@dvelop-sdk/identityprovider 4.0.0 → 4.0.3

package/README.md

@@ -9,7 +9,7 @@
   <a href="https://github.com/d-velop/dvelop-sdk-node">
     <img alt="GitHub" src="https://img.shields.io/badge/GitHub-dvelop--sdk--node-%23ff0844?logo=github&style=for-the-badge">
   </a>
-  <a href="https://github.com/d-velop/dvelop-sdk-node/blob/master/LICENSE">
+  <a href="https://github.com/d-velop/dvelop-sdk-node/blob/main/LICENSE">
     <img alt="license" src="https://img.shields.io/github/license/d-velop/dvelop-sdk-node?style=for-the-badge">
   </a
 

package/lib/authentication/validate-app-session-signature/validate-app-session-signature.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"validate-app-session-signature.d.ts","sourceRoot":"","sources":["../../../src/authentication/validate-app-session-signature/validate-app-session-signature.ts"],"names":[],"mappings":"AAEA;;;EAGE;AACF,qBAAa,+BAAgC,SAAQ,KAAK;;CAMzD;AAED;;;GAGG;AACH,MAAM,WAAW,UAAU;IACzB,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,2BAA2B,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,GAAG,IAAI,CAK5G"}
+{"version":3,"file":"validate-app-session-signature.d.ts","sourceRoot":"","sources":["../../../src/authentication/validate-app-session-signature/validate-app-session-signature.ts"],"names":[],"mappings":"AAEA;;;EAGE;AACF,qBAAa,+BAAgC,SAAQ,KAAK;;CAMzD;AAED;;;GAGG;AACH,MAAM,WAAW,UAAU;IACzB,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,2BAA2B,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,GAAG,IAAI,CAa5G"}

package/lib/authentication/validate-app-session-signature/validate-app-session-signature.js

@@ -47,8 +47,15 @@ exports.InvalidAppSessionSignatureError = InvalidAppSessionSignatureError;
  * @category Authentication
  */
 function validateAppSessionSignature(appName, requestId, appSession) {
-    var expectedSign = crypto_1.createHash("sha256").update(appName + appSession.authSessionId + appSession.expire + requestId, "utf8").digest("hex");
-    if (expectedSign !== appSession.sign) {
+    var validSignature = false;
+    try {
+        var expectedSign = crypto_1.createHash("sha256").update(appName + appSession.authSessionId + appSession.expire + requestId, "utf8").digest("hex");
+        validSignature = crypto_1.timingSafeEqual(Buffer.from(appSession.sign), Buffer.from(expectedSign));
+    }
+    catch (e) {
+        throw new InvalidAppSessionSignatureError();
+    }
+    if (!validSignature) {
         throw new InvalidAppSessionSignatureError();
     }
 }

package/lib/authentication/validate-app-session-signature/validate-app-session-signature.js.map

@@ -1 +1 @@
-{"version":3,"file":"validate-app-session-signature.js","sourceRoot":"","sources":["../../../src/authentication/validate-app-session-signature/validate-app-session-signature.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;AAAA,iCAAoC;AAEpC;;;EAGE;AACF;IAAqD,mDAAK;IACxD,0CAA0C;IAC1C;QAAA,YACE,kBAAM,uFAAuF,CAAC,SAE/F;QADC,MAAM,CAAC,cAAc,CAAC,KAAI,EAAE,+BAA+B,CAAC,SAAS,CAAC,CAAC;;IACzE,CAAC;IACH,sCAAC;AAAD,CAAC,AAND,CAAqD,KAAK,GAMzD;AANY,0EAA+B;AAkB5C;;;;;;;;;;;;;GAaG;AACH,SAAgB,2BAA2B,CAAC,OAAe,EAAE,SAAiB,EAAE,UAAsB;IACpG,IAAM,YAAY,GAAW,mBAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,GAAG,UAAU,CAAC,aAAa,GAAG,UAAU,CAAC,MAAM,GAAG,SAAS,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACnJ,IAAI,YAAY,KAAK,UAAU,CAAC,IAAI,EAAE;QACpC,MAAM,IAAI,+BAA+B,EAAE,CAAC;KAC7C;AACH,CAAC;AALD,kEAKC"}
+{"version":3,"file":"validate-app-session-signature.js","sourceRoot":"","sources":["../../../src/authentication/validate-app-session-signature/validate-app-session-signature.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;AAAA,iCAAqD;AAErD;;;EAGE;AACF;IAAqD,mDAAK;IACxD,0CAA0C;IAC1C;QAAA,YACE,kBAAM,uFAAuF,CAAC,SAE/F;QADC,MAAM,CAAC,cAAc,CAAC,KAAI,EAAE,+BAA+B,CAAC,SAAS,CAAC,CAAC;;IACzE,CAAC;IACH,sCAAC;AAAD,CAAC,AAND,CAAqD,KAAK,GAMzD;AANY,0EAA+B;AAkB5C;;;;;;;;;;;;;GAaG;AACH,SAAgB,2BAA2B,CAAC,OAAe,EAAE,SAAiB,EAAE,UAAsB;IAEpG,IAAI,cAAc,GAAY,KAAK,CAAC;IAEpC,IAAI;QACF,IAAM,YAAY,GAAW,mBAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,GAAG,UAAU,CAAC,aAAa,GAAG,UAAU,CAAC,MAAM,GAAG,SAAS,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnJ,cAAc,GAAG,wBAAe,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;KAC3F;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,IAAI,+BAA+B,EAAE,CAAC;KAC7C;IACD,IAAI,CAAC,cAAc,EAAE;QACnB,MAAM,IAAI,+BAA+B,EAAE,CAAC;KAC7C;AACH,CAAC;AAbD,kEAaC"}

package/lib/index.d.ts

@@ -10,11 +10,11 @@
   <a href="https://github.com/d-velop/dvelop-sdk-node">
     <img alt="GitHub" src="https://img.shields.io/badge/GitHub-dvelop--sdk--node-%23ff0844?logo=github&style=for-the-badge">
   </a>
-  <a href="https://github.com/d-velop/dvelop-sdk-node/blob/master/LICENSE">
+  <a href="https://github.com/d-velop/dvelop-sdk-node/blob/main/LICENSE">
     <img alt="license" src="https://img.shields.io/github/license/d-velop/dvelop-sdk-node?style=for-the-badge">
   </a
   </br>
-  <p>This package contains functionality for the <a href="https://developer.d-velop.de/documentation/idpapi/en">Identityprovider-App</a> in the d.velop cloud.</p>
+  <p>This package contains functionality for the <a href="https://developer.d-velop.de/documentation/idpapi/en/identityprovider-app-201523580.html">Identityprovider-App</a> in the d.velop cloud.</p>
   <a href="https://d-velop.github.io/dvelop-sdk-node/modules/identityprovider.html"><strong>Explore the docs »</strong></a>
   </br>
   <a href="https://www.npmjs.com/package/@dvelop-sdk/identityprovider"><strong>Install via npm »</strong></a>

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@dvelop-sdk/identityprovider",
   "description": "This package contains functionality for the Identityprovider-App in the d.velop cloud.",
-  "version": "4.0.0",
+  "version": "4.0.3",
   "license": "Apache-2.0",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",
@@ -23,6 +23,6 @@
     "license": "license-checker --production --onlyAllow Apache-2.0;MIT;ISC;BSD-2-Clause;BSD-3-Clause"
   },
   "dependencies": {
-    "@dvelop-sdk/core": "^2.0.0"
+    "@dvelop-sdk/core": "^2.1.2"
   }
-}
+}