantParamPost'
|
|
@@ -199,6 +206,11 @@ export declare class ConnectionAPIController implements IConnectionAPIController
|
|
|
199
206
|
* description: Raw XML metadata
|
|
200
207
|
* in: formData
|
|
201
208
|
* type: string
|
|
209
|
+
* metadataUrlParamPatch:
|
|
210
|
+
* name: metadataUrl
|
|
211
|
+
* description: URL containing raw XML metadata
|
|
212
|
+
* in: formData
|
|
213
|
+
* type: string
|
|
202
214
|
* oidcDiscoveryUrlPatch:
|
|
203
215
|
* name: oidcDiscoveryUrl
|
|
204
216
|
* description: well-known URL where the OpenID Provider configuration is exposed
|
|
@@ -252,6 +264,7 @@ export declare class ConnectionAPIController implements IConnectionAPIController
|
|
|
252
264
|
* - $ref: '#/parameters/descriptionParamPatch'
|
|
253
265
|
* - $ref: '#/parameters/encodedRawMetadataParamPatch'
|
|
254
266
|
* - $ref: '#/parameters/rawMetadataParamPatch'
|
|
267
|
+
* - $ref: '#/parameters/metadataUrlParamPatch'
|
|
255
268
|
* - $ref: '#/parameters/defaultRedirectUrlParamPatch'
|
|
256
269
|
* - $ref: '#/parameters/redirectUrlParamPatch'
|
|
257
270
|
* - $ref: '#/parameters/tenantParamPatch'
|
|
@@ -278,6 +291,7 @@ export declare class ConnectionAPIController implements IConnectionAPIController
|
|
|
278
291
|
* - $ref: '#/parameters/descriptionParamPatch'
|
|
279
292
|
* - $ref: '#/parameters/encodedRawMetadataParamPatch'
|
|
280
293
|
* - $ref: '#/parameters/rawMetadataParamPatch'
|
|
294
|
+
* - $ref: '#/parameters/metadataUrlParamPatch'
|
|
281
295
|
* - $ref: '#/parameters/oidcDiscoveryUrlPatch'
|
|
282
296
|
* - $ref: '#/parameters/oidcClientIdPatch'
|
|
283
297
|
* - $ref: '#/parameters/oidcClientSecretPatch'
|
package/dist/controller/api.js
CHANGED
|
@@ -97,6 +97,11 @@ class ConnectionAPIController {
|
|
|
97
97
|
* description: Raw XML metadata
|
|
98
98
|
* in: formData
|
|
99
99
|
* type: string
|
|
100
|
+
* metadataUrlParamPost:
|
|
101
|
+
* name: metadataUrl
|
|
102
|
+
* description: URL containing raw XML metadata
|
|
103
|
+
* in: formData
|
|
104
|
+
* type: string
|
|
100
105
|
* defaultRedirectUrlParamPost:
|
|
101
106
|
* name: defaultRedirectUrl
|
|
102
107
|
* description: The redirect URL to use in the IdP login flow
|
|
@@ -152,6 +157,7 @@ class ConnectionAPIController {
|
|
|
152
157
|
* - $ref: '#/parameters/descriptionParamPost'
|
|
153
158
|
* - $ref: '#/parameters/encodedRawMetadataParamPost'
|
|
154
159
|
* - $ref: '#/parameters/rawMetadataParamPost'
|
|
160
|
+
* - $ref: '#/parameters/metadataUrlParamPost'
|
|
155
161
|
* - $ref: '#/parameters/defaultRedirectUrlParamPost'
|
|
156
162
|
* - $ref: '#/parameters/redirectUrlParamPost'
|
|
157
163
|
* - $ref: '#/parameters/tenantParamPost'
|
|
@@ -182,6 +188,7 @@ class ConnectionAPIController {
|
|
|
182
188
|
* - $ref: '#/parameters/descriptionParamPost'
|
|
183
189
|
* - $ref: '#/parameters/encodedRawMetadataParamPost'
|
|
184
190
|
* - $ref: '#/parameters/rawMetadataParamPost'
|
|
191
|
+
* - $ref: '#/parameters/metadataUrlParamPost'
|
|
185
192
|
* - $ref: '#/parameters/defaultRedirectUrlParamPost'
