@tachybase/plugin-auth-saml 0.23.8

package/dist/node_modules/@node-saml/node-saml/lib/types.d.ts

@@ -0,0 +1,219 @@
+/// <reference types="node" />
+export declare type SignatureAlgorithm = "sha1" | "sha256" | "sha512";
+export interface SamlSigningOptions {
+    privateKey: string | Buffer;
+    signatureAlgorithm?: SignatureAlgorithm;
+    xmlSignatureTransforms?: string[];
+    digestAlgorithm?: string;
+}
+export declare const isValidSamlSigningOptions: (options: Partial<SamlSigningOptions>) => options is SamlSigningOptions;
+export interface AudienceRestrictionXML {
+    Audience?: XMLObject[];
+}
+export interface CacheItem {
+    value: string;
+    createdAt: number;
+}
+export interface CacheProvider {
+    saveAsync(key: string, value: string): Promise<CacheItem | null>;
+    getAsync(key: string): Promise<string | null>;
+    removeAsync(key: string | null): Promise<string | null>;
+}
+export declare type XMLValue = string | number | boolean | null | XMLObject | XMLValue[];
+export declare type XMLObject = {
+    [key: string]: XMLValue;
+};
+export declare type XMLInput = XMLObject;
+export declare type XMLOutput = Record<string, any>;
+export declare type AuthorizeRequestXML = {
+    "samlp:AuthnRequest": XMLInput;
+};
+export declare type XmlJsObject = {
+    [key: string]: string | XmlJsObject | XmlJsObject[] | undefined;
+    $?: {
+        Value: string;
+    };
+    _?: string;
+};
+export declare type SamlResponseXmlJs = XmlJsObject & {
+    Response?: SamlAssertionXmlJs | SamlStatusXmlJs;
+    LogoutResponse?: unknown;
+};
+export declare type SamlRequestXmlJs = {
+    Request: unknown;
+};
+export declare type SamlAssertionXmlJs = {
+    Assertion: unknown;
+};
+export declare type SamlStatusXmlJs = {
+    Status: [
+        {
+            StatusCode: [XmlJsObject & {
+                StatusCode: [XmlJsObject];
+            }];
+            StatusMessage: [XmlJsObject];
+        }
+    ];
+};
+export declare type CertCallback = (callback: (err: Error | null, cert?: string | string[]) => void) => void;
+/**
+ * These are SAML options that must be provided to construct a new SAML Strategy
+ */
+export interface MandatorySamlOptions {
+    cert: string | string[] | CertCallback;
+    issuer: string;
+}
+export interface SamlIDPListConfig {
+    entries: SamlIDPEntryConfig[];
+    getComplete?: string;
+}
+export interface SamlIDPEntryConfig {
+    providerId: string;
+    name?: string;
+    loc?: string;
+}
+export declare type LogoutRequestXML = {
+    "samlp:LogoutRequest": {
+        "saml:NameID": XMLInput;
+        [key: string]: XMLValue;
+    };
+};
+export declare type ServiceMetadataXML = {
+    EntityDescriptor: {
+        [key: string]: XMLValue;
+        SPSSODescriptor: XMLObject;
+    };
+};
+export interface NameID {
+    value: string | null;
+    format: string | null;
+}
+export interface XmlSignatureLocation {
+    reference: string;
+    action: "append" | "prepend" | "before" | "after";
+}
+export declare type RacComparision = "exact" | "minimum" | "maximum" | "better";
+interface SamlScopingConfig {
+    idpList?: SamlIDPListConfig[];
+    proxyCount?: number;
+    requesterId?: string[] | string;
+}
+export declare enum ValidateInResponseTo {
+    never = "never",
+    ifPresent = "ifPresent",
+    always = "always"
+}
+/**
+ * The options required to use a SAML strategy
+ * These may be provided by means of defaults specified in the constructor
+ */
+export interface SamlOptions extends Partial<SamlSigningOptions>, MandatorySamlOptions {
+    callbackUrl?: string;
+    path: string;
+    protocol?: string;
+    host: string;
+    entryPoint?: string;
+    decryptionPvk?: string | Buffer;
