samlesa 2.12.10 → 2.12.11

package/src/validator.ts

@@ -6,20 +6,15 @@ function verifyTime(
   utcNotOnOrAfter: string | undefined,
   drift: DriftTolerance = [0, 0]
 ): boolean {
-
   const now = new Date();
-
   if (!utcNotBefore && !utcNotOnOrAfter) {
     // show warning because user intends to have time check but the document doesn't include corresponding information
     console.warn('You intend to have time validation however the document doesn\'t include the valid range.');
-    return true; 
+    return true;
   }
-
   let notBeforeLocal: Date | null = null;
   let notOnOrAfterLocal: Date | null = null;
-
   const [notBeforeDrift, notOnOrAfterDrift] = drift;
-
   if (utcNotBefore && !utcNotOnOrAfter) {
     notBeforeLocal = new Date(utcNotBefore);
     return +notBeforeLocal + notBeforeDrift <= +now;
@@ -41,4 +36,4 @@ function verifyTime(
 
 export {
   verifyTime
-};
+};

package/types/src/binding-post.d.ts

@@ -20,7 +20,7 @@ declare function base64LoginRequest(referenceTagXPath: string, entity: any, cust
  * @param  {boolean}  encryptThenSign           whether or not to encrypt then sign first (if signing). Defaults to sign-then-encrypt
  * @param AttributeStatement
  */
-declare function base64LoginResponse(requestInfo: any, entity: any, user?: any, customTagReplacement?: (template: string) => BindingContext, encryptThenSign?: boolean, AttributeStatement?: string): Promise<BindingContext>;
+declare function base64LoginResponse(requestInfo: any, entity: any, user?: any, customTagReplacement?: (template: string) => BindingContext, encryptThenSign?: boolean, AttributeStatement?: never[]): Promise<BindingContext>;
 /**
 * @desc Generate a base64 encoded logout request
 * @param  {object} user                         current logged user (e.g. req.user)

package/types/src/binding-redirect.d.ts

@@ -28,7 +28,7 @@ declare function loginRequestRedirectURL(entity: {
  * @param  {function} customTagReplacement     used when developers have their own login response template
  * @param AttributeStatement
  */
-declare function loginResponseRedirectURL(requestInfo: any, entity: any, user?: any, relayState?: string, customTagReplacement?: (template: string) => BindingContext, AttributeStatement?: string): BindingContext;
+declare function loginResponseRedirectURL(requestInfo: any, entity: any, user?: any, relayState?: string, customTagReplacement?: (template: string) => BindingContext, AttributeStatement?: never[]): BindingContext;
 /**
  * @desc Redirect URL for logout request
  * @param  {object} user                        current logged user (e.g. req.user)

package/types/src/binding-simplesign.d.ts

@@ -32,7 +32,7 @@ declare function base64LoginRequest(entity: any, customTagReplacement?: (templat
  * @param  {function} customTagReplacement     used when developers have their own login response template
  * @param AttributeStatement
  */
-declare function base64LoginResponse(requestInfo: any, entity: any, user?: any, relayState?: string, customTagReplacement?: (template: string) => BindingContext, AttributeStatement?: string): Promise<BindingSimpleSignContext>;
+declare function base64LoginResponse(requestInfo: any, entity: any, user?: any, relayState?: string, customTagReplacement?: (template: string) => BindingContext, AttributeStatement?: []): Promise<BindingSimpleSignContext>;
 declare const simpleSignBinding: {
     base64LoginRequest: typeof base64LoginRequest;
     base64LoginResponse: typeof base64LoginResponse;

package/types/src/entity-idp.d.ts

@@ -25,7 +25,7 @@ export declare class IdentityProvider extends Entity {
         encryptThenSign?: boolean;
         relayState?: string;
         context: Record<string, any>;
-        AttributeStatement: string;
+        AttributeStatement: [];
     }): Promise<any>;
     /**
      * Validation of the parsed URL parameters

