npm - samlesa - Versions diffs - 2.13.0 → 2.14.1 - Mend

samlesa 2.13.0 → 2.14.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of samlesa might be problematic. Click here for more details.

Files changed (149) hide show

package/LICENSE +1 -1
package/README.md +36 -65
package/build/.idea/deployment.xml +14 -0
package/{src → build}/.idea/modules.xml +1 -1
package/build/.idea/workspace.xml +57 -0
package/build/index.js +18 -54
package/build/index.js.map +1 -1
package/build/src/api.js +18 -24
package/build/src/api.js.map +1 -1
package/build/src/binding-post.js +337 -365
package/build/src/binding-post.js.map +1 -1
package/build/src/binding-redirect.js +312 -340
package/build/src/binding-redirect.js.map +1 -1
package/build/src/binding-simplesign.js +201 -229
package/build/src/binding-simplesign.js.map +1 -1
package/build/src/entity-idp.js +119 -127
package/build/src/entity-idp.js.map +1 -1
package/build/src/entity-sp.js +88 -96
package/build/src/entity-sp.js.map +1 -1
package/build/src/entity.js +193 -225
package/build/src/entity.js.map +1 -1
package/build/src/extractor.js +361 -369
package/build/src/extractor.js.map +1 -1
package/build/src/flow.js +313 -320
package/build/src/flow.js.map +1 -1
package/build/src/libsaml.js +693 -721
package/build/src/libsaml.js.map +1 -1
package/build/src/metadata-idp.js +119 -127
package/build/src/metadata-idp.js.map +1 -1
package/build/src/metadata-sp.js +223 -231
package/build/src/metadata-sp.js.map +1 -1
package/build/src/metadata.js +138 -166
package/build/src/metadata.js.map +1 -1
package/build/src/types.js +4 -11
package/build/src/types.js.map +1 -1
package/build/src/urn.js +204 -212
package/build/src/urn.js.map +1 -1
package/build/src/utility.js +277 -292
package/build/src/utility.js.map +1 -1
package/build/src/validator.js +24 -27
package/build/src/validator.js.map +1 -1
package/package.json +19 -14
package/types/api.d.ts +15 -0
package/types/api.d.ts.map +1 -0
package/types/binding-post.d.ts +48 -0
package/types/binding-post.d.ts.map +1 -0
package/types/binding-redirect.d.ts +54 -0
package/types/binding-redirect.d.ts.map +1 -0
package/types/binding-simplesign.d.ts +41 -0
package/types/binding-simplesign.d.ts.map +1 -0
package/types/entity-idp.d.ts +38 -0
package/types/entity-idp.d.ts.map +1 -0
package/types/entity-sp.d.ts +38 -0
package/types/entity-sp.d.ts.map +1 -0
package/types/entity.d.ts +100 -0
package/types/entity.d.ts.map +1 -0
package/types/extractor.d.ts +26 -0
package/types/extractor.d.ts.map +1 -0
package/types/flow.d.ts +7 -0
package/types/flow.d.ts.map +1 -0
package/types/index.d.ts +11 -10
package/types/index.d.ts.map +1 -0
package/types/libsaml.d.ts +208 -0
package/types/libsaml.d.ts.map +1 -0
package/types/metadata-idp.d.ts +25 -0
package/types/metadata-idp.d.ts.map +1 -0
package/types/metadata-sp.d.ts +37 -0
package/types/metadata-sp.d.ts.map +1 -0
package/types/metadata.d.ts +58 -0
package/types/metadata.d.ts.map +1 -0
package/types/src/api.d.ts +15 -13
package/types/src/api.d.ts.map +1 -0
package/types/src/binding-post.d.ts +48 -47
package/types/src/binding-post.d.ts.map +1 -0
package/types/src/binding-redirect.d.ts +54 -53
package/types/src/binding-redirect.d.ts.map +1 -0