+    additionalParams: Record<string, string>;
+    additionalAuthorizeParams: Record<string, string>;
+    identifierFormat: string | null;
+    allowCreate: boolean;
+    spNameQualifier?: string | null;
+    acceptedClockSkewMs: number;
+    attributeConsumingServiceIndex?: string;
+    disableRequestedAuthnContext: boolean;
+    authnContext: string[];
+    forceAuthn: boolean;
+    skipRequestCompression: boolean;
+    authnRequestBinding?: string;
+    racComparison: RacComparision;
+    providerName?: string;
+    passive: boolean;
+    idpIssuer?: string;
+    audience: string | false;
+    scoping?: SamlScopingConfig;
+    wantAssertionsSigned: boolean;
+    wantAuthnResponseSigned: boolean;
+    maxAssertionAgeMs: number;
+    generateUniqueId: () => string;
+    signMetadata: boolean;
+    validateInResponseTo: ValidateInResponseTo;
+    requestIdExpirationPeriodMs: number;
+    cacheProvider: CacheProvider;
+    logoutUrl: string;
+    additionalLogoutParams: Record<string, string>;
+    logoutCallbackUrl?: string;
+    disableRequestAcsUrl: boolean;
+    samlAuthnRequestExtensions?: Record<string, unknown>;
+    samlLogoutRequestExtensions?: Record<string, unknown>;
+    metadataContactPerson?: {
+        "@contactType": "technical" | "support" | "administrative" | "billing" | "other";
+        Extensions?: string;
+        Company?: string;
+        GivenName?: string;
+        SurName?: string;
+        EmailAddress?: [string];
+        TelephoneNumber?: [string];
+    }[];
+    metadataOrganization?: {
+        OrganizationName: {
+            "@xml:lang": string;
+            "#text": string;
+        }[];
+        OrganizationDisplayName: {
+            "@xml:lang": string;
+            "#text": string;
+        }[];
+        OrganizationURL: {
+            "@xml:lang": string;
+            "#text": string;
+        }[];
+    };
+}
+export interface GenerateServiceProviderMetadataParams {
+    decryptionCert?: string | null;
+    signingCerts?: string | string[] | null;
+    issuer: SamlOptions["issuer"];
+    callbackUrl: SamlOptions["callbackUrl"];
+    logoutCallbackUrl?: SamlOptions["logoutCallbackUrl"];
+    identifierFormat?: SamlOptions["identifierFormat"];
+    wantAssertionsSigned: SamlOptions["wantAssertionsSigned"];
+    decryptionPvk?: SamlOptions["decryptionPvk"];
+    privateKey?: SamlOptions["privateKey"];
+    signatureAlgorithm?: SamlOptions["signatureAlgorithm"];
+    xmlSignatureTransforms?: SamlOptions["xmlSignatureTransforms"];
+    digestAlgorithm?: SamlOptions["digestAlgorithm"];
+    signMetadata?: SamlOptions["signMetadata"];
+    metadataContactPerson?: SamlOptions["metadataContactPerson"];
+    metadataOrganization?: SamlOptions["metadataOrganization"];
+    generateUniqueId: SamlOptions["generateUniqueId"];
+}
+export interface StrategyOptions {
+    name?: string;
+    passReqToCallback?: boolean;
+}
+/**
+ * These options are availble for configuring a SAML strategy
+ */
+export declare type SamlConfig = Partial<SamlOptions> & StrategyOptions & MandatorySamlOptions;
+export interface Profile {
+    issuer: string;
+    sessionIndex?: string;
+    nameID: string;
+    nameIDFormat: string;
+    nameQualifier?: string;
+    spNameQualifier?: string;
+    ID?: string;
+    mail?: string;
+    email?: string;
+    ["urn:oid:0.9.2342.19200300.100.1.3"]?: string;
+    getAssertionXml?(): string;
+    getAssertion?(): Record<string, unknown>;
+    getSamlResponseXml?(): string;
+    [attributeName: string]: unknown;
+}
+export declare class ErrorWithXmlStatus extends Error {
+    readonly xmlStatus: string;
+    constructor(message: string, xmlStatus: string);
+}
+export {};

