cloudcms-server 3.2.321 → 3.2.324

package/temp/passport-saml/lib/node-saml/algorithms.js

@@ -1,41 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getSigner = exports.getDigestAlgorithm = exports.getSigningAlgorithm = void 0;
-const crypto = require("crypto");
-function getSigningAlgorithm(shortName) {
-    switch (shortName) {
-        case "sha256":
-            return "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
-        case "sha512":
-            return "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
-        case "sha1":
-        default:
-            return "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
-    }
-}
-exports.getSigningAlgorithm = getSigningAlgorithm;
-function getDigestAlgorithm(shortName) {
-    switch (shortName) {
-        case "sha256":
-            return "http://www.w3.org/2001/04/xmlenc#sha256";
-        case "sha512":
-            return "http://www.w3.org/2001/04/xmlenc#sha512";
-        case "sha1":
-        default:
-            return "http://www.w3.org/2000/09/xmldsig#sha1";
-    }
-}
-exports.getDigestAlgorithm = getDigestAlgorithm;
-function getSigner(shortName) {
-    switch (shortName) {
-        case "sha256":
-            return crypto.createSign("RSA-SHA256");
-        case "sha512":
-            return crypto.createSign("RSA-SHA512");
-        case "sha1":
-        default:
-            return crypto.createSign("RSA-SHA1");
-    }
-}
-exports.getSigner = getSigner;
-//# sourceMappingURL=algorithms.js.map

package/temp/passport-saml/lib/node-saml/algorithms.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"algorithms.js","sourceRoot":"","sources":["../../src/node-saml/algorithms.ts"],"names":[],"mappings":";;;AAAA,iCAAiC;AAEjC,SAAgB,mBAAmB,CAAC,SAAkB;IACpD,QAAQ,SAAS,EAAE;QACjB,KAAK,QAAQ;YACX,OAAO,mDAAmD,CAAC;QAC7D,KAAK,QAAQ;YACX,OAAO,mDAAmD,CAAC;QAC7D,KAAK,MAAM,CAAC;QACZ;YACE,OAAO,4CAA4C,CAAC;KACvD;AACH,CAAC;AAVD,kDAUC;AAED,SAAgB,kBAAkB,CAAC,SAAkB;IACnD,QAAQ,SAAS,EAAE;QACjB,KAAK,QAAQ;YACX,OAAO,yCAAyC,CAAC;QACnD,KAAK,QAAQ;YACX,OAAO,yCAAyC,CAAC;QACnD,KAAK,MAAM,CAAC;QACZ;YACE,OAAO,wCAAwC,CAAC;KACnD;AACH,CAAC;AAVD,gDAUC;AAED,SAAgB,SAAS,CAAC,SAAkB;IAC1C,QAAQ,SAAS,EAAE;QACjB,KAAK,QAAQ;YACX,OAAO,MAAM,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;QACzC,KAAK,QAAQ;YACX,OAAO,MAAM,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;QACzC,KAAK,MAAM,CAAC;QACZ;YACE,OAAO,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;KACxC;AACH,CAAC;AAVD,8BAUC","sourcesContent":["import * as crypto from \"crypto\";\n\nexport function getSigningAlgorithm(shortName?: string): string {\n  switch (shortName) {\n    case \"sha256\":\n      return \"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\";\n    case \"sha512\":\n      return \"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512\";\n    case \"sha1\":\n    default:\n      return \"http://www.w3.org/2000/09/xmldsig#rsa-sha1\";\n  }\n}\n\nexport function getDigestAlgorithm(shortName?: string): string {\n  switch (shortName) {\n    case \"sha256\":\n      return \"http://www.w3.org/2001/04/xmlenc#sha256\";\n    case \"sha512\":\n      return \"http://www.w3.org/2001/04/xmlenc#sha512\";\n    case \"sha1\":\n    default:\n      return \"http://www.w3.org/2000/09/xmldsig#sha1\";\n  }\n}\n\nexport function getSigner(shortName?: string): crypto.Signer {\n  switch (shortName) {\n    case \"sha256\":\n      return crypto.createSign(\"RSA-SHA256\");\n    case \"sha512\":\n      return crypto.createSign(\"RSA-SHA512\");\n    case \"sha1\":\n    default:\n      return crypto.createSign(\"RSA-SHA1\");\n  }\n}\n"]}