package/types/src/binding-simplesign.d.ts +41 -40
package/types/src/binding-simplesign.d.ts.map +1 -0
package/types/src/entity-idp.d.ts +38 -37
package/types/src/entity-idp.d.ts.map +1 -0
package/types/src/entity-sp.d.ts +38 -36
package/types/src/entity-sp.d.ts.map +1 -0
package/types/src/entity.d.ts +100 -101
package/types/src/entity.d.ts.map +1 -0
package/types/src/extractor.d.ts +26 -25
package/types/src/extractor.d.ts.map +1 -0
package/types/src/flow.d.ts +7 -6
package/types/src/flow.d.ts.map +1 -0
package/types/src/libsaml.d.ts +208 -209
package/types/src/libsaml.d.ts.map +1 -0
package/types/src/metadata-idp.d.ts +25 -24
package/types/src/metadata-idp.d.ts.map +1 -0
package/types/src/metadata-sp.d.ts +37 -36
package/types/src/metadata-sp.d.ts.map +1 -0
package/types/src/metadata.d.ts +58 -59
package/types/src/metadata.d.ts.map +1 -0
package/types/src/types.d.ts +128 -129
package/types/src/types.d.ts.map +1 -0
package/types/src/urn.d.ts +195 -194
package/types/src/urn.d.ts.map +1 -0
package/types/src/utility.d.ts +133 -134
package/types/src/utility.d.ts.map +1 -0
package/types/src/validator.d.ts +4 -3
package/types/src/validator.d.ts.map +1 -0
package/types/types.d.ts +128 -0
package/types/types.d.ts.map +1 -0
package/types/urn.d.ts +195 -0
package/types/urn.d.ts.map +1 -0
package/types/utility.d.ts +133 -0
package/types/utility.d.ts.map +1 -0
package/types/validator.d.ts +4 -0
package/types/validator.d.ts.map +1 -0
package/.editorconfig +0 -19
package/.github/FUNDING.yml +0 -1
package/.idea/inspectionProfiles/Project_Default.xml +0 -6
package/.idea/modules.xml +0 -8
package/.idea/vcs.xml +0 -6
package/.pre-commit.sh +0 -15
package/.snyk +0 -8
package/.travis.yml +0 -29
package/Makefile +0 -25
package/index.d.ts +0 -10
package/index.js +0 -19
package/index.js.map +0 -1
package/index.ts +0 -28
package/qodana.yaml +0 -29
package/src/.idea/src.iml +0 -12
package/src/.idea/vcs.xml +0 -6
package/src/api.ts +0 -36
package/src/binding-post.ts +0 -348
package/src/binding-redirect.ts +0 -356
package/src/binding-simplesign.ts +0 -238
package/src/entity-idp.ts +0 -153
package/src/entity-sp.ts +0 -114
package/src/entity.ts +0 -243
package/src/extractor.ts +0 -392
package/src/flow.ts +0 -467
package/src/libsaml.ts +0 -895
package/src/metadata-idp.ts +0 -146
package/src/metadata-sp.ts +0 -268
package/src/metadata.ts +0 -166
package/src/types.ts +0 -153
package/src/urn.ts +0 -211
package/src/utility.ts +0 -319
package/src/validator.ts +0 -39
package/tsconfig.json +0 -38
package/tslint.json +0 -35
package/types.d.ts +0 -2
/package/{.idea/samlify.iml → build/.idea/build.iml} +0 -0

package/src/binding-post.ts DELETED Viewed

@@ -1,348 +0,0 @@
-/**
-* @file binding-post.ts
-* @author tngan
-* @desc Binding-level API, declare the functions using POST binding
-*/
-import { wording, namespace, StatusCode } from './urn.js';
-import { BindingContext } from './entity.js';
-import libsaml from './libsaml.js';
-import utility, { get } from './utility.js';
-const binding = wording.binding;
-/**
-* @desc Generate a base64 encoded login request
-* @param  {string} referenceTagXPath           reference uri
-* @param  {object} entity                      object includes both idp and sp