package/dist/node_modules/@node-saml/node-saml/lib/types.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ErrorWithXmlStatus = exports.ValidateInResponseTo = exports.isValidSamlSigningOptions = void 0;
+const isValidSamlSigningOptions = (options) => {
+    return options.privateKey != null;
+};
+exports.isValidSamlSigningOptions = isValidSamlSigningOptions;
+var ValidateInResponseTo;
+(function (ValidateInResponseTo) {
+    ValidateInResponseTo["never"] = "never";
+    ValidateInResponseTo["ifPresent"] = "ifPresent";
+    ValidateInResponseTo["always"] = "always";
+})(ValidateInResponseTo = exports.ValidateInResponseTo || (exports.ValidateInResponseTo = {}));
+class ErrorWithXmlStatus extends Error {
+    constructor(message, xmlStatus) {
+        super(message);
+        this.xmlStatus = xmlStatus;
+    }
+}
+exports.ErrorWithXmlStatus = ErrorWithXmlStatus;
+//# sourceMappingURL=types.js.map

package/dist/node_modules/@node-saml/node-saml/lib/utility.d.ts

@@ -0,0 +1,5 @@
+import { SamlSigningOptions } from "./types";
+export declare function assertRequired<T>(value: T | null | undefined, error?: string): asserts value;
+export declare function assertBooleanIfPresent<T>(value: T | null | undefined, error?: string): asserts value;
+export declare function signXmlResponse(samlMessage: string, options: SamlSigningOptions): string;
+export declare function signXmlMetadata(metadataXml: string, options: SamlSigningOptions): string;

package/dist/node_modules/@node-saml/node-saml/lib/utility.js

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.signXmlMetadata = exports.signXmlResponse = exports.assertBooleanIfPresent = exports.assertRequired = void 0;
+const xml_1 = require("./xml");
+function assertRequired(value, error) {
+    if (value === undefined || value === null || (typeof value === "string" && value.length === 0)) {
+        throw new TypeError(error !== null && error !== void 0 ? error : "value does not exist");
+    }
+}
+exports.assertRequired = assertRequired;
+function assertBooleanIfPresent(value, error) {
+    if (value != null && typeof value != "boolean") {
+        throw new TypeError(error !== null && error !== void 0 ? error : "value is set but not boolean");
+    }
+}
+exports.assertBooleanIfPresent = assertBooleanIfPresent;
+function signXmlResponse(samlMessage, options) {
+    const responseXpath = '//*[local-name(.)="Response" and namespace-uri(.)="urn:oasis:names:tc:SAML:2.0:protocol"]';
+    return (0, xml_1.signXml)(samlMessage, responseXpath, { reference: responseXpath, action: "append" }, options);
+}
+exports.signXmlResponse = signXmlResponse;
+function signXmlMetadata(metadataXml, options) {
+    const metadataXpath = '//*[local-name(.)="EntityDescriptor" and namespace-uri(.)="urn:oasis:names:tc:SAML:2.0:metadata"]';
+    return (0, xml_1.signXml)(metadataXml, metadataXpath, { reference: metadataXpath, action: "prepend" }, options);
+}
+exports.signXmlMetadata = signXmlMetadata;
+//# sourceMappingURL=utility.js.map

package/dist/node_modules/@node-saml/node-saml/lib/xml.d.ts

@@ -0,0 +1,26 @@
+/// <reference types="node" />
+import { NameID, SamlSigningOptions, XmlJsObject, XMLOutput, XmlSignatureLocation } from "./types";
+export declare const xpath: {
+    selectAttributes: (node: Node, xpath: string) => Attr[];
+    selectElements: (node: Node, xpath: string) => Element[];
+};
+export declare const decryptXml: (xml: string, decryptionKey: string | Buffer) => Promise<string>;
+/**
+ * This function checks that the |currentNode| in the |fullXml| document contains exactly 1 valid
+ *   signature of the |currentNode|.
+ *
+ * See https://github.com/bergie/passport-saml/issues/19 for references to some of the attack
+ *   vectors against SAML signature verification.
+ */
+export declare const validateSignature: (fullXml: string, currentNode: Element, certs: string[]) => boolean;
+/**
+ * This function checks that the |signature| is signed with a given |cert|.
+ */
+export declare const validateXmlSignatureForCert: (signature: Node, certPem: string, fullXml: string, currentNode: Element) => boolean;
+export declare const signXml: (xml: string, xpath: string, location: XmlSignatureLocation, options: SamlSigningOptions) => string;
+export declare const parseDomFromString: (xml: string) => Promise<Document>;
+export declare const parseXml2JsFromString: (xml: string | Buffer) => Promise<XmlJsObject>;
+export declare const buildXml2JsObject: (rootName: string, xml: XmlJsObject) => string;
+export declare const buildXmlBuilderObject: (xml: XMLOutput, pretty: boolean) => string;
+export declare const promiseWithNameId: (nameid: Node) => Promise<NameID>;
+export declare const getNameIdAsync: (doc: Node, decryptionPvk: string | Buffer | null) => Promise<NameID>;

