From 58495fee0cd64148bc4dccdc57c2d701c41acbd4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 21 Jul 2023 12:14:42 -0400 Subject: [PATCH] Bump prettier from 2.8.8 to 3.0.0 (#300) Bumps [prettier](https://github.com/prettier/prettier) from 2.8.8 to 3.0.0. - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](https://github.com/prettier/prettier/compare/2.8.8...3.0.0) --- updated-dependencies: - dependency-name: prettier dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] * Lint --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Chris Barth --- .grenrc.js | 2 +- docs/xml-signing-example.js | 4 +- package-lock.json | 6 +- package.json | 2 +- src/metadata.ts | 10 +-- src/saml-post-signing.ts | 2 +- src/saml.ts | 97 ++++++++++++----------- src/types.ts | 11 ++- src/utility.ts | 6 +- src/xml.ts | 20 ++--- test/crypto.spec.ts | 22 +++--- test/samlRequest.spec.ts | 16 ++-- test/samlTests.spec.ts | 14 ++-- test/test-signatures.spec.ts | 146 ++++++++++++++++++----------------- test/tests.spec.ts | 106 ++++++++++++------------- test/xml.spec.ts | 4 +- 16 files changed, 241 insertions(+), 227 deletions(-) diff --git a/.grenrc.js b/.grenrc.js index 0aac7329..90c9f29f 100644 --- a/.grenrc.js +++ b/.grenrc.js @@ -107,7 +107,7 @@ module.exports = { release: function (placeholders) { placeholders.body = placeholders.body.replace( "*No changelog for this release.*", - "\n_No changelog for this release._" + "\n_No changelog for this release._", ); return `## ${placeholders.release} (${placeholders.date})\n${placeholders.body}`; }, diff --git a/docs/xml-signing-example.js b/docs/xml-signing-example.js index c1503d1f..4fe21811 100644 --- a/docs/xml-signing-example.js +++ b/docs/xml-signing-example.js @@ -42,6 +42,6 @@ console.log( verified: verified, }, null, - 2 - ) + 2, + ), ); diff --git a/package-lock.json b/package-lock.json index b0fb7c0b..64c9af2f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -7177,9 +7177,9 @@ "dev": true }, "prettier": { - "version": "2.8.8", - "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.8.8.tgz", - "integrity": "sha512-tdN8qQGvNjw4CHbY+XXk0JgCXn9QiF21a55rBe5LJAU+kDyC4WQn4+awm2Xfk2lQMk5fKup9XgzTZtGkjBdP9Q==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.0.0.tgz", + "integrity": "sha512-zBf5eHpwHOGPC47h0zrPyNn+eAEIdEzfywMoYn2XPi0P44Zp0tSq64rq0xAREh4auw2cJZHo9QUob+NqCQky4g==", "dev": true }, "prettier-linter-helpers": { diff --git a/package.json b/package.json index 98d94aad..d2905bdc 100644 --- a/package.json +++ b/package.json @@ -86,7 +86,7 @@ "mocha": "^10.2.0", "nyc": "^15.1.0", "onchange": "^7.1.0", - "prettier": "^2.8.8", + "prettier": "^3.0.0", "prettier-plugin-packagejson": "^2.4.5", "release-it": "^16.1.3", "sinon": "^15.2.0", diff --git a/src/metadata.ts b/src/metadata.ts index 7f57467f..e4eb1abe 100644 --- a/src/metadata.ts +++ b/src/metadata.ts @@ -9,7 +9,7 @@ import { assertRequired, signXmlMetadata } from "./utility"; import { buildXmlBuilderObject } from "./xml"; export const generateServiceProviderMetadata = ( - params: GenerateServiceProviderMetadataParams + params: GenerateServiceProviderMetadataParams, ): string => { const { issuer, @@ -29,7 +29,7 @@ export const generateServiceProviderMetadata = ( if (decryptionPvk != null) { if (!decryptionCert) { throw new Error( - "Missing decryptionCert while generating metadata for decrypting service provider" + "Missing decryptionCert while generating metadata for decrypting service provider", ); } } else { @@ -39,7 +39,7 @@ export const generateServiceProviderMetadata = ( if (privateKey != null) { if (!signingCerts) { throw new Error( - "Missing signingCert while generating metadata for signing service provider messages" + "Missing signingCert while generating metadata for signing service provider messages", ); } signingCerts = !Array.isArray(signingCerts) ? [signingCerts] : signingCerts; @@ -67,7 +67,7 @@ export const