-* @param  {function} customTagReplacement     used when developers have their own login response template
-*/
-function base64LoginRequest(referenceTagXPath: string, entity: any, customTagReplacement?: (template: string) => BindingContext): BindingContext {
-  const metadata = { idp: entity.idp.entityMeta, sp: entity.sp.entityMeta };
-  const spSetting = entity.sp.entitySetting;
-  let id: string = '';
-  if (metadata && metadata.idp && metadata.sp) {
-    const base = metadata.idp.getSingleSignOnService(binding.post);
-    let rawSamlRequest: string;
-    if (spSetting.loginRequestTemplate && customTagReplacement) {
-      const info = customTagReplacement(spSetting.loginRequestTemplate.context);
-      id = get(info, 'id', null);
-      rawSamlRequest = get(info, 'context', null);
-    } else {
-      const nameIDFormat = spSetting.nameIDFormat;
-      const selectedNameIDFormat = Array.isArray(nameIDFormat) ? nameIDFormat[0] : nameIDFormat;
-      id = spSetting.generateID();
-      rawSamlRequest = libsaml.replaceTagsByValue(libsaml.defaultLoginRequestTemplate.context, {
-        ID: id,
-        Destination: base,
-        Issuer: metadata.sp.getEntityID(),
-        IssueInstant: new Date().toISOString(),
-        AssertionConsumerServiceURL: metadata.sp.getAssertionConsumerService(binding.post),
-        EntityID: metadata.sp.getEntityID(),
-        AllowCreate: spSetting.allowCreate,
-        NameIDFormat: selectedNameIDFormat
-      } as any);
-    }
-    if (metadata.idp.isWantAuthnRequestsSigned()) {
-      const { privateKey, privateKeyPass, requestSignatureAlgorithm: signatureAlgorithm, transformationAlgorithms } = spSetting;
-      return {
-        id,
-        context: libsaml.constructSAMLSignature({
-          referenceTagXPath,
-          privateKey,
-          privateKeyPass,
-          signatureAlgorithm,
-          transformationAlgorithms,
-          rawSamlMessage: rawSamlRequest,
-          signingCert: metadata.sp.getX509Certificate('signing'),
-          signatureConfig: spSetting.signatureConfig || {
-            prefix: 'ds',
-            location: { reference: "/*[local-name(.)='AuthnRequest']/*[local-name(.)='Issuer']", action: 'after' },
-          }
-        }),
-      };
-    }
-    // No need to embeded XML signature
-    return {
-      id,
-      context: utility.base64Encode(rawSamlRequest),
-    };
-  }
-  throw new Error('ERR_GENERATE_POST_LOGIN_REQUEST_MISSING_METADATA');
-}
-/**
- * @desc Generate a base64 encoded login response
- * @param  {object} requestInfo                 corresponding request, used to obtain the id
- * @param  {object} entity                      object includes both idp and sp
- * @param  {object} user                        current logged user (e.g. req.user)
- * @param  {function} customTagReplacement     used when developers have their own login response template
- * @param  {boolean}  encryptThenSign           whether or not to encrypt then sign first (if signing). Defaults to sign-then-encrypt
- * @param AttributeStatement
- */
-async function base64LoginResponse(requestInfo: any = {}, entity: any, user: any = {}, customTagReplacement?: (template: string) => BindingContext, encryptThenSign: boolean = false , AttributeStatement=[]): Promise<BindingContext> {
