Add X-Forwarded-Host support

auth0 · Feb 26, 2018 · ab49e06 · ab49e06
1 parent 6b91af4
commit ab49e06
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 10 deletions.
diff --git a/lib/metadata.js b/lib/metadata.js
@@ -11,19 +11,19 @@ function getEndpointAddress (req, endpointPath) {
   var protocol = req.headers['x-iisnode-https'] && req.headers['x-iisnode-https'] == 'on' ?
                  'https' :
                  (req.headers['x-forwarded-proto'] || req.protocol);
-
-  return protocol + '://' + req.headers['host'] + endpointPath;
+  var host = req.headers['x-forwarded-host'] || req.headers['host'];
+  return protocol + '://' + host + endpointPath;
 }
 
 /**
  * SAML metadata endpoint
  *
  * This endpoint returns a SAML metadata document.
- * 
+ *
  * You should expose this endpoint in an address like:
  *
  * 'https://your-saml-server.com/FederationMetadata/2007-06/FederationMetadata.xml
- * 
+ *
  * options:
  * - issuer string
  * - cert the public certificate
@@ -32,7 +32,7 @@ function getEndpointAddress (req, endpointPath) {
  * - postEndpointPath optional, location value for HTTP-POST binding (SingleSignOnService)
  * - logoutEndpointPaths.redirect optional, location value for HTTP-Redirect binding (SingleLogoutService)
  * - logoutEndpointPaths.post optional, location value for HTTP-POST binding (SingleLogoutService)
- * 
+ *
  * @param  {[type]} options [description]
  * @return {[type]}         [description]
  */
@@ -54,7 +54,7 @@ function metadataMiddleware (options) {
   return function (req, res) {
     var redirectEndpoint = getEndpointAddress(req, options.redirectEndpointPath);
     var postEndpoint = getEndpointAddress(req, options.postEndpointPath);
-    
+
     options.logoutEndpointPaths = options.logoutEndpointPaths || { redirect: '/logout' };
 
     var logoutEndpoints = {};
@@ -63,7 +63,7 @@ function metadataMiddleware (options) {
         logoutEndpoints[binding] = getEndpointAddress(req, options.logoutEndpointPaths[binding]);
       }
     });
-    
+
     res.set('Content-Type', 'application/xml');
 
     res.send(templates.metadata({

diff --git a/test/metadata.tests.js b/test/metadata.tests.js
@@ -15,7 +15,7 @@ describe('samlp metadata', function () {
   before(function (done) {
     server.start(done);
   });
-  
+
   after(function (done) {
     server.close(done);
   });
@@ -24,7 +24,7 @@ describe('samlp metadata', function () {
     var doc, content;
     before(function (done) {
       request.get({
-        jar: request.jar(), 
+        jar: request.jar(),
         uri: 'http://localhost:5050/samlp/FederationMetadata/2007-06/FederationMetadata.xml'
       }, function (err, response, b){
         if(err) return done(err);
@@ -53,7 +53,7 @@ describe('samlp metadata', function () {
     it('sholud have the logout endpoint url', function(){
       expect(doc.getElementsByTagName('SingleSignOnService')[0].getAttribute('Binding'))
         .to.equal('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect');
-        
+
       expect(doc.getElementsByTagName('SingleLogoutService')[0].getAttribute('Location'))
         .to.equal('http://localhost:5050/logout');
     });
@@ -79,4 +79,37 @@ describe('samlp metadata', function () {
     });
 
   });
+
+  describe('request to metadata with proxy', function () {
+    var doc;
+    before(function (done) {
+      request.get({
+        jar: request.jar(),
+        uri: 'http://localhost:5050/samlp/FederationMetadata/2007-06/FederationMetadata.xml',
+        headers: {
+          'X-Forwarded-Host': 'myserver.com'
+        }
+      }, function (err, response, b) {
+        if (err) return done(err);
+        doc = new xmldom.DOMParser().parseFromString(b).documentElement;
+        done();
+      });
+    });
+
+    it('sholud have the redirect endpoint url with the forwarded host', function () {
+      expect(doc.getElementsByTagName('SingleSignOnService')[0].getAttribute('Location'))
+        .to.equal('http://myserver.com/samlp/123');
+    });
+
+    it('sholud have the POST endpoint url with the forwarded host', function () {
+      expect(doc.getElementsByTagName('SingleSignOnService')[1].getAttribute('Location'))
+        .to.equal('http://myserver.com/login/callback');
+    });
+
+    it('sholud have the logout endpoint url with the forwarded host', function () {
+      expect(doc.getElementsByTagName('SingleLogoutService')[0].getAttribute('Location'))
+        .to.equal('http://myserver.com/logout');
+    });
+
+  });
 });