generateServiceProviderMetadata = ( if (isValidSamlSigningOptions(params)) { assertRequired( signingCerts, - "Missing signingCert while generating metadata for signing service provider messages" + "Missing signingCert while generating metadata for signing service provider messages", ); metadata.EntityDescriptor.SPSSODescriptor["@AuthnRequestsSigned"] = true; @@ -89,7 +89,7 @@ export const generateServiceProviderMetadata = ( if (decryptionPvk != null) { assertRequired( decryptionCert, - "Missing decryptionCert while generating metadata for decrypting service provider" + "Missing decryptionCert while generating metadata for decrypting service provider", ); decryptionCert = stripPemHeaderAndFooter(decryptionCert); diff --git a/src/saml-post-signing.ts b/src/saml-post-signing.ts index 74a036ce..2f2ff840 100644 --- a/src/saml-post-signing.ts +++ b/src/saml-post-signing.ts @@ -9,7 +9,7 @@ const issuerXPath = export function signSamlPost( samlMessage: string, xpath: string, - options: SamlSigningOptions + options: SamlSigningOptions, ): string { return signXml(samlMessage, xpath, { reference: xpath + issuerXPath, action: "after" }, options); } diff --git a/src/saml.ts b/src/saml.ts index f7697cb5..a8cc6f34 100644 --- a/src/saml.ts +++ b/src/saml.ts @@ -185,14 +185,14 @@ class SAML { signer.update(querystring.stringify(samlMessageToSign)); samlMessage.Signature = signer.sign( keyInfoToPem(this.options.privateKey, "PRIVATE KEY"), - "base64" + "base64", ); } protected async generateAuthorizeRequestAsync( this: SAML, isPassive: boolean, - isHttpPostBinding: boolean + isHttpPostBinding: boolean, ): Promise { assertRequired(this.options.entryPoint, "entryPoint is required"); @@ -312,7 +312,7 @@ class SAML { } return formattedEntry; - } + }, ); } @@ -321,7 +321,7 @@ class SAML { } return formattedIdpListItem; - } + }, ); } @@ -438,7 +438,7 @@ class SAML { request: string | null | undefined, response: string | null, operation: string, - additionalParameters: querystring.ParsedUrlQuery + additionalParameters: querystring.ParsedUrlQuery, ): Promise { assertRequired(this.options.entryPoint, "entryPoint is required"); const requestOrResponse = request || response; @@ -490,7 +490,7 @@ class SAML { _getAdditionalParams( relayState: string, operation: "authorize" | "logout", - overrideParams?: querystring.ParsedUrlQuery + overrideParams?: querystring.ParsedUrlQuery, ): querystring.ParsedUrlQuery { const additionalParams: querystring.ParsedUrlQuery = {}; @@ -504,14 +504,14 @@ class SAML { operation === "logout" ? this.options.additionalLogoutParams : this.options.additionalAuthorizeParams, - overrideParams ?? {} + overrideParams ?? {}, ); } async getAuthorizeUrlAsync( RelayState: string, host: string | undefined, - options: AuthOptions + options: AuthOptions, ): Promise { const request = await this.generateAuthorizeRequestAsync(this.options.passive, false); const operation = "authorize"; @@ -520,14 +520,14 @@ class SAML { request, null, operation, - this._getAdditionalParams(RelayState, operation, overrideParams) + this._getAdditionalParams(RelayState, operation, overrideParams), ); } async getAuthorizeMessageAsync( RelayState: string, host?: string, - options?: AuthOptions + options?: AuthOptions, ): Promise { assertRequired(this.options.entryPoint, "entryPoint is required"); @@ -556,7 +556,7 @@ class SAML { async getAuthorizeFormAsync( RelayState: string, host?: string, - options?: AuthOptions + options?: AuthOptions, ): Promise { assertRequired(this.options.entryPoint, "entryPoint is required"); @@ -573,7 +573,7 @@ class SAML { | readonly string[] | readonly number[] | readonly boolean[], - preserveCR?: boolean + preserveCR?: boolean, ) { const preserveCRChar = preserveCR ? " " : "\n"; return ( @@ -622,7 +622,7 @@ class SAML { async getLogoutUrlAsync( user: Profile, RelayState: string, - options: AuthOptions + options: AuthOptions, ): Promise { const