@boxyhq/saml-jackson 1.33.1-beta.1 → 1.34.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/typings.d.ts +1 -1
- package/package.json +1 -1
- package/dist/controller/oauth/oidc-issuer.d.ts +0 -2
- package/dist/controller/oauth/oidc-issuer.js +0 -25
- package/dist/controller/oauth/oidc-issuer.js.map +0 -1
- package/dist/src/controller/admin.d.ts +0 -27
- package/dist/src/controller/admin.js +0 -60
- package/dist/src/controller/admin.js.map +0 -1
- package/dist/src/controller/analytics.d.ts +0 -16
- package/dist/src/controller/analytics.js +0 -79
- package/dist/src/controller/analytics.js.map +0 -1
- package/dist/src/controller/api.d.ts +0 -557
- package/dist/src/controller/api.js +0 -806
- package/dist/src/controller/api.js.map +0 -1
- package/dist/src/controller/connection/oidc.d.ts +0 -7
- package/dist/src/controller/connection/oidc.js +0 -181
- package/dist/src/controller/connection/oidc.js.map +0 -1
- package/dist/src/controller/connection/saml.d.ts +0 -7
- package/dist/src/controller/connection/saml.js +0 -250
- package/dist/src/controller/connection/saml.js.map +0 -1
- package/dist/src/controller/error.d.ts +0 -10
- package/dist/src/controller/error.js +0 -13
- package/dist/src/controller/error.js.map +0 -1
- package/dist/src/controller/health-check.d.ts +0 -11
- package/dist/src/controller/health-check.js +0 -51
- package/dist/src/controller/health-check.js.map +0 -1
- package/dist/src/controller/logout.d.ts +0 -18
- package/dist/src/controller/logout.js +0 -132
- package/dist/src/controller/logout.js.map +0 -1
- package/dist/src/controller/oauth/allowed.d.ts +0 -1
- package/dist/src/controller/oauth/allowed.js +0 -30
- package/dist/src/controller/oauth/allowed.js.map +0 -1
- package/dist/src/controller/oauth/code-verifier.d.ts +0 -1
- package/dist/src/controller/oauth/code-verifier.js +0 -8
- package/dist/src/controller/oauth/code-verifier.js.map +0 -1
- package/dist/src/controller/oauth/oidc-client.d.ts +0 -12
- package/dist/src/controller/oauth/oidc-client.js +0 -89
- package/dist/src/controller/oauth/oidc-client.js.map +0 -1
- package/dist/src/controller/oauth/redirect.d.ts +0 -1
- package/dist/src/controller/oauth/redirect.js +0 -13
- package/dist/src/controller/oauth/redirect.js.map +0 -1
- package/dist/src/controller/oauth.d.ts +0 -142
- package/dist/src/controller/oauth.js +0 -1112
- package/dist/src/controller/oauth.js.map +0 -1
- package/dist/src/controller/oidc-discovery.d.ts +0 -22
- package/dist/src/controller/oidc-discovery.js +0 -47
- package/dist/src/controller/oidc-discovery.js.map +0 -1
- package/dist/src/controller/setup-link.d.ts +0 -307
- package/dist/src/controller/setup-link.js +0 -462
- package/dist/src/controller/setup-link.js.map +0 -1
- package/dist/src/controller/sp-config.d.ts +0 -22
- package/dist/src/controller/sp-config.js +0 -89
- package/dist/src/controller/sp-config.js.map +0 -1
- package/dist/src/controller/sso-handler.d.ts +0 -66
- package/dist/src/controller/sso-handler.js +0 -306
- package/dist/src/controller/sso-handler.js.map +0 -1
- package/dist/src/controller/utils.d.ts +0 -84
- package/dist/src/controller/utils.js +0 -328
- package/dist/src/controller/utils.js.map +0 -1
- package/dist/src/cron/lock.d.ts +0 -18
- package/dist/src/cron/lock.js +0 -98
- package/dist/src/cron/lock.js.map +0 -1
- package/dist/src/db/db.d.ts +0 -5
- package/dist/src/db/db.js +0 -178
- package/dist/src/db/db.js.map +0 -1
- package/dist/src/db/defaultDb.d.ts +0 -2
- package/dist/src/db/defaultDb.js +0 -18
- package/dist/src/db/defaultDb.js.map +0 -1
- package/dist/src/db/dynamoDb.d.ts +0 -19
- package/dist/src/db/dynamoDb.js +0 -320
- package/dist/src/db/dynamoDb.js.map +0 -1
- package/dist/src/db/encrypter.d.ts +0 -3
- package/dist/src/db/encrypter.js +0 -22
- package/dist/src/db/encrypter.js.map +0 -1
- package/dist/src/db/mem.d.ts +0 -23
- package/dist/src/db/mem.js +0 -186
- package/dist/src/db/mem.js.map +0 -1
- package/dist/src/db/mongo.d.ts +0 -22
- package/dist/src/db/mongo.js +0 -177
- package/dist/src/db/mongo.js.map +0 -1
- package/dist/src/db/planetscale/entity/JacksonIndex.d.ts +0 -5
- package/dist/src/db/planetscale/entity/JacksonIndex.js +0 -32
- package/dist/src/db/planetscale/entity/JacksonIndex.js.map +0 -1
- package/dist/src/db/planetscale/entity/JacksonStore.d.ts +0 -9
- package/dist/src/db/planetscale/entity/JacksonStore.js +0 -63
- package/dist/src/db/planetscale/entity/JacksonStore.js.map +0 -1
- package/dist/src/db/planetscale/entity/JacksonTTL.d.ts +0 -4
- package/dist/src/db/planetscale/entity/JacksonTTL.js +0 -27
- package/dist/src/db/planetscale/entity/JacksonTTL.js.map +0 -1
- package/dist/src/db/redis.d.ts +0 -18
- package/dist/src/db/redis.js +0 -214
- package/dist/src/db/redis.js.map +0 -1
- package/dist/src/db/sql/entity/JacksonIndex.d.ts +0 -7
- package/dist/src/db/sql/entity/JacksonIndex.js +0 -39
- package/dist/src/db/sql/entity/JacksonIndex.js.map +0 -1
- package/dist/src/db/sql/entity/JacksonStore.d.ts +0 -9
- package/dist/src/db/sql/entity/JacksonStore.js +0 -61
- package/dist/src/db/sql/entity/JacksonStore.js.map +0 -1
- package/dist/src/db/sql/entity/JacksonTTL.d.ts +0 -4
- package/dist/src/db/sql/entity/JacksonTTL.js +0 -27
- package/dist/src/db/sql/entity/JacksonTTL.js.map +0 -1
- package/dist/src/db/sql/mariadb/entity/JacksonIndex.d.ts +0 -7
- package/dist/src/db/sql/mariadb/entity/JacksonIndex.js +0 -39
- package/dist/src/db/sql/mariadb/entity/JacksonIndex.js.map +0 -1