package/dist/node_modules/@node-saml/node-saml/lib/xml.js

@@ -0,0 +1,234 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getNameIdAsync = exports.promiseWithNameId = exports.buildXmlBuilderObject = exports.buildXml2JsObject = exports.parseXml2JsFromString = exports.parseDomFromString = exports.signXml = exports.validateXmlSignatureForCert = exports.validateSignature = exports.decryptXml = exports.xpath = void 0;
+const util = require("util");
+const xmlCrypto = require("xml-crypto");
+const xmlenc = require("xml-encryption");
+const xmldom = require("@xmldom/xmldom");
+const xml2js = require("xml2js");
+const xmlbuilder = require("xmlbuilder");
+const types_1 = require("./types");
+const algorithms = require("./algorithms");
+const utility_1 = require("./utility");
+const crypto_1 = require("./crypto");
+const selectXPath = (guard, node, xpath) => {
+    const result = xmlCrypto.xpath(node, xpath);
+    if (!guard(result)) {
+        throw new Error("invalid xpath return type");
+    }
+    return result;
+};
+const attributesXPathTypeGuard = (values) => {
+    return values.every((value) => {
+        if (typeof value != "object") {
+            return false;
+        }
+        return typeof value.nodeType === "number" && value.nodeType === value.ATTRIBUTE_NODE;
+    });
+};
+const elementsXPathTypeGuard = (values) => {
+    return values.every((value) => {
+        if (typeof value != "object") {
+            return false;
+        }
+        return typeof value.nodeType === "number" && value.nodeType === value.ELEMENT_NODE;
+    });
+};
+exports.xpath = {
+    selectAttributes: (node, xpath) => selectXPath(attributesXPathTypeGuard, node, xpath),
+    selectElements: (node, xpath) => selectXPath(elementsXPathTypeGuard, node, xpath),
+};
+const decryptXml = async (xml, decryptionKey) => util.promisify(xmlenc.decrypt).bind(xmlenc)(xml, { key: decryptionKey });
+exports.decryptXml = decryptXml;
+/**
+ * we can use this utility before passing XML to `xml-crypto`
+ * we are considered the XML processor and are responsible for newline normalization
+ * https://github.com/node-saml/passport-saml/issues/431#issuecomment-718132752
+ */
+const normalizeNewlines = (xml) => {
+    return xml.replace(/\r\n?/g, "\n");
+};
+/**
+ * This function checks that the |currentNode| in the |fullXml| document contains exactly 1 valid
+ *   signature of the |currentNode|.
+ *
+ * See https://github.com/bergie/passport-saml/issues/19 for references to some of the attack
+ *   vectors against SAML signature verification.
+ */
+const validateSignature = (fullXml, currentNode, certs) => {
+    const xpathSigQuery = ".//*[" +
+        "local-name(.)='Signature' and " +
+        "namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#' and " +
+        "descendant::*[local-name(.)='Reference' and @URI='#" +
+        currentNode.getAttribute("ID") +
+        "']" +
+        "]";
+    const signatures = exports.xpath.selectElements(currentNode, xpathSigQuery);
+    // This function is expecting to validate exactly one signature, so if we find more or fewer
+    //   than that, reject.
+    if (signatures.length !== 1) {
+        return false;
+    }
+    const xpathTransformQuery = ".//*[" +
+        "local-name(.)='Transform' and " +
+        "namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#' and " +
+        "ancestor::*[local-name(.)='Reference' and @URI='#" +
+        currentNode.getAttribute("ID") +
+        "']" +