|
|
186
193
|
* - $ref: '#/parameters/redirectUrlParamPost'
|
|
187
194
|
* - $ref: '#/parameters/tenantParamPost'
|
|
@@ -258,6 +265,11 @@ class ConnectionAPIController {
|
|
|
258
265
|
* description: Raw XML metadata
|
|
259
266
|
* in: formData
|
|
260
267
|
* type: string
|
|
268
|
+
* metadataUrlParamPatch:
|
|
269
|
+
* name: metadataUrl
|
|
270
|
+
* description: URL containing raw XML metadata
|
|
271
|
+
* in: formData
|
|
272
|
+
* type: string
|
|
261
273
|
* oidcDiscoveryUrlPatch:
|
|
262
274
|
* name: oidcDiscoveryUrl
|
|
263
275
|
* description: well-known URL where the OpenID Provider configuration is exposed
|
|
@@ -311,6 +323,7 @@ class ConnectionAPIController {
|
|
|
311
323
|
* - $ref: '#/parameters/descriptionParamPatch'
|
|
312
324
|
* - $ref: '#/parameters/encodedRawMetadataParamPatch'
|
|
313
325
|
* - $ref: '#/parameters/rawMetadataParamPatch'
|
|
326
|
+
* - $ref: '#/parameters/metadataUrlParamPatch'
|
|
314
327
|
* - $ref: '#/parameters/defaultRedirectUrlParamPatch'
|
|
315
328
|
* - $ref: '#/parameters/redirectUrlParamPatch'
|
|
316
329
|
* - $ref: '#/parameters/tenantParamPatch'
|
|
@@ -337,6 +350,7 @@ class ConnectionAPIController {
|
|
|
337
350
|
* - $ref: '#/parameters/descriptionParamPatch'
|
|
338
351
|
* - $ref: '#/parameters/encodedRawMetadataParamPatch'
|
|
339
352
|
* - $ref: '#/parameters/rawMetadataParamPatch'
|
|
353
|
+
* - $ref: '#/parameters/metadataUrlParamPatch'
|
|
340
354
|
* - $ref: '#/parameters/oidcDiscoveryUrlPatch'
|
|
341
355
|
* - $ref: '#/parameters/oidcClientIdPatch'
|
|
342
356
|
* - $ref: '#/parameters/oidcClientSecretPatch'
|
|
@@ -51,9 +51,23 @@ const dbutils = __importStar(require("../../db/utils"));
|
|
|
51
51
|
const utils_1 = require("../utils");
|
|
52
52
|
const saml20_1 = __importDefault(require("@boxyhq/saml20"));
|
|
53
53
|
const error_1 = require("../error");
|
|
54
|
+
const axios_1 = __importDefault(require("axios"));
|
|
55
|
+
function fetchMetadata(resource) {
|
|
56
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
57
|
+
const response = yield (0, axios_1.default)(resource, {
|
|
58
|
+
maxContentLength: 1000000,
|
|
59
|
+
maxBodyLength: 1000000,
|
|
60
|
+
timeout: 8000,
|
|
61
|
+
}).catch((error) => {
|
|
62
|
+
var _a;
|
|
63
|
+
throw new error_1.JacksonError("Couldn't fetch XML data", ((_a = error.response) === null || _a === void 0 ? void 0 : _a.status) || 400);
|
|
64
|
+
});
|
|
65
|
+
return response.data;
|
|
66
|
+
});
|
|
67
|
+
}
|
|
54
68
|
const saml = {
|
|
55
69
|
create: (body, connectionStore) => __awaiter(void 0, void 0, void 0, function* () {
|
|
56
|
-
const { encodedRawMetadata, rawMetadata, defaultRedirectUrl, redirectUrl, tenant, product, name, description, } = body;
|
|
70
|
+
const { encodedRawMetadata, rawMetadata, defaultRedirectUrl, redirectUrl, tenant, product, name, description, metadataUrl, } = body;
|
|
57
71
|
const forceAuthn = body.forceAuthn == 'true' || body.forceAuthn == true;
|
|
58
72
|
let connectionClientSecret;
|
|
59
73
|
(0, utils_1.validateSSOConnection)(body, 'saml');
