samlesa 2.17.2 → 2.17.3

package/build/src/binding-post.js

@@ -130,8 +130,6 @@ async function base64LoginResponse(requestInfo = {}, entity, user = {}, customTa
                 tvalue.InResponseTo = requestInfo?.extract?.request?.id ?? '';
             }
             rawSamlResponse = libsaml.replaceTagsByValue(libsaml.defaultLoginResponseTemplate.context, tvalue);
-            console.log(rawSamlResponse);
-            console.log("没有加密签名过的------------------------------------");
         }
         const { privateKey, privateKeyPass, requestSignatureAlgorithm: signatureAlgorithm } = idpSetting;
         const config = {

package/build/src/metadata-idp.js

@@ -31,23 +31,21 @@ export class IdpMetadata extends Metadata {
             for (const cert of castArrayOpt(encryptCert)) {
                 IDPSSODescriptor.push(libsaml.createKeySection('encryption', cert));
             }
-            if (isNonEmptyArray(nameIDFormat)) {
-                nameIDFormat.forEach(f => IDPSSODescriptor.push({ NameIDFormat: f }));
-            }
-            if (isNonEmptyArray(singleSignOnService)) {
-                singleSignOnService.forEach((a, indexCount) => {
-                    const attr = {
-                        Binding: a.Binding,
-                        Location: a.Location,
-                    };
-                    /*          if (a.isDefault) {
-                                attr.isDefault = true;
-                              }*/
-                    IDPSSODescriptor.push({ SingleSignOnService: [{ _attr: attr }] });
+            if (isNonEmptyArray(artifactResolutionService)) {
+                let indexCounts = 0;
+                artifactResolutionService.forEach((a, indexCount) => {
+                    const attr = {};
+                    /*     if (a.isDefault) {
+                           attr.isDefault = true;
+                         }*/
+                    attr.index = String(indexCounts++),
+                        attr.Binding = a.Binding;
+                    attr.Location = a.Location;
+                    IDPSSODescriptor.push({ ArtifactResolutionService: [{ _attr: attr }] });
                 });
             }
             else {
-                throw new Error('ERR_IDP_METADATA_MISSING_SINGLE_SIGN_ON_SERVICE');
+                console.warn('Construct identity  provider - missing endpoint of ArtifactResolutionService');
             }
             if (isNonEmptyArray(singleLogoutService)) {
                 singleLogoutService.forEach((a, indexCount) => {
@@ -63,19 +61,23 @@ export class IdpMetadata extends Metadata {
             else {
                 console.warn('Construct identity  provider - missing endpoint of SingleLogoutService');
             }
-            if (isNonEmptyArray(artifactResolutionService)) {
-                artifactResolutionService.forEach((a, indexCount) => {
-                    const attr = {};
-                    /*     if (a.isDefault) {
-                           attr.isDefault = true;
-                         }*/
-                    attr.Binding = a.Binding;
-                    attr.Location = a.Location;
-                    IDPSSODescriptor.push({ ArtifactResolutionService: [{ _attr: attr }] });
+            if (isNonEmptyArray(nameIDFormat)) {
+                nameIDFormat.forEach(f => IDPSSODescriptor.push({ NameIDFormat: f }));
+            }
+            if (isNonEmptyArray(singleSignOnService)) {
+                singleSignOnService.forEach((a, indexCount) => {
+                    const attr = {
+                        Binding: a.Binding,
+                        Location: a.Location,
+                    };
+                    /*          if (a.isDefault) {
+                                attr.isDefault = true;
+                              }*/
+                    IDPSSODescriptor.push({ SingleSignOnService: [{ _attr: attr }] });
                 });
             }
             else {
-                console.warn('Construct identity  provider - missing endpoint of ArtifactResolutionService');
+                throw new Error('ERR_IDP_METADATA_MISSING_SINGLE_SIGN_ON_SERVICE');
             }
             // Create a new metadata by setting
             meta = xml([{