- package/dist/src/db/sql/mariadb/entity/JacksonStore.d.ts +0 -9
- package/dist/src/db/sql/mariadb/entity/JacksonStore.js +0 -63
- package/dist/src/db/sql/mariadb/entity/JacksonStore.js.map +0 -1
- package/dist/src/db/sql/mariadb/entity/JacksonTTL.d.ts +0 -4
- package/dist/src/db/sql/mariadb/entity/JacksonTTL.js +0 -27
- package/dist/src/db/sql/mariadb/entity/JacksonTTL.js.map +0 -1
- package/dist/src/db/sql/mssql/entity/JacksonIndex.d.ts +0 -7
- package/dist/src/db/sql/mssql/entity/JacksonIndex.js +0 -39
- package/dist/src/db/sql/mssql/entity/JacksonIndex.js.map +0 -1
- package/dist/src/db/sql/mssql/entity/JacksonStore.d.ts +0 -9
- package/dist/src/db/sql/mssql/entity/JacksonStore.js +0 -61
- package/dist/src/db/sql/mssql/entity/JacksonStore.js.map +0 -1
- package/dist/src/db/sql/mssql/entity/JacksonTTL.d.ts +0 -4
- package/dist/src/db/sql/mssql/entity/JacksonTTL.js +0 -27
- package/dist/src/db/sql/mssql/entity/JacksonTTL.js.map +0 -1
- package/dist/src/db/sql/mssql.d.ts +0 -1
- package/dist/src/db/sql/mssql.js +0 -44
- package/dist/src/db/sql/mssql.js.map +0 -1
- package/dist/src/db/sql/sql.d.ts +0 -32
- package/dist/src/db/sql/sql.js +0 -318
- package/dist/src/db/sql/sql.js.map +0 -1
- package/dist/src/db/sql/sqlite/entity/JacksonIndex.d.ts +0 -7
- package/dist/src/db/sql/sqlite/entity/JacksonIndex.js +0 -39
- package/dist/src/db/sql/sqlite/entity/JacksonIndex.js.map +0 -1
- package/dist/src/db/sql/sqlite/entity/JacksonStore.d.ts +0 -9
- package/dist/src/db/sql/sqlite/entity/JacksonStore.js +0 -61
- package/dist/src/db/sql/sqlite/entity/JacksonStore.js.map +0 -1
- package/dist/src/db/sql/sqlite/entity/JacksonTTL.d.ts +0 -4
- package/dist/src/db/sql/sqlite/entity/JacksonTTL.js +0 -27
- package/dist/src/db/sql/sqlite/entity/JacksonTTL.js.map +0 -1
- package/dist/src/db/store.d.ts +0 -5
- package/dist/src/db/store.js +0 -65
- package/dist/src/db/store.js.map +0 -1
- package/dist/src/db/utils.d.ts +0 -16
- package/dist/src/db/utils.js +0 -28
- package/dist/src/db/utils.js.map +0 -1
- package/dist/src/directory-sync/batch-events/queue.d.ts +0 -40
- package/dist/src/directory-sync/batch-events/queue.js +0 -225
- package/dist/src/directory-sync/batch-events/queue.js.map +0 -1
- package/dist/src/directory-sync/index.d.ts +0 -27
- package/dist/src/directory-sync/index.js +0 -97
- package/dist/src/directory-sync/index.js.map +0 -1
- package/dist/src/directory-sync/non-scim/google/api.d.ts +0 -36
- package/dist/src/directory-sync/non-scim/google/api.js +0 -143
- package/dist/src/directory-sync/non-scim/google/api.js.map +0 -1
- package/dist/src/directory-sync/non-scim/google/index.d.ts +0 -12
- package/dist/src/directory-sync/non-scim/google/index.js +0 -10
- package/dist/src/directory-sync/non-scim/google/index.js.map +0 -1
- package/dist/src/directory-sync/non-scim/google/oauth.d.ts +0 -27
- package/dist/src/directory-sync/non-scim/google/oauth.js +0 -105
- package/dist/src/directory-sync/non-scim/google/oauth.js.map +0 -1
- package/dist/src/directory-sync/non-scim/index.d.ts +0 -24
- package/dist/src/directory-sync/non-scim/index.js +0 -85
- package/dist/src/directory-sync/non-scim/index.js.map +0 -1
- package/dist/src/directory-sync/non-scim/syncGroupMembers.d.ts +0 -23
- package/dist/src/directory-sync/non-scim/syncGroupMembers.js +0 -105
- package/dist/src/directory-sync/non-scim/syncGroupMembers.js.map +0 -1
- package/dist/src/directory-sync/non-scim/syncGroups.d.ts +0 -24
- package/dist/src/directory-sync/non-scim/syncGroups.js +0 -120
- package/dist/src/directory-sync/non-scim/syncGroups.js.map +0 -1
- package/dist/src/directory-sync/non-scim/syncUsers.d.ts +0 -24
- package/dist/src/directory-sync/non-scim/syncUsers.js +0 -120
- package/dist/src/directory-sync/non-scim/syncUsers.js.map +0 -1
- package/dist/src/directory-sync/non-scim/utils.d.ts +0 -36
- package/dist/src/directory-sync/non-scim/utils.js +0 -109
- package/dist/src/directory-sync/non-scim/utils.js.map +0 -1
- package/dist/src/directory-sync/request.d.ts +0 -14
- package/dist/src/directory-sync/request.js +0 -29
- package/dist/src/directory-sync/request.js.map +0 -1
- package/dist/src/directory-sync/scim/Base.d.ts +0 -12
- package/dist/src/directory-sync/scim/Base.js +0 -23
- package/dist/src/directory-sync/scim/Base.js.map +0 -1
- package/dist/src/directory-sync/scim/DirectoryConfig.d.ts +0 -343
- package/dist/src/directory-sync/scim/DirectoryConfig.js +0 -580
- package/dist/src/directory-sync/scim/DirectoryConfig.js.map +0 -1
- package/dist/src/directory-sync/scim/DirectoryGroups.d.ts +0 -28
- package/dist/src/directory-sync/scim/DirectoryGroups.js +0 -252
- package/dist/src/directory-sync/scim/DirectoryGroups.js.map +0 -1
- package/dist/src/directory-sync/scim/DirectoryUsers.d.ts +0 -25
- package/dist/src/directory-sync/scim/DirectoryUsers.js +0 -193
- package/dist/src/directory-sync/scim/DirectoryUsers.js.map +0 -1
- package/dist/src/directory-sync/scim/Groups.d.ts +0 -166
- package/dist/src/directory-sync/scim/Groups.js +0 -348
- package/dist/src/directory-sync/scim/Groups.js.map +0 -1
- package/dist/src/directory-sync/scim/Users.d.ts +0 -99
- package/dist/src/directory-sync/scim/Users.js +0 -215
- package/dist/src/directory-sync/scim/Users.js.map +0 -1
- package/dist/src/directory-sync/scim/WebhookEventsLogger.d.ts +0 -101
- package/dist/src/directory-sync/scim/WebhookEventsLogger.js +0 -165
- package/dist/src/directory-sync/scim/WebhookEventsLogger.js.map +0 -1
- package/dist/src/directory-sync/scim/transform.d.ts +0 -6