|
|
@@ -69,12 +83,14 @@ const saml = {
|
|
|
69
83
|
clientID: '',
|
|
70
84
|
clientSecret: '',
|
|
71
85
|
forceAuthn,
|
|
86
|
+
metadataUrl,
|
|
72
87
|
};
|
|
73
|
-
let
|
|
88
|
+
let metadata = rawMetadata;
|
|
74
89
|
if (encodedRawMetadata) {
|
|
75
|
-
|
|
90
|
+
metadata = Buffer.from(encodedRawMetadata, 'base64').toString();
|
|
76
91
|
}
|
|
77
|
-
|
|
92
|
+
metadata = metadataUrl ? yield fetchMetadata(metadataUrl) : metadata;
|
|
93
|
+
const idpMetadata = (yield saml20_1.default.parseMetadata(metadata, {}));
|
|
78
94
|
if (!idpMetadata.entityID) {
|
|
79
95
|
throw new error_1.JacksonError("Couldn't parse EntityID from SAML metadata", 400);
|
|
80
96
|
}
|
|
@@ -107,7 +123,7 @@ const saml = {
|
|
|
107
123
|
update: (body, connectionStore, connectionsGetter) => __awaiter(void 0, void 0, void 0, function* () {
|
|
108
124
|
const { encodedRawMetadata, // could be empty
|
|
109
125
|
rawMetadata, // could be empty
|
|
110
|
-
defaultRedirectUrl, redirectUrl, name, description, forceAuthn = false } = body, clientInfo = __rest(body, ["encodedRawMetadata", "rawMetadata", "defaultRedirectUrl", "redirectUrl", "name", "description", "forceAuthn"]);
|
|
126
|
+
defaultRedirectUrl, redirectUrl, name, description, forceAuthn = false, metadataUrl } = body, clientInfo = __rest(body, ["encodedRawMetadata", "rawMetadata", "defaultRedirectUrl", "redirectUrl", "name", "description", "forceAuthn", "metadataUrl"]);
|
|
111
127
|
if (!(clientInfo === null || clientInfo === void 0 ? void 0 : clientInfo.clientID)) {
|
|
112
128
|
throw new error_1.JacksonError('Please provide clientID', 400);
|
|
113
129
|
}
|
|
@@ -129,13 +145,14 @@ const saml = {
|
|
|
129
145
|
if (_savedConnection.clientSecret !== (clientInfo === null || clientInfo === void 0 ? void 0 : clientInfo.clientSecret)) {
|
|
130
146
|
throw new error_1.JacksonError('clientSecret mismatch', 400);
|
|
131
147
|
}
|
|
132
|
-
let
|
|
148
|
+
let metadata = rawMetadata;
|
|
133
149
|
if (encodedRawMetadata) {
|
|
134
|
-
|
|
150
|
+
metadata = Buffer.from(encodedRawMetadata, 'base64').toString();
|
|
135
151
|
}
|
|
152
|
+
metadata = metadataUrl ? yield fetchMetadata(metadataUrl) : metadata;
|
|
136
153
|
let newMetadata;
|
|
137
|
-
if (
|
|
138
|
-
newMetadata = yield saml20_1.default.parseMetadata(
|
|
154
|
+
if (metadata) {
|
|
155
|
+
newMetadata = yield saml20_1.default.parseMetadata(metadata, {});
|
|
139
156
|
if (!newMetadata.entityID) {
|
|
140
157
|
throw new error_1.JacksonError("Couldn't parse EntityID from SAML metadata", 400);
|
|
141
158
|
}
|
package/dist/controller/oauth.js
CHANGED
|
@@ -61,6 +61,8 @@ const validateSAMLResponse = (rawResponse, validateOpts) => __awaiter(void 0, vo
|
|
|
61
61
|
if (!profile.claims.id && profile.claims.email) {
|
|
62
62
|
profile.claims.id = crypto_1.default.createHash('sha256').update(profile.claims.email).digest('hex');
|
|
63
63
|
}
|
|
64
|
+
// we'll send a ripemd160 hash of the id, this can be used in the case of email missing it can be used as the local part