package/build/src/metadata-sp.js

@@ -51,12 +51,19 @@ export class SpMetadata extends Metadata {
             for (const cert of castArrayOpt(encryptCert)) {
                 descriptors.KeyDescriptor.push(libsaml.createKeySection('encryption', cert).KeyDescriptor);
             }
-            if (isNonEmptyArray(nameIDFormat)) {
-                nameIDFormat.forEach(f => descriptors.NameIDFormat.push(f));
-            }
-            else {
-                // default value
-                descriptors.NameIDFormat.push(namespace.format.emailAddress);
+            if (isNonEmptyArray(artifactResolutionService)) {
+                let indexCount = 0;
+                artifactResolutionService.forEach(a => {
+                    const attr = {
+                        index: String(indexCount++),
+                        Binding: a.Binding,
+                        Location: a.Location,
+                    };
+                    if (a.isDefault) {
+                        attr.isDefault = true;
+                    }
+                    descriptors.ArtifactResolutionService.push([{ _attr: attr }]);
+                });
             }
             if (isNonEmptyArray(singleLogoutService)) {
                 singleLogoutService.forEach(a => {
@@ -70,19 +77,12 @@ export class SpMetadata extends Metadata {
                     descriptors.SingleLogoutService.push([{ _attr: attr }]);
                 });
             }
-            if (isNonEmptyArray(artifactResolutionService)) {
-                let indexCount = 0;
-                artifactResolutionService.forEach(a => {
-                    const attr = {
-                        index: String(indexCount++),
-                        Binding: a.Binding,
-                        Location: a.Location,
-                    };
-                    /*       if (a.isDefault) {
-                             attr.isDefault = true;
-                           }*/
-                    descriptors.ArtifactResolutionService.push([{ _attr: attr }]);
-                });
+            if (isNonEmptyArray(nameIDFormat)) {
+                nameIDFormat.forEach(f => descriptors.NameIDFormat.push(f));
+            }
+            else {
+                // default value
+                descriptors.NameIDFormat.push(namespace.format.emailAddress);
             }
             if (isNonEmptyArray(assertionConsumerService)) {
                 let indexCount = 0;

package/build/src/schemaValidator.js

@@ -2,6 +2,7 @@ import { validateXML } from 'xmllint-wasm';
 import * as fs from 'node:fs';
 import * as path from 'node:path';
 import { fileURLToPath } from 'node:url';
+import { DOMParser } from '@xmldom/xmldom';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 let normal = [
@@ -89,12 +90,10 @@ export const validate = async (xml, isSoap = false) => {
         throw validationResult.errors;
     }
     catch (error) {
-        console.log(error);
-        console.log("真的错误了=================");
         throw new Error('ERR_EXCEPTION_VALIDATE_XML');
     }
 };
-export const validateMetadata = async (xml, isSoap = false) => {
+export const validateMetadata = async (xml, isParse = false) => {
     const indicators = detectXXEIndicators(xml);
     if (indicators) {
         throw new Error('ERR_EXCEPTION_VALIDATE_XML');
@@ -118,13 +117,38 @@ export const validateMetadata = async (xml, isSoap = false) => {
             preload: [xmlParse, ...preload],
         });
         if (validationResult.valid) {
+            if (isParse) {
+                // 解析 XML 为 DOM 对象
+                const parser = new DOMParser();
+                const xmlDoc = parser.parseFromString(xml, 'text/xml');
+                // 检查 IdP 和 SP 描述符元素
+                const idpDescriptor = xmlDoc.getElementsByTagNameNS('urn:oasis:names:tc:SAML:2.0:metadata', 'IDPSSODescriptor');
+                const spDescriptor = xmlDoc.getElementsByTagNameNS('urn:oasis:names:tc:SAML:2.0:metadata', 'SPSSODescriptor');
+                // 判断元数据类型
+                let metadataType;
+                if (idpDescriptor.length > 0 && spDescriptor.length > 0) {
+                    metadataType = 'both'; // 同时包含 IdP 和 SP
+                }
+                else if (idpDescriptor.length > 0) {
+                    metadataType = 'IdP'; // 身份提供者
+                }
+                else if (spDescriptor.length > 0) {
+                    metadataType = 'SP'; // 服务提供者
+                }
+                else {
+                    metadataType = 'unknown'; // 无法确定
+                }
+                // 返回验证结果和元数据类型
+                return {
+                    isValid: true,
+                    metadataType: metadataType
+                };
+            }
             return true;
         }
         throw validationResult.errors;
     }
     catch (error) {
-        console.log(error);
-        console.log("真的错误了=================");
-        throw new Error('ERR_EXCEPTION_VALIDATE_XML');
+        return error;
     }
 };

