samlesa 2.12.3 → 2.12.5

package/build/src/validator.js.map

@@ -1 +1 @@
-{"version":3,"file":"validator.js","sourceRoot":"","sources":["../../src/validator.ts"],"names":[],"mappings":";;AA0CE,gCAAU;AAvCZ,SAAS,UAAU,CACjB,YAAgC,EAChC,eAAmC,EACnC,QAAwB,CAAC,CAAC,EAAE,CAAC,CAAC;IAG9B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IAEvB,IAAI,CAAC,YAAY,IAAI,CAAC,eAAe,EAAE,CAAC;QACtC,kHAAkH;QAClH,OAAO,CAAC,IAAI,CAAC,2FAA2F,CAAC,CAAC;QAC1G,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,cAAc,GAAgB,IAAI,CAAC;IACvC,IAAI,iBAAiB,GAAgB,IAAI,CAAC;IAE1C,MAAM,CAAC,cAAc,EAAE,iBAAiB,CAAC,GAAG,KAAK,CAAC;IAElD,IAAI,YAAY,IAAI,CAAC,eAAe,EAAE,CAAC;QACrC,cAAc,GAAG,IAAI,IAAI,CAAC,YAAY,CAAC,CAAC;QACxC,OAAO,CAAC,cAAc,GAAG,cAAc,IAAI,CAAC,GAAG,CAAC;IAClD,CAAC;IACD,IAAI,CAAC,YAAY,IAAI,eAAe,EAAE,CAAC;QACrC,iBAAiB,GAAG,IAAI,IAAI,CAAC,eAAe,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,GAAG,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;IACvD,CAAC;IAED,cAAc,GAAG,IAAI,IAAI,CAAC,YAAa,CAAC,CAAC;IACzC,iBAAiB,GAAG,IAAI,IAAI,CAAC,eAAgB,CAAC,CAAC;IAE/C,OAAO,CACL,CAAC,cAAc,GAAG,cAAc,IAAI,CAAC,GAAG;QACxC,CAAC,GAAG,GAAG,CAAC,iBAAiB,GAAG,iBAAiB,CAC9C,CAAC;AAEJ,CAAC"}
+{"version":3,"file":"validator.js","sourceRoot":"","sources":["../../src/validator.ts"],"names":[],"mappings":";;;AAGA,SAAS,UAAU,CACjB,YAAgC,EAChC,eAAmC,EACnC,QAAwB,CAAC,CAAC,EAAE,CAAC,CAAC;IAG9B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IAEvB,IAAI,CAAC,YAAY,IAAI,CAAC,eAAe,EAAE;QACrC,kHAAkH;QAClH,OAAO,CAAC,IAAI,CAAC,2FAA2F,CAAC,CAAC;QAC1G,OAAO,IAAI,CAAC;KACb;IAED,IAAI,cAAc,GAAgB,IAAI,CAAC;IACvC,IAAI,iBAAiB,GAAgB,IAAI,CAAC;IAE1C,MAAM,CAAC,cAAc,EAAE,iBAAiB,CAAC,GAAG,KAAK,CAAC;IAElD,IAAI,YAAY,IAAI,CAAC,eAAe,EAAE;QACpC,cAAc,GAAG,IAAI,IAAI,CAAC,YAAY,CAAC,CAAC;QACxC,OAAO,CAAC,cAAc,GAAG,cAAc,IAAI,CAAC,GAAG,CAAC;KACjD;IACD,IAAI,CAAC,YAAY,IAAI,eAAe,EAAE;QACpC,iBAAiB,GAAG,IAAI,IAAI,CAAC,eAAe,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,GAAG,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;KACtD;IAED,cAAc,GAAG,IAAI,IAAI,CAAC,YAAa,CAAC,CAAC;IACzC,iBAAiB,GAAG,IAAI,IAAI,CAAC,eAAgB,CAAC,CAAC;IAE/C,OAAO,CACL,CAAC,cAAc,GAAG,cAAc,IAAI,CAAC,GAAG;QACxC,CAAC,GAAG,GAAG,CAAC,iBAAiB,GAAG,iBAAiB,CAC9C,CAAC;AAEJ,CAAC;AAGC,gCAAU"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "samlesa",
-  "version": "2.12.3",
+  "version": "2.12.5",
   "description": "High-level API for Single Sign On (SAML 2.0) 维护分支：修复原项目samlify的一些问题 ",
   "main": "build/index.js",
   "keywords": [
@@ -32,17 +32,15 @@
   },
   "license": "MIT",
   "dependencies": {
-    "xml-encryption": "^3.0.1",
-    "@xmldom/xmldom": "^0.8.6",
+    "xml-encryption": "^3.1.0",
+    "@xmldom/xmldom": "^0.9.8",
     "camelcase": "^6.2.0",
-    "node-forge": "^1.3.0",
-    "node-rsa": "^1.1.1",
-    "pako": "^1.0.10",
-    "uuid": "^10.0.0",
+    "pako": "^2.1.0",
+    "uuid": "^11.1.0",
     "xml": "^1.0.1",
-    "xml-crypto": "^6.1.0",
+    "xml-crypto": "^6.1.2",
     "xml-escape": "^1.1.0",
-    "xpath": "^0.0.32"
+    "xpath": "^0.0.34"
   },
   "devDependencies": {
     "@ava/typescript": "^1.1.1",
@@ -50,8 +48,8 @@
     "@types/node-forge": "^1.0.1",
     "@types/node-rsa": "^1.1.1",
     "@types/pako": "^1.0.1",
-    "@types/uuid": "^10.0.0",
     "@types/xmldom": "^0.1.31",
+    "@types/xml-encryption": "1.2.4",
     "ava": "^4.1.0",
     "coveralls": "^3.1.1",
     "nyc": "^17.1.0",

