@steedos/accounts 2.2.52-beta.36 → 2.2.52-beta.39

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (49) hide show
  1. package/lib/core/index.js +2 -2
  2. package/lib/core/index.js.map +1 -1
  3. package/lib/database-mongo/mongo.js +12 -12
  4. package/lib/database-mongo/mongo.js.map +1 -1
  5. package/lib/index.js +2 -19
  6. package/lib/index.js.map +1 -1
  7. package/package.json +12 -16
  8. package/src/core/index.ts +2 -2
  9. package/src/database-mongo/mongo.ts +26 -26
  10. package/src/index.ts +2 -16
  11. package/lib/oauth2/client.js +0 -1
  12. package/lib/oauth2/client.js.map +0 -1
  13. package/lib/oauth2/config.js +0 -14
  14. package/lib/oauth2/config.js.map +0 -1
  15. package/lib/oauth2/consent.js +0 -192
  16. package/lib/oauth2/consent.js.map +0 -1
  17. package/lib/oauth2/login.js +0 -166
  18. package/lib/oauth2/login.js.map +0 -1
  19. package/lib/oauth2/logout.js +0 -60
  20. package/lib/oauth2/logout.js.map +0 -1
  21. package/lib/oauth2/stub/oidc-cert.js +0 -67
  22. package/lib/oauth2/stub/oidc-cert.js.map +0 -1
  23. package/lib/saml-idp/config.js +0 -82
  24. package/lib/saml-idp/config.js.map +0 -1
  25. package/lib/saml-idp/connectedApps.js +0 -20
  26. package/lib/saml-idp/connectedApps.js.map +0 -1
  27. package/lib/saml-idp/express-middleware.js +0 -684
  28. package/lib/saml-idp/express-middleware.js.map +0 -1
  29. package/lib/saml-idp/index.js +0 -13
  30. package/lib/saml-idp/index.js.map +0 -1
  31. package/lib/saml-idp/simpleProfileMapper.js +0 -75
  32. package/lib/saml-idp/simpleProfileMapper.js.map +0 -1
  33. package/src/oauth2/client.ts +0 -0
  34. package/src/oauth2/config.ts +0 -15
  35. package/src/oauth2/consent.ts +0 -208
  36. package/src/oauth2/login.ts +0 -179
  37. package/src/oauth2/logout.ts +0 -66
  38. package/src/oauth2/stub/oidc-cert.ts +0 -86
  39. package/src/saml-idp/config.js +0 -85
  40. package/src/saml-idp/connectedApps.ts +0 -16
  41. package/src/saml-idp/express-middleware.js +0 -811
  42. package/src/saml-idp/index.ts +0 -14
  43. package/src/saml-idp/simpleProfileMapper.js +0 -82
  44. package/src/saml-idp/views/error.hbs +0 -11
  45. package/src/saml-idp/views/layout.hbs +0 -72
  46. package/src/saml-idp/views/samlresponse.hbs +0 -20
  47. package/src/saml-idp/views/settings.hbs +0 -175
  48. package/src/saml-idp/views/user.hbs +0 -261
  49. package/views/oauth2/consent.pug +0 -141
@@ -1,60 +0,0 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- var express = require("express");
4
- var url = require("url");
5
- var config_1 = require("./config");
6
- var csrf = require('csurf');
7
- var urljoin = require('url-join');
8
- // Sets up csrf protection
9
- var csrfProtection = csrf({ cookie: true });
10
- var router = express.Router();
11
- router.get('/', csrfProtection, function (req, res, next) {
12
- // Parses the URL query
13
- var query = url.parse(req.url, true).query;
14
- // The challenge is used to fetch information about the logout request from ORY Hydra.
15
- var challenge = String(query.logout_challenge);
16
- if (!challenge) {
17
- next(new Error('Expected a logout challenge to be set but received none.'));
18
- return;
19
- }
20
- config_1.hydraAdmin
21
- .getLogoutRequest(challenge)
22
- // This will be called if the HTTP request was successful
23
- .then(function () {
24
- // Here we have access to e.g. response.subject, response.sid, ...
25
- // The most secure way to perform a logout request is by asking the user if he/she really want to log out.