+        "]";
+    const transforms = exports.xpath.selectElements(currentNode, xpathTransformQuery);
+    // Reject also XMLDSIG with more than 2 Transform
+    if (transforms.length > 2) {
+        // do not return false, throw an error so that it can be caught by tests differently
+        throw new Error("Invalid signature, too many transforms");
+    }
+    const signature = signatures[0];
+    return certs.some((certToCheck) => {
+        return (0, exports.validateXmlSignatureForCert)(signature, (0, crypto_1.certToPEM)(certToCheck), fullXml, currentNode);
+    });
+};
+exports.validateSignature = validateSignature;
+/**
+ * This function checks that the |signature| is signed with a given |cert|.
+ */
+const validateXmlSignatureForCert = (signature, certPem, fullXml, currentNode) => {
+    const sig = new xmlCrypto.SignedXml();
+    sig.keyInfoProvider = {
+        file: "",
+        getKeyInfo: () => "<X509Data></X509Data>",
+        getKey: () => Buffer.from(certPem),
+    };
+    sig.loadSignature(signature);
+    // We expect each signature to contain exactly one reference to the top level of the xml we
+    //   are validating, so if we see anything else, reject.
+    if (sig.references.length != 1)
+        return false;
+    const refUri = sig.references[0].uri;
+    (0, utility_1.assertRequired)(refUri, "signature reference uri not found");
+    const refId = refUri[0] === "#" ? refUri.substring(1) : refUri;
+    // If we can't find the reference at the top level, reject
+    const idAttribute = currentNode.getAttribute("ID") ? "ID" : "Id";
+    if (currentNode.getAttribute(idAttribute) != refId)
+        return false;
+    // If we find any extra referenced nodes, reject.  (xml-crypto only verifies one digest, so
+    //   multiple candidate references is bad news)
+    const totalReferencedNodes = exports.xpath.selectElements(currentNode.ownerDocument, "//*[@" + idAttribute + "='" + refId + "']");
+    if (totalReferencedNodes.length > 1) {
+        return false;
+    }
+    fullXml = normalizeNewlines(fullXml);
+    return sig.checkSignature(fullXml);
+};
+exports.validateXmlSignatureForCert = validateXmlSignatureForCert;
+const signXml = (xml, xpath, location, options) => {
+    var _a;
+    const defaultTransforms = [
+        "http://www.w3.org/2000/09/xmldsig#enveloped-signature",
+        "http://www.w3.org/2001/10/xml-exc-c14n#",
+    ];
+    if (!xml)
+        throw new Error("samlMessage is required");
+    if (!location)
+        throw new Error("location is required");
+    if (!options)
+        throw new Error("options is required");
+    if (!(0, types_1.isValidSamlSigningOptions)(options))
+        throw new Error("options.privateKey is required");
+    const transforms = (_a = options.xmlSignatureTransforms) !== null && _a !== void 0 ? _a : defaultTransforms;
+    const sig = new xmlCrypto.SignedXml();
+    if (options.signatureAlgorithm != null) {
+        sig.signatureAlgorithm = algorithms.getSigningAlgorithm(options.signatureAlgorithm);
+    }
+    sig.addReference(xpath, transforms, algorithms.getDigestAlgorithm(options.digestAlgorithm));
+    sig.signingKey = options.privateKey;
+    sig.computeSignature(xml, {
+        location,
+    });
+    return sig.getSignedXml();
+};
+exports.signXml = signXml;
+const parseDomFromString = (xml) => {
+    return new Promise(function (resolve, reject) {
+        function errHandler(msg) {
+            return reject(new Error(msg));
+        }