package/temp/passport-saml/lib/node-saml/index.d.ts

@@ -1,3 +0,0 @@
-import type { CacheItem, CacheProvider } from "./inmemory-cache-provider";
-import { SAML } from "./saml";
-export { SAML, CacheItem, CacheProvider };

package/temp/passport-saml/lib/node-saml/index.js

@@ -1,6 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.SAML = void 0;
-const saml_1 = require("./saml");
-Object.defineProperty(exports, "SAML", { enumerable: true, get: function () { return saml_1.SAML; } });
-//# sourceMappingURL=index.js.map

package/temp/passport-saml/lib/node-saml/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/node-saml/index.ts"],"names":[],"mappings":";;;AACA,iCAA8B;AAErB,qFAFA,WAAI,OAEA","sourcesContent":["import type { CacheItem, CacheProvider } from \"./inmemory-cache-provider\";\nimport { SAML } from \"./saml\";\n\nexport { SAML, CacheItem, CacheProvider };\n"]}

package/temp/passport-saml/lib/node-saml/inmemory-cache-provider.d.ts

@@ -1,45 +0,0 @@
-/**
- * Simple in memory cache provider.  To be used to store state of requests that needs
- * to be validated/checked when a response is received.
- *
- * This is the default implementation of a cache provider used by Passport-SAML.  For
- * multiple server instances/load balanced scenarios (I.e. the SAML request could have
- * been generated from a different server/process handling the SAML response) this
- * implementation will NOT be sufficient.
- *
- * The caller should provide their own implementation for a cache provider as defined
- * in the config options for Passport-SAML.
- * @param options
- * @constructor
- */
-export interface CacheItem {
-    value: string;
-    createdAt: number;
-}
-interface CacheProviderOptions {
-    keyExpirationPeriodMs: number;
-}
-export declare class CacheProvider {
-    cacheKeys: Record<string, CacheItem>;
-    options: CacheProviderOptions;
-    constructor(options: Partial<CacheProviderOptions>);
-    /**
-     * Store an item in the cache, using the specified key and value.
-     * Internally will keep track of the time the item was added to the cache
-     * @param id
-     * @param value
-     */
-    saveAsync(key: string, value: string): Promise<CacheItem | null>;
-    /**
-     * Returns the value of the specified key in the cache
-     * @param id
-     * @returns {boolean}
-     */
-    getAsync(key: string): Promise<string | null>;
-    /**
-     * Removes an item from the cache if it exists
-     * @param key
-     */
-    removeAsync(key: string): Promise<string | null>;
-}
-export {};

package/temp/passport-saml/lib/node-saml/inmemory-cache-provider.js

@@ -1,86 +0,0 @@
-"use strict";
-/**
- * Simple in memory cache provider.  To be used to store state of requests that needs
- * to be validated/checked when a response is received.
- *
- * This is the default implementation of a cache provider used by Passport-SAML.  For
- * multiple server instances/load balanced scenarios (I.e. the SAML request could have
- * been generated from a different server/process handling the SAML response) this
- * implementation will NOT be sufficient.
- *
- * The caller should provide their own implementation for a cache provider as defined
- * in the config options for Passport-SAML.
- * @param options
- * @constructor
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.CacheProvider = void 0;
-class CacheProvider {
-    constructor(options) {
-        var _a;
-        this.cacheKeys = {};
-        this.options = {
-            ...options,
-            keyExpirationPeriodMs: (_a = options === null || options === void 0 ? void 0 : options.keyExpirationPeriodMs) !== null && _a !== void 0 ? _a : 28800000, // 8 hours,
-        };
-        // Expire old cache keys
-        const expirationTimer = setInterval(() => {
-            const nowMs = new Date().getTime();
-            const keys = Object.keys(this.cacheKeys);
-            keys.forEach((key) => {
-                if (nowMs >=
-                    new Date(this.cacheKeys[key].createdAt).getTime() + this.options.keyExpirationPeriodMs) {
-                    this.removeAsync(key);
-                }
-            });
-        }, this.options.keyExpirationPeriodMs);
-        // we only want this to run if the process is still open; it shouldn't hold the process open (issue #68)
-        expirationTimer.unref();
-    }
-    /**
-     * Store an item in the cache, using the specified key and value.
-     * Internally will keep track of the time the item was added to the cache
-     * @param id
-     * @param value
-     */
-    async saveAsync(key, value) {
-        if (!this.cacheKeys[key]) {
-            this.cacheKeys[key] = {
-                createdAt: new Date().getTime(),
-                value: value,
-            };
-            return this.cacheKeys[key];
-        }
-        else {
-            return null;
-        }
-    }
-    /**
-     * Returns the value of the specified key in the cache
-     * @param id
-     * @returns {boolean}
-     */
-    async getAsync(key) {
-        if (this.cacheKeys[key]) {
-            return this.cacheKeys[key].value;
-        }
-        else {
-            return null;
-        }
-    }
-    /**
-     * Removes an item from the cache if it exists
-     * @param key
-     */
-    async removeAsync(key) {
-        if (this.cacheKeys[key]) {
-            delete this.cacheKeys[key];
-            return key;
-        }
-        else {
-            return null;
-        }
-    }
-}
-exports.CacheProvider = CacheProvider;
-//# sourceMappingURL=inmemory-cache-provider.js.map