|
|
65
|
+
profile.claims.idHash = dbutils.keyDigest(profile.claims.id);
|
|
64
66
|
}
|
|
65
67
|
return profile;
|
|
66
68
|
});
|
|
@@ -604,6 +606,7 @@ class OAuthController {
|
|
|
604
606
|
const idTokenClaims = tokenSet.claims();
|
|
605
607
|
const userinfo = yield oidcClient.userinfo(tokenSet);
|
|
606
608
|
profile.claims.id = idTokenClaims.sub;
|
|
609
|
+
profile.claims.idHash = dbutils.keyDigest(idTokenClaims.sub);
|
|
607
610
|
profile.claims.email = (_a = idTokenClaims.email) !== null && _a !== void 0 ? _a : userinfo.email;
|
|
608
611
|
profile.claims.firstName = (_b = idTokenClaims.given_name) !== null && _b !== void 0 ? _b : userinfo.given_name;
|
|
609
612
|
profile.claims.lastName = (_c = idTokenClaims.family_name) !== null && _c !== void 0 ? _c : userinfo.family_name;
|
package/dist/controller/utils.js
CHANGED
|
@@ -128,12 +128,13 @@ const validateSSOConnection = (body, strategy) => {
|
|
|
128
128
|
const oidcDiscoveryUrl = 'oidcDiscoveryUrl' in body ? body.oidcDiscoveryUrl : undefined;
|
|
129
129
|
const oidcClientId = 'oidcClientId' in body ? body.oidcClientId : undefined;
|
|
130
130
|
const oidcClientSecret = 'oidcClientSecret' in body ? body.oidcClientSecret : undefined;
|
|
131
|
+
const metadataUrl = 'metadataUrl' in body ? body.metadataUrl : undefined;
|
|
131
132
|
if (strategy !== 'saml' && strategy !== 'oidc') {
|
|
132
133
|
throw new error_1.JacksonError(`Strategy: ${strategy} not supported`, 400);
|
|
133
134
|
}
|
|
134
135
|
if (strategy === 'saml') {
|
|
135
|
-
if (!rawMetadata && !encodedRawMetadata) {
|
|
136
|
-
throw new error_1.JacksonError('Please provide rawMetadata or encodedRawMetadata', 400);
|
|
136
|
+
if (!rawMetadata && !encodedRawMetadata && !metadataUrl) {
|
|
137
|
+
throw new error_1.JacksonError('Please provide rawMetadata or encodedRawMetadata or metadataUrl', 400);
|
|
137
138
|
}
|
|
138
139
|
}
|
|
139
140
|
if (strategy === 'oidc') {
|
package/dist/db/redis.js
CHANGED
|
@@ -69,7 +69,7 @@ class Redis {
|
|
|
69
69
|
});
|
|
70
70
|
}
|
|
71
71
|
getAll(namespace, pageOffset, pageLimit) {
|
|
72
|
-
var e_1,
|
|
72
|
+
var _a, e_1, _b, _c;
|
|
73
73
|
return __awaiter(this, void 0, void 0, function* () {
|
|
74
74
|
const offsetAndLimitValueCheck = !dbutils.isNumeric(pageOffset) && !dbutils.isNumeric(pageLimit);
|
|
75
75
|
let take = Number(offsetAndLimitValueCheck ? this.options.pageLimit : pageLimit);
|
|
@@ -79,21 +79,28 @@ class Redis {
|
|
|
79
79
|
let count = 0;
|
|
80
80
|
take += skip;
|
|
81
81
|
try {
|
|
82
|
-
for (var
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
82
|
+
for (var _d = true, _e = __asyncValues(this.client.zScanIterator(dbutils.keyFromParts(dbutils.createdAtPrefix, namespace), Math.min(take, 1000))), _f; _f = yield _e.next(), _a = _f.done, !_a;) {
|
|
83
|
+
_c = _f.value;
|
|
84
|
+
_d = false;
|
|
85
|
+
try {
|
|
86
|
+
const { score, value } = _c;
|
|
87
|
+
if (count >= take) {
|
|
88
|
+
break;
|
|
89
|
+
}
|
|
90
|
+
if (count >= skip) {
|
|
91
|
+