- package/dist/src/directory-sync/scim/transform.js +0 -37
- package/dist/src/directory-sync/scim/transform.js.map +0 -1
- package/dist/src/directory-sync/scim/utils.d.ts +0 -33
- package/dist/src/directory-sync/scim/utils.js +0 -129
- package/dist/src/directory-sync/scim/utils.js.map +0 -1
- package/dist/src/directory-sync/types.d.ts +0 -195
- package/dist/src/directory-sync/types.js +0 -10
- package/dist/src/directory-sync/types.js.map +0 -1
- package/dist/src/directory-sync/utils.d.ts +0 -19
- package/dist/src/directory-sync/utils.js +0 -56
- package/dist/src/directory-sync/utils.js.map +0 -1
- package/dist/src/ee/branding/index.d.ts +0 -17
- package/dist/src/ee/branding/index.js +0 -49
- package/dist/src/ee/branding/index.js.map +0 -1
- package/dist/src/ee/common/checkLicense.d.ts +0 -3
- package/dist/src/ee/common/checkLicense.js +0 -23
- package/dist/src/ee/common/checkLicense.js.map +0 -1
- package/dist/src/ee/identity-federation/app.d.ts +0 -328
- package/dist/src/ee/identity-federation/app.js +0 -532
- package/dist/src/ee/identity-federation/app.js.map +0 -1
- package/dist/src/ee/identity-federation/idp-login.d.ts +0 -18
- package/dist/src/ee/identity-federation/idp-login.js +0 -98
- package/dist/src/ee/identity-federation/idp-login.js.map +0 -1
- package/dist/src/ee/identity-federation/index.d.ts +0 -15
- package/dist/src/ee/identity-federation/index.js +0 -43
- package/dist/src/ee/identity-federation/index.js.map +0 -1
- package/dist/src/ee/identity-federation/sso.d.ts +0 -24
- package/dist/src/ee/identity-federation/sso.js +0 -124
- package/dist/src/ee/identity-federation/sso.js.map +0 -1
- package/dist/src/ee/identity-federation/types.d.ts +0 -38
- package/dist/src/ee/identity-federation/types.js +0 -2
- package/dist/src/ee/identity-federation/types.js.map +0 -1
- package/dist/src/ee/ory/ory.d.ts +0 -18
- package/dist/src/ee/ory/ory.js +0 -195
- package/dist/src/ee/ory/ory.js.map +0 -1
- package/dist/src/ee/product/index.d.ts +0 -14
- package/dist/src/ee/product/index.js +0 -45
- package/dist/src/ee/product/index.js.map +0 -1
- package/dist/src/event/axios.d.ts +0 -2
- package/dist/src/event/axios.js +0 -27
- package/dist/src/event/axios.js.map +0 -1
- package/dist/src/event/index.d.ts +0 -11
- package/dist/src/event/index.js +0 -53
- package/dist/src/event/index.js.map +0 -1
- package/dist/src/event/types.d.ts +0 -21
- package/dist/src/event/types.js +0 -2
- package/dist/src/event/types.js.map +0 -1
- package/dist/src/event/utils.d.ts +0 -4
- package/dist/src/event/utils.js +0 -33
- package/dist/src/event/utils.js.map +0 -1
- package/dist/src/event/webhook.d.ts +0 -3
- package/dist/src/event/webhook.js +0 -34
- package/dist/src/event/webhook.js.map +0 -1
- package/dist/src/index.d.ts +0 -35
- package/dist/src/index.js +0 -161
- package/dist/src/index.js.map +0 -1
- package/dist/src/loadConnection.d.ts +0 -4
- package/dist/src/loadConnection.js +0 -38
- package/dist/src/loadConnection.js.map +0 -1
- package/dist/src/opentelemetry/metrics.d.ts +0 -14
- package/dist/src/opentelemetry/metrics.js +0 -64
- package/dist/src/opentelemetry/metrics.js.map +0 -1
- package/dist/src/saml/claims.d.ts +0 -12
- package/dist/src/saml/claims.js +0 -57
- package/dist/src/saml/claims.js.map +0 -1
- package/dist/src/saml/lib.d.ts +0 -8
- package/dist/src/saml/lib.js +0 -29
- package/dist/src/saml/lib.js.map +0 -1
- package/dist/src/saml/x509.d.ts +0 -9
- package/dist/src/saml/x509.js +0 -93
- package/dist/src/saml/x509.js.map +0 -1
- package/dist/src/sso-traces/index.d.ts +0 -114
- package/dist/src/sso-traces/index.js +0 -229
- package/dist/src/sso-traces/index.js.map +0 -1
- package/dist/src/sso-traces/types.d.ts +0 -44
- package/dist/src/sso-traces/types.js +0 -2
- package/dist/src/sso-traces/types.js.map +0 -1
- package/dist/src/typings.d.ts +0 -540
- package/dist/src/typings.js +0 -5
- package/dist/src/typings.js.map +0 -1
- package/dist/typeorm.d.ts +0 -3
- package/dist/typeorm.js +0 -58
- package/dist/typeorm.js.map +0 -1
|
@@ -1,306 +0,0 @@
|
|
|
1
|
-
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
2
|
-
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
3
|
-
return new (P || (P = Promise))(function (resolve, reject) {
|
|
4
|
-
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
5
|
-
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
6
|
-
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
7
|
-
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
8
|
-
});
|
|
9
|
-
};
|
|
10
|
-
var __rest = (this && this.__rest) || function (s, e) {
|
|
11
|
-
var t = {};
|
|
12
|
-
for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
|
|
13
|
-
t[p] = s[p];
|
|
14
|
-
if (s != null && typeof Object.getOwnPropertySymbols === "function")
|
|
15
|
-
for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
|
|
16
|
-
if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
|
|
17
|
-
t[p[i]] = s[p[i]];
|
|
18
|
-
}
|
|
19
|
-
return t;
|
|
20
|
-
};
|
|
21
|
-
import saml from '@boxyhq/saml20';
|
|
22
|
-
import crypto from 'crypto';
|
|
23
|
-
import { promisify } from 'util';
|
|
24
|
-
import { deflateRaw } from 'zlib';
|
|
25
|
-
import { getDefaultCertificate } from '../saml/x509';
|
|
26
|
-
import * as dbutils from '../db/utils';
|
|
27
|
-
import { JacksonError } from './error';
|
|
28
|
-
import { IndexNames } from './utils';
|
|
29
|
-
import { relayStatePrefix } from './utils';
|
|
30
|
-
import * as redirect from './oauth/redirect';