request = await this._generateLogoutRequest(user); const operation = "logout"; @@ -631,7 +631,7 @@ class SAML { request, null, operation, - this._getAdditionalParams(RelayState, operation, overrideParams) + this._getAdditionalParams(RelayState, operation, overrideParams), ); } @@ -640,10 +640,10 @@ class SAML { RelayState: string, options: AuthOptions, success: boolean, - callback: (err: Error | null, url?: string) => void + callback: (err: Error | null, url?: string) => void, ): void { util.callbackify(() => - this.getLogoutResponseUrlAsync(samlLogoutRequest, RelayState, options, success) + this.getLogoutResponseUrlAsync(samlLogoutRequest, RelayState, options, success), )(callback); } @@ -651,7 +651,7 @@ class SAML { samlLogoutRequest: Profile, RelayState: string, options: AuthOptions, - success: boolean + success: boolean, ): Promise { const response = this._generateLogoutResponse(samlLogoutRequest, success); const operation = "logout"; @@ -660,7 +660,7 @@ class SAML { null, response, operation, - this._getAdditionalParams(RelayState, operation, overrideParams) + this._getAdditionalParams(RelayState, operation, overrideParams), ); } @@ -679,7 +679,7 @@ class SAML { } async validatePostResponseAsync( - container: Record + container: Record, ): Promise<{ profile: Profile | null; loggedOut: boolean }> { let xml: string; let doc: Document; @@ -691,7 +691,7 @@ class SAML { const inResponseToNodes = xpath.selectAttributes( doc, - "/*[local-name()='Response']/@InResponseTo" + "/*[local-name()='Response']/@InResponseTo", ); if (inResponseToNodes) { @@ -712,11 +712,11 @@ class SAML { const assertions = xpath.selectElements( doc, - "/*[local-name()='Response']/*[local-name()='Assertion']" + "/*[local-name()='Response']/*[local-name()='Assertion']", ); const encryptedAssertions = xpath.selectElements( doc, - "/*[local-name()='Response']/*[local-name()='EncryptedAssertion']" + "/*[local-name()='Response']/*[local-name()='EncryptedAssertion']", ); if (assertions.length + encryptedAssertions.length > 1) { @@ -736,7 +736,7 @@ class SAML { return await this.processValidlySignedAssertionAsync( assertions[0].toString(), xml, - inResponseTo + inResponseTo, ); } @@ -749,7 +749,7 @@ class SAML { const decryptedDoc = await parseDomFromString(decryptedXml); const decryptedAssertions = xpath.selectElements( decryptedDoc, - "/*[local-name()='Assertion']" + "/*[local-name()='Assertion']", ); if (decryptedAssertions.length != 1) throw new Error("Invalid EncryptedAssertion content"); @@ -763,7 +763,7 @@ class SAML { return await this.processValidlySignedAssertionAsync( decryptedAssertions[0].toString(), xml, - inResponseTo + inResponseTo, ); } @@ -809,7 +809,7 @@ class SAML { const statusXml = buildXml2JsObject("Status", status[0]); throw new ErrorWithXmlStatus( "SAML provider returned " + msgType + " error: " + msg, - statusXml + statusXml, ); } } @@ -850,7 +850,7 @@ class SAML { async validateRedirectAsync( container: ParsedQs, - originalQuery: string + originalQuery: string, ): Promise<{ profile: Profile | null; loggedOut: boolean }> { const samlMessageType = container.SAMLRequest ? "SAMLRequest" : "SAMLResponse"; @@ -868,7 +868,7 @@ class SAML { protected async hasValidSignatureForRedirect( container: ParsedQs, - originalQuery: string + originalQuery: string, ): Promise { const tokens = originalQuery.split("&"); const getParam = (key: string) => { @@ -893,7 +893,7 @@ class SAML { urlString, container.Signature as string, container.SigAlg as string, - pemFile + pemFile, ); }); if (!hasValidQuerySignature) { @@ -908,7 +908,7 @@ class SAML { urlString: crypto.BinaryLike, signature: string, alg: string, - pemFile: string + pemFile: string, ): boolean { // See if we support a matching algorithm, case-insensitive. Otherwise, throw error. function hasMatch(ourAlgo: string) { @@ -938,7 +938,7 @@ class SAML { const conErr = this.checkTimestampsValidityError( nowMs, conditions.NotBefore, - conditions.NotOnOrAfter + conditions.NotOnOrAfter, ); if (conErr) { throw conErr; @@ -965,7 +965,10 @@ class SAML { if (issuer) { if (issuer[0]._ !