package/package.json

@@ -1,78 +1,77 @@
-{
-  "name": "samlesa",
-  "version": "2.17.2",
-
-  "description": "High-level API for Single Sign On (SAML 2.0) baseed on samlify ",
-  "main": "build/index.js",
-  "keywords": [
-    "nodejs",
-    "saml2",
-    "sso",
-    "slo",
-    "metadata"
-  ],
-  "type": "module",
-  "typings": "types/index.d.ts",
-  "scripts": {
-    "build": "tsc && copyfiles -u 1 src/schema/**/* build/src",
-    "docs": "docsify serve -o docs",
-    "lint": "tslint -p .",
-    "lint:fix": "tslint -p . --fix",
-    "test": "vitest",
-    "test:watch": "vitest --watch",
-    "test:coverage": "vitest run --coverage",
-    "hooks:postinstall": "mklink /J .git\\hooks\\pre-commit .pre-commit.sh || copy .pre-commit.sh .git\\hooks\\pre-commit"
-  },
-  "exports": {
-    ".": {
-      "types": "./types/index.d.ts",
-      "import": "./build/index.js"
-    }
-  },
-  "files": [
-    "build",
-    "types"
-  ],
-  "contributors": [
-    "Veclea <vemocle@gmail.com>"
-  ],
-  "author": "Veclea",
-  "repository": {
-    "url": "https://github.com/Veclea/samlify.git",
-    "type": "git"
-  },
-  "license": "MIT",
-  "dependencies": {
-    "@xmldom/xmldom": "^0.9.8",
-    "axios": "^1.10.0",
-    "camelcase": "^8.0.0",
-    "cross-env": "^7.0.3",
-    "iconv-lite": "^0.6.3",
-    "node-rsa": "^1.1.1",
-    "pako": "^2.1.0",
-    "ts-node": "^10.9.2",
-    "uuid": "^11.1.0",
-    "vite-tsconfig-paths": "^5.1.4",
-    "xml": "^1.0.1",
-    "xml-crypto": "^6.1.2",
-    "xml-encryption": "^3.1.0",
-    "xml-escape": "^1.1.0",
-    "xml2js": "^0.6.2",
-    "xmllint-wasm": "^5.0.0",
-    "xpath": "^0.0.32"
-  },
-  "devDependencies": {
-    "@types/node": "^24.0.13",
-    "@types/pako": "2.0.3",
-    "@types/uuid": "10.0.0",
-    "@vitest/coverage-istanbul": "^3.2.4",
-    "@vitest/coverage-v8": "3.2.4",
-    "copyfiles": "^2.4.1",
-    "coveralls": "^3.1.1",
-    "esbuild": "^0.25.6",
-    "jsdom": "^26.1.0",
-    "timekeeper": "^2.3.1",
-    "typescript": "5.8.3",
-    "vitest": "^3.2.4"
-  }
-}
+{
+  "name": "samlesa",
+  "version": "2.17.3",
+  "description": "High-level API for Single Sign On (SAML 2.0) baseed on samlify ",
+  "main": "build/index.js",
+  "keywords": [
+    "nodejs",
+    "saml2",
+    "sso",
+    "slo",
+    "metadata"
+  ],
+  "type": "module",
+  "typings": "types/index.d.ts",
+  "scripts": {
+    "build": "tsc && copyfiles -u 1 src/schema/**/* build/src",
+    "docs": "docsify serve -o docs",
+    "lint": "tslint -p .",
+    "lint:fix": "tslint -p . --fix",
+    "test": "vitest",
+    "test:watch": "vitest --watch",
+    "test:coverage": "vitest run --coverage",
+    "hooks:postinstall": "mklink /J .git\\hooks\\pre-commit .pre-commit.sh || copy .pre-commit.sh .git\\hooks\\pre-commit"
+  },
+  "exports": {
+    ".": {
+      "types": "./types/index.d.ts",
+      "import": "./build/index.js"
+    }
+  },
+  "files": [
+    "build",
+    "types"
+  ],
+  "contributors": [
+    "Veclea <vemocle@gmail.com>"
+  ],
+  "author": "Veclea",
+  "repository": {
+    "url": "https://github.com/Veclea/samlify.git",
+    "type": "git"
+  },
+  "license": "MIT",
+  "dependencies": {
+    "@xmldom/xmldom": "^0.9.8",
+    "axios": "^1.10.0",
+    "camelcase": "^8.0.0",
+    "cross-env": "^7.0.3",
+    "iconv-lite": "^0.6.3",
+    "node-rsa": "^1.1.1",
+    "pako": "^2.1.0",
+    "ts-node": "^10.9.2",
+    "uuid": "^11.1.0",
+    "vite-tsconfig-paths": "^5.1.4",
+    "xml": "^1.0.1",
+    "xml-crypto": "^6.1.2",
+    "xml-encryption": "^3.1.0",
+    "xml-escape": "^1.1.0",
+    "xml2js": "^0.6.2",
+    "xmllint-wasm": "^5.0.0",
+    "xpath": "^0.0.32"
+  },
+  "devDependencies": {
+    "@types/node": "^24.0.13",
+    "@types/pako": "2.0.3",
+    "@types/uuid": "10.0.0",
+    "@vitest/coverage-istanbul": "^3.2.4",
+    "@vitest/coverage-v8": "3.2.4",
+    "copyfiles": "^2.4.1",
+    "coveralls": "^3.1.1",
+    "esbuild": "^0.25.6",
+    "jsdom": "^26.1.0",
+    "timekeeper": "^2.3.1",
+    "typescript": "5.8.3",
+    "vitest": "^3.2.4"
+  }
+}