|
|
31
|
-
import * as allowed from './oauth/allowed';
|
|
32
|
-
import { oidcClientConfig } from './oauth/oidc-client';
|
|
33
|
-
const deflateRawAsync = promisify(deflateRaw);
|
|
34
|
-
export class SSOHandler {
|
|
35
|
-
constructor({ connection, session, opts, }) {
|
|
36
|
-
this.createSAMLResponse = (_a) => __awaiter(this, [_a], void 0, function* ({ profile, session }) {
|
|
37
|
-
const certificate = yield getDefaultCertificate();
|
|
38
|
-
const mappedClaims = profile.claims;
|
|
39
|
-
if (session.mappings) {
|
|
40
|
-
session.mappings.forEach((elem) => {
|
|
41
|
-
const key = elem.key;
|
|
42
|
-
const value = elem.value;
|
|
43
|
-
if (mappedClaims.raw[value]) {
|
|
44
|
-
mappedClaims.raw[key] = mappedClaims.raw[value];
|
|
45
|
-
}
|
|
46
|
-
});
|
|
47
|
-
session.mappings.forEach((elem) => {
|
|
48
|
-
const value = elem.value;
|
|
49
|
-
delete mappedClaims.raw[value];
|
|
50
|
-
});
|
|
51
|
-
}
|
|
52
|
-
try {
|
|
53
|
-
const responseSigned = yield saml.createSAMLResponse(Object.assign(Object.assign({ audience: session.requested.entityId, acsUrl: session.requested.acsUrl, requestId: session.requested.id, issuer: `${this.opts.samlAudience}`, claims: mappedClaims }, certificate), { flattenArray: true }));
|
|
54
|
-
const params = [];
|
|
55
|
-
if (session.requested.relayState) {
|
|
56
|
-
params.push({
|
|
57
|
-
name: 'RelayState',
|
|
58
|
-
value: session.requested.relayState,
|
|
59
|
-
});
|
|
60
|
-
}
|
|
61
|
-
params.push({
|
|
62
|
-
name: 'SAMLResponse',
|
|
63
|
-
value: Buffer.from(responseSigned).toString('base64'),
|
|
64
|
-
});
|
|
65
|
-
const responseForm = saml.createPostForm(session.requested.acsUrl, params);
|
|
66
|
-
return { responseForm };
|
|
67
|
-
}
|
|
68
|
-
catch (err) {
|
|
69
|
-
console.error('Error creating SAML response:', err);
|
|
70
|
-
// TODO: Instead send saml response with status code
|
|
71
|
-
throw new JacksonError('Unable to validate SAML Response.', 403);
|
|
72
|
-
}
|
|
73
|
-
});
|
|
74
|
-
// Create a new session to store SP request information
|
|
75
|
-
this.createSession = (_a) => __awaiter(this, [_a], void 0, function* ({ requestId, requested, oidcCodeVerifier, oidcNonce, mappings, }) {
|
|
76
|
-
const sessionId = crypto.randomBytes(16).toString('hex');
|
|
77
|
-
const session = {
|
|
78
|
-
id: requestId,
|
|
79
|
-
requested,
|
|
80
|
-
samlFederated: true,
|
|
81
|
-
mappings,
|
|
82
|
-
};
|
|
83
|
-
if (oidcCodeVerifier) {
|
|
84
|
-
session['oidcCodeVerifier'] = oidcCodeVerifier;
|
|
85
|
-
}
|
|
86
|
-
if (oidcNonce) {
|
|
87
|
-
session['oidcNonce'] = oidcNonce;
|
|
88
|
-
}
|
|
89
|
-
yield this.session.put(sessionId, session);
|
|
90
|
-
return `${relayStatePrefix}${sessionId}`;
|
|
91
|
-
});
|
|
92
|
-
this.connection = connection;
|
|
93
|
-
this.session = session;
|
|
94
|
-
this.opts = opts;
|
|
95
|
-
}
|
|
96
|
-
// If there are multiple connections for the given tenant and product, return the url to the IdP selection page
|
|
97
|
-
// If idp_hint is provided, return the connection with the matching clientID
|
|
98
|
-
// If there is only one connection, return the connection
|
|
99
|
-
resolveConnection(params) {
|
|
100
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
101
|
-
const { authFlow, originalParams, tenant, product, idp_hint, entityId, tenants, idFedAppId = '', fedType = '', thirdPartyLogin = null, ssoTraces, } = params;
|
|
102
|
-
let connections = null;
|
|
103
|
-
const noSSOConnectionErrMessage = 'No SSO connection found.';
|
|
104
|
-
// If an IdP is specified, find the connection for that IdP
|
|
105
|
-
if (idp_hint) {
|
|
106
|
-
const connection = yield this.connection.get(idp_hint);
|
|
107
|
-
if (!connection) {
|
|
108
|
-
throw new JacksonError(noSSOConnectionErrMessage, 404);
|
|
109
|
-
}
|
|
110
|
-
return { connection };
|
|
111
|
-
}
|
|
112
|
-
// Find SAML connections for the app
|
|
113
|
-
if (tenants && tenants.length > 0 && product) {
|
|
114
|
-
const result = yield Promise.all(tenants.map((tenant) => this.connection.getByIndex({
|
|
115
|
-
name: IndexNames.TenantProduct,
|
|
116
|
-
value: dbutils.keyFromParts(tenant, product),
|
|
117
|
-
})));
|
|
118
|
-
connections = result.flatMap((r) => r.data);
|
|
119
|
-
}
|
|
120
|
-
else if (tenant && product) {
|
|
121
|
-
const result = yield this.connection.getByIndex({
|
|
122
|
-
name: IndexNames.TenantProduct,
|
|
123
|
-
value: dbutils.keyFromParts(tenant, product),
|
|
124
|
-
});
|
|
125
|
-
connections = result.data;
|
|
126
|
-
}
|
|
127
|
-
else if (entityId) {
|
|
128
|
-
const result = yield this.connection.getByIndex({
|
|
129
|
-
name: IndexNames.EntityID,
|
|
130
|
-
value: entityId,
|
|
131
|
-
});
|
|
132
|
-
connections = result.data;
|
|
133
|
-
}
|
|
134
|
-
if (!connections || connections.length === 0) {
|
|
135
|
-
throw new JacksonError(noSSOConnectionErrMessage, 404);
|
|
136
|
-
}
|
|
137
|
-
// Third party login from an oidcProvider, here we match the connection from the iss param
|
|
138
|
-
if ((thirdPartyLogin === null || thirdPartyLogin === void 0 ? void 0 : thirdPartyLogin.idpInitiatorType) === 'oidc') {
|
|
139
|
-
const oidcConnections = connections.filter((connection) => 'oidcProvider' in connection);
|
|
140
|
-
for (let _a of oidcConnections) {
|
|
141
|
-
const { oidcProvider } = _a, rest = __rest(_a, ["oidcProvider"]);
|
|
142
|
-
const connection = Object.assign({ oidcProvider }, rest);
|
|
143
|
-
