saml 0.15.0-rc.0 → 2.0.0

package/.idea/aws.xml

@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="accountSettings">
+    <option name="activeRegion" value="us-east-1" />
+    <option name="recentlyUsedRegions">
+      <list>
+        <option value="us-east-1" />
+      </list>
+    </option>
+  </component>
+</project>

package/.idea/modules.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/node-saml.iml" filepath="$PROJECT_DIR$/.idea/node-saml.iml" />
+    </modules>
+  </component>
+</project>

package/.idea/node-saml.iml

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="WEB_MODULE" version="4">
+  <component name="NewModuleRootManager">
+    <content url="file://$MODULE_DIR$">
+      <excludeFolder url="file://$MODULE_DIR$/temp" />
+      <excludeFolder url="file://$MODULE_DIR$/.tmp" />
+      <excludeFolder url="file://$MODULE_DIR$/tmp" />
+    </content>
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>

package/.idea/vcs.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="$PROJECT_DIR$" vcs="Git" />
+  </component>
+</project>

package/.travis.yml

@@ -1,6 +1,4 @@
 language: node_js
 node_js:
-  - 4.4.3
-  - 8.17.0
   - 10.16.0
   - 12.10.0

package/CHANGELOG.md

@@ -0,0 +1,57 @@
+# Changelog
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+## [2.0.0](https://github.com/auth0/node-saml/compare/v1.0.1...v2.0.0) (2022-02-04)
+
+
+### ⚠ BREAKING CHANGES
+
+* Requires NodeJS >= 12
+
+Upgraded the xml-encryption package which removes the vulnerable node-forge dependency
+See https://github.com/advisories/GHSA-8fr3-hfg3-gpgp
+
+### Bug Fixes
+
+* remove vulnerable node-forge dependency ([0106c61](https://github.com/auth0/node-saml/commit/0106c611a1263150e42692411aeeea0c95ec0755))
+
+### [1.0.1](https://github.com/auth0/node-saml/compare/v1.0.0...v1.0.1) (2021-09-17)
+
+
+### Bug Fixes
+
+* update xmldom and xml-crypto to fix security issues ([6ad0243](https://github.com/auth0/node-saml/commit/6ad0243fe8c2f90d71d335500e9a9c8a2c436cb7))
+
+## [1.0.0](https://github.com/auth0/node-saml/compare/v0.15.0...v1.0.0) (2020-11-04)
+
+
+### ⚠ BREAKING CHANGES
+
+* update xml-crypto and xmldom dependencies to fix sec issues
+* stop supporting node v4 and v8
+* xml-encryption major version bump, fix typo in config property
+from `keyEncryptionAlgorighm` to `keyEncryptionAlgorithm` consumed by
+new xml-encryption library version.
+
+### Features
+
+* fix sec issues with dependencies ([06acc02](https://github.com/auth0/node-saml/commit/06acc0238d7161c123f2f6924aa9f5984a5a2f32))
+* update xml-crypto and xmldom dependencies to fix sec issues ([772c30e](https://github.com/auth0/node-saml/commit/772c30e4333d0af0e783c163e371c49ec0386c23))
+
+
+* remove node v4 and v8 in travis configuration ([d8c62af](https://github.com/auth0/node-saml/commit/d8c62af972e6c6edbc052fafed749b254e73569c))
+
+## [0.15.0](https://github.com/auth0/node-saml/compare/v0.13.0...v0.15.0) (2020-10-01)
+
+
+### Features
+
+* **saml11:** adds saml11.createUnsignedAssertion() ([51170c9](https://github.com/auth0/node-saml/commit/51170c91f5ddf9c31cb00b03fe5d8c513131e165))
+* **saml20:** adds Saml20.createUnsignedAssertion() ([de0e766](https://github.com/auth0/node-saml/commit/de0e766f3fcb52913a93ff52cc1feefebf47eb00))
+* **xml/sign:** unsigned assertions should have whitespace removed as well ([968d0e7](https://github.com/auth0/node-saml/commit/968d0e7559dd72f7d029752ced9887855e7d44c4))
+
+
+### Bug Fixes
+
+* **saml20:** parses saml20.template only once at start up ([cb3bfcd](https://github.com/auth0/node-saml/commit/cb3bfcdc4b034b6ac3ea52172c1be7d6193fddec))

package/README.md

@@ -4,6 +4,10 @@ Create SAML assertions. Supports SAML 1.1 and SAML 2.0 tokens.
 