keyArray.push(dbutils.keyFromParts(namespace, value));
|
|
92
|
+
}
|
|
93
|
+
count++;
|
|
86
94
|
}
|
|
87
|
-
|
|
88
|
-
|
|
95
|
+
finally {
|
|
96
|
+
_d = true;
|
|
89
97
|
}
|
|
90
|
-
count++;
|
|
91
98
|
}
|
|
92
99
|
}
|
|
93
100
|
catch (e_1_1) { e_1 = { error: e_1_1 }; }
|
|
94
101
|
finally {
|
|
95
102
|
try {
|
|
96
|
-
if (
|
|
103
|
+
if (!_d && !_a && (_b = _e.return)) yield _b.call(_e);
|
|
97
104
|
}
|
|
98
105
|
finally { if (e_1) throw e_1.error; }
|
|
99
106
|
}
|
package/dist/loadConnection.js
CHANGED
|
@@ -36,6 +36,7 @@ const fs = __importStar(require("fs"));
|
|
|
36
36
|
const path = __importStar(require("path"));
|
|
37
37
|
const url = __importStar(require("url"));
|
|
38
38
|
const loadConnection = (preLoadedConnection) => __awaiter(void 0, void 0, void 0, function* () {
|
|
39
|
+
var _a;
|
|
39
40
|
if (preLoadedConnection.startsWith('./')) {
|
|
40
41
|
preLoadedConnection = path.resolve(process.cwd(), preLoadedConnection);
|
|
41
42
|
}
|
|
@@ -49,7 +50,7 @@ const loadConnection = (preLoadedConnection) => __awaiter(void 0, void 0, void 0
|
|
|
49
50
|
if (file.endsWith('.js')) {
|
|
50
51
|
const filePath = path.join(preLoadedConnection, file);
|
|
51
52
|
const fileUrl = preLoadedConnection.startsWith('/') ? filePath : url.pathToFileURL(filePath).toString();
|
|
52
|
-
const { default: connection, } = yield Promise.resolve().then(() => __importStar(require(
|
|
53
|
+
const { default: connection, } = yield (_a = fileUrl, Promise.resolve().then(() => __importStar(require(_a))));
|
|
53
54
|
if (!('oidcDiscoveryUrl' in connection)) {
|
|
54
55
|
const rawMetadata = yield fs.promises.readFile(path.join(preLoadedConnection, path.parse(file).name + '.xml'), 'utf8');
|
|
55
56
|
connection.encodedRawMetadata = Buffer.from(rawMetadata, 'utf8').toString('base64');
|
package/dist/typings.d.ts
CHANGED
|
@@ -13,10 +13,12 @@ export interface SAMLSSOConnection extends SSOConnection {
|
|
|
13
13
|
export interface SAMLSSOConnectionWithRawMetadata extends SAMLSSOConnection {
|
|
14
14
|
rawMetadata: string;
|
|
15
15
|
encodedRawMetadata?: never;
|
|
16
|
+
metadataUrl?: string;
|
|
16
17
|
}
|
|
17
18
|
export interface SAMLSSOConnectionWithEncodedMetadata extends SAMLSSOConnection {
|
|
18
19
|
rawMetadata?: never;
|
|
19
20
|
encodedRawMetadata: string;
|
|
21
|
+
metadataUrl?: string;
|
|
20
22
|
}
|
|
21
23
|
export interface OIDCSSOConnection extends SSOConnection {
|
|
22
24
|
oidcDiscoveryUrl: string;
|
|
@@ -26,6 +28,7 @@ export interface OIDCSSOConnection extends SSOConnection {
|
|
|
26
28
|
export interface SAMLSSORecord extends SAMLSSOConnection {
|
|
27
29
|
clientID: string;
|
|
28
30
|
clientSecret: string;
|
|
31
|
+
metadataUrl?: string;
|
|
29
32
|
idpMetadata: {
|
|
30
33
|
entityID: string;
|
|
31
34
|
loginType?: string;
|
|
@@ -52,21 +55,21 @@ export interface OIDCSSORecord extends SSOConnection {
|
|
|
52
55
|
clientSecret?: string;
|
|
53
56
|
};
|
|
54
57
|
}
|
|
55
|
-
export
|
|
56
|
-
|
|
58
|
+
export type ConnectionType = 'saml' | 'oidc';
|
|
59
|
+