const { discoveryUrl, metadata, clientId, clientSecret } = oidcProvider;
|
|
144
|
-
const oidcConfig = yield oidcClientConfig({
|
|
145
|
-
discoveryUrl,
|
|
146
|
-
metadata,
|
|
147
|
-
clientId,
|
|
148
|
-
clientSecret,
|
|
149
|
-
ssoTraces: ssoTraces,
|
|
150
|
-
});
|
|
151
|
-
if (oidcConfig.serverMetadata().issuer === thirdPartyLogin.iss) {
|
|
152
|
-
if (thirdPartyLogin.target_link_uri) {
|
|
153
|
-
if (!allowed.redirect(thirdPartyLogin.target_link_uri, connection.redirectUrl)) {
|
|
154
|
-
throw new JacksonError('target_link_uri is not allowed');
|
|
155
|
-
}
|
|
156
|
-
}
|
|
157
|
-
return { connection };
|
|
158
|
-
}
|
|
159
|
-
}
|
|
160
|
-
// No match found for iss
|
|
161
|
-
throw new JacksonError(noSSOConnectionErrMessage, 404);
|
|
162
|
-
}
|
|
163
|
-
// If more than one, redirect to the connection selection page
|
|
164
|
-
if (connections.length > 1) {
|
|
165
|
-
const url = new URL(`${this.opts.externalUrl}${this.opts.idpDiscoveryPath}`);
|
|
166
|
-
// SP initiated flow
|
|
167
|
-
if (['oauth', 'saml'].includes(authFlow)) {
|
|
168
|
-
const qps = Object.assign({ authFlow: 'sp-initiated', idFedAppId,
|
|
169
|
-
fedType }, originalParams);
|
|
170
|
-
if (tenant && product && fedType !== 'oidc') {
|
|
171
|
-
qps['tenant'] = tenant;
|
|
172
|
-
qps['product'] = product;
|
|
173
|
-
}
|
|
174
|
-
const params = new URLSearchParams(qps);
|
|
175
|
-
return { redirectUrl: `${url}?${params}` };
|
|
176
|
-
}
|
|
177
|
-
// IdP initiated flow
|
|
178
|
-
if (authFlow === 'idp-initiated') {
|
|
179
|
-
if (entityId) {
|
|
180
|
-
const params = new URLSearchParams({
|
|
181
|
-
entityId,
|
|
182
|
-
authFlow,
|
|
183
|
-
});
|
|
184
|
-
const postForm = saml.createPostForm(`${this.opts.idpDiscoveryPath}?${params}`, [
|
|
185
|
-
{
|
|
186
|
-
name: 'SAMLResponse',
|
|
187
|
-
value: originalParams.SAMLResponse,
|
|
188
|
-
},
|
|
189
|
-
]);
|
|
190
|
-
return { postForm };
|
|
191
|
-
}
|
|
192
|
-
}
|
|
193
|
-
}
|
|
194
|
-
// If only one, use that connection
|
|
195
|
-
return { connection: connections[0] };
|
|
196
|
-
});
|
|
197
|
-
}
|
|
198
|
-
createSAMLRequest(_a) {
|
|
199
|
-
return __awaiter(this, arguments, void 0, function* ({ connection, requestParams, mappings, }) {
|
|
200
|
-
// We have a connection now, so we can create the SAML request
|
|
201
|
-
const certificate = yield getDefaultCertificate();
|
|
202
|
-
const { sso } = connection.idpMetadata;
|
|
203
|
-
let ssoUrl;
|
|
204
|
-
let post = false;
|
|
205
|
-
if ('redirectUrl' in sso) {
|
|
206
|
-
ssoUrl = sso.redirectUrl;
|
|
207
|
-
}
|
|
208
|
-
else if ('postUrl' in sso) {
|
|
209
|
-
ssoUrl = sso.postUrl;
|
|
210
|
-
post = true;
|
|
211
|
-
}
|
|
212
|
-
const samlRequest = saml.request({
|
|
213
|
-
ssoUrl,
|
|
214
|
-
entityID: `${this.opts.samlAudience}`,
|
|
215
|
-
callbackUrl: this.opts.externalUrl + this.opts.samlPath,
|
|
216
|
-
signingKey: certificate.privateKey,
|
|
217
|
-
publicKey: certificate.publicKey,
|
|
218
|
-
forceAuthn: !!connection.forceAuthn,
|
|
219
|
-
identifierFormat: connection.identifierFormat
|
|
220
|
-
? connection.identifierFormat
|
|
221
|
-
: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
|
|
222
|
-
});
|
|
223
|
-
const relayState = yield this.createSession({
|
|
224
|
-
requestId: samlRequest.id,
|
|
225
|
-
requested: Object.assign(Object.assign({}, requestParams), { client_id: connection.clientID }),
|
|
226
|
-
mappings,
|
|
227
|
-
});
|
|
228
|
-
let redirectUrl;
|
|
229
|
-
let authorizeForm;
|
|
230
|
-
// Decide whether to use HTTP Redirect or HTTP POST binding
|
|
231
|
-
if (!post) {
|
|
232
|
-
redirectUrl = redirect.success(ssoUrl, {
|
|
233
|
-
RelayState: relayState,
|
|
234
|
-
SAMLRequest: Buffer.from(yield deflateRawAsync(samlRequest.request)).toString('base64'),
|
|
235
|
-
});
|
|
236
|
-
}
|
|
237
|
-
else {
|
|
238
|
-
authorizeForm = saml.createPostForm(ssoUrl, [
|
|
239
|
-
{
|
|
240
|
-
name: 'RelayState',
|
|
241
|
-
value: relayState,
|
|
242
|
-
},
|
|
243
|
-
{
|
|
244
|
-
name: 'SAMLRequest',
|
|
245
|
-
value: Buffer.from(samlRequest.request).toString('base64'),
|
|
246
|
-
},
|
|
247
|
-
]);
|
|
248
|
-
}
|
|
249
|
-
return {
|
|
250
|
-
redirect_url: redirectUrl,
|
|
251
|
-
authorize_form: authorizeForm,
|
|
252
|
-
};
|
|
253
|
-
});
|
|
254
|
-
}
|
|
255
|
-
createOIDCRequest(_a) {
|
|
256
|
-
return __awaiter(this, arguments, void 0, function* ({ connection, requestParams, mappings, ssoTraces, }) {
|
|
257
|
-
var _b;
|
|
258
|
-
if (!this.opts.oidcPath) {
|
|
259
|
-
throw new JacksonError('OpenID response handler path (oidcPath) is not set', 400);
|
|
260
|
-
}
|
|
261
|
-
const { discoveryUrl, metadata, clientId, clientSecret } = connection.oidcProvider;
|
|
262
|
-
try {
|
|
263
|
-
const client = yield import('openid-client');
|
|
264
|
-
const oidcConfig = yield oidcClientConfig({
|
|
265
|
-
discoveryUrl,
|
|
266
|
-
metadata,
|
|
267
|
-
clientId,
|
|
268
|
-
clientSecret,
|
|
269
|
-
ssoTraces,
|
|
270
|
-
});
|
|
271
|
-
const oidcCodeVerifier = client.randomPKCECodeVerifier();
|
|
272
|
-
const code_challenge = yield client.calculatePKCECodeChallenge(oidcCodeVerifier);
|
|
273
|
-
const oidcNonce = client.randomNonce();
|
|
274
|
-
const standardScopes = ((_b = this.opts.openid) === null || _b === void 0 ? void 0 : _b.requestProfileScope)
|
|
275
|
-
? ['openid', 'email', 'profile']
|
|
276
|
-
: ['openid', 'email'];
|
|
277
|
-
const relayState = yield this.createSession({
