npm - samlesa - Versions diffs - 4.7.6 → 4.8.0 - Mend

samlesa 4.7.6 → 4.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/build/src/libsamlSoap.js +17 -9
package/package.json +1 -1
package/types/src/libsamlSoap.d.ts.map +1 -1

package/build/src/libsamlSoap.js CHANGED Viewed

@@ -118,18 +118,26 @@ function verifySignature(xml, signatureNodes, opts) {
         const publicKeys = resolvePublicCertificates(signatureNode, opts);
         let verifiedSig = null;
         let lastError = null;
+        const parentXml = signatureNode?.parentNode ? serializeWithInheritedNamespaces(signatureNode.parentNode) : '';
+        const rawParentXml = signatureNode?.parentNode?.toString?.() || '';
+        const xmlCandidates = uniqueXmlCandidates([xml, parentXml, rawParentXml]);
         for (const publicKey of publicKeys) {
-            try {
-                const sig = new SignedXml();
-                sig.publicCert = publicKey;
-                sig.loadSignature(signatureNode);
-                if (sig.checkSignature(xml)) {
-                    verifiedSig = sig;
-                    break;
+            for (const xmlCandidate of xmlCandidates) {
+                try {
+                    const sig = new SignedXml();
+                    sig.publicCert = publicKey;
+                    sig.loadSignature(signatureNode);
+                    if (sig.checkSignature(xmlCandidate)) {
+                        verifiedSig = sig;
+                        break;
+                    }
+                }
+                catch (error) {
+                    lastError = error;
                 }
             }
-            catch (error) {
-                lastError = error;
+            if (verifiedSig) {
+                break;
             }
         }
         if (!verifiedSig) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "samlesa",
-  "version": "4.7.6",
+  "version": "4.8.0",
   "description": "High-level API for Single Sign On (SAML 2.0) baseed on samlify ",
   "main": "build/index.js",
   "keywords": [

package/types/src/libsamlSoap.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"libsamlSoap.d.ts","sourceRoot":"","sources":["../../src/libsamlSoap.ts"],"names":[],"mappings":"AAKA,OAAgB,EAAE,wBAAwB,EAAE,MAAM,cAAc,CAAC;AA2FjE,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,iBAAiB,GAAG,kBAAkB,CAAC;IAC7C,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,yBAAyB,CAAC,EAAE,MAAM,EAAE,CAAC;IACrC,mBAAmB,CAAC,EAAE,OAAO,CAAC;CAC/B;~~AA4ID~~,iBAAe,2BAA2B,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,wBAAwB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAoCpH;;;;AAED,wBAEE"}
1	+ {"version":3,"file":"libsamlSoap.d.ts","sourceRoot":"","sources":["../../src/libsamlSoap.ts"],"names":[],"mappings":"AAKA,OAAgB,EAAE,wBAAwB,EAAE,MAAM,cAAc,CAAC;AA2FjE,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,iBAAiB,GAAG,kBAAkB,CAAC;IAC7C,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,yBAAyB,CAAC,EAAE,MAAM,EAAE,CAAC;IACrC,mBAAmB,CAAC,EAAE,OAAO,CAAC;CAC/B;AAqJD,iBAAe,2BAA2B,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,wBAAwB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAoCpH;;;;AAED,wBAEE"}