package/types/api.d.ts

@@ -0,0 +1,15 @@
+import { DOMParser as dom } from '@xmldom/xmldom';
+import type { Options as DOMParserOptions } from '@xmldom/xmldom';
+interface Context extends ValidatorContext, DOMParserContext {
+}
+interface ValidatorContext {
+    validate?: (xml: string) => Promise<any>;
+}
+interface DOMParserContext {
+    dom: dom;
+}
+export declare function getContext(): Context;
+export declare function setSchemaValidator(params: ValidatorContext): void;
+export declare function setDOMParserOptions(options?: DOMParserOptions): void;
+export {};
+//# sourceMappingURL=api.d.ts.map

package/types/api.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,IAAI,GAAG,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,KAAK,EAAE,OAAO,IAAI,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAElE,UAAU,OAAQ,SAAQ,gBAAgB,EAAE,gBAAgB;CAAG;AAE/D,UAAU,gBAAgB;IACxB,QAAQ,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,GAAG,CAAC,CAAC;CAC1C;AAED,UAAU,gBAAgB;IACxB,GAAG,EAAE,GAAG,CAAC;CACV;AAOD,wBAAgB,UAAU,IAAG,OAAO,CAEnC;AAED,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,gBAAgB,GAAE,IAAI,CAShE;AAED,wBAAgB,mBAAmB,CAAC,OAAO,GAAE,gBAAqB,GAAE,IAAI,CAEvE"}