|
|
278
|
-
requestId: connection.clientID,
|
|
279
|
-
requested: requestParams,
|
|
280
|
-
oidcCodeVerifier,
|
|
281
|
-
oidcNonce,
|
|
282
|
-
mappings,
|
|
283
|
-
});
|
|
284
|
-
const ssoUrl = client.buildAuthorizationUrl(oidcConfig, {
|
|
285
|
-
scope: standardScopes
|
|
286
|
-
.filter((value, index, self) => self.indexOf(value) === index) // filter out duplicates
|
|
287
|
-
.join(' '),
|
|
288
|
-
code_challenge,
|
|
289
|
-
code_challenge_method: 'S256',
|
|
290
|
-
state: relayState,
|
|
291
|
-
nonce: oidcNonce,
|
|
292
|
-
redirect_uri: this.opts.externalUrl + this.opts.oidcPath,
|
|
293
|
-
}).href;
|
|
294
|
-
return {
|
|
295
|
-
redirect_url: ssoUrl,
|
|
296
|
-
authorize_form: null,
|
|
297
|
-
};
|
|
298
|
-
}
|
|
299
|
-
catch (err) {
|
|
300
|
-
console.error(err);
|
|
301
|
-
throw new JacksonError(`Unable to complete OIDC request. - ${err.message}`, 400);
|
|
302
|
-
}
|
|
303
|
-
});
|
|
304
|
-
}
|
|
305
|
-
}
|
|
306
|
-
//# sourceMappingURL=sso-handler.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"sso-handler.js","sourceRoot":"","sources":["../../../src/controller/sso-handler.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA,OAAO,IAAI,MAAM,gBAAgB,CAAC;AAClC,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AACjC,OAAO,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAYlC,OAAO,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AACrD,OAAO,KAAK,OAAO,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAC3C,OAAO,KAAK,QAAQ,MAAM,kBAAkB,CAAC;AAC7C,OAAO,KAAK,OAAO,MAAM,iBAAiB,CAAC;AAC3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAEvD,MAAM,eAAe,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;AAE9C,MAAM,OAAO,UAAU;IAKrB,YAAY,EACV,UAAU,EACV,OAAO,EACP,IAAI,GAKL;QA+SD,uBAAkB,GAAG,KAAqE,EAAE,0CAAhE,EAAE,OAAO,EAAE,OAAO,EAA0C;YACtF,MAAM,WAAW,GAAG,MAAM,qBAAqB,EAAE,CAAC;YAElD,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC;YACpC,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACrB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;oBAChC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;oBACrB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;oBACzB,IAAI,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;wBAC5B,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;oBAClD,CAAC;gBACH,CAAC,CAAC,CAAC;gBACH,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;oBAChC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;oBACzB,OAAO,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;gBACjC,CAAC,CAAC,CAAC;YACL,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,kBAAkB,+BAClD,QAAQ,EAAE,OAAO,CAAC,SAAS,CAAC,QAAQ,EACpC,MAAM,EAAE,OAAO,CAAC,SAAS,CAAC,MAAM,EAChC,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,EAAE,EAC/B,MAAM,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,EACnC,MAAM,EAAE,YAAY,IACjB,WAAW,KACd,YAAY,EAAE,IAAI,IAClB,CAAC;gBAEH,MAAM,MAAM,GAAsC,EAAE,CAAC;gBAErD,IAAI,OAAO,CAAC,SAAS,CAAC,UAAU,EAAE,CAAC;oBACjC,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI,EAAE,YAAY;wBAClB,KAAK,EAAE,OAAO,CAAC,SAAS,CAAC,UAAU;qBACpC,CAAC,CAAC;gBACL,CAAC;gBAED,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,cAAc;oBACpB,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;iBACtD,CAAC,CAAC;gBAEH,MAAM,YAAY,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;gBAE3E,OAAO,EAAE,YAAY,EAAE,CAAC;YAC1B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CAAC,+BAA+B,EAAE,GAAG,CAAC,CAAC;gBACpD,oDAAoD;gBACpD,MAAM,IAAI,YAAY,CAAC,mCAAmC,EAAE,GAAG,CAAC,CAAC;YACnE,CAAC;QACH,CAAC,CAAA,CAAC;QAEF,uDAAuD;QAC/C,kBAAa,GAAG,KAYrB,EAAE,0CAZ0B,EAC7B,SAAS,EACT,SAAS,EACT,gBAAgB,EAChB,SAAS,EACT,QAAQ,GAOT;YACC,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAEzD,MAAM,OAAO,GAAG;gBACd,EAAE,EAAE,SAAS;gBACb,SAAS;gBACT,aAAa,EAAE,IAAI;gBACnB,QAAQ;aACT,CAAC;YAEF,IAAI,gBAAgB,EAAE,CAAC;gBACrB,OAAO,CAAC,kBAAkB,CAAC,GAAG,gBAAgB,CAAC;YACjD,CAAC;YAED,IAAI,SAAS,EAAE,CAAC;gBACd,OAAO,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC;YACnC,CAAC;YAED,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAE3C,OAAO,GAAG,gBAAgB,GAAG,SAAS,EAAE,CAAC;QAC3C,CAAC,CAAA,CAAC;QArYA,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;IAED,+GAA+G;IAC/G,4EAA4E;IAC5E,yDAAyD;IACnD,iBAAiB,CAAC,MAavB;;YAWC,MAAM,EACJ,QAAQ,EACR,cAAc,EACd,MAAM,EACN,OAAO,EACP,QAAQ,EACR,QAAQ,EACR,OAAO,EACP,UAAU,GAAG,EAAE,EACf,OAAO,GAAG,EAAE,EACZ,eAAe,GAAG,IAAI,EACtB,SAAS,GACV,GAAG,MAAM,CAAC;YAEX,IAAI,WAAW,GAA6C,IAAI,CAAC;YACjE,MAAM,yBAAyB,GAAG,0BAA0B,CAAC;YAE7D,2DAA2D;YAC3D,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBAEvD,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,MAAM,IAAI,YAAY,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;gBACzD,CAAC;gBAED,OAAO,EAAE,UAAU,EAAE,CAAC;YACxB,CAAC;YAED,oCAAoC;YACpC,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,EAAE,CAAC;gBAC7C,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,GAAG,CAC9B,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CACrB,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;oBACzB,IAAI,EAAE,UAAU,CAAC,aAAa;oBAC9B,KAAK,EAAE,OAAO,CAAC,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC;iBAC7C,CAAC,CACH,CACF,CAAC;gBAEF,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAC9C,CAAC;iBAAM,IAAI,MAAM,IAAI,OAAO,EAAE,CAAC;gBAC7B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;oBAC9C,IAAI,EAAE,UAAU,CAAC,aAAa;oBAC9B,KAAK,EAAE,OAAO,CAAC,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC;iBAC7C,CAAC,CAAC;gBAEH,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC;YAC5B,CAAC;iBAAM,IAAI,QAAQ,EAAE,CAAC;gBACpB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;oBAC9C,IAAI,EAAE,UAAU,CAAC,QAAQ;oBACzB,KAAK,EAAE,QAAQ;iBAChB,CAAC,CAAC;gBAEH,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC;YAC5B,CAAC;YAED,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC7C,MAAM,IAAI,YAAY,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;YACzD,CAAC;YAED,0FAA0F;YAC1F,IAAI,CAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,gBAAgB,MAAK,MAAM,EAAE,CAAC;gBACjD,MAAM,eAAe,GAAG,WAAW,CAAC,MAAM,CACxC,CAAC,UAAU,EAAE,EAAE,CAAC,cAAc,IAAI,UAAU,CAC1B,CAAC;gBAErB,KAAK,IAAA,EAA+B,IAAI,eAAe,EAAE,CAAC;oBAArD,MAAM,EAAE,YAAY,OAAW,EAAN,IAAI,cAAvB,gBAAyB,CAAA,CAAA;oBAClC,MAAM,UAAU,mBAAK,YAAY,IAAK,IAAI,CAAE,CAAC;oBAC7C,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,YAAY,CAAC;oBACxE,MAAM,UAAU,GAAG,MAAM,gBAAgB,CAAC;wBACxC,YAAY;wBACZ,QAAQ;wBACR,QAAQ;wBACR,YAAY;wBACZ,SAAS,EAAE,SAAU;qBACtB,CAAC,CAAC;oBAEH,IAAI,UAAU,CAAC,cAAc,EAAE,CAAC,MAAM,KAAK,eAAe,CAAC,GAAG,EAAE,CAAC;wBAC/D,IAAI,eAAe,CAAC,eAAe,EAAE,CAAC;4BACpC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,eAAe,EAAE,UAAU,CAAC,WAAuB,CAAC,EAAE,CAAC;gCAC3F,MAAM,IAAI,YAAY,CAAC,gCAAgC,CAAC,CAAC;4BAC3D,CAAC;wBACH,CAAC;wBACD,OAAO,EAAE,UAAU,EAAE,CAAC;oBACxB,CAAC;gBACH,CAAC;gBACD,yBAAyB;gBACzB,MAAM,IAAI,YAAY,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;YACzD,CAAC;YAED,8DAA8D;YAC9D,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC3B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC,CAAC;gBAE7E,oBAAoB;gBACpB,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACzC,MAAM,GAAG,mBACP,QAAQ,EAAE,cAAc,EACxB,UAAU;wBACV,OAAO,IACJ,cAAc,CAClB,CAAC;oBACF,IAAI,MAAM,IAAI,OAAO,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;wBAC5C,GAAG,CAAC,QAAQ,CAAC,GAAG,MAAM,CAAC;wBACvB,GAAG,CAAC,SAAS,CAAC,GAAG,OAAO,CAAC;oBAC3B,CAAC;oBACD,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC;oBAExC,OAAO,EAAE,WAAW,EAAE,GAAG,GAAG,IAAI,MAAM,EAAE,EAAE,CAAC;gBAC7C,CAAC;gBAED,qBAAqB;gBACrB,IAAI,QAAQ,KAAK,eAAe,EAAE,CAAC;oBACjC,IAAI,QAAQ,EAAE,CAAC;wBACb,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;4BACjC,QAAQ;4BACR,QAAQ;yBACT,CAAC,CAAC;wBAEH,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,gBAAgB,IAAI,MAAM,EAAE,EAAE;4BAC9E;gCACE,IAAI,EAAE,cAAc;gCACpB,KAAK,EAAE,cAAc,CAAC,YAAY;6BACnC;yBACF,CAAC,CAAC;wBAEH,OAAO,EAAE,QAAQ,EAAE,CAAC;oBACtB,CAAC;gBACH,CAAC;YACH,CAAC;YAED,mCAAmC;YACnC,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC;QACxC,CAAC;KAAA;IAEK,iBAAiB;6DAAC,EACtB,UAAU,EACV,aAAa,EACb,QAAQ,GAKT;YACC,8DAA8D;YAC9D,MAAM,WAAW,GAAG,MAAM,qBAAqB,EAAE,CAAC;YAElD,MAAM,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC,WAAW,CAAC;YAEvC,IAAI,MAAM,CAAC;YACX,IAAI,IAAI,GAAG,KAAK,CAAC;YAEjB,IAAI,aAAa,IAAI,GAAG,EAAE,CAAC;gBACzB,MAAM,GAAG,GAAG,CAAC,WAAW,CAAC;YAC3B,CAAC;iBAAM,IAAI,SAAS,IAAI,GAAG,EAAE,CAAC;gBAC5B,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC;gBACrB,IAAI,GAAG,IAAI,CAAC;YACd,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC;gBAC/B,MAAM;gBACN,QAAQ,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE;gBACrC,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ;gBACvD,UAAU,EAAE,WAAW,CAAC,UAAU;gBAClC,SAAS,EAAE,WAAW,CAAC,SAAS;gBAChC,UAAU,EAAE,CAAC,CAAC,UAAU,CAAC,UAAU;gBACnC,gBAAgB,EAAE,UAAU,CAAC,gBAAgB;oBAC3C,CAAC,CAAC,UAAU,CAAC,gBAAgB;oBAC7B,CAAC,CAAC,wDAAwD;aAC7D,CAAC,CAAC;YAEH,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC;gBAC1C,SAAS,EAAE,WAAW,CAAC,EAAE;gBACzB,SAAS,kCACJ,aAAa,KAChB,SAAS,EAAE,UAAU,CAAC,QAAQ,GAC/B;gBACD,QAAQ;aACT,CAAC,CAAC;YAEH,IAAI,WAAW,CAAC;YAChB,IAAI,aAAa,CAAC;YAElB,2DAA2D;YAC3D,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;oBACrC,UAAU,EAAE,UAAU;oBACtB,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,eAAe,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;iBACxF,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,aAAa,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE;oBAC1C;wBACE,IAAI,EAAE,YAAY;wBAClB,KAAK,EAAE,UAAU;qBAClB;oBACD;wBACE,IAAI,EAAE,aAAa;wBACnB,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;qBAC3D;iBACF,CAAC,CAAC;YACL,CAAC;YAED,OAAO;gBACL,YAAY,EAAE,WAAW;gBACzB,cAAc,EAAE,aAAa;aAC9B,CAAC;QACJ,CAAC;KAAA;IAEK,iBAAiB;6DAAC,EACtB,UAAU,EACV,aAAa,EACb,QAAQ,EACR,SAAS,GAMV;;YACC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACxB,MAAM,IAAI,YAAY,CAAC,oDAAoD,EAAE,GAAG,CAAC,CAAC;YACpF,CAAC;YAED,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,UAAU,CAAC,YAAY,CAAC;YAEnF,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAC;gBAC7C,MAAM,UAAU,GAAG,MAAM,gBAAgB,CAAC;oBACxC,YAAY;oBACZ,QAAQ;oBACR,QAAQ;oBACR,YAAY;oBACZ,SAAS;iBACV,CAAC,CAAC;gBACH,MAAM,gBAAgB,GAAG,MAAM,CAAC,sBAAsB,EAAE,CAAC;gBACzD,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,0BAA0B,CAAC,gBAAgB,CAAC,CAAC;gBACjF,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;gBACvC,MAAM,cAAc,GAAG,CAAA,MAAA,IAAI,CAAC,IAAI,CAAC,MAAM,0CAAE,mBAAmB;oBAC1D,CAAC,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC;oBAChC,CAAC,CAAC,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBAExB,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC;oBAC1C,SAAS,EAAE,UAAU,CAAC,QAAQ;oBAC9B,SAAS,EAAE,aAAa;oBACxB,gBAAgB;oBAChB,SAAS;oBACT,QAAQ;iBACT,CAAC,CAAC;gBAEH,MAAM,MAAM,GAAG,MAAM,CAAC,qBAAqB,CAAC,UAAU,EAAE;oBACtD,KAAK,EAAE,cAAc;yBAClB,MAAM,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,KAAK,CAAC,CAAC,wBAAwB;yBACtF,IAAI,CAAC,GAAG,CAAC;oBACZ,cAAc;oBACd,qBAAqB,EAAE,MAAM;oBAC7B,KAAK,EAAE,UAAU;oBACjB,KAAK,EAAE,SAAS;oBAChB,YAAY,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ;iBACzD,CAAC,CAAC,IAAI,CAAC;gBAER,OAAO;oBACL,YAAY,EAAE,MAAM;oBACpB,cAAc,EAAE,IAAI;iBACrB,CAAC;YACJ,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACnB,MAAM,IAAI,YAAY,CAAC,sCAAsC,GAAG,CAAC,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;YACnF,CAAC;QACH,CAAC;KAAA;CA0FF"}