package/temp/passport-saml/lib/node-saml/inmemory-cache-provider.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"inmemory-cache-provider.js","sourceRoot":"","sources":["../../src/node-saml/inmemory-cache-provider.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;AAWH,MAAa,aAAa;IAIxB,YAAY,OAAsC;;QAChD,IAAI,CAAC,SAAS,GAAG,EAAE,CAAC;QAEpB,IAAI,CAAC,OAAO,GAAG;YACb,GAAG,OAAO;YACV,qBAAqB,EAAE,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,qBAAqB,mCAAI,QAAQ,EAAE,WAAW;SAC/E,CAAC;QAEF,wBAAwB;QACxB,MAAM,eAAe,GAAG,WAAW,CAAC,GAAG,EAAE;YACvC,MAAM,KAAK,GAAG,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACzC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;gBACnB,IACE,KAAK;oBACL,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,qBAAqB,EACtF;oBACA,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;iBACvB;YACH,CAAC,CAAC,CAAC;QACL,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC;QAEvC,wGAAwG;QACxG,eAAe,CAAC,KAAK,EAAE,CAAC;IAC1B,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,SAAS,CAAC,GAAW,EAAE,KAAa;QACxC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE;YACxB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG;gBACpB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE;gBAC/B,KAAK,EAAE,KAAK;aACb,CAAC;YACF,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;SAC5B;aAAM;YACL,OAAO,IAAI,CAAC;SACb;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,QAAQ,CAAC,GAAW;QACxB,IAAI,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE;YACvB,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC;SAClC;aAAM;YACL,OAAO,IAAI,CAAC;SACb;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAW,CAAC,GAAW;QAC3B,IAAI,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE;YACvB,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YAC3B,OAAO,GAAG,CAAC;SACZ;aAAM;YACL,OAAO,IAAI,CAAC;SACb;IACH,CAAC;CACF;AAzED,sCAyEC","sourcesContent":["/**\n * Simple in memory cache provider.  To be used to store state of requests that needs\n * to be validated/checked when a response is received.\n *\n * This is the default implementation of a cache provider used by Passport-SAML.  For\n * multiple server instances/load balanced scenarios (I.e. the SAML request could have\n * been generated from a different server/process handling the SAML response) this\n * implementation will NOT be sufficient.\n *\n * The caller should provide their own implementation for a cache provider as defined\n * in the config options for Passport-SAML.\n * @param options\n * @constructor\n */\n\nexport interface CacheItem {\n  value: string;\n  createdAt: number;\n}\n\ninterface CacheProviderOptions {\n  keyExpirationPeriodMs: number;\n}\n\nexport class CacheProvider {\n  cacheKeys: Record<string, CacheItem>;\n  options: CacheProviderOptions;\n\n  constructor(options: Partial<CacheProviderOptions>) {\n    this.cacheKeys = {};\n\n    this.options = {\n      ...options,\n      keyExpirationPeriodMs: options?.keyExpirationPeriodMs ?? 28800000, // 8 hours,\n    };\n\n    // Expire old cache keys\n    const expirationTimer = setInterval(() => {\n      const nowMs = new Date().getTime();\n      const keys = Object.keys(this.cacheKeys);\n      keys.forEach((key) => {\n        if (\n          nowMs >=\n          new Date(this.cacheKeys[key].createdAt).getTime() + this.options.keyExpirationPeriodMs\n        ) {\n          this.removeAsync(key);\n        }\n      });\n    }, this.options.keyExpirationPeriodMs);\n\n    // we only want this to run if the process is still open; it shouldn't hold the process open (issue #68)\n    expirationTimer.unref();\n  }\n\n  /**\n   * Store an item in the cache, using the specified key and value.\n   * Internally will keep track of the time the item was added to the cache\n   * @param id\n   * @param value\n   */\n  async saveAsync(key: string, value: string): Promise<CacheItem | null> {\n    if (!this.cacheKeys[key]) {\n      this.cacheKeys[key] = {\n        createdAt: new Date().getTime(),\n        value: value,\n      };\n      return this.cacheKeys[key];\n    } else {\n      return null;\n    }\n  }\n\n  /**\n   * Returns the value of the specified key in the cache\n   * @param id\n   * @returns {boolean}\n   */\n  async getAsync(key: string): Promise<string | null> {\n    if (this.cacheKeys[key]) {\n      return this.cacheKeys[key].value;\n    } else {\n      return null;\n    }\n  }\n\n  /**\n   * Removes an item from the cache if it exists\n   * @param key\n   */\n  async removeAsync(key: string): Promise<string | null> {\n    if (this.cacheKeys[key]) {\n      delete this.cacheKeys[key];\n      return key;\n    } else {\n      return null;\n    }\n  }\n}\n"]}