package/types/binding-post.d.ts

@@ -0,0 +1,48 @@
+/**
+* @file binding-post.ts
+* @author tngan
+* @desc Binding-level API, declare the functions using POST binding
+*/
+import type { BindingContext } from './entity.js';
+/**
+* @desc Generate a base64 encoded login request
+* @param  {string} referenceTagXPath           reference uri
+* @param  {object} entity                      object includes both idp and sp
+* @param  {function} customTagReplacement     used when developers have their own login response template
+*/
+declare function base64LoginRequest(referenceTagXPath: string, entity: any, customTagReplacement?: (template: string) => BindingContext): BindingContext;
+/**
+ * @desc Generate a base64 encoded login response
+ * @param  {object} requestInfo                 corresponding request, used to obtain the id
+ * @param  {object} entity                      object includes both idp and sp
+ * @param  {object} user                        current logged user (e.g. req.user)
+ * @param  {function} customTagReplacement     used when developers have their own login response template
+ * @param  {boolean}  encryptThenSign           whether or not to encrypt then sign first (if signing). Defaults to sign-then-encrypt
+ * @param AttributeStatement
+ */
+declare function base64LoginResponse(requestInfo: any | undefined, entity: any, user?: any, customTagReplacement?: (template: string) => BindingContext, encryptThenSign?: boolean, AttributeStatement?: never[]): Promise<BindingContext>;
+/**
+* @desc Generate a base64 encoded logout request
+* @param  {object} user                         current logged user (e.g. req.user)
+* @param  {string} referenceTagXPath            reference uri
+* @param  {object} entity                       object includes both idp and sp
+* @param  {function} customTagReplacement      used when developers have their own login response template
+* @return {string} base64 encoded request
+*/
+declare function base64LogoutRequest(user: Record<string, unknown>, referenceTagXPath: string, entity: any, customTagReplacement?: (template: string) => BindingContext): BindingContext;
+/**
+* @desc Generate a base64 encoded logout response
+* @param  {object} requestInfo                 corresponding request, used to obtain the id
+* @param  {string} referenceTagXPath           reference uri
+* @param  {object} entity                      object includes both idp and sp
+* @param  {function} customTagReplacement     used when developers have their own login response template
+*/
+declare function base64LogoutResponse(requestInfo: any, entity: any, customTagReplacement: (template: string) => BindingContext): BindingContext;
+declare const postBinding: {
+    base64LoginRequest: typeof base64LoginRequest;
+    base64LoginResponse: typeof base64LoginResponse;
+    base64LogoutRequest: typeof base64LogoutRequest;
+    base64LogoutResponse: typeof base64LogoutResponse;
+};
+export default postBinding;
+//# sourceMappingURL=binding-post.d.ts.map

package/types/binding-post.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"binding-post.d.ts","sourceRoot":"","sources":["../src/binding-post.ts"],"names":[],"mappings":"AAAA;;;;EAIE;AAGF,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAMlD;;;;;EAKE;AACF,iBAAS,kBAAkB,CAAC,iBAAiB,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,cAAc,CAqD/I;AACD;;;;;;;;GAQG;AACH,iBAAe,mBAAmB,CAAC,WAAW,EAAE,GAAG,YAAK,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,GAAE,GAAQ,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,EAAE,eAAe,GAAE,OAAe,EAAG,kBAAkB,UAAG,GAAG,OAAO,CAAC,cAAc,CAAC,CAuIrO;AACD;;;;;;;EAOE;AACF,iBAAS,mBAAmB,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,iBAAiB,EAAC,MAAM,EAAE,MAAM,KAAA,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,cAAc,CAkDzK;AACD;;;;;;EAME;AACF,iBAAS,oBAAoB,CAAC,WAAW,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,oBAAoB,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,cAAc,CAsDvI;AAED,QAAA,MAAM,WAAW;;;;;CAKhB,CAAC;AAEF,eAAe,WAAW,CAAC"}