-  const idpSetting = entity.idp.entitySetting;
-  const spSetting = entity.sp.entitySetting;
-  const id = idpSetting.generateID();
-  const metadata = {
-    idp: entity.idp.entityMeta,
-    sp: entity.sp.entityMeta,
-  };
-  const nameIDFormat = idpSetting.nameIDFormat;
-  const selectedNameIDFormat = Array.isArray(nameIDFormat) ? nameIDFormat[0] : nameIDFormat;
-  if (metadata && metadata.idp && metadata.sp) {
-    const base = metadata.sp.getAssertionConsumerService(binding.post);
-    let rawSamlResponse;
-    const  nowTime = new Date();
-    const  spEntityID = metadata.sp.getEntityID();
-    const  oneMinutesLaterTime = new Date(nowTime.getTime());
-    oneMinutesLaterTime.setMinutes(oneMinutesLaterTime.getMinutes() + 5);
-    const OneMinutesLater = oneMinutesLaterTime.toISOString();
-    const now = nowTime.toISOString();
-    console.log(`现在是北京时间:${nowTime.toLocaleString()}`)
-    console.log(`现在是两分钟时间:${oneMinutesLaterTime.toLocaleString()}`)
-    const acl = metadata.sp.getAssertionConsumerService(binding.post);
-    const sessionIndex = 'session'+idpSetting.generateID(); // 这个是当前系统的会话索引，用于单点注销
-    const tenHoursLaterTime = new Date(nowTime.getTime());
-    tenHoursLaterTime.setHours(tenHoursLaterTime.getHours() + 10);
-    const tenHoursLater = tenHoursLaterTime.toISOString();
-    const tvalue: any = {
-      ID: id,
-      AssertionID: idpSetting.generateID(),
-      Destination: base,
-      Audience: spEntityID,
-      EntityID: spEntityID,
-      SubjectRecipient: acl,
-      Issuer: metadata.idp.getEntityID(),
-      IssueInstant: now,
-      AssertionConsumerServiceURL: acl,
-      StatusCode: StatusCode.Success,
-      // can be customized
-      ConditionsNotBefore: now,
-      ConditionsNotOnOrAfter: OneMinutesLater,
-      SubjectConfirmationDataNotOnOrAfter: OneMinutesLater,
-      NameIDFormat: selectedNameIDFormat,
-      NameID: user?.NameID || '',
-      InResponseTo: get(requestInfo, 'extract.request.id', ''),
-      AuthnStatement: `<saml:AuthnStatement AuthnInstant="${now}" SessionNotOnOrAfter="${tenHoursLater}" SessionIndex="${sessionIndex}"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement>`,
-      AttributeStatement: libsaml.attributeStatementBuilder(AttributeStatement),
-    };
-    if (idpSetting.loginResponseTemplate && customTagReplacement) {
-      const template = customTagReplacement(idpSetting.loginResponseTemplate.context);
-      rawSamlResponse = get(template, 'context', null);
-    } else {
-      if (requestInfo !== null) {
-        tvalue.InResponseTo = requestInfo?.extract?.request?.id ?? '';
-      }
-      rawSamlResponse = libsaml.replaceTagsByValue(libsaml.defaultLoginResponseTemplate.context, tvalue);
-    }
-    const { privateKey, privateKeyPass, requestSignatureAlgorithm: signatureAlgorithm } = idpSetting;
-    const config = {
-      privateKey,
-      privateKeyPass,
-      signatureAlgorithm,
-      signingCert: metadata.idp.getX509Certificate('signing'),
-      isBase64Output: false,
-    };
-    // step: sign assertion ? -> encrypted ? -> sign message ?