package/temp/passport-saml/lib/node-saml/saml-post-signing.d.ts

@@ -1,3 +0,0 @@
-import { SamlSigningOptions } from "./types";
-export declare function signSamlPost(samlMessage: string, xpath: string, options: SamlSigningOptions): string;
-export declare function signAuthnRequestPost(authnRequest: string, options: SamlSigningOptions): string;

package/temp/passport-saml/lib/node-saml/saml-post-signing.js

@@ -1,15 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.signAuthnRequestPost = exports.signSamlPost = void 0;
-const xml_1 = require("./xml");
-const authnRequestXPath = '/*[local-name(.)="AuthnRequest" and namespace-uri(.)="urn:oasis:names:tc:SAML:2.0:protocol"]';
-const issuerXPath = '/*[local-name(.)="Issuer" and namespace-uri(.)="urn:oasis:names:tc:SAML:2.0:assertion"]';
-function signSamlPost(samlMessage, xpath, options) {
-    return (0, xml_1.signXml)(samlMessage, xpath, { reference: xpath + issuerXPath, action: "after" }, options);
-}
-exports.signSamlPost = signSamlPost;
-function signAuthnRequestPost(authnRequest, options) {
-    return signSamlPost(authnRequest, authnRequestXPath, options);
-}
-exports.signAuthnRequestPost = signAuthnRequestPost;
-//# sourceMappingURL=saml-post-signing.js.map

package/temp/passport-saml/lib/node-saml/saml-post-signing.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"saml-post-signing.js","sourceRoot":"","sources":["../../src/node-saml/saml-post-signing.ts"],"names":[],"mappings":";;;AACA,+BAAgC;AAEhC,MAAM,iBAAiB,GACrB,8FAA8F,CAAC;AACjG,MAAM,WAAW,GACf,yFAAyF,CAAC;AAE5F,SAAgB,YAAY,CAC1B,WAAmB,EACnB,KAAa,EACb,OAA2B;IAE3B,OAAO,IAAA,aAAO,EAAC,WAAW,EAAE,KAAK,EAAE,EAAE,SAAS,EAAE,KAAK,GAAG,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,OAAO,CAAC,CAAC;AACnG,CAAC;AAND,oCAMC;AAED,SAAgB,oBAAoB,CAAC,YAAoB,EAAE,OAA2B;IACpF,OAAO,YAAY,CAAC,YAAY,EAAE,iBAAiB,EAAE,OAAO,CAAC,CAAC;AAChE,CAAC;AAFD,oDAEC","sourcesContent":["import { SamlSigningOptions } from \"./types\";\nimport { signXml } from \"./xml\";\n\nconst authnRequestXPath =\n  '/*[local-name(.)=\"AuthnRequest\" and namespace-uri(.)=\"urn:oasis:names:tc:SAML:2.0:protocol\"]';\nconst issuerXPath =\n  '/*[local-name(.)=\"Issuer\" and namespace-uri(.)=\"urn:oasis:names:tc:SAML:2.0:assertion\"]';\n\nexport function signSamlPost(\n  samlMessage: string,\n  xpath: string,\n  options: SamlSigningOptions\n): string {\n  return signXml(samlMessage, xpath, { reference: xpath + issuerXPath, action: \"after\" }, options);\n}\n\nexport function signAuthnRequestPost(authnRequest: string, options: SamlSigningOptions): string {\n  return signSamlPost(authnRequest, authnRequestXPath, options);\n}\n"]}