package/src/api.ts

@@ -1,4 +1,4 @@
-import { DOMParser as dom, Options as DOMParserOptions } from '@xmldom/xmldom';
+import { DOMParser as dom,  DOMParserOptions } from '@xmldom/xmldom';
 
 // global module configuration
 interface Context extends ValidatorContext, DOMParserContext {}

package/src/binding-redirect.ts

@@ -1,15 +1,15 @@
 /**
-* @file binding-redirect.ts
-* @author tngan
-* @desc Binding-level API, declare the functions using Redirect binding
-*/
-import utility, { get } from './utility.js';
+ * @file binding-redirect.ts
+ * @author tngan
+ * @desc Binding-level API, declare the functions using Redirect binding
+ */
+import utility, {get} from './utility.js';
 import libsaml from './libsaml.js';
-import { BindingContext } from './entity.js';
-import { IdentityProvider as Idp } from './entity-idp.js';
-import { ServiceProvider as Sp } from './entity-sp.js';
-import * as url from 'url';
-import { wording, namespace } from './urn.js';
+import {BindingContext} from './entity.js';
+import {IdentityProvider as Idp} from './entity-idp.js';
+import {ServiceProvider as Sp} from './entity-sp.js';
+
+import {wording, namespace} from './urn.js';
 
 const binding = wording.binding;
 const urlParams = wording.urlParams;
@@ -24,25 +24,26 @@ export interface BuildRedirectConfig {
 }
 