 [![Build Status](https://travis-ci.org/auth0/node-saml.png)](https://travis-ci.org/auth0/node-saml)
 
+### Supported Node Versions
+
+node >= 12
+
 ### Usage
 
 ```js

package/lib/saml11.js

@@ -1,6 +1,6 @@
 var path = require('path');
 var utils = require('./utils');
-var Parser = require('xmldom').DOMParser;
+var Parser = require('@xmldom/xmldom').DOMParser;
 var xmlenc = require('xml-encryption');
 var moment = require('moment');
 var async = require('async');
@@ -55,7 +55,7 @@ function extractSaml11Options(opts) {
  * @param [options.encryptionCert] {Buffer}
  * @param [options.encryptionPublicKey] {Buffer}
  * @param [options.encryptionAlgorithm] {string}
- * @param [options.keyEncryptionAlgorighm] {string}
+ * @param [options.keyEncryptionAlgorithm] {string}
  *
  * @param {Function} [callback] required if encrypting
  * @return {String|*}
@@ -88,7 +88,7 @@ exports.create = function(options, callback) {
  * @param [options.encryptionCert] {Buffer}
  * @param [options.encryptionPublicKey] {Buffer}
  * @param [options.encryptionAlgorithm] {string}
- * @param [options.keyEncryptionAlgorighm] {string}
+ * @param [options.keyEncryptionAlgorithm] {string}
  *
  * @param {Function} [callback] required if encrypting
  * @return {String|*}
@@ -120,7 +120,7 @@ function createAssertion(options, strategies, callback) {
     conditions[0].setAttribute('NotBefore', now.format('YYYY-MM-DDTHH:mm:ss.SSS[Z]'));
     conditions[0].setAttribute('NotOnOrAfter', now.add(options.lifetimeInSeconds, 'seconds').format('YYYY-MM-DDTHH:mm:ss.SSS[Z]'));
   }
-  
+
   if (options.audiences) {
     var audiences = options.audiences instanceof Array ? options.audiences : [options.audiences];
     audiences.forEach(function (audience) {
@@ -135,7 +135,7 @@ function createAssertion(options, strategies, callback) {
     var statement = doc.documentElement.getElementsByTagNameNS(NAMESPACE, 'AttributeStatement')[0];
     Object.keys(options.attributes).forEach(function(prop) {
       if(typeof options.attributes[prop] === 'undefined') return;
-      
+
       // <saml:Attribute AttributeName="name" AttributeNamespace="http://schemas.xmlsoap.org/claims/identity">
       //    <saml:AttributeValue>Foo Bar</saml:AttributeValue>
       // </saml:Attribute>
@@ -162,15 +162,15 @@ function createAssertion(options, strategies, callback) {
     .setAttribute('AuthenticationInstant', now.format('YYYY-MM-DDTHH:mm:ss.SSS[Z]'));
 
   var nameID = doc.documentElement.getElementsByTagNameNS(NAMESPACE, 'NameIdentifier')[0];
-  
+
   if (options.nameIdentifier) {
     nameID.textContent = options.nameIdentifier;
-  
+
     doc.getElementsByTagName('saml:AuthenticationStatement')[0]
       .getElementsByTagName('saml:NameIdentifier')[0]
       .textContent = options.nameIdentifier;
   }
-  
+
   if (options.nameIdentifierFormat) {
     var nameIDs = doc.documentElement.getElementsByTagNameNS(NAMESPACE, 'NameIdentifier');
     nameIDs[0].setAttribute('Format', options.nameIdentifierFormat);

package/lib/saml20.js

@@ -94,7 +94,7 @@ function extractSaml20Options(opts) {
  * @param [options.encryptionCert] {Buffer}
  * @param [options.encryptionPublicKey] {Buffer}
  * @param [options.encryptionAlgorithm] {string}
- * @param [options.keyEncryptionAlgorighm] {string}
+ * @param [options.keyEncryptionAlgorithm] {string}
  *
  * @param {Function} [callback] required if encrypting