type ClientIDQuery = {
|
|
57
60
|
clientID: string;
|
|
58
61
|
};
|
|
59
|
-
|
|
62
|
+
type TenantQuery = {
|
|
60
63
|
tenant: string;
|
|
61
64
|
product: string;
|
|
62
65
|
strategy?: ConnectionType;
|
|
63
66
|
};
|
|
64
|
-
export
|
|
65
|
-
export
|
|
67
|
+
export type GetConnectionsQuery = ClientIDQuery | TenantQuery;
|
|
68
|
+
export type DelConnectionsQuery = (ClientIDQuery & {
|
|
66
69
|
clientSecret: string;
|
|
67
70
|
}) | TenantQuery;
|
|
68
|
-
export
|
|
69
|
-
export
|
|
71
|
+
export type GetConfigQuery = ClientIDQuery | Omit<TenantQuery, 'strategy'>;
|
|
72
|
+
export type DelConfigQuery = (ClientIDQuery & {
|
|
70
73
|
clientSecret: string;
|
|
71
74
|
}) | Omit<TenantQuery, 'strategy'>;
|
|
72
75
|
export interface IConnectionAPIController {
|
|
@@ -177,7 +180,7 @@ export interface OAuthReqBodyWithResource extends OAuthReqBody {
|
|
|
177
180
|
client_id: 'dummy';
|
|
178
181
|
resource: string;
|
|
179
182
|
}
|
|
180
|
-
export
|
|
183
|
+
export type OAuthReq = OAuthReqBodyWithClientId | OAuthReqBodyWithTenantProduct | OAuthReqBodyWithAccessType | OAuthReqBodyWithResource;
|
|
181
184
|
export interface SAMLResponsePayload {
|
|
182
185
|
SAMLResponse: string;
|
|
183
186
|
RelayState: string;
|
|
@@ -195,7 +198,7 @@ interface OIDCAuthzResponseError {
|
|
|
195
198
|
error: OAuthErrorHandlerParams['error'] | OIDCErrorCodes;
|
|
196
199
|
error_description?: string;
|
|
197
200
|
}
|
|
198
|
-
export
|
|
201
|
+
export type OIDCAuthzResponsePayload = OIDCAuthzResponseSuccess | OIDCAuthzResponseError;
|
|
199
202
|
interface OAuthTokenReqBody {
|
|
200
203
|
code: string;
|
|
201
204
|
grant_type: 'authorization_code';
|
|
@@ -211,7 +214,7 @@ export interface OAuthTokenReqWithCredentials extends OAuthTokenReqBody {
|
|
|
211
214
|
client_id: string;
|
|
212
215
|
client_secret: string;
|
|
213
216
|
}
|
|
214
|
-
export
|
|
217
|
+
export type OAuthTokenReq = OAuthTokenReqWithCodeVerifier | OAuthTokenReqWithCredentials;
|
|
215
218
|
export interface OAuthTokenRes {
|
|
216
219
|
access_token: string;
|
|
217
220
|
id_token?: string;
|
|
@@ -220,6 +223,7 @@ export interface OAuthTokenRes {
|
|
|
220
223
|
}
|
|
221
224
|
export interface Profile {
|
|
222
225
|
id: string;
|
|
226
|
+
idHash: string;
|
|
223
227
|
sub?: string;
|
|
224
228
|
email: string;
|
|
225
229
|
firstName: string;
|
|
@@ -255,9 +259,9 @@ export interface Encrypted {
|
|
|
255
259
|
tag?: string;
|
|
256
260
|
value: string;
|
|
257
261
|
}
|
|
258
|
-
export
|
|
259
|
-
export
|
|
260
|
-
export
|
|
262
|
+
export type EncryptionKey = any;
|
|
263
|
+
export type DatabaseEngine = 'redis' | 'sql' | 'mongo' | 'mem' | 'planetscale';
|
|
264
|
+
export type DatabaseType = 'postgres' | 'mysql' | 'mariadb' | 'mssql';
|
|
261
265
|
export interface DatabaseOption {
|
|
262
266
|
engine?: DatabaseEngine;
|
|
263
267
|
url?: string;
|
|
@@ -318,7 +322,7 @@ export interface OAuthErrorHandlerParams {
|
|
|
318
322
|
redirect_uri: string;
|
|
319
323
|
state?: string;
|
|
320
324
|
}
|
|
321
|
-
export
