samlify 2.11.0 → 2.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (83) hide show
  1. package/README.md +1 -1
  2. package/build/src/api.js +52 -3
  3. package/build/src/api.js.map +1 -1
  4. package/build/src/binding-post.js +236 -182
  5. package/build/src/binding-post.js.map +1 -1
  6. package/build/src/binding-redirect.js +303 -215
  7. package/build/src/binding-redirect.js.map +1 -1
  8. package/build/src/binding-simplesign.js +285 -137
  9. package/build/src/binding-simplesign.js.map +1 -1
  10. package/build/src/entity-idp.js +130 -47
  11. package/build/src/entity-idp.js.map +1 -1
  12. package/build/src/entity-sp.js +81 -39
  13. package/build/src/entity-sp.js.map +1 -1
  14. package/build/src/entity.js +100 -62
  15. package/build/src/entity.js.map +1 -1
  16. package/build/src/extractor.js +119 -155
  17. package/build/src/extractor.js.map +1 -1
  18. package/build/src/flow.js +100 -96
  19. package/build/src/flow.js.map +1 -1
  20. package/build/src/libsaml.js +318 -261
  21. package/build/src/libsaml.js.map +1 -1
  22. package/build/src/metadata-idp.js +60 -30
  23. package/build/src/metadata-idp.js.map +1 -1
  24. package/build/src/metadata-sp.js +51 -41
  25. package/build/src/metadata-sp.js.map +1 -1
  26. package/build/src/metadata.js +47 -43
  27. package/build/src/metadata.js.map +1 -1
  28. package/build/src/options.js +73 -0
  29. package/build/src/options.js.map +1 -0
  30. package/build/src/urn.js +28 -1
  31. package/build/src/urn.js.map +1 -1
  32. package/build/src/utility.js +165 -83
  33. package/build/src/utility.js.map +1 -1
  34. package/build/src/validator.js +27 -10
  35. package/build/src/validator.js.map +1 -1
  36. package/package.json +17 -7
  37. package/types/src/api.d.ts +33 -3
  38. package/types/src/binding-post.d.ts +67 -34
  39. package/types/src/binding-redirect.d.ts +58 -31
  40. package/types/src/binding-simplesign.d.ts +77 -21
  41. package/types/src/entity-idp.d.ts +40 -31
  42. package/types/src/entity-sp.d.ts +37 -27
  43. package/types/src/entity.d.ts +71 -77
  44. package/types/src/extractor.d.ts +31 -22
  45. package/types/src/flow.d.ts +24 -2
  46. package/types/src/libsaml.d.ts +172 -118
  47. package/types/src/metadata-idp.d.ts +27 -11
  48. package/types/src/metadata-sp.d.ts +29 -19
  49. package/types/src/metadata.d.ts +59 -34
  50. package/types/src/options.d.ts +37 -0
  51. package/types/src/types.d.ts +250 -24
  52. package/types/src/urn.d.ts +7 -0
  53. package/types/src/utility.d.ts +144 -89
  54. package/types/src/validator.d.ts +21 -0
  55. package/.circleci/config.yml +0 -98
  56. package/.editorconfig +0 -19
  57. package/.github/FUNDING.yml +0 -1
  58. package/.github/workflows/deploy-docs.yml +0 -56
  59. package/.pre-commit.sh +0 -15
  60. package/.snyk +0 -4
  61. package/Makefile +0 -25
  62. package/index.ts +0 -28
  63. package/src/api.ts +0 -36
  64. package/src/binding-post.ts +0 -336
  65. package/src/binding-redirect.ts +0 -335
  66. package/src/binding-simplesign.ts +0 -231
  67. package/src/entity-idp.ts +0 -145
  68. package/src/entity-sp.ts +0 -114
  69. package/src/entity.ts +0 -243
  70. package/src/extractor.ts +0 -399
  71. package/src/flow.ts +0 -469
  72. package/src/libsaml.ts +0 -777
  73. package/src/metadata-idp.ts +0 -146
  74. package/src/metadata-sp.ts +0 -203
  75. package/src/metadata.ts +0 -166
  76. package/src/types.ts +0 -127