== this.options.idpIssuer) throw new Error( - "Unknown SAML issuer. Expected: " + this.options.idpIssuer + " Received: " + issuer[0]._ + "Unknown SAML issuer. Expected: " + + this.options.idpIssuer + + " Received: " + + issuer[0]._, ); } else { throw new Error("Missing SAML issuer"); @@ -977,7 +980,7 @@ class SAML { this: SAML, xml: string, samlResponseXml: string, - inResponseTo: string | null + inResponseTo: string | null, ): Promise<{ profile: Profile; loggedOut: boolean }> { let msg; const nowMs = new Date().getTime(); @@ -1026,14 +1029,14 @@ class SAML { const maxTimeLimitMs = this.calcMaxAgeAssertionTime( this.options.maxAssertionAgeMs, subjectNotOnOrAfter, - assertion.$.IssueInstant + assertion.$.IssueInstant, ); const subjErr = this.checkTimestampsValidityError( nowMs, subjectNotBefore, subjectNotOnOrAfter, - maxTimeLimitMs + maxTimeLimitMs, ); if (subjErr === null) return true; } @@ -1095,13 +1098,13 @@ class SAML { const maxTimeLimitMs = this.calcMaxAgeAssertionTime( this.options.maxAssertionAgeMs, conditions.$.NotOnOrAfter, - assertion.$.IssueInstant + assertion.$.IssueInstant, ); const conErr = this.checkTimestampsValidityError( nowMs, conditions.$.NotBefore, conditions.$.NotOnOrAfter, - maxTimeLimitMs + maxTimeLimitMs, ); if (conErr) throw conErr; } @@ -1109,7 +1112,7 @@ class SAML { if (this.options.audience !== false) { const audienceErr = this.checkAudienceValidityError( this.options.audience, - conditions.AudienceRestriction + conditions.AudienceRestriction, ); if (audienceErr) throw audienceErr; } @@ -1119,7 +1122,7 @@ class SAML { const attributes: XMLOutput[] = [].concat( ...attributeStatement .filter((attr: XMLObject) => Array.isArray(attr.Attribute)) - .map((attr: XMLObject) => attr.Attribute) + .map((attr: XMLObject) => attr.Attribute), ); const attrValueMapper = (value: XMLObject) => { @@ -1185,7 +1188,7 @@ class SAML { nowMs: number, notBefore: string, notOnOrAfter: string, - maxTimeLimitMs?: number + maxTimeLimitMs?: number, ): Error | null { if (this.options.acceptedClockSkewMs == -1) return null; @@ -1209,7 +1212,7 @@ class SAML { protected checkAudienceValidityError( expectedAudience: string, - audienceRestrictions: AudienceRestrictionXML[] + audienceRestrictions: AudienceRestrictionXML[], ): Error | null { if (!audienceRestrictions || audienceRestrictions.length < 1) { return new Error("SAML assertion has no AudienceRestriction"); @@ -1224,7 +1227,7 @@ class SAML { "SAML assertion audience mismatch. Expected: " + expectedAudience + " Received: " + - restriction.Audience[0]._ + restriction.Audience[0]._, ); } return null; @@ -1244,7 +1247,7 @@ class SAML { _parseDomFromString = parseDomFromString, _parseXml2JsFromString = parseXml2JsFromString, _validateSignature = validateSignature, - } = {} + } = {}, ): Promise<{ profile: Profile; loggedOut: boolean }> { const xml = Buffer.from(container.SAMLRequest, "base64").toString("utf8"); const dom = await _parseDomFromString(xml); @@ -1259,7 +1262,7 @@ class SAML { protected async processValidlySignedPostRequestAsync( this: SAML, doc: XMLOutput, - dom: Document + dom: Document, ): Promise<{ profile: Profile; loggedOut: boolean }> { const request = doc.LogoutRequest; if (request) { @@ -1297,7 +1300,7 @@ class SAML { protected async processValidlySignedSamlLogoutAsync( this: SAML, doc: XMLOutput, - dom: Document + dom: Document, ): Promise<{ profile: Profile | null; loggedOut: boolean }> { const response = doc.LogoutResponse; const request = doc.LogoutRequest; @@ -1314,7 +1317,7 @@ class SAML { generateServiceProviderMetadata( this: SAML, decryptionCert: string | null, - signingCerts?: string | string[] | null + signingCerts?: string | string[] | null, ): string { return