package/types/binding-redirect.d.ts

@@ -0,0 +1,54 @@
+import type { BindingContext } from './entity.js';
+import { IdentityProvider as Idp } from './entity-idp.js';
+import { ServiceProvider as Sp } from './entity-sp.js';
+export interface BuildRedirectConfig {
+    baseUrl: string;
+    type: string;
+    isSigned: boolean;
+    context: string;
+    entitySetting: any;
+    relayState?: string;
+}
+/**
+ * @desc Redirect URL for login request
+ * @param  {object} entity                       object includes both idp and sp
+ * @param  {function} customTagReplacement      used when developers have their own login response template
+ * @return {string} redirect URL
+ */
+declare function loginRequestRedirectURL(entity: {
+    idp: Idp;
+    sp: Sp;
+}, customTagReplacement?: (template: string) => BindingContext): BindingContext;
+/**
+ * @desc Redirect URL for login response
+ * @param  {object} requestInfo             corresponding request, used to obtain the id
+ * @param  {object} entity                      object includes both idp and sp
+ * @param  {object} user                         current logged user (e.g. req.user)
+ * @param  {String} relayState                the relaystate sent by sp corresponding request
+ * @param  {function} customTagReplacement     used when developers have their own login response template
+ * @param AttributeStatement
+ */
+declare function loginResponseRedirectURL(requestInfo: any, entity: any, user?: any, relayState?: string, customTagReplacement?: (template: string) => BindingContext, AttributeStatement?: never[]): BindingContext;
+/**
+ * @desc Redirect URL for logout request
+ * @param  {object} user                        current logged user (e.g. req.user)
+ * @param  {object} entity                      object includes both idp and sp
+ * @param  {function} customTagReplacement     used when developers have their own login response template
+ * @return {string} redirect URL
+ */
+declare function logoutRequestRedirectURL(user: any, entity: any, relayState?: string, customTagReplacement?: (template: string, tags: object) => BindingContext): BindingContext;
+/**
+ * @desc Redirect URL for logout response
+ * @param  {object} requescorresponding request, used to obtain the id
+ * @param  {object} entity                      object includes both idp and sp
+ * @param  {function} customTagReplacement     used when developers have their own login response template
+ */
+declare function logoutResponseRedirectURL(requestInfo: any, entity: any, relayState?: string, customTagReplacement?: (template: string) => BindingContext): BindingContext;
+declare const redirectBinding: {
+    loginRequestRedirectURL: typeof loginRequestRedirectURL;
+    loginResponseRedirectURL: typeof loginResponseRedirectURL;
+    logoutRequestRedirectURL: typeof logoutRequestRedirectURL;
+    logoutResponseRedirectURL: typeof logoutResponseRedirectURL;
+};
+export default redirectBinding;
+//# sourceMappingURL=binding-redirect.d.ts.map

package/types/binding-redirect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"binding-redirect.d.ts","sourceRoot":"","sources":["../src/binding-redirect.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,aAAa,CAAC;AAChD,OAAO,EAAC,gBAAgB,IAAI,GAAG,EAAC,MAAM,iBAAiB,CAAC;AACxD,OAAO,EAAC,eAAe,IAAI,EAAE,EAAC,MAAM,gBAAgB,CAAC;AAOrD,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,OAAO,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,GAAG,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAgED;;;;;GAKG;AACH,iBAAS,uBAAuB,CAAC,MAAM,EAAE;IACvC,GAAG,EAAE,GAAG,CAAC;IACT,EAAE,EAAE,EAAE,CAAA;CACP,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,cAAc,CAyC9E;AAED;;;;;;;;GAQG;AACH,iBAAS,wBAAwB,CAAC,WAAW,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,GAAE,GAAQ,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,EAAC,kBAAkB,UAAI,GAAG,cAAc,CAoGxM;AAED;;;;;;GAMG;AACH,iBAAS,wBAAwB,CAAC,IAAI,KAAA,EAAE,MAAM,KAAA,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,cAAc,GAAG,cAAc,CAwC9J;AAED;;;;;GAKG;AACH,iBAAS,yBAAyB,CAAC,WAAW,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,cAAc,CAyClK;AAED,QAAA,MAAM,eAAe;;;;;CAKpB,CAAC;AAEF,eAAe,eAAe,CAAC"}

package/types/binding-simplesign.d.ts

@@ -0,0 +1,41 @@
+/**
+* @file binding-simplesign.ts
+* @author Orange
+* @desc Binding-level API, declare the functions using POST SimpleSign binding
+*/
+import type { BindingContext, SimpleSignComputedContext } from './entity.js';
+export interface BuildSimpleSignConfig {
+    type: string;
+    context: string;
+    entitySetting: any;
+    relayState?: string;
+}
+export interface BindingSimpleSignContext {
+    id: string;
+    context: string;
+    signature: any;
+    sigAlg: string;
+}
+/**
+* @desc Generate a base64 encoded login request
+* @param  {string} referenceTagXPath           reference uri
+* @param  {object} entity                      object includes both idp and sp
+* @param  {function} customTagReplacement     used when developers have their own login response template
+*/
+declare function base64LoginRequest(entity: any, customTagReplacement?: (template: string) => BindingContext): SimpleSignComputedContext;
+/**
+ * @desc Generate a base64 encoded login response
+ * @param  {object} requestInfo                 corresponding request, used to obtain the id
+ * @param  {object} entity                      object includes both idp and sp
+ * @param  {object} user                        current logged user (e.g. req.user)
+ * @param  {string}  relayState               the relay state
+ * @param  {function} customTagReplacement     used when developers have their own login response template
+ * @param AttributeStatement
+ */
+declare function base64LoginResponse(requestInfo: any | undefined, entity: any, user?: any, relayState?: string, customTagReplacement?: (template: string) => BindingContext, AttributeStatement?: []): Promise<BindingSimpleSignContext>;
+declare const simpleSignBinding: {
+    base64LoginRequest: typeof base64LoginRequest;
+    base64LoginResponse: typeof base64LoginResponse;
+};
+export default simpleSignBinding;
+//# sourceMappingURL=binding-simplesign.d.ts.map

