cloudcms-server 0.9.256 → 0.9.261

package/temp/passport-saml/lib/node-saml/saml-post-signing.d.ts

@@ -0,0 +1,3 @@
+import { SamlSigningOptions } from "./types";
+export declare function signSamlPost(samlMessage: string, xpath: string, options: SamlSigningOptions): string;
+export declare function signAuthnRequestPost(authnRequest: string, options: SamlSigningOptions): string;

package/temp/passport-saml/lib/node-saml/saml-post-signing.js

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.signAuthnRequestPost = exports.signSamlPost = void 0;
+const xml_1 = require("./xml");
+const authnRequestXPath = '/*[local-name(.)="AuthnRequest" and namespace-uri(.)="urn:oasis:names:tc:SAML:2.0:protocol"]';
+const issuerXPath = '/*[local-name(.)="Issuer" and namespace-uri(.)="urn:oasis:names:tc:SAML:2.0:assertion"]';
+function signSamlPost(samlMessage, xpath, options) {
+    return (0, xml_1.signXml)(samlMessage, xpath, { reference: xpath + issuerXPath, action: "after" }, options);
+}
+exports.signSamlPost = signSamlPost;
+function signAuthnRequestPost(authnRequest, options) {
+    return signSamlPost(authnRequest, authnRequestXPath, options);
+}
+exports.signAuthnRequestPost = signAuthnRequestPost;
+//# sourceMappingURL=saml-post-signing.js.map

package/temp/passport-saml/lib/node-saml/saml-post-signing.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"saml-post-signing.js","sourceRoot":"","sources":["../../src/node-saml/saml-post-signing.ts"],"names":[],"mappings":";;;AACA,+BAAgC;AAEhC,MAAM,iBAAiB,GACrB,8FAA8F,CAAC;AACjG,MAAM,WAAW,GACf,yFAAyF,CAAC;AAE5F,SAAgB,YAAY,CAC1B,WAAmB,EACnB,KAAa,EACb,OAA2B;IAE3B,OAAO,IAAA,aAAO,EAAC,WAAW,EAAE,KAAK,EAAE,EAAE,SAAS,EAAE,KAAK,GAAG,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,OAAO,CAAC,CAAC;AACnG,CAAC;AAND,oCAMC;AAED,SAAgB,oBAAoB,CAAC,YAAoB,EAAE,OAA2B;IACpF,OAAO,YAAY,CAAC,YAAY,EAAE,iBAAiB,EAAE,OAAO,CAAC,CAAC;AAChE,CAAC;AAFD,oDAEC","sourcesContent":["import { SamlSigningOptions } from \"./types\";\nimport { signXml } from \"./xml\";\n\nconst authnRequestXPath =\n  '/*[local-name(.)=\"AuthnRequest\" and namespace-uri(.)=\"urn:oasis:names:tc:SAML:2.0:protocol\"]';\nconst issuerXPath =\n  '/*[local-name(.)=\"Issuer\" and namespace-uri(.)=\"urn:oasis:names:tc:SAML:2.0:assertion\"]';\n\nexport function signSamlPost(\n  samlMessage: string,\n  xpath: string,\n  options: SamlSigningOptions\n): string {\n  return signXml(samlMessage, xpath, { reference: xpath + issuerXPath, action: \"after\" }, options);\n}\n\nexport function signAuthnRequestPost(authnRequest: string, options: SamlSigningOptions): string {\n  return signSamlPost(authnRequest, authnRequestXPath, options);\n}\n"]}

package/temp/passport-saml/lib/node-saml/saml.d.ts

@@ -0,0 +1,77 @@
+/// <reference types="node" />
+import * as querystring from "querystring";
+import { CacheProvider as InMemoryCacheProvider } from "./inmemory-cache-provider";
+import { ParsedQs } from "qs";
+import { SamlOptions } from "./types";
+import { AuthenticateOptions, AuthorizeOptions, Profile, SamlConfig } from "../passport-saml/types";
+interface NameID {
+    value: string | null;
+    format: string | null;
+}
+declare class SAML {
+    options: SamlOptions;
+    cacheProvider: InMemoryCacheProvider;
+    constructor(ctorOptions: SamlConfig);
+    initialize(ctorOptions: SamlConfig): SamlOptions;
+    private getCallbackUrl;
+    _generateUniqueID(): string;
+    private generateInstant;
+    private signRequest;
+    private generateAuthorizeRequestAsync;
+    _generateLogoutRequest(user: Profile): Promise<string>;
+    _generateLogoutResponse(logoutRequest: Profile): string;
+    _requestToUrlAsync(request: string | null | undefined, response: string | null, operation: string, additionalParameters: querystring.ParsedUrlQuery): Promise<string>;
+    _getAdditionalParams(RelayState: string, operation: string, overrideParams?: querystring.ParsedUrlQuery): querystring.ParsedUrlQuery;
+    getAuthorizeUrlAsync(RelayState: string, host: string | undefined, options: AuthorizeOptions): Promise<string>;
+    getAuthorizeFormAsync(RelayState: string, host?: string): Promise<string>;
+    getLogoutUrlAsync(user: Profile, RelayState: string, options: AuthenticateOptions & AuthorizeOptions): Promise<string>;
+    getLogoutResponseUrl(samlLogoutRequest: Profile, RelayState: string, options: AuthenticateOptions & AuthorizeOptions, callback: (err: Error | null, url?: string | null) => void): void;
+    private getLogoutResponseUrlAsync;
+    _certToPEM(cert: string): string;
+    private certsToCheck;
+    validateSignature(fullXml: string, currentNode: Element, certs: string[]): boolean;
+    validatePostResponseAsync(container: Record<string, string>): Promise<{
+        profile?: Profile | null;
+        loggedOut?: boolean;
+    }>;
+    private validateInResponseTo;
+    validateRedirectAsync(container: ParsedQs, originalQuery: string | null): Promise<{
+        profile?: Profile | null;
+        loggedOut?: boolean;
+    }>;
+    private hasValidSignatureForRedirect;
+    private validateSignatureForRedirect;
+    private verifyLogoutRequest;
+    private verifyLogoutResponse;
+    private verifyIssuer;
+    private processValidlySignedAssertionAsync;
+    private checkTimestampsValidityError;
+    private checkAudienceValidityError;
+    validatePostRequestAsync(container: Record<string, string>): Promise<{
+        profile?: Profile;
+        loggedOut?: boolean;
+    }>;
+    _getNameIdAsync(self: SAML, doc: Node): Promise<NameID>;
+    generateServiceProviderMetadata(decryptionCert: string | null, signingCert?: string | null): string;
+    _keyToPEM(key: string | Buffer): typeof key extends string | Buffer ? string | Buffer : Error;
+    /**
+     * Process max age assertion and use it if it is more restrictive than the NotOnOrAfter age
+     * assertion received in the SAMLResponse.
+     *
+     * @param maxAssertionAgeMs Max time after IssueInstant that we will accept assertion, in Ms.
+     * @param notOnOrAfter Expiration provided in response.
+     * @param issueInstant Time when response was issued.
+     * @returns {*} The expiration time to be used, in Ms.
+     */
+    private processMaxAgeAssertionTime;
+    /**
+     * Convert a date string to a timestamp (in milliseconds).
+     *
+     * @param dateString A string representation of a date
+     * @param label Descriptive name of the date being passed in, e.g. "NotOnOrAfter"
+     * @throws Will throw an error if parsing `dateString` returns `NaN`
+     * @returns {number} The timestamp (in milliseconds) representation of the given date
+     */
+    private dateStringToTimestamp;
+}
+export { SAML };