|
|
325
|
+
export type OIDCErrorCodes = 'interaction_required' | 'login_required' | 'account_selection_required' | 'consent_required' | 'invalid_request_uri' | 'invalid_request_object' | 'request_not_supported' | 'request_uri_not_supported' | 'registration_not_supported';
|
|
322
326
|
export interface ISPSAMLConfig {
|
|
323
327
|
get(): Promise<{
|
|
324
328
|
acsUrl: string;
|
|
@@ -332,7 +336,7 @@ export interface ISPSAMLConfig {
|
|
|
332
336
|
toMarkdown(): string;
|
|
333
337
|
toHTML(): string;
|
|
334
338
|
}
|
|
335
|
-
export
|
|
339
|
+
export type DirectorySyncEventType = 'user.created' | 'user.updated' | 'user.deleted' | 'group.created' | 'group.updated' | 'group.deleted' | 'group.user_added' | 'group.user_removed';
|
|
336
340
|
export interface Base {
|
|
337
341
|
store(type: 'groups' | 'members' | 'users'): Storable;
|
|
338
342
|
setTenant(tenant: string): this;
|
|
@@ -425,7 +429,7 @@ export interface Groups extends Base {
|
|
|
425
429
|
error: ApiError | null;
|
|
426
430
|
}>;
|
|
427
431
|
}
|
|
428
|
-
export
|
|
432
|
+
export type User = {
|
|
429
433
|
id: string;
|
|
430
434
|
email: string;
|
|
431
435
|
first_name: string;
|
|
@@ -433,7 +437,7 @@ export declare type User = {
|
|
|
433
437
|
active: boolean;
|
|
434
438
|
raw?: any;
|
|
435
439
|
};
|
|
436
|
-
export
|
|
440
|
+
export type Group = {
|
|
437
441
|
id: string;
|
|
438
442
|
name: string;
|
|
439
443
|
raw?: any;
|
|
@@ -445,9 +449,9 @@ export declare enum DirectorySyncProviders {
|
|
|
445
449
|
'jumpcloud-scim-v2' = "JumpCloud v2.0",
|
|
446
450
|
'generic-scim-v2' = "SCIM Generic v2.0"
|
|
447
451
|
}
|
|
448
|
-
export
|
|
449
|
-
export
|
|
450
|
-
export
|
|
452
|
+
export type DirectoryType = keyof typeof DirectorySyncProviders;
|
|
453
|
+
export type HTTPMethod = 'POST' | 'PUT' | 'DELETE' | 'GET' | 'PATCH';
|
|
454
|
+
export type Directory = {
|
|
451
455
|
id: string;
|
|
452
456
|
name: string;
|
|
453
457
|
tenant: string;
|
|
@@ -464,7 +468,7 @@ export declare type Directory = {
|
|
|
464
468
|
secret: string;
|
|
465
469
|
};
|
|
466
470
|
};
|
|
467
|
-
export
|
|
471
|
+
export type DirectorySyncGroupMember = {
|
|
468
472
|
value: string;
|
|
469
473
|
email?: string;
|
|
470
474
|
};
|
|
@@ -537,7 +541,7 @@ export interface IWebhookEventsLogger extends Base {
|
|
|
537
541
|
delete(id: string): Promise<void>;
|
|
538
542
|
updateStatus(log: WebhookEventLog, statusCode: number): Promise<WebhookEventLog>;
|
|
539
543
|
}
|
|
540
|
-
export
|
|
544
|
+
export type DirectorySyncResponse = {
|
|
541
545
|
status: number;
|
|
542
546
|
data?: any;
|
|
543
547
|
};
|
|
@@ -560,7 +564,7 @@ export interface DirectorySyncRequest {
|
|
|
560
564
|
filter?: string;
|
|
561
565
|
};
|
|
562
566
|
}
|
|
563
|
-
export
|
|
567
|
+
export type DirectorySync = {
|
|
564
568
|
requests: DirectorySyncRequestHandler;
|
|
565
569
|
directories: DirectoryConfig;
|
|
566
570
|
groups: Groups;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@boxyhq/saml-jackson",
|
|
3
|
-
"version": "1.3.