+        const dom = new xmldom.DOMParser({
+            /**
+             * locator is always need for error position info
+             */
+            locator: {},
+            /**
+             * you can override the errorHandler for xml parser
+             * @link http://www.saxproject.org/apidoc/org/xml/sax/ErrorHandler.html
+             */
+            errorHandler: {
+                error: errHandler,
+                fatalError: errHandler,
+            },
+        }).parseFromString(xml, "text/xml");
+        if (!Object.prototype.hasOwnProperty.call(dom, "documentElement")) {
+            return reject(new Error("Not a valid XML document"));
+        }
+        return resolve(dom);
+    });
+};
+exports.parseDomFromString = parseDomFromString;
+const parseXml2JsFromString = async (xml) => {
+    const parserConfig = {
+        explicitRoot: true,
+        explicitCharkey: true,
+        tagNameProcessors: [xml2js.processors.stripPrefix],
+    };
+    const parser = new xml2js.Parser(parserConfig);
+    return parser.parseStringPromise(xml);
+};
+exports.parseXml2JsFromString = parseXml2JsFromString;
+const buildXml2JsObject = (rootName, xml) => {
+    const builderOpts = {
+        rootName,
+        headless: true,
+    };
+    return new xml2js.Builder(builderOpts).buildObject(xml);
+};
+exports.buildXml2JsObject = buildXml2JsObject;
+const buildXmlBuilderObject = (xml, pretty) => {
+    const options = pretty ? { pretty: true, indent: "  ", newline: "\n" } : {};
+    return xmlbuilder.create(xml).end(options);
+};
+exports.buildXmlBuilderObject = buildXmlBuilderObject;
+const promiseWithNameId = async (nameid) => {
+    const format = exports.xpath.selectAttributes(nameid, "@Format");
+    return {
+        value: nameid.textContent,
+        format: format && format[0] && format[0].nodeValue,
+    };
+};
+exports.promiseWithNameId = promiseWithNameId;
+const getNameIdAsync = async (doc, decryptionPvk) => {
+    const nameIds = exports.xpath.selectElements(doc, "/*[local-name()='LogoutRequest']/*[local-name()='NameID']");
+    const encryptedIds = exports.xpath.selectElements(doc, "/*[local-name()='LogoutRequest']/*[local-name()='EncryptedID']");
+    if (nameIds.length + encryptedIds.length > 1) {
+        throw new Error("Invalid LogoutRequest");
+    }
+    if (nameIds.length === 1) {
+        return (0, exports.promiseWithNameId)(nameIds[0]);
+    }
+    if (encryptedIds.length === 1) {
+        (0, utility_1.assertRequired)(decryptionPvk, "No decryption key found getting name ID for encrypted SAML response");
+        const encryptedDatas = exports.xpath.selectElements(encryptedIds[0], "./*[local-name()='EncryptedData']");
+        if (encryptedDatas.length !== 1) {
+            throw new Error("Invalid LogoutRequest");
+        }
+        const encryptedDataXml = encryptedDatas[0].toString();
+        const decryptedXml = await (0, exports.decryptXml)(encryptedDataXml, decryptionPvk);
+        const decryptedDoc = await (0, exports.parseDomFromString)(decryptedXml);
+        const decryptedIds = exports.xpath.selectElements(decryptedDoc, "/*[local-name()='NameID']");
+        if (decryptedIds.length !== 1) {
+            throw new Error("Invalid EncryptedAssertion content");
+        }
+        return await (0, exports.promiseWithNameId)(decryptedIds[0]);
+    }
+    throw new Error("Missing SAML NameID");
+};
+exports.getNameIdAsync = getNameIdAsync;
+//# sourceMappingURL=xml.js.map