26
- return res.status(200).send({
27
- csrfToken: req.csrfToken(),
28
- challenge: challenge,
29
- action: urljoin(process.env.BASE_URL || '', '/logout')
30
- });
31
- })
32
- // This will handle any error that happens when making HTTP calls to hydra
33
- .catch(next);
34
- });
35
- router.post('/', csrfProtection, function (req, res, next) {
36
- // The challenge is now a hidden input field, so let's take it from the request body instead
37
- var challenge = req.body.challenge;
38
- if (req.body.submit === 'No') {
39
- return (config_1.hydraAdmin
40
- .rejectLogoutRequest(challenge)
41
- .then(function () {
42
- // The user did not want to log out. Let's redirect him back somewhere or do something else.
43
- res.redirect('https://www.ory.sh/');
44
- })
45
- // This will handle any error that happens when making HTTP calls to hydra
46
- .catch(next));
47
- }
48
- // The user agreed to log out, let's accept the logout request.
49
- config_1.hydraAdmin
50
- .acceptLogoutRequest(challenge)
51
- .then(function (_a) {
52
- var body = _a.data;
53
- // All we need to do now is to redirect the user back to hydra!
54
- res.redirect(String(body.redirect_to));
55
- })
56
- // This will handle any error that happens when making HTTP calls to hydra
57
- .catch(next);
58
- });
59
- exports.default = router;
60
- //# sourceMappingURL=logout.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"logout.js","sourceRoot":"","sources":["../../src/oauth2/logout.ts"],"names":[],"mappings":";;AAAA,iCAAkC;AAClC,yBAA0B;AAC1B,mCAAqC;AACrC,IAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;AAC9B,IAAM,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;AACpC,0BAA0B;AAC1B,IAAM,cAAc,GAAG,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAA;AAC7C,IAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAA;AAE/B,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,cAAc,EAAE,UAAC,GAAG,EAAE,GAAG,EAAE,IAAI;IAC7C,uBAAuB;IACvB,IAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,KAAK,CAAA;IAE5C,sFAAsF;IACtF,IAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAA;IAChD,IAAI,CAAC,SAAS,EAAE;QACd,IAAI,CAAC,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC,CAAA;QAC3E,OAAM;KACP;IAED,mBAAU;SACP,gBAAgB,CAAC,SAAS,CAAC;QAC5B,yDAAyD;SACxD,IAAI,CAAC;QACJ,kEAAkE;QAElE,0GAA0G;QAC1G,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YAC1B,SAAS,EAAG,GAAW,CAAC,SAAS,EAAE;YACnC,SAAS,EAAE,SAAS;YACpB,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,EAAE,EAAE,SAAS,CAAC;SACvD,CAAC,CAAA;IACJ,CAAC,CAAC;QACF,0EAA0E;SACzE,KAAK,CAAC,IAAI,CAAC,CAAA;AAChB,CAAC,CAAC,CAAA;AAEF,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,EAAE,UAAC,GAAG,EAAE,GAAG,EAAE,IAAI;IAC9C,4FAA4F;IAC5F,IAAM,SAAS,GAAG,GAAG,CAAC,IAAI,CAAC,SAAS,CAAA;IAEpC,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,KAAK,IAAI,EAAE;QAC5B,OAAO,CACL,mBAAU;aACP,mBAAmB,CAAC,SAAS,CAAC;aAC9B,IAAI,CAAC;YACJ,4FAA4F;YAC5F,GAAG,CAAC,QAAQ,CAAC,qBAAqB,CAAC,CAAA;QACrC,CAAC,CAAC;YACF,0EAA0E;aACzE,KAAK,CAAC,IAAI,CAAC,CACf,CAAA;KACF;IAED,+DAA+D;IAC/D,mBAAU;SACP,mBAAmB,CAAC,SAAS,CAAC;SAC9B,IAAI,CAAC,UAAC,EAAc;YAAN,IAAI,UAAA;QACjB,+DAA+D;QAC/D,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAA;IACxC,CAAC,CAAC;QACF,0EAA0E;SACzE,KAAK,CAAC,IAAI,CAAC,CAAA;AAChB,CAAC,CAAC,CAAA;AAEF,kBAAe,MAAM,CAAA"}
@@ -1,67 +0,0 @@
1
- "use strict";
2
- // This file contains logic which is used when running this application as part of the
3
- // OpenID Connect Conformance test suite. You can use it for inspiration, but please
4
- // do not use it in production as is.