|
|
3
|
+
"version": "1.3.7",
|
|
4
4
|
"description": "SAML Jackson library",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"SAML 2.0"
|
|
@@ -40,19 +40,19 @@
|
|
|
40
40
|
"statements": 70
|
|
41
41
|
},
|
|
42
42
|
"dependencies": {
|
|
43
|
-
"@boxyhq/saml20": "1.0.
|
|
43
|
+
"@boxyhq/saml20": "1.0.14",
|
|
44
44
|
"@opentelemetry/api": "1.0.4",
|
|
45
45
|
"@opentelemetry/api-metrics": "0.27.0",
|
|
46
46
|
"axios": "1.1.3",
|
|
47
|
-
"jose": "4.
|
|
48
|
-
"marked": "4.2.
|
|
47
|
+
"jose": "4.11.0",
|
|
48
|
+
"marked": "4.2.3",
|
|
49
49
|
"mongodb": "4.11.0",
|
|
50
50
|
"mssql": "9.0.1",
|
|
51
51
|
"mysql2": "2.3.3",
|
|
52
52
|
"node-forge": "1.3.1",
|
|
53
|
-
"openid-client": "5.
|
|
53
|
+
"openid-client": "5.3.0",
|
|
54
54
|
"pg": "8.8.0",
|
|
55
|
-
"redis": "4.
|
|
55
|
+
"redis": "4.5.0",
|
|
56
56
|
"reflect-metadata": "0.1.13",
|
|
57
57
|
"ripemd160": "2.0.2",
|
|
58
58
|
"typeorm": "0.3.10",
|
|
@@ -64,17 +64,17 @@
|
|
|
64
64
|
"@types/node": "18.11.9",
|
|
65
65
|
"@types/sinon": "10.0.13",
|
|
66
66
|
"@types/tap": "15.0.7",
|
|
67
|
-
"@typescript-eslint/eslint-plugin": "5.
|
|
68
|
-
"@typescript-eslint/parser": "5.42.
|
|
67
|
+
"@typescript-eslint/eslint-plugin": "5.43.0",
|
|
68
|
+
"@typescript-eslint/parser": "5.42.1",
|
|
69
69
|
"cross-env": "7.0.3",
|
|
70
|
-
"eslint": "8.
|
|
70
|
+
"eslint": "8.28.0",
|
|
71
71
|
"eslint-config-prettier": "8.5.0",
|
|
72
72
|
"prettier": "2.7.1",
|
|
73
|
-
"sinon": "14.0.
|
|
73
|
+
"sinon": "14.0.2",
|
|
74
74
|
"tap": "16.3.0",
|
|
75
75
|
"ts-node": "10.9.1",
|
|
76
76
|
"tsconfig-paths": "4.1.0",
|
|
77
|
-
"typescript": "4.
|
|
77
|
+
"typescript": "4.9.3"
|
|
78
78
|
},
|
|
79
79
|
"engines": {
|
|
80
80
|
"node": ">=14.18.1 <=18.x"
|