package/temp/passport-saml/lib/node-saml/saml.d.ts

@@ -1,77 +0,0 @@
-/// <reference types="node" />
-import * as querystring from "querystring";
-import { CacheProvider as InMemoryCacheProvider } from "./inmemory-cache-provider";
-import { ParsedQs } from "qs";
-import { SamlOptions } from "./types";
-import { AuthenticateOptions, AuthorizeOptions, Profile, SamlConfig } from "../passport-saml/types";
-interface NameID {
-    value: string | null;
-    format: string | null;
-}
-declare class SAML {
-    options: SamlOptions;
-    cacheProvider: InMemoryCacheProvider;
-    constructor(ctorOptions: SamlConfig);
-    initialize(ctorOptions: SamlConfig): SamlOptions;
-    private getCallbackUrl;
-    _generateUniqueID(): string;
-    private generateInstant;
-    private signRequest;
-    private generateAuthorizeRequestAsync;
-    _generateLogoutRequest(user: Profile): Promise<string>;
-    _generateLogoutResponse(logoutRequest: Profile): string;
-    _requestToUrlAsync(request: string | null | undefined, response: string | null, operation: string, additionalParameters: querystring.ParsedUrlQuery): Promise<string>;
-    _getAdditionalParams(RelayState: string, operation: string, overrideParams?: querystring.ParsedUrlQuery): querystring.ParsedUrlQuery;
-    getAuthorizeUrlAsync(RelayState: string, host: string | undefined, options: AuthorizeOptions): Promise<string>;
-    getAuthorizeFormAsync(RelayState: string, host?: string): Promise<string>;
-    getLogoutUrlAsync(user: Profile, RelayState: string, options: AuthenticateOptions & AuthorizeOptions): Promise<string>;
-    getLogoutResponseUrl(samlLogoutRequest: Profile, RelayState: string, options: AuthenticateOptions & AuthorizeOptions, callback: (err: Error | null, url?: string | null) => void): void;
-    private getLogoutResponseUrlAsync;
-    _certToPEM(cert: string): string;
-    private certsToCheck;
-    validateSignature(fullXml: string, currentNode: Element, certs: string[]): boolean;
-    validatePostResponseAsync(container: Record<string, string>): Promise<{
-        profile?: Profile | null;
-        loggedOut?: boolean;
-    }>;
-    private validateInResponseTo;
-    validateRedirectAsync(container: ParsedQs, originalQuery: string | null): Promise<{
-        profile?: Profile | null;
-        loggedOut?: boolean;
-    }>;
-    private hasValidSignatureForRedirect;
-    private validateSignatureForRedirect;
-    private verifyLogoutRequest;
-    private verifyLogoutResponse;
-    private verifyIssuer;
-    private processValidlySignedAssertionAsync;
-    private checkTimestampsValidityError;
-    private checkAudienceValidityError;
-    validatePostRequestAsync(container: Record<string, string>): Promise<{
-        profile?: Profile;
-        loggedOut?: boolean;
-    }>;
-    _getNameIdAsync(self: SAML, doc: Node): Promise<NameID>;
-    generateServiceProviderMetadata(decryptionCert: string | null, signingCert?: string | null): string;
-    _keyToPEM(key: string | Buffer): typeof key extends string | Buffer ? string | Buffer : Error;
-    /**
-     * Process max age assertion and use it if it is more restrictive than the NotOnOrAfter age
-     * assertion received in the SAMLResponse.
-     *
-     * @param maxAssertionAgeMs Max time after IssueInstant that we will accept assertion, in Ms.
-     * @param notOnOrAfter Expiration provided in response.
-     * @param issueInstant Time when response was issued.
-     * @returns {*} The expiration time to be used, in Ms.
-     */
-    private processMaxAgeAssertionTime;
-    /**
-     * Convert a date string to a timestamp (in milliseconds).
-     *
-     * @param dateString A string representation of a date
-     * @param label Descriptive name of the date being passed in, e.g. "NotOnOrAfter"
-     * @throws Will throw an error if parsing `dateString` returns `NaN`
-     * @returns {number} The timestamp (in milliseconds) representation of the given date
-     */
-    private dateStringToTimestamp;
-}
-export { SAML };