5
- Object.defineProperty(exports, "__esModule", { value: true });
6
- exports.oidcConformityMaybeFakeSession = exports.oidcConformityMaybeFakeAcr = void 0;
7
- var tslib_1 = require("tslib");
8
- var oidcConformityMaybeFakeAcr = function (request, fallback) {
9
- var _a;
10
- if (process.env.CONFORMITY_FAKE_CLAIMS !== '1') {
11
- return fallback;
12
- }
13
- return ((_a = request.oidc_context) === null || _a === void 0 ? void 0 : _a.acr_values) &&
14
- request.oidc_context.acr_values.length > 0
15
- ? request.oidc_context.acr_values[request.oidc_context.acr_values.length - 1]
16
- : fallback;
17
- };
18
- exports.oidcConformityMaybeFakeAcr = oidcConformityMaybeFakeAcr;
19
- var oidcConformityMaybeFakeSession = function (grantScope, request, session) {
20
- if (process.env.CONFORMITY_FAKE_CLAIMS !== '1') {
21
- return session;
22
- }
23
- var idToken = {};
24
- // If the email scope was granted, fake the email claims.
25
- if (grantScope.indexOf('email') > -1) {
26
- // But only do so if the email was requested!
27
- idToken.email = 'foo@bar.com';
28
- idToken.email_verified = true;
29
- }
30
- // If the phone scope was granted, fake the phone claims.
31
- if (grantScope.indexOf('phone') > -1) {
32
- idToken.phone_number = '1337133713371337';
33
- idToken.phone_number_verified = true;
34
- }
35
- // If the profile scope was granted, fake the profile claims.
36
- if (grantScope.indexOf('profile') > -1) {
37
- idToken.name = 'Foo Bar';
38
- idToken.given_name = 'Foo';
39
- idToken.family_name = 'Bar';
40
- idToken.website = 'https://www.ory.sh';
41
- idToken.zoneinfo = 'Europe/Belrin';
42
- idToken.birthdate = '1.1.2014';
43
- idToken.gender = 'robot';
44
- idToken.profile = 'https://www.ory.sh';
45
- idToken.preferred_username = 'robot';
46
- idToken.middle_name = 'Baz';
47
- idToken.locale = 'en-US';
48
- idToken.picture =
49
- 'https://raw.githubusercontent.com/ory/web/master/static/images/favico.png';
50
- idToken.updated_at = 1604416603;
51
- idToken.nickname = 'foobot';
52
- }
53
- // If the address scope was granted, fake the address claims.
54
- if (grantScope.indexOf('address') > -1) {
55
- idToken.address = {
56
- country: 'Localhost',
57
- region: 'Intranet',
58
- street_address: 'Local Street 1337'
59
- };
60
- }
61
- return {
62
- access_token: session.access_token,
63
- id_token: tslib_1.__assign(tslib_1.__assign({}, idToken), session.id_token)
64
- };
65
- };
66
- exports.oidcConformityMaybeFakeSession = oidcConformityMaybeFakeSession;
67
- //# sourceMappingURL=oidc-cert.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"oidc-cert.js","sourceRoot":"","sources":["../../../src/oauth2/stub/oidc-cert.ts"],"names":[],"mappings":";AAAA,sFAAsF;AACtF,oFAAoF;AACpF,qCAAqC;;;;AAQ9B,IAAM,0BAA0B,GAAG,UACxC,OAAqB,EACrB,QAAgB;;IAEhB,IAAI,OAAO,CAAC,GAAG,CAAC,sBAAsB,KAAK,GAAG,EAAE;QAC9C,OAAO,QAAQ,CAAA;KAChB;IAED,OAAO,CAAA,MAAA,OAAO,CAAC,YAAY,0CAAE,UAAU;QACrC,OAAO,CAAC,YAAY,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC;QAC1C,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,UAAU,CAC7B,OAAO,CAAC,YAAY,