 /**
-* @private
-* @desc Helper of generating URL param/value pair
-* @param  {string} param     key
-* @param  {string} value     value of key
-* @param  {boolean} first    determine whether the param is the starting one in order to add query header '?'
-* @return {string}
-*/
+ * @private
+ * @desc Helper of generating URL param/value pair
+ * @param  {string} param     key
+ * @param  {string} value     value of key
+ * @param  {boolean} first    determine whether the param is the starting one in order to add query header '?'
+ * @return {string}
+ */
 function pvPair(param: string, value: string, first?: boolean): string {
   return (first === true ? '?' : '&') + param + '=' + value;
 }
+
 /**
-* @private
-* @desc Refractored part of URL generation for login/logout request
-* @param  {string} type
-* @param  {boolean} isSigned
-* @param  {string} rawSamlRequest
-* @param  {object} entitySetting
-* @return {string}
-*/
+ * @private
+ * @desc Refractored part of URL generation for login/logout request
+ * @param  {string} type
+ * @param  {boolean} isSigned
+ * @param  {string} rawSamlRequest
+ * @param  {object} entitySetting
+ * @return {string}
+ */
 function buildRedirectURL(opts: BuildRedirectConfig) {
   const {
     baseUrl,
@@ -51,8 +52,14 @@ function buildRedirectURL(opts: BuildRedirectConfig) {
     context,
     entitySetting,
   } = opts;
-  let { relayState = '' } = opts;
-  const noParams = (url.parse(baseUrl).query || []).length === 0;
+  let {relayState = ''} = opts;
+  let noParams = true
+  try {
+    noParams = new URL(baseUrl)?.searchParams?.size === 0
+  } catch {
+    noParams = true
+  }
+
   const queryParam = libsaml.getQueryParamByType(type);
   // In general, this xmlstring is required to do deflate -> base64 -> urlencode
   const samlRequest = encodeURIComponent(utility.base64Encode(utility.deflateString(context)));
@@ -65,27 +72,31 @@ function buildRedirectURL(opts: BuildRedirectConfig) {
     return baseUrl
       + pvPair(queryParam, octetString, noParams)
       + pvPair(urlParams.signature, encodeURIComponent(
-        libsaml.constructMessageSignature(
-          queryParam + '=' + octetString,
-          entitySetting.privateKey,
-          entitySetting.privateKeyPass,
-          undefined,
-          entitySetting.requestSignatureAlgorithm
-        ).toString()
-      )
+          libsaml.constructMessageSignature(
+            queryParam + '=' + octetString,
+            entitySetting.privateKey,
+            entitySetting.privateKeyPass,
+            undefined,
+            entitySetting.requestSignatureAlgorithm
+          ).toString()
+        )
       );
   }
   return baseUrl + pvPair(queryParam, samlRequest + relayState, noParams);
 }
+
 /**
-* @desc Redirect URL for login request
-* @param  {object} entity                       object includes both idp and sp
-* @param  {function} customTagReplacement      used when developers have their own login response template
-* @return {string} redirect URL
-*/
-function loginRequestRedirectURL(entity: { idp: Idp, sp: Sp }, customTagReplacement?: (template: string) => BindingContext): BindingContext {
+ * @desc Redirect URL for login request
+ * @param  {object} entity                       object includes both idp and sp
+ * @param  {function} customTagReplacement      used when developers have their own login response template
+ * @return {string} redirect URL
+ */
+function loginRequestRedirectURL(entity: {
+  idp: Idp,
+  sp: Sp
+}, customTagReplacement?: (template: string) => BindingContext): BindingContext {
 
-  const metadata: any = { idp: entity.idp.entityMeta, sp: entity.sp.entityMeta };
+  const metadata: any = {idp: entity.idp.entityMeta, sp: entity.sp.entityMeta};
   const spSetting: any = entity.sp.entitySetting;
   let id: string = '';
 
@@ -127,13 +138,13 @@ function loginRequestRedirectURL(entity: { idp: Idp, sp: Sp }, customTagReplacem
 }
 
 /**
-* @desc Redirect URL for login response
-* @param  {object} requestInfo             corresponding request, used to obtain the id
-* @param  {object} entity                      object includes both idp and sp
-* @param  {object} user                         current logged user (e.g. req.user)
-* @param  {String} relayState                the relaystate sent by sp corresponding request
-* @param  {function} customTagReplacement     used when developers have their own login response template
-*/
+ * @desc Redirect URL for login response
+ * @param  {object} requestInfo             corresponding request, used to obtain the id
+ * @param  {object} entity                      object includes both idp and sp
+ * @param  {object} user                         current logged user (e.g. req.user)
+ * @param  {String} relayState                the relaystate sent by sp corresponding request
+ * @param  {function} customTagReplacement     used when developers have their own login response template
+ */
 function loginResponseRedirectURL(requestInfo: any, entity: any, user: any = {}, relayState?: string, customTagReplacement?: (template: string) => BindingContext): BindingContext {
   const idpSetting = entity.idp.entitySetting;
   const spSetting = entity.sp.entitySetting;
@@ -144,7 +155,11 @@ function loginResponseRedirectURL(requestInfo: any, entity: any, user: any = {},
 
   let id: string = idpSetting.generateID();
   if (metadata && metadata.idp && metadata.sp) {
-    const base = metadata.sp.getAssertionConsumerService(binding.redirect);
+    const base = metadata.sp.getAssertionConsumerService(binding.redirect) ?? 'https://signin.volcengine.com/saml/sso';
+    if(!base){
+      throw new Error('dont have a base url');
+    }
+
     let rawSamlResponse: string;
     //
     const nameIDFormat = idpSetting.nameIDFormat;
@@ -186,7 +201,7 @@ function loginResponseRedirectURL(requestInfo: any, entity: any, user: any = {},
       rawSamlResponse = libsaml.replaceTagsByValue(libsaml.defaultLoginResponseTemplate.context, tvalue);
     }
 