  77. package/src/urn.ts +0 -210
  78. package/src/utility.ts +0 -231
  79. package/src/validator.ts +0 -44
  80. package/tsconfig.json +0 -41
  81. package/tslint.json +0 -35
  82. package/types.d.ts +0 -2
  83. package/vitest.config.ts +0 -12
package/README.md CHANGED
@@ -3,7 +3,7 @@
3
3
  [![Build Status](https://img.shields.io/circleci/build/github/tngan/samlify?style=for-the-badge&logo=circleci)](https://app.circleci.com/pipelines/github/tngan/samlify)
4
4
  [![npm version](https://img.shields.io/npm/v/samlify.svg?style=for-the-badge&logo=npm)](https://www.npmjs.com/package/samlify)
5
5
  [![NPM](https://img.shields.io/npm/dm/samlify.svg?style=for-the-badge&logo=npm)](https://www.npmjs.com/package/samlify)
6
- [![Coverage Status](https://img.shields.io/coveralls/tngan/samlify/master.svg?style=for-the-badge&logo=coveralls)](https://coveralls.io/github/tngan/samlify?branch=master)
6
+ [![Coverage](https://img.shields.io/badge/coverage-%E2%89%A590%25-brightgreen?style=for-the-badge&logo=vitest)](./vitest.config.ts)
7
7
 
8
8
  Highly configuarable Node.js SAML 2.0 library for Single Sign On
9
9
 
package/build/src/api.js CHANGED
@@ -1,25 +1,74 @@
1
1
  "use strict";
2
+ var __assign = (this && this.__assign) || function () {
3
+ __assign = Object.assign || function(t) {
4
+ for (var s, i = 1, n = arguments.length; i < n; i++) {
5
+ s = arguments[i];
6
+ for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
7
+ t[p] = s[p];
8
+ }
9
+ return t;
10
+ };
11
+ return __assign.apply(this, arguments);
12
+ };
2
13
  Object.defineProperty(exports, "__esModule", { value: true });
3
14
  exports.getContext = getContext;
4
15
  exports.setSchemaValidator = setSchemaValidator;
5
16
  exports.setDOMParserOptions = setDOMParserOptions;
17
+ /**
18
+ * @file api.ts
19
+ * @author tngan
20
+ * @desc Global module configuration: XML schema validator and DOM parser.
21
+ */
6
22
  var xmldom_1 = require("@xmldom/xmldom");
23
+ var XXE_SAFE_OPTIONS = {
24
+ /**
25
+ * Treat XML parsing errors as fatal to prevent XXE attacks.
26
+ * Entity references (e.g. &xxe;) and malformed XML in SAML messages
27
+ * are not expected and may indicate an attack attempt.
28
+ */
29
+ errorHandler: {
30
+ error: function (msg) { throw new Error("XML parsing error: ".concat(msg)); },
31
+ fatalError: function (msg) { throw new Error("XML fatal error: ".concat(msg)); },
32
+ },
33
+ };
7
34
  var context = {
8
35
  validate: undefined,
9
- dom: new xmldom_1.DOMParser()
36
+ dom: new xmldom_1.DOMParser(XXE_SAFE_OPTIONS),
10
37
  };
38
+ /**
39
+ * Return the module-wide runtime context (DOM parser and validator).
40
+ *
41
+ * @returns shared context object
42
+ */
11
43
  function getContext() {
12
44
  return context;
13
45
  }
46
+ /**
47
+ * Register the caller-supplied SAML schema validator. Throws when the
48
+ * supplied value does not expose a `validate` callback.
49
+ *
50
+ * @param params object with a `validate(xml)` callback
51
+ */
14
52
  function setSchemaValidator(params) {
15
53
  if (typeof params.validate !== 'function') {
16
54
  throw new Error('validate must be a callback function having one argument as xml input');
17
55
  }
18
- // assign the validate function to the context
19
56
  context.validate = params.validate;
20
57
  }
58
+ /**
59
+ * Replace the module-wide DOM parser with one configured by the caller.