package/types/binding-simplesign.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"binding-simplesign.d.ts","sourceRoot":"","sources":["../src/binding-simplesign.ts"],"names":[],"mappings":"AAAA;;;;EAIE;AAGF,OAAQ,KAAK,EAAE,cAAc,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AAO9E,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,GAAG,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,wBAAwB;IACvC,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,GAAG,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;CAChB;AA6CD;;;;;EAKE;AACF,iBAAS,kBAAkB,CAAC,MAAM,EAAE,GAAG,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAAG,yBAAyB,CAkD/H;AACD;;;;;;;;GAQG;AACH,iBAAe,mBAAmB,CAAC,WAAW,EAAE,GAAG,YAAK,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,GAAE,GAAQ,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,EAAE,kBAAkB,GAAC,EAAO,GAAG,OAAO,CAAC,wBAAwB,CAAC,CA6FtO;AAED,QAAA,MAAM,iBAAiB;;;CAGpB,CAAC;AAEJ,eAAe,iBAAiB,CAAC"}

package/types/entity-idp.d.ts

@@ -0,0 +1,38 @@
+import Entity, { type ESamlHttpRequest } from './entity.js';
+import { ServiceProviderConstructor as ServiceProvider, IdentityProviderMetadata, type IdentityProviderSettings } from './types.js';
+import { type FlowResult } from './flow.js';
+import type { BindingContext } from './entity.js';
+/**
+ * Identity provider can be configured using either metadata importing or idpSetting
+ */
+export default function (props: IdentityProviderSettings): IdentityProvider;
+/**
+ * Identity provider can be configured using either metadata importing or idpSetting
+ */
+export declare class IdentityProvider extends Entity {
+    entityMeta: IdentityProviderMetadata;
+    constructor(idpSetting: IdentityProviderSettings);
+    /**
+     * @desc  Generates the login response for developers to design their own method
+     * @param params
+     */
+    createLoginResponse(params: {
+        sp: ServiceProvider;
+        requestInfo: Record<string, any>;
+        binding?: string;
+        user: Record<string, any>;
+        customTagReplacement?: (template: string) => BindingContext;
+        encryptThenSign?: boolean;
+        relayState?: string;
+        context: Record<string, any>;
+        AttributeStatement: [];
+    }): Promise<any>;
+    /**
+     * Validation of the parsed URL parameters
+     * @param sp ServiceProvider instance
+     * @param binding Protocol binding
+     * @param req RequesmessageSigningOrderst
+     */
+    parseLoginRequest(sp: ServiceProvider, binding: string, req: ESamlHttpRequest): Promise<FlowResult>;
+}
+//# sourceMappingURL=entity-idp.d.ts.map

package/types/entity-idp.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"entity-idp.d.ts","sourceRoot":"","sources":["../src/entity-idp.ts"],"names":[],"mappings":"AAYA,OAAO,MAAM,EAAE,EAAE,KAAK,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC5D,OAAO,EACL,0BAA0B,IAAI,eAAe,EAE7C,wBAAwB,EACxB,KAAK,wBAAwB,EAC9B,MAAM,YAAY,CAAC;AAMpB,OAAO,EAAQ,KAAK,UAAU,EAAE,MAAO,WAAW,CAAC;AAEnD,OAAO,KAAM,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAEnD;;GAEG;AACH,MAAM,CAAC,OAAO,WAAU,KAAK,EAAE,wBAAwB,oBAEtD;AAED;;GAEG;AACH,qBAAa,gBAAiB,SAAQ,MAAM;IAElC,UAAU,EAAE,wBAAwB,CAAC;gBAEjC,UAAU,EAAE,wBAAwB;IAqChD;;;OAGG;IACU,mBAAmB,CAAC,MAAM,EAAC;QACtC,EAAE,EAAE,eAAe,CAAC;QACpB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QACjC,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAC1B,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,CAAC;QAC5D,eAAe,CAAC,EAAE,OAAO,CAAC;QAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAC7B,kBAAkB,EAAC,EAAE,CAAA;KACtB;IAyCD;;;;;OAKG;IACH,iBAAiB,CAAC,EAAE,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,gBAAgB;CAY9E"}