-    const { privateKey, privateKeyPass, requestSignatureAlgorithm: signatureAlgorithm } = idpSetting;
+    const {privateKey, privateKeyPass, requestSignatureAlgorithm: signatureAlgorithm} = idpSetting;
     const config = {
       privateKey,
       privateKeyPass,
@@ -203,7 +218,10 @@ function loginResponseRedirectURL(requestInfo: any, entity: any, user: any = {},
         referenceTagXPath: "/*[local-name(.)='Response']/*[local-name(.)='Assertion']",
         signatureConfig: {
           prefix: 'ds',
-          location: { reference: "/*[local-name(.)='Response']/*[local-name(.)='Assertion']/*[local-name(.)='Issuer']", action: 'after' },
+          location: {
+            reference: "/*[local-name(.)='Response']/*[local-name(.)='Assertion']/*[local-name(.)='Issuer']",
+            action: 'after'
+          },
         },
       });
     }
@@ -225,14 +243,14 @@ function loginResponseRedirectURL(requestInfo: any, entity: any, user: any = {},
 }
 
 /**
-* @desc Redirect URL for logout request
-* @param  {object} user                        current logged user (e.g. req.user)
-* @param  {object} entity                      object includes both idp and sp
-* @param  {function} customTagReplacement     used when developers have their own login response template
-* @return {string} redirect URL
-*/
+ * @desc Redirect URL for logout request
+ * @param  {object} user                        current logged user (e.g. req.user)
+ * @param  {object} entity                      object includes both idp and sp
+ * @param  {function} customTagReplacement     used when developers have their own login response template
+ * @return {string} redirect URL
+ */
 function logoutRequestRedirectURL(user, entity, relayState?: string, customTagReplacement?: (template: string, tags: object) => BindingContext): BindingContext {
-  const metadata = { init: entity.init.entityMeta, target: entity.target.entityMeta };
+  const metadata = {init: entity.init.entityMeta, target: entity.target.entityMeta};
   const initSetting = entity.init.entitySetting;
   let id: string = initSetting.generateID();
   const nameIDFormat = initSetting.nameIDFormat;
@@ -272,12 +290,13 @@ function logoutRequestRedirectURL(user, entity, relayState?: string, customTagRe
   }
   throw new Error('ERR_GENERATE_REDIRECT_LOGOUT_REQUEST_MISSING_METADATA');
 }
+
 /**
-* @desc Redirect URL for logout response
-* @param  {object} requescorresponding request, used to obtain the id
-* @param  {object} entity                      object includes both idp and sp
-* @param  {function} customTagReplacement     used when developers have their own login response template
-*/
+ * @desc Redirect URL for logout response
+ * @param  {object} requescorresponding request, used to obtain the id
+ * @param  {object} entity                      object includes both idp and sp
+ * @param  {function} customTagReplacement     used when developers have their own login response template
+ */
 function logoutResponseRedirectURL(requestInfo: any, entity: any, relayState?: string, customTagReplacement?: (template: string) => BindingContext): BindingContext {
   const metadata = {
     init: entity.init.entityMeta,

package/src/extractor.ts

@@ -3,6 +3,7 @@ import { uniq, last, zipObject, notEmpty } from './utility.js';
 import { getContext } from './api.js';
 import camelCase from 'camelcase';
 
+
 interface ExtractorField {
   key: string;
   localPath: string[] | string[][];
@@ -198,7 +199,7 @@ export const logoutResponseFields: ExtractorFields = [
 
 export function extract(context: string, fields) {
   const { dom } = getContext();
-  const rootDoc = dom.parseFromString(context);
+  const rootDoc = dom.parseFromString(context,'application/xml') as unknown as Node;
 
   return fields.reduce((result: any, field) => {
     // get essential fields
@@ -212,12 +213,12 @@ export function extract(context: string, fields) {
     const attributePath = field.attributePath;
 
     // set allowing overriding if there is a shortcut injected
-    let targetDoc = rootDoc;
+    let targetDoc = rootDoc ;
 
     // if shortcut is used, then replace the doc
     // it's a design for overriding the doc used during runtime
     if (shortcut) {
-      targetDoc = dom.parseFromString(shortcut);
+      targetDoc = dom.parseFromString(shortcut,'application/xml')  as unknown as Node;
     }
 
     // special case: multiple path
@@ -239,8 +240,10 @@ export function extract(context: string, fields) {
         })
         .join(' | ');
 