-    if (metadata.sp.isWantAssertionsSigned()) {
-      // console.debug('sp wants assertion signed');
-      rawSamlResponse = libsaml.constructSAMLSignature({
-        ...config,
-        rawSamlMessage: rawSamlResponse,
-        transformationAlgorithms: spSetting.transformationAlgorithms,
-        referenceTagXPath: "/*[local-name(.)='Response']/*[local-name(.)='Assertion']",
-        signatureConfig: {
-          prefix: 'ds',
-          location: { reference: "/*[local-name(.)='Response']/*[local-name(.)='Assertion']/*[local-name(.)='Issuer']", action: 'after' },
-        },
-      });
-    }
-    // console.debug('after assertion signed', rawSamlResponse);
-    // SAML response must be signed sign message first, then encrypt
-    if (!encryptThenSign && (spSetting.wantMessageSigned || !metadata.sp.isWantAssertionsSigned())) {
-      // console.debug('sign then encrypt and sign entire message');
-      rawSamlResponse = libsaml.constructSAMLSignature({
-        ...config,
-        rawSamlMessage: rawSamlResponse,
-        isMessageSigned: true,
-        transformationAlgorithms: spSetting.transformationAlgorithms,
-        signatureConfig: spSetting.signatureConfig || {
-          prefix: 'ds',
-          location: { reference: "/*[local-name(.)='Response']/*[local-name(.)='Issuer']", action: 'after' },
-        },
-      });
-    }
-    // console.debug('after message signed', rawSamlResponse);
-    if (idpSetting.isAssertionEncrypted) {
-      // console.debug('idp is configured to do encryption');
-      const context = await libsaml.encryptAssertion(entity.idp, entity.sp, rawSamlResponse);
-      if (encryptThenSign) {
-        //need to decode it
-        rawSamlResponse = utility.base64Decode(context) as string;
-      } else {
-        return Promise.resolve({ id, context });
-      }
-    }
-    //sign after encrypting
-    if (encryptThenSign && (spSetting.wantMessageSigned || !metadata.sp.isWantAssertionsSigned())) {
-      rawSamlResponse = libsaml.constructSAMLSignature({
-        ...config,
-        rawSamlMessage: rawSamlResponse,
-        isMessageSigned: true,
-        transformationAlgorithms: spSetting.transformationAlgorithms,
-        signatureConfig: spSetting.signatureConfig || {
-          prefix: 'ds',
-          location: { reference: "/*[local-name(.)='Response']/*[local-name(.)='Issuer']", action: 'after' },
-        },
-      });
-    }
-    console.log(rawSamlResponse);
-    console.log('看一下---------------------------')
-    return Promise.resolve({
-      id,
-      context: utility.base64Encode(rawSamlResponse),
-    });
-  }
-  throw new Error('ERR_GENERATE_POST_LOGIN_RESPONSE_MISSING_METADATA');
-}
-/**
-* @desc Generate a base64 encoded logout request
-* @param  {object} user                         current logged user (e.g. req.user)
-* @param  {string} referenceTagXPath            reference uri
-* @param  {object} entity                       object includes both idp and sp
-* @param  {function} customTagReplacement      used when developers have their own login response template
-* @return {string} base64 encoded request
-*/
-function base64LogoutRequest(user, referenceTagXPath, entity, customTagReplacement?: (template: string) => BindingContext): BindingContext {
-  const metadata = { init: entity.init.entityMeta, target: entity.target.entityMeta };
-  const initSetting = entity.init.entitySetting;
-  const nameIDFormat = initSetting.nameIDFormat;
-  const selectedNameIDFormat = Array.isArray(nameIDFormat) ? nameIDFormat[0] : nameIDFormat;  let id: string = '';
-  if (metadata && metadata.init && metadata.target) {
-    let rawSamlRequest: string;
-    if (initSetting.logoutRequestTemplate && customTagReplacement) {
-      const template = customTagReplacement(initSetting.logoutRequestTemplate.context);
-      id = get(template, 'id', null);
-      rawSamlRequest = get(template, 'context', null);
-    } else {
-      id = initSetting.generateID();
-      const tvalue: any = {
-        ID: id,
-        Destination: metadata.target.getSingleLogoutService(binding.post),