60
+ *
61
+ * The XXE-safe error handlers are merged into the supplied options as a
62
+ * baseline so callers can override unrelated settings without
63
+ * accidentally disabling XXE protection (`saml-core §6.4`,
64
+ * `saml-sec-consider §6.3.1`). A caller can still opt out by passing
65
+ * its own `errorHandler`, but it must do so explicitly.
66
+ *
67
+ * @param options xmldom parser options
68
+ */
21
69
  function setDOMParserOptions(options) {
70
+ var _a;
22
71
  if (options === void 0) { options = {}; }
23
- context.dom = new xmldom_1.DOMParser(options);
72
+ context.dom = new xmldom_1.DOMParser(__assign(__assign(__assign({}, XXE_SAFE_OPTIONS), options), { errorHandler: (_a = options.errorHandler) !== null && _a !== void 0 ? _a : XXE_SAFE_OPTIONS.errorHandler }));
24
73
  }
25
74
  //# sourceMappingURL=api.js.map
package/build/src/api.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"api.js","sourceRoot":"","sources":["../../src/api.ts"],"names":[],"mappings":";;AAkBA,gCAEC;AAED,gDASC;AAED,kDAEC;AAnCD,yCAA+E;AAa/E,IAAM,OAAO,GAAY;IACvB,QAAQ,EAAE,SAAS;IACnB,GAAG,EAAE,IAAI,kBAAG,EAAE;CACf,CAAC;AAEF,SAAgB,UAAU;IACxB,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAgB,kBAAkB,CAAC,MAAwB;IAEzD,IAAI,OAAO,MAAM,CAAC,QAAQ,KAAK,UAAU,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,uEAAuE,CAAC,CAAC;IAC3F,CAAC;IAED,8CAA8C;IAC9C,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;AAErC,CAAC;AAED,SAAgB,mBAAmB,CAAC,OAA8B;IAA9B,wBAAA,EAAA,YAA8B;IAChE,OAAO,CAAC,GAAG,GAAG,IAAI,kBAAG,CAAC,OAAO,CAAC,CAAC;AACjC,CAAC"}
1
+ {"version":3,"file":"api.js","sourceRoot":"","sources":["../../src/api.ts"],"names":[],"mappings":";;;;;;;;;;;;;AA0CA,gCAEC;AAQD,gDAKC;AAaD,kDAMC;AA5ED;;;;GAIG;AACH,yCAA+E;AAe/E,IAAM,gBAAgB,GAAqB;IACzC;;;;OAIG;IACH,YAAY,EAAE;QACZ,KAAK,EAAE,UAAC,GAAW,IAAO,MAAM,IAAI,KAAK,CAAC,6BAAsB,GAAG,CAAE,CAAC,CAAC,CAAC,CAAC;QACzE,UAAU,EAAE,UAAC,GAAW,IAAO,MAAM,IAAI,KAAK,CAAC,2BAAoB,GAAG,CAAE,CAAC,CAAC,CAAC,CAAC;KAC7E;CACF,CAAC;AAEF,IAAM,OAAO,GAAY;IACvB,QAAQ,EAAE,SAAS;IACnB,GAAG,EAAE,IAAI,kBAAG,CAAC,gBAAgB,CAAC;CAC/B,CAAC;AAEF;;;;GAIG;AACH,SAAgB,UAAU;IACxB,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,kBAAkB,CAAC,MAAwB;IACzD,IAAI,OAAO,MAAM,CAAC,QAAQ,KAAK,UAAU,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,uEAAuE,CAAC,CAAC;IAC3F,CAAC;IACD,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;AACrC,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAgB,mBAAmB,CAAC,OAA8B;;IAA9B,wBAAA,EAAA,YAA8B;IAChE,OAAO,CAAC,GAAG,GAAG,IAAI,kBAAG,gCAChB,gBAAgB,GAChB,OAAO,KACV,YAAY,EAAE,MAAA,OAAO,CAAC,YAAY,mCAAI,gBAAgB,CAAC,YAAY,IACnE,CAAC;AACL,CAAC"}