+
       return {
         ...result,
+        // @ts-expect-error misssing Node properties are not needed
         [key]: uniq(select(multiXPaths, targetDoc).map((n: Node) => n.nodeValue).filter(notEmpty))
       };
     }
@@ -265,15 +268,18 @@ export function extract(context: string, fields) {
       const fullLocalXPath = `${baseXPath}${indexPath}`;
       const parentNodes = select(baseXPath, targetDoc);
       // [uid, mail, edupersonaffiliation], ready for aggregate
+      // @ts-expect-error misssing Node properties are not needed
       const parentAttributes = select(fullLocalXPath, targetDoc).map((n: Attr) => n.value);
       // [attribute, attributevalue]
       const childXPath = buildAbsoluteXPath([last(localPath)].concat(attributePath));
       const childAttributeXPath = buildAttributeXPath(attributes);
       const fullChildXPath = `${childXPath}${childAttributeXPath}`;
       // [ 'test', 'test@example.com', [ 'users', 'examplerole1' ] ]
+      // @ts-expect-error misssing Node properties are not needed
       const childAttributes = parentNodes.map(node => {
-        const nodeDoc = dom.parseFromString(node.toString());
+        const nodeDoc = dom.parseFromString(node.toString(),'application/xml') as unknown as Node;
         if (attributes.length === 0) {
+          // @ts-expect-error misssing Node properties are not needed
           const childValues = select(fullChildXPath, nodeDoc).map((n: Node) => n.nodeValue);
           if (childValues.length === 1) {
             return childValues[0];
@@ -281,6 +287,7 @@ export function extract(context: string, fields) {
           return childValues;
         }
         if (attributes.length > 0) {
+          // @ts-expect-error misssing Node properties are not needed
           const childValues = select(fullChildXPath, nodeDoc).map((n: Attr) => n.value);
           if (childValues.length === 1) {
             return childValues[0];
@@ -309,10 +316,14 @@ export function extract(context: string, fields) {
     if (isEntire) {
       const node = select(baseXPath, targetDoc);
       let value: string | string[] | null = null;
+      // @ts-expect-error misssing Node properties are not needed
       if (node.length === 1) {
+        // @ts-expect-error misssing Node properties are not needed
         value = node[0].toString();
       }
+      // @ts-expect-error misssing Node properties are not needed
       if (node.length > 1) {
+        // @ts-expect-error misssing Node properties are not needed
         value = node.map(n => n.toString());
       }
       return {
@@ -330,10 +341,12 @@ export function extract(context: string, fields) {
       }
     */
     if (attributes.length > 1) {
+      // @ts-expect-error misssing Node properties are not needed
       const baseNode = select(baseXPath, targetDoc).map(n => n.toString());
       const childXPath = `${buildAbsoluteXPath([last(localPath)])}${attributeXPath}`;
       const attributeValues = baseNode.map((node: string) => {
-        const nodeDoc = dom.parseFromString(node);
+        const nodeDoc = dom.parseFromString(node,'application/xml') as unknown as Node;
+        // @ts-expect-error misssing Node properties are not needed
         const values = select(childXPath, nodeDoc).reduce((r: any, n: Attr) => {
           r[camelCase(n.name, {locale: 'en-us'})] = n.value;
           return r;
@@ -355,6 +368,7 @@ export function extract(context: string, fields) {
     */
     if (attributes.length === 1) {
       const fullPath = `${baseXPath}${attributeXPath}`;
+      // @ts-expect-error misssing Node properties are not needed
       const attributeValues = select(fullPath, targetDoc).map((n: Attr) => n.value);
       return {
         ...result,
@@ -372,11 +386,15 @@ export function extract(context: string, fields) {
     if (attributes.length === 0) {
       let attributeValue: SelectedValue[] | (string | null)[] | null = null;
       const node = select(baseXPath, targetDoc);
+      // @ts-expect-error misssing Node properties are not needed
       if (node.length === 1) {
         const fullPath = `string(${baseXPath}${attributeXPath})`;
+        // @ts-expect-error misssing Node properties are not needed
         attributeValue = select(fullPath, targetDoc);
       }
+      // @ts-expect-error misssing Node properties are not needed
       if (node.length > 1) {
+        // @ts-expect-error misssing Node properties are not needed
         attributeValue = node.filter((n: Node) => n.firstChild)
           .map((n: Node) => n.firstChild!.nodeValue);
       }