package/types/src/libsaml.d.ts

@@ -1,6 +1,11 @@
 /// <reference types="node" />
 /// <reference types="node" />
 import { MetadataInterface } from './metadata.js';
+/**
+ * 生成 SAML Attribute 元素（不带 XML 声明头）
+ * @param {Array} attributeData - 属性配置数据
+ * @returns {string} SAML Attribute XML 字符串
+ */
 export interface SignatureConstructor {
     rawSamlMessage: string;
     referenceTagXPath?: string;
@@ -112,48 +117,52 @@ declare const _default: {
     defaultLogoutResponseTemplate: {
         context: string;
     };
+    defaultAttributeValueTemplate: {
+        context: string;
+    };
     /**
-    * @desc Replace the tag (e.g. {tag}) inside the raw XML
-    * @param  {string} rawXML      raw XML string used to do keyword replacement
-    * @param  {array} tagValues    tag values
-    * @return {string}
-    */
+     * @desc Replace the tag (e.g. {tag}) inside the raw XML
+     * @param  {string} rawXML      raw XML string used to do keyword replacement
+     * @param  {array} tagValues    tag values
+     * @return {string}
+     */
     replaceTagsByValue(rawXML: string, tagValues: Record<string, unknown>): string;
     /**
-    * @desc Helper function to build the AttributeStatement tag
-    * @param  {LoginResponseAttribute} attributes    an array of attribute configuration
-    * @param  {AttributeTemplate} attributeTemplate    the attribute tag template to be used
-    * @param  {AttributeStatementTemplate} attributeStatementTemplate    the attributeStatement tag template to be used
-    * @return {string}
-    */
-    attributeStatementBuilder(attributes: LoginResponseAttribute[], attributeTemplate?: AttributeTemplate, attributeStatementTemplate?: AttributeStatementTemplate): string;
+     * @desc Helper function to build the AttributeStatement tag
+     * @param  {LoginResponseAttribute} attributes    an array of attribute configuration
+     * @param  {AttributeTemplate} attributeTemplate    the attribute tag template to be used
+     * @param  {AttributeStatementTemplate} attributeStatementTemplate    the attributeStatement tag template to be used
+     * @return {string}
+     */
+    /** For Test */
+    attributeStatementBuilder(attributeData: any[]): string;
     /**
-    * @desc Construct the XML signature for POST binding
-    * @param  {string} rawSamlMessage      request/response xml string
-    * @param  {string} referenceTagXPath    reference uri
-    * @param  {string} privateKey           declares the private key
-    * @param  {string} passphrase           passphrase of the private key [optional]
-    * @param  {string|buffer} signingCert   signing certificate
-    * @param  {string} signatureAlgorithm   signature algorithm
-    * @param  {string[]} transformationAlgorithms   canonicalization and transformation Algorithms
-    * @return {string} base64 encoded string
-    */
+     * @desc Construct the XML signature for POST binding
+     * @param  {string} rawSamlMessage      request/response xml string
+     * @param  {string} referenceTagXPath    reference uri
+     * @param  {string} privateKey           declares the private key
+     * @param  {string} passphrase           passphrase of the private key [optional]
+     * @param  {string|buffer} signingCert   signing certificate
+     * @param  {string} signatureAlgorithm   signature algorithm
+     * @param  {string[]} transformationAlgorithms   canonicalization and transformation Algorithms
+     * @return {string} base64 encoded string
+     */
     constructSAMLSignature(opts: SignatureConstructor): string;
     /**
-    * @desc Verify the XML signature
-    * @param  {string} xml xml
-    * @param  {SignatureVerifierOptions} opts cert declares the X509 certificate
+     * @desc Verify the XML signature
+     * @param  {string} xml xml
+     * @param  {SignatureVerifierOptions} opts cert declares the X509 certificate
      * @return {[boolean, string | null]} - A tuple where:
      *   - The first element is `true` if the signature is valid, `false` otherwise.
      *   - The second element is the cryptographically authenticated assertion node as a string, or `null` if not found.
      */
     verifySignature(xml: string, opts: SignatureVerifierOptions): (string | boolean)[] | (boolean | null)[];
     /**
-    * @desc Helper function to create the key section in metadata (abstraction for signing and encrypt use)
-    * @param  {string} use          type of certificate (e.g. signing, encrypt)
-    * @param  {string} certString    declares the certificate String
-    * @return {object} object used in xml module
-    */
+     * @desc Helper function to create the key section in metadata (abstraction for signing and encrypt use)
+     * @param  {string} use          type of certificate (e.g. signing, encrypt)
+     * @param  {string} certString    declares the certificate String
+     * @return {object} object used in xml module
+     */
     createKeySection(use: KeyUse, certString: string | Buffer): KeyComponent;
     /**
      * SAML 消息签名 (符合 SAML V2.0 绑定规范)
@@ -167,30 +176,30 @@ declare const _default: {
     constructMessageSignature(octetString: string | Buffer, key: string | Buffer, passphrase?: string | undefined, isBase64?: boolean, signingAlgorithm?: string): string | Buffer;
     verifyMessageSignature(metadata: any, octetString: string, signature: string | Buffer, verifyAlgorithm?: string | undefined): boolean;
     /**
-    * @desc Get the public key in string format
-    * @param  {string} x509Certificate certificate
-    * @return {string} public key
-    */
+     * @desc Get the public key in string format
+     * @param  {string} x509Certificate certificate
+     * @return {string} public key
+     */
     getKeyInfo(x509Certificate: string, signatureConfig?: any): {
         getKeyInfo: () => string;
         getKey: () => string;
     };
     /**
-    * @desc Encrypt the assertion section in Response
-    * @param  {Entity} sourceEntity             source entity
-    * @param  {Entity} targetEntity             target entity
-    * @param  {string} xml                      response in xml string format
-    * @return {Promise} a promise to resolve the finalized xml
-    */
+     * @desc Encrypt the assertion section in Response
+     * @param  {Entity} sourceEntity             source entity
+     * @param  {Entity} targetEntity             target entity
+     * @param  {string} xml                      response in xml string format
+     * @return {Promise} a promise to resolve the finalized xml
+     */
     encryptAssertion(sourceEntity: any, targetEntity: any, xml?: string | undefined): Promise<string>;
     /**
-    * @desc Decrypt the assertion section in Response
-    * @param  {string} type             only accept SAMLResponse to proceed decryption
-    * @param  {Entity} here             this entity
-    * @param  {Entity} from             from the entity where the message is sent
-    * @param {string} entireXML         response in xml string format
-    * @return {function} a promise to get back the entire xml with decrypted assertion
-    */
+     * @desc Decrypt the assertion section in Response
+     * @param  {string} type             only accept SAMLResponse to proceed decryption
+     * @param  {Entity} here             this entity
+     * @param  {Entity} from             from the entity where the message is sent
+     * @param {string} entireXML         response in xml string format
+     * @return {function} a promise to get back the entire xml with decrypted assertion
+     */
     decryptAssertion(here: any, entireXML: string): Promise<[string, any]>;
     /**
      * @desc Check if the xml string is valid and bounded