|
|
@@ -1,84 +0,0 @@
|
|
|
1
|
-
import * as jose from 'jose';
|
|
2
|
-
import type { Configuration, authorizationCodeGrant } from 'openid-client' with { 'resolution-mode': 'import' };
|
|
3
|
-
import type { ConnectionType, OAuthErrorHandlerParams, SAMLSSOConnectionWithEncodedMetadata, SAMLSSOConnectionWithRawMetadata, OIDCSSOConnectionWithDiscoveryUrl, OIDCSSOConnectionWithMetadata, Profile, SAMLSSORecord, OIDCSSORecord, Directory } from '../typings';
|
|
4
|
-
export declare enum IndexNames {
|
|
5
|
-
EntityID = "entityID",
|
|
6
|
-
TenantProduct = "tenantProduct",
|
|
7
|
-
OIDCProviderClientID = "OIDCProviderClientID",
|
|
8
|
-
SSOClientID = "SSOClientID",
|
|
9
|
-
Product = "product",
|
|
10
|
-
Service = "service",
|
|
11
|
-
SetupToken = "token",
|
|
12
|
-
ProductService = "productService",
|
|
13
|
-
TenantProductService = "tenantProductService"
|
|
14
|
-
}
|
|
15
|
-
export declare const storeNamespacePrefix: {
|
|
16
|
-
dsync: {
|
|
17
|
-
config: string;
|
|
18
|
-
logs: string;
|
|
19
|
-
users: string;
|
|
20
|
-
groups: string;
|
|
21
|
-
members: string;
|
|
22
|
-
providers: string;
|
|
23
|
-
events: string;
|
|
24
|
-
lock: string;
|
|
25
|
-
};
|
|
26
|
-
saml: {
|
|
27
|
-
config: string;
|
|
28
|
-
};
|
|
29
|
-
};
|
|
30
|
-
export declare const relayStatePrefix = "boxyhq_jackson_";
|
|
31
|
-
export declare const clientIDFederatedPrefix = "fed_";
|
|
32
|
-
export declare const clientIDOIDCPrefix = "oidc_";
|
|
33
|
-
export declare const validateAbsoluteUrl: (url: any, message: any) => void;
|
|
34
|
-
export declare const OAuthErrorResponse: ({ error, error_description, redirect_uri, state, }: OAuthErrorHandlerParams) => string;
|
|
35
|
-
export declare function getErrorMessage(error: unknown): string;
|
|
36
|
-
export declare const createRandomSecret: (length: number) => Promise<string>;
|
|
37
|
-
export declare function loadJWSPrivateKey(key: string, alg: string): Promise<jose.KeyLike>;
|
|
38
|
-
export declare function isJWSKeyPairLoaded(jwsKeyPair: {
|
|
39
|
-
private: string;
|
|
40
|
-
public: string;
|
|
41
|
-
}): boolean;
|
|
42
|
-
export declare const importJWTPublicKey: (key: string, jwsAlg: string) => Promise<jose.KeyLike>;
|
|
43
|
-
export declare const exportPublicKeyJWK: (key: jose.KeyLike) => Promise<jose.JWK>;
|
|
44
|
-
export declare const generateJwkThumbprint: (jwk: jose.JWK) => Promise<string>;
|
|
45
|
-
export declare const computeKid: (key: string, jwsAlg: string) => Promise<string>;
|
|
46
|
-
export declare const validateSSOConnection: (body: SAMLSSOConnectionWithRawMetadata | SAMLSSOConnectionWithEncodedMetadata | OIDCSSOConnectionWithDiscoveryUrl | OIDCSSOConnectionWithMetadata, strategy: ConnectionType) => void;
|
|
47
|
-
export declare const validateRedirectUrl: ({ redirectUrlList, defaultRedirectUrl }: {
|
|
48
|
-
redirectUrlList: any;
|
|
49
|
-
defaultRedirectUrl: any;
|
|
50
|
-
}) => void;
|
|
51
|
-
export declare const extractRedirectUrls: (urls: string[] | string) => string[];
|
|
52
|
-
export declare const extractHostName: (url: string) => string | null;
|
|
53
|
-
export type AuthorizationCodeGrantResult = Awaited<ReturnType<typeof authorizationCodeGrant>>;
|
|
54
|
-
export declare const extractOIDCUserProfile: (tokens: AuthorizationCodeGrantResult, oidcConfig: Configuration) => Promise<{
|
|
55
|
-
claims: Partial<Profile & {
|
|
56
|
-
raw: Record<string, unknown>;
|
|
57
|
-
}>;
|
|
58
|
-
}>;
|
|
59
|
-
export declare const getScopeValues: (scope?: string) => string[];
|
|
60
|
-
export declare const getEncodedTenantProduct: (param: string) => {
|
|
61
|
-
tenant: string | null;
|
|
62
|
-
product: string | null;
|
|
63
|
-
} | null;
|
|
64
|
-
export declare const validateTenantAndProduct: (tenant: string, product: string) => void;
|
|
65
|
-
export declare const appID: (tenant: string, product: string) => string;
|
|
66
|
-
export declare const fedAppID: (tenant: string, product: string, type?: string) => string;
|
|
67
|
-
declare const wellKnownProviders: {
|
|
68
|
-
readonly 'okta.com': "Okta";
|
|
69
|
-
readonly 'sts.windows.net': "Entra ID";
|
|
70
|
-
readonly 'mocksaml.com': "MockSAML";
|
|
71
|
-
readonly 'onelogin.com': "OneLogin";
|
|
72
|
-
readonly 'keycloak.com': "Keycloak";
|
|
73
|
-
readonly 'jumpcloud.com': "JumpCloud";
|
|
74
|
-
readonly 'google.com': "Google";
|
|
75
|
-
readonly 'auth0.com': "Auth0";
|
|
76
|
-
readonly 'pingone.com': "PingOne";
|
|
77
|
-
};
|
|
78
|
-
export declare const findFriendlyProviderName: (providerName: string) => keyof typeof wellKnownProviders | "null";
|
|
79
|
-
export declare const transformConnections: (connections: Array<SAMLSSORecord | OIDCSSORecord>) => (SAMLSSORecord | OIDCSSORecord)[];
|
|
80
|
-
export declare const transformConnection: (connection: SAMLSSORecord | OIDCSSORecord) => SAMLSSORecord | OIDCSSORecord;
|
|
81
|
-
export declare const isLocalhost: (url: string) => boolean;
|
|
82
|
-
export declare const isConnectionActive: (connection: SAMLSSORecord | OIDCSSORecord | Directory) => boolean;
|
|
83
|
-
export declare const validateSortOrder: (sortOrder: unknown) => void;
|
|
84
|
-
export {};
|