package/types/entity-sp.d.ts

@@ -0,0 +1,38 @@
+/**
+* @file entity-sp.ts
+* @author tngan
+* @desc  Declares the actions taken by service provider
+*/
+import Entity from './entity.js';
+import type { BindingContext, PostBindingContext, ESamlHttpRequest, SimpleSignBindingContext } from './entity.js';
+import { IdentityProviderConstructor as IdentityProvider, ServiceProviderMetadata, type ServiceProviderSettings } from './types.js';
+import { type FlowResult } from './flow.js';
+export default function (props: ServiceProviderSettings): ServiceProvider;
+/**
+* @desc Service provider can be configured using either metadata importing or spSetting
+* @param  {object} spSettingimport { FlowResult } from '../types/src/flow.d';
+
+*/
+export declare class ServiceProvider extends Entity {
+    entityMeta: ServiceProviderMetadata;
+    /**
+    * @desc  Inherited from Entity
+    * @param {object} spSetting    setting of service provider
+    */
+    constructor(spSetting: ServiceProviderSettings);
+    /**
+    * @desc  Generates the login request for developers to design their own method
+    * @param  {IdentityProvider} idp               object of identity provider
+    * @param  {string}   binding                   protocol binding
+    * @param  {function} customTagReplacement     used when developers have their own login response template
+    */
+    createLoginRequest(idp: IdentityProvider, binding?: string, customTagReplacement?: (template: string) => BindingContext): BindingContext | PostBindingContext | SimpleSignBindingContext;
+    /**
+    * @desc   Validation of the parsed the URL parameters
+    * @param  {IdentityProvider}   idp             object of identity provider
+    * @param  {string}   binding                   protocol binding
+    * @param  {request}   req                      request
+    */
+    parseLoginResponse(idp: any, binding: any, request: ESamlHttpRequest): Promise<FlowResult>;
+}
+//# sourceMappingURL=entity-sp.d.ts.map

package/types/entity-sp.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"entity-sp.d.ts","sourceRoot":"","sources":["../src/entity-sp.ts"],"names":[],"mappings":"AAAA;;;;EAIE;AACF,OAAO,MAEN,MAAM,aAAa,CAAC;AACrB,OAAQ,KAAK,EAAG,cAAc,EAC5B,kBAAkB,EAClB,gBAAgB,EAChB,wBAAwB,EAAE,MAAK,aAAa,CAAC;AAC/C,OAAO,EACL,2BAA2B,IAAI,gBAAgB,EAC/C,uBAAuB,EACvB,KAAK,uBAAuB,EAC7B,MAAM,YAAY,CAAC;AAKpB,OAAO,EAAQ,KAAK,UAAU,EAAE,MAAO,WAAW,CAAC;AAKnD,MAAM,CAAC,OAAO,WAAU,KAAK,EAAE,uBAAuB,mBAErD;AAED;;;;EAIE;AACF,qBAAa,eAAgB,SAAQ,MAAM;IAChC,UAAU,EAAE,uBAAuB,CAAC;IAE7C;;;MAGE;gBACU,SAAS,EAAE,uBAAuB;IAS9C;;;;;MAKE;IACK,kBAAkB,CACvB,GAAG,EAAE,gBAAgB,EACrB,OAAO,SAAa,EACpB,oBAAoB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,cAAc,GAC1D,cAAc,GAAG,kBAAkB,GAAE,wBAAwB;IAkChE;;;;;MAKE;IACK,kBAAkB,CAAC,GAAG,KAAA,EAAE,OAAO,KAAA,EAAE,OAAO,EAAE,gBAAgB;CAalE"}