package/dist/node_modules/@node-saml/node-saml/package.json

@@ -0,0 +1 @@
+{"name":"@node-saml/node-saml","version":"4.0.5","description":"SAML 2.0 implementation for Node.js","keywords":["saml","adfs","sso","shibboleth"],"repository":{"type":"git","url":"https://github.com/node-saml/node-saml.git"},"license":"MIT","author":{"name":"Henri Bergius","email":"henri.bergius@iki.fi","url":"http://bergie.iki.fi"},"contributors":["Michael Bosworth","Herbert Vojčík","Peter Loer","Mark Stosberg","Chris Barth","Andrii Kostenko","Andreas Zoellner"],"main":"./lib","files":["lib","README.md","LICENSE"],"scripts":{"build":"tsc","changelog":"gren changelog --override --generate --head master","lint":"eslint --ext .ts \"**/*.ts\" --cache && npm run prettier-check","lint-watch":"onchange -k -p 100 \"**/*.ts\" -- eslint {{file}}","lint:fix":"eslint --ext .ts --fix src && npm run prettier-format","prepare":"tsc","prettier-check":"prettier --config .prettierrc.json --check .","prettier-format":"prettier --config .prettierrc.json --write .","prettier-watch":"onchange -k -p 100 \".\" -- prettier --config .prettierrc.json --write {{file}}","prerelease":"git clean -xfd && npm ci && npm test && npm run build","release":"release-it","test":"npm run prettier-check && npm run lint && npm run tsc && nyc mocha","test-watch":"mocha --watch","tsc":"tsc","tsc-watch":"tsc --watch","watch":"concurrently --kill-others \"npm:*-watch\""},"dependencies":{"@types/debug":"^4.1.7","@types/passport":"^1.0.11","@types/xml-crypto":"^1.4.2","@types/xml-encryption":"^1.2.1","@types/xml2js":"^0.4.11","@xmldom/xmldom":"^0.8.6","debug":"^4.3.4","xml-crypto":"^3.0.1","xml-encryption":"^3.0.2","xml2js":"^0.5.0","xmlbuilder":"^15.1.1"},"devDependencies":{"@cjbarth/github-release-notes":"^3.0.0","@istanbuljs/nyc-config-typescript":"^1.0.2","@types/chai":"^4.3.3","@types/mocha":"^10.0.0","@types/node":"^14.18.33","@types/sinon":"^10.0.13","@typescript-eslint/eslint-plugin":"^5.45.0","@typescript-eslint/parser":"^5.43.0","body-parser":"^1.20.1","chai":"^4.3.6","choma":"^1.2.1","concurrently":"^7.6.0","eslint":"^8.29.0","eslint-config-prettier":"^8.5.0","eslint-plugin-deprecation":"^1.3.3","eslint-plugin-prettier":"^4.2.1","express":"^4.18.2","mocha":"^10.1.0","nyc":"^15.1.0","onchange":"^7.1.0","prettier":"^2.8.0","prettier-plugin-packagejson":"^2.3.0","release-it":"^15.5.0","sinon":"^14.0.1","ts-node":"^10.9.1","typescript":">=4.0.0 <4.9.0"},"engines":{"node":">= 14"},"publishConfig":{"access":"public"},"_lastModified":"2024-12-22T16:05:48.631Z"}

package/dist/server/actions/getAuthUrl.d.ts

@@ -0,0 +1,2 @@
+import { Context, Next } from '@tachybase/actions';
+export declare const getAuthUrl: (ctx: Context, next: Next) => Promise<any>;

package/dist/server/actions/getAuthUrl.js

@@ -0,0 +1,35 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var getAuthUrl_exports = {};
+__export(getAuthUrl_exports, {
+  getAuthUrl: () => getAuthUrl
+});
+module.exports = __toCommonJS(getAuthUrl_exports);
+var import_node_saml = require("@node-saml/node-saml");
+const getAuthUrl = async (ctx, next) => {
+  const { redirect = "" } = ctx.action.params.values || {};
+  const auth = ctx.auth;
+  const options = auth.getOptions();
+  const saml = new import_node_saml.SAML(options);
+  ctx.body = await saml.getAuthorizeUrlAsync(redirect, "", {});
+  return next();
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  getAuthUrl
+});

package/dist/server/actions/metadata.d.ts

@@ -0,0 +1,2 @@
+import { Context, Next } from '@tachybase/actions';
+export declare const metadata: (ctx: Context, next: Next) => Promise<any>;

package/dist/server/actions/metadata.js

@@ -0,0 +1,36 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var metadata_exports = {};
+__export(metadata_exports, {
+  metadata: () => metadata
+});
+module.exports = __toCommonJS(metadata_exports);
+var import_node_saml = require("@node-saml/node-saml");
+const metadata = async (ctx, next) => {
+  const auth = ctx.auth;
+  const options = auth.getOptions();
+  const saml = new import_node_saml.SAML(options);
+  ctx.type = "text/xml";
+  ctx.body = saml.generateServiceProviderMetadata(options.cert);
+  ctx.withoutDataWrapping = true;
+  return next();
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  metadata
+});

package/dist/server/actions/redirect.d.ts

@@ -0,0 +1,2 @@
+import { Context, Next } from '@tachybase/actions';
+export declare const redirect: (ctx: Context, next: Next) => Promise<void>;