  * @return {*}
@@ -133,7 +133,7 @@ exports.create = function createSignedAssertion(options, callback) {
  * @param [options.encryptionCert] {Buffer}
  * @param [options.encryptionPublicKey] {Buffer}
  * @param [options.encryptionAlgorithm] {string}
- * @param [options.keyEncryptionAlgorighm] {string}
+ * @param [options.keyEncryptionAlgorithm] {string}
  *
  * @param {Function} [callback] required if encrypting
  * @return {*}

package/lib/utils.js

@@ -1,5 +1,5 @@
 var fs = require('fs');
-var Parser = require('xmldom').DOMParser;
+var Parser = require('@xmldom/xmldom').DOMParser;
 
 exports.pemToCert = function(pem) {
   var cert = /-----BEGIN CERTIFICATE-----([^-]*)-----END CERTIFICATE-----/g.exec(pem.toString());

package/lib/xml/encrypt.js

@@ -10,7 +10,7 @@ exports.fromEncryptXmlOptions = function (options) {
       rsa_pub: options.encryptionPublicKey,
       pem: options.encryptionCert,
       encryptionAlgorithm: options.encryptionAlgorithm || 'http://www.w3.org/2001/04/xmlenc#aes256-cbc',
-      keyEncryptionAlgorighm: options.keyEncryptionAlgorighm || 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p',
+      keyEncryptionAlgorithm: options.keyEncryptionAlgorithm || 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p',
     };
 
     // expose the encryptOptions as these are needed when adding the SubjectConfirmation

package/package.json

@@ -1,12 +1,15 @@
 {
   "name": "saml",
-  "version": "0.15.0-rc.0",
+  "version": "2.0.0",
+  "engines": {
+    "node": ">=12"
+  },
   "devDependencies": {
-    "@commitlint/cli": "^9.1.2",
-    "@commitlint/config-conventional": "^9.1.2",
+    "@commitlint/cli": "^11.0.0",
+    "@commitlint/config-conventional": "^11.0.0",
     "chai": "^4.2.0",
     "husky": "^4.3.0",
-    "mocha": "3.5.3",
+    "mocha": "^8.2.0",
     "should": "~1.2.1",
     "standard-version": "^9.0.0"
   },
@@ -19,13 +22,13 @@
   "author": "Matias Woloski (Auth0)",
   "license": "MIT",
   "dependencies": {
+    "@xmldom/xmldom": "^0.7.4",
     "async": "~0.2.9",
     "moment": "2.19.3",
     "valid-url": "~1.0.9",
-    "xml-crypto": "~1.0.1",
-    "xml-encryption": "0.11.2",
+    "xml-crypto": "^2.1.3",
+    "xml-encryption": "^2.0.0",
     "xml-name-validator": "~2.0.1",
-    "xmldom": "=0.1.15",
     "xpath": "0.0.5"
   },
   "scripts": {

package/test/saml11.tests.js

@@ -2,7 +2,7 @@ var assert = require('chai').assert;
 var fs = require('fs');
 var moment = require('moment');
 var should = require('should');
-var xmldom = require('xmldom');
+var xmldom = require('@xmldom/xmldom');
 var xmlenc = require('xml-encryption');
 
 var utils = require('./utils');
@@ -27,7 +27,7 @@ describe('saml 1.1', function () {
       it: it.skip
     })
   });
-  
+
   function saml11TestSuite(options) {
     var createAssertion = options.createAssertion;
     var assertSignature = options.assertSignature;

package/test/saml20.tests.js

@@ -3,7 +3,7 @@ var fs = require('fs');
 var utils = require('./utils');
 var moment = require('moment');
 var should = require('should');
-var xmldom = require('xmldom');
+var xmldom = require('@xmldom/xmldom');
 var xmlenc = require('xml-encryption');
 
 var saml = require('../lib/saml20');

package/test/utils.js

@@ -1,5 +1,5 @@
 var xmlCrypto = require('xml-crypto');
-var xmldom = require('xmldom');
+var xmldom = require('@xmldom/xmldom');
 
 /**
  * @param {string} assertion