-        Issuer: metadata.init.getEntityID(),
-        IssueInstant: new Date().toISOString(),
-        EntityID: metadata.init.getEntityID(),
-        NameIDFormat: selectedNameIDFormat,
-        NameID: user.NameID || '',
-      };
-      rawSamlRequest = libsaml.replaceTagsByValue(libsaml.defaultLogoutRequestTemplate.context, tvalue);
-    }
-    if (entity.target.entitySetting.wantLogoutRequestSigned) {
-      // Need to embeded XML signature
-      const { privateKey, privateKeyPass, requestSignatureAlgorithm: signatureAlgorithm, transformationAlgorithms  } = initSetting;
-      return {
-        id,
-        context: libsaml.constructSAMLSignature({
-          referenceTagXPath,
-          privateKey,
-          privateKeyPass,
-          signatureAlgorithm,
-          transformationAlgorithms,
-          rawSamlMessage: rawSamlRequest,
-          signingCert: metadata.init.getX509Certificate('signing'),
-          signatureConfig: initSetting.signatureConfig || {
-            prefix: 'ds',
-            location: { reference: "/*[local-name(.)='LogoutRequest']/*[local-name(.)='Issuer']", action: 'after' },
-          }
-        }),
-      };
-    }
-    return {
-      id,
-      context: utility.base64Encode(rawSamlRequest),
-    };
-  }
-  throw new Error('ERR_GENERATE_POST_LOGOUT_REQUEST_MISSING_METADATA');
-}
-/**
-* @desc Generate a base64 encoded logout response
-* @param  {object} requestInfo                 corresponding request, used to obtain the id
-* @param  {string} referenceTagXPath           reference uri
-* @param  {object} entity                      object includes both idp and sp
-* @param  {function} customTagReplacement     used when developers have their own login response template
-*/
-function base64LogoutResponse(requestInfo: any, entity: any, customTagReplacement: (template: string) => BindingContext): BindingContext {
-  const metadata = {
-    init: entity.init.entityMeta,
-    target: entity.target.entityMeta,
-  };
-  let id: string = '';
-  const initSetting = entity.init.entitySetting;
-  if (metadata && metadata.init && metadata.target) {
-    let rawSamlResponse;
-    if (initSetting.logoutResponseTemplate) {
-      const template = customTagReplacement(initSetting.logoutResponseTemplate.context);
-      id = template.id;
-      rawSamlResponse = template.context;
-    } else {
-      id = initSetting.generateID();
-      const tvalue: any = {
-        ID: id,
-        Destination: metadata.target.getSingleLogoutService(binding.post),
-        EntityID: metadata.init.getEntityID(),
-        Issuer: metadata.init.getEntityID(),
-        IssueInstant: new Date().toISOString(),
-        StatusCode: StatusCode.Success,
-        InResponseTo: get(requestInfo, 'extract.request.id', '')
-      };
-      rawSamlResponse = libsaml.replaceTagsByValue(libsaml.defaultLogoutResponseTemplate.context, tvalue);
-    }
-    if (entity.target.entitySetting.wantLogoutResponseSigned) {
-      const { privateKey, privateKeyPass, requestSignatureAlgorithm: signatureAlgorithm, transformationAlgorithms } = initSetting;
-      return {
-        id,
-        context: libsaml.constructSAMLSignature({
-          isMessageSigned: true,
-          transformationAlgorithms: transformationAlgorithms,
-          privateKey,
-          privateKeyPass,
-          signatureAlgorithm,
-          rawSamlMessage: rawSamlResponse,
-          signingCert: metadata.init.getX509Certificate('signing'),
-          signatureConfig: {
-            prefix: 'ds',
-            location: {
-              reference: "/*[local-name(.)='LogoutResponse']/*[local-name(.)='Issuer']",
-              action: 'after'
-            }
-          }
-        }),
-      };
-    }
-    return {
-      id,
-      context: utility.base64Encode(rawSamlResponse),
-    };
-  }
-  throw new Error('ERR_GENERATE_POST_LOGOUT_RESPONSE_MISSING_METADATA');
-}
-const postBinding = {
-  base64LoginRequest,
-  base64LoginResponse,
-  base64LogoutRequest,
-  base64LogoutResponse,
-};
-export default postBinding;