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAC3C;QACH,CAAC,CAAC,QAAQ,CAAA;AACd,CAAC,CAAA;AAdY,QAAA,0BAA0B,8BActC;AAEM,IAAM,8BAA8B,GAAG,UAC5C,UAAoB,EACpB,OAAuB,EACvB,OAA8B;IAE9B,IAAI,OAAO,CAAC,GAAG,CAAC,sBAAsB,KAAK,GAAG,EAAE;QAC9C,OAAO,OAAO,CAAA;KACf;IAED,IAAM,OAAO,GAA2B,EAAE,CAAA;IAE1C,yDAAyD;IACzD,IAAI,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE;QACpC,6CAA6C;QAC7C,OAAO,CAAC,KAAK,GAAG,aAAa,CAAA;QAC7B,OAAO,CAAC,cAAc,GAAG,IAAI,CAAA;KAC9B;IAED,yDAAyD;IACzD,IAAI,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE;QACpC,OAAO,CAAC,YAAY,GAAG,kBAAkB,CAAA;QACzC,OAAO,CAAC,qBAAqB,GAAG,IAAI,CAAA;KACrC;IAED,6DAA6D;IAC7D,IAAI,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,EAAE;QACtC,OAAO,CAAC,IAAI,GAAG,SAAS,CAAA;QACxB,OAAO,CAAC,UAAU,GAAG,KAAK,CAAA;QAC1B,OAAO,CAAC,WAAW,GAAG,KAAK,CAAA;QAC3B,OAAO,CAAC,OAAO,GAAG,oBAAoB,CAAA;QACtC,OAAO,CAAC,QAAQ,GAAG,eAAe,CAAA;QAClC,OAAO,CAAC,SAAS,GAAG,UAAU,CAAA;QAC9B,OAAO,CAAC,MAAM,GAAG,OAAO,CAAA;QACxB,OAAO,CAAC,OAAO,GAAG,oBAAoB,CAAA;QACtC,OAAO,CAAC,kBAAkB,GAAG,OAAO,CAAA;QACpC,OAAO,CAAC,WAAW,GAAG,KAAK,CAAA;QAC3B,OAAO,CAAC,MAAM,GAAG,OAAO,CAAA;QACxB,OAAO,CAAC,OAAO;YACb,2EAA2E,CAAA;QAC7E,OAAO,CAAC,UAAU,GAAG,UAAU,CAAA;QAC/B,OAAO,CAAC,QAAQ,GAAG,QAAQ,CAAA;KAC5B;IAED,6DAA6D;IAC7D,IAAI,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,EAAE;QACtC,OAAO,CAAC,OAAO,GAAG;YAChB,OAAO,EAAE,WAAW;YACpB,MAAM,EAAE,UAAU;YAClB,cAAc,EAAE,mBAAmB;SACpC,CAAA;KACF;IAED,OAAO;QACL,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,QAAQ,wCACH,OAAO,GACP,OAAO,CAAC,QAAQ,CACpB;KACF,CAAA;AACH,CAAC,CAAA;AA3DY,QAAA,8BAA8B,kCA2D1C"}
@@ -1,82 +0,0 @@
1
- /**
2
- * User Profile
3
- */
4
- var profile = {
5
- userName: 'zhuangjianguo@steedos.com',
6
- nameIdFormat: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
7
- firstName: 'Jack',
8
- lastName: 'Zhuang',
9
- displayName: 'Jack Zhuang',
10
- email: 'zhuangjianguo@steedos.com',
11
- mobilePhone: '+86-01777701',
12
- groups: 'Users'
13
- };
14
- /**
15
- * SAML Attribute Metadata
16
- */
17
- var metadata = [
18
- // {
19
- // id: "firstName",
20
- // optional: false,
21
- // displayName: 'First Name',
22
- // description: 'The given name of the user',
23
- // multiValue: false
24
- // }, {
25
- // id: "lastName",
26
- // optional: false,
27
- // displayName: 'Last Name',
28
- // description: 'The surname of the user',
29
- // multiValue: false
30
- // },
31
- {
32
- id: "userId",
33
- optional: true,
34
- displayName: 'User Id',
35
- description: 'The id of the user',
36
- multiValue: false
37
- },
38
- {
39
- id: "username",
40
- optional: true,
41
- displayName: 'User Name',
42
- description: 'The username of the user',
43
- multiValue: false
44
- },
45
- {
46
- id: "name",
47
- optional: true,
48
- displayName: 'Display Name',
49
- description: 'The display name of the user',
50
- multiValue: false
51
- }, {
52
- id: "email",
53
- optional: false,
54
- displayName: 'E-Mail Address',
55
- description: 'The e-mail address of the user',
56
- multiValue: false
57
- }, {
58
- id: "mobile",
59
- optional: true,
60
- displayName: 'Mobile',
61