generateServiceProviderMetadata({ ...this.options, @@ -1335,7 +1338,7 @@ class SAML { protected calcMaxAgeAssertionTime( maxAssertionAgeMs: number, notOnOrAfter: string, - issueInstant: string + issueInstant: string, ): number { const notOnOrAfterMs = dateStringToTimestamp(notOnOrAfter, "NotOnOrAfter"); const issueInstantMs = dateStringToTimestamp(issueInstant, "IssueInstant"); diff --git a/src/types.ts b/src/types.ts index c8ab8cfe..b23b35a9 100644 --- a/src/types.ts +++ b/src/types.ts @@ -15,7 +15,7 @@ export interface AuthOptions { } export const isValidSamlSigningOptions = ( - options: Partial + options: Partial, ): options is SamlSigningOptions => { return options.privateKey != null; }; @@ -70,12 +70,12 @@ export type SamlAssertionXmlJs = { export type SamlStatusXmlJs = { Status: [ - { StatusCode: [XmlJsObject & { StatusCode: [XmlJsObject] }]; StatusMessage: [XmlJsObject] } + { StatusCode: [XmlJsObject & { StatusCode: [XmlJsObject] }]; StatusMessage: [XmlJsObject] }, ]; }; export type CertCallback = ( - callback: (err: Error | null, cert?: string | string[]) => void + callback: (err: Error | null, cert?: string | string[]) => void, ) => void; /** @@ -248,7 +248,10 @@ export interface Profile { } export class ErrorWithXmlStatus extends Error { - constructor(message: string, public readonly xmlStatus: string) { + constructor( + message: string, + public readonly xmlStatus: string, + ) { super(message); } } diff --git a/src/utility.ts b/src/utility.ts index 706a9c9c..f037aac1 100644 --- a/src/utility.ts +++ b/src/utility.ts @@ -9,7 +9,7 @@ export function assertRequired(value: T | null | undefined, error?: string): export function assertBooleanIfPresent( value: T | null | undefined, - error?: string + error?: string, ): asserts value { if (value != null && typeof value != "boolean") { throw new TypeError(error ?? "value is set but not boolean"); @@ -24,7 +24,7 @@ export function signXmlResponse(samlMessage: string, options: SamlSigningOptions samlMessage, responseXpath, { reference: responseXpath, action: "append" }, - options + options, ); } @@ -36,6 +36,6 @@ export function signXmlMetadata(metadataXml: string, options: SamlSigningOptions metadataXml, metadataXpath, { reference: metadataXpath, action: "prepend" }, - options + options, ); } diff --git a/src/xml.ts b/src/xml.ts index f5f642c1..cd06b907 100644 --- a/src/xml.ts +++ b/src/xml.ts @@ -20,7 +20,7 @@ type SelectedValue = string | number | boolean | Node; const selectXPath = ( guard: (values: SelectedValue[]) => values is T[], node: Node, - xpath: string + xpath: string, ): T[] => { const result = xmlCrypto.xpath(node, xpath); if (!guard(result)) { @@ -76,7 +76,7 @@ const normalizeNewlines = (xml: string): string => { export const validateSignature = ( fullXml: string, currentNode: Element, - pemFiles: string[] + pemFiles: string[], ): boolean => { const xpathSigQuery = ".//*[" + @@ -120,7 +120,7 @@ const validateXmlSignatureWithPemFile = ( signature: Node, pemFile: string, fullXml: string, - currentNode: Element + currentNode: Element, ): boolean => { const sig = new xmlCrypto.SignedXml(); sig.keyInfoProvider = { @@ -141,7 +141,7 @@ const validateXmlSignatureWithPemFile = ( // multiple candidate references is bad news) const totalReferencedNodes = xpath.selectElements( currentNode.ownerDocument, - "//*[@" + idAttribute + "='" + refId + "']" + "//*[@" + idAttribute + "='" + refId + "']", ); if (totalReferencedNodes.length > 1) { @@ -155,7 +155,7 @@ export const signXml = ( xml: string, xpath: string, location: XmlSignatureLocation, - options: SamlSigningOptions + options: SamlSigningOptions, ): string => { const defaultTransforms = [ "http://www.w3.org/2000/09/xmldsig#enveloped-signature", @@ -243,15 +243,15 @@ export const promiseWithNameId = async (nameid: Node): Promise => { export const getNameIdAsync = async ( doc: Node, - decryptionPvk: string | Buffer | null + decryptionPvk: string | Buffer | null, ): Promise => { const nameIds = xpath.selectElements( doc, - "/*[local-name()='LogoutRequest']/*[local-name()='NameID']" + "/*[local-name()='LogoutRequest']/*[local-name()='NameID']", ); const encryptedIds = xpath.selectElements( doc, - "/*[local-name()='LogoutRequest']/*[local-name()='EncryptedID']" + "/*[local-name()='LogoutRequest']/*[local-name()='EncryptedID']", ); if (nameIds.length + encryptedIds.length > 1) { @@ -263,12 +263,12 @@ export const getNameIdAsync = async ( if (encryptedIds.length === 1) { assertRequired( decryptionPvk, - "No decryption key found getting name ID for encrypted SAML response" + "No decryption key found getting name ID for encrypted SAML response", ); const encryptedData = xpath.selectElements( encryptedIds[0], - "./*[local-name()='EncryptedData']" + "./*[local-name()='EncryptedData']", ); if (encryptedData.length !== 1) { diff --git a/test/crypto.spec.ts b/test/crypto.spec.ts index e8b75692..97da928c 100644 --- a/test/crypto.spec.ts +++ b/test/crypto.spec.ts @@ -49,8 +49,8 @@ describe("crypto.ts", function () { expect(() => keyInfoToPem( `-----BEGIN CERTIFICATE-----${TEST_CERT_MULTILINE.trim()}-----END CERTIFICATE-----`, - "CERTIFICATE" - ) + "CERTIFICATE", + ), ).to.throw(); }); @@ -58,8 +58,8 @@ describe("crypto.ts", function () { expect(() => keyInfoToPem( `-----BEGIN CERTIFICATE-----${TEST_CERT_MULTILINE}\n-----END CERTIFICATE-----`, - "CERTIFICATE" - ) + "CERTIFICATE", + ), ).to.throw(); }); @@ -67,8 +67,8 @@ describe("crypto.ts", function () { expect(() => keyInfoToPem( `-----BEGIN CERTIFICATE-----\n${TEST_CERT_MULTILINE}-----END CERTIFICATE-----`, - "CERTIFICATE" - ) + "CERTIFICATE", + ), ).to.throw(); }); }); @@ -77,7 +77,7 @@ describe("crypto.ts", function () { it("should return certificate in PEM format for multiline certificate", function () { const certificate = keyInfoToPem( `-----BEGIN CERTIFICATE-----\n${TEST_CERT_MULTILINE}\n-----END CERTIFICATE-----`, - "CERTIFICATE" + "CERTIFICATE", ); expect(certificate).to.equal(expectedCert); }); @@ -85,7 +85,7 @@ describe("crypto.ts", function () { it("should return certificate in PEM format for singleline certificate", function () { const certificate = keyInfoToPem( `-----BEGIN CERTIFICATE-----\n${TEST_CERT_SINGLELINE}\n-----END CERTIFICATE-----`, - "CERTIFICATE" + "CERTIFICATE", ); expect(certificate).to.equal(expectedCert); }); @@ -93,7 +93,7 @@ describe("crypto.ts", function () { it("should return public key in PEM format for multiline pubic key", function () { const publicKey = keyInfoToPem( `-----BEGIN PUBLIC KEY-----\n${TEST_PUBLIC_KEY_MULTILINE}\n-----END PUBLIC KEY-----`, - "PUBLIC KEY" + "PUBLIC KEY", ); expect(publicKey).to.equal(expectedPublicKey); }); @@ -101,7 +101,7 @@ describe("crypto.ts", function () { it("should return public key in PEM format for singleline public key", function () { const publicKey = keyInfoToPem( `-----BEGIN PUBLIC KEY-----\n${TEST_PUBLIC_KEY_SINGLELINE}\n-----END PUBLIC KEY-----`, - "PUBLIC KEY" + "PUBLIC KEY", ); expect(publicKey).to.equal(expectedPublicKey); }); @@ -125,7 +125,7 @@ describe("crypto.ts", function () { .toString(); const privateKey = keyInfoToPem( `-----BEGIN PRIVATE KEY-----\n${privateKeyBase64Data}\n-----END PRIVATE KEY-----`, - "PRIVATE KEY" + "PRIVATE KEY", ); expect(privateKey).to.equal(expectedPrivateKey); }); diff --git a/test/samlRequest.spec.ts b/test/samlRequest.spec.ts index ebde3856..985cf48d 100644 --- a/test/samlRequest.spec.ts +++ b/test/samlRequest.spec.ts @@ -113,7 +113,7 @@ describe("SAML request", function () { .then((formBody) => { expect(formBody).to.match(/[^]*/); const samlRequestMatchValues = formBody.match( - / { expect(formBody).to.match(/[^]*/); const samlRequestMatchValues = formBody.match( - / { expect(formBody).to.match(/[^]*/); const samlRequestMatchValues = formBody.match( - / { expect(formBody).to.match(/[^]*