- description: 'The mobile phone of the user',
62
- multiValue: false
63
- },
64
- // {
65
- // id: "groups",
66
- // optional: true,
67
- // displayName: 'Groups',
68
- // description: 'Group memberships of the user',
69
- // multiValue: true
70
- // }, {
71
- // id: "userType",
72
- // optional: true,
73
- // displayName: 'User Type',
74
- // description: 'The type of user',
75
- // options: ['Admin', 'User']
76
- // }
77
- ];
78
- module.exports = {
79
- user: profile,
80
- metadata: metadata
81
- };
82
- //# sourceMappingURL=config.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/saml-idp/config.js"],"names":[],"mappings":"AACA;;GAEG;AACH,IAAI,OAAO,GAAG;IACV,QAAQ,EAAE,2BAA2B;IACrC,YAAY,EAAE,wDAAwD;IACtE,SAAS,EAAE,MAAM;IACjB,QAAQ,EAAE,QAAQ;IAClB,WAAW,EAAE,aAAa;IAC1B,KAAK,EAAE,2BAA2B;IAClC,WAAW,EAAE,cAAc;IAC3B,MAAM,EAAE,OAAO;CAChB,CAAA;AAED;;GAEG;AACH,IAAI,QAAQ,GAAG;IACf,IAAI;IACJ,qBAAqB;IACrB,qBAAqB;IACrB,+BAA+B;IAC/B,+CAA+C;IAC/C,sBAAsB;IACtB,OAAO;IACP,oBAAoB;IACpB,qBAAqB;IACrB,8BAA8B;IAC9B,4CAA4C;IAC5C,sBAAsB;IACtB,MAAM;IACN;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,IAAI;QACd,WAAW,EAAE,SAAS;QACtB,WAAW,EAAE,oBAAoB;QACjC,UAAU,EAAE,KAAK;KAClB;IACD;QACE,EAAE,EAAE,UAAU;QACd,QAAQ,EAAE,IAAI;QACd,WAAW,EAAE,WAAW;QACxB,WAAW,EAAE,0BAA0B;QACvC,UAAU,EAAE,KAAK;KAClB;IACD;QACE,EAAE,EAAE,MAAM;QACV,QAAQ,EAAE,IAAI;QACd,WAAW,EAAE,cAAc;QAC3B,WAAW,EAAE,8BAA8B;QAC3C,UAAU,EAAE,KAAK;KAClB,EAAE;QACD,EAAE,EAAE,OAAO;QACX,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,gBAAgB;QAC7B,WAAW,EAAE,gCAAgC;QAC7C,UAAU,EAAE,KAAK;KAClB,EAAC;QACA,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,IAAI;QACd,WAAW,EAAE,QAAQ;QACrB,WAAW,EAAE,8BAA8B;QAC3C,UAAU,EAAE,KAAK;KAClB;IACD,IAAI;IACJ,kBAAkB;IAClB,oBAAoB;IACpB,2BAA2B;IAC3B,kDAAkD;IAClD,qBAAqB;IACrB,OAAO;IACP,oBAAoB;IACpB,oBAAoB;IACpB,8BAA8B;IAC9B,qCAAqC;IACrC,+BAA+B;IAC/B,IAAI;CACL,CAAC;AAEA,MAAM,CAAC,OAAO,GAAG;IACf,IAAI,EAAE,OAAO;IACb,QAAQ,EAAE,QAAQ;CACnB,CAAA"}
@@ -1,20 +0,0 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.connectedApps = void 0;
4
- exports.connectedApps = {
5
- sogo: {
6
- acsUrl: "https://mail.steedos.cn/SOGo/saml2-signon-post",
7
- audience: "https://mail.steedos.cn/SOGo/saml2/artifactResponse",
8
- },
9
- salesforce: {
10
- issuer: "http://192.168.0.50:4000/accounts/saml/",
11
- acsUrl: "https://steedos-dev-ed.my.salesforce.com?so=00D7F000000q6uO",
12
- audience: "https://steedos-dev-ed.my.salesforce.com/",
13
- },
14
- auth0: {
15
- issuer: "urn:auth0:hotlong:Steedos",
16
- acsUrl: "https://hotlong.auth0.com/login/callback?connection=Steedos",
17
- audience: "urn:auth0:hotlong:Steedos",
18
- }
19
- };
20
- //# sourceMappingURL=connectedApps.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"connectedApps.js","sourceRoot":"","sources":["../../src/saml-idp/connectedApps.ts"],"names":[],"mappings":";;;AAAa,QAAA,aAAa,GAAG;IAC3B,IAAI,EAAE;QACJ,MAAM,EAAE,gDAAgD;QACxD,QAAQ,EAAE,qDAAqD;KAChE;IACD,UAAU,EAAE;QACV,MAAM,EAAE,yCAAyC;QACjD,MAAM,EAAE,6DAA6D;QACrE,QAAQ,EAAE,2CAA2C;KACtD;IACD,KAAK,EAAE;QACL,MAAM,EAAE,2BAA2B;QACnC,MAAM,EAAE,6DAA6D;QACrE,QAAQ,EAAE,2BAA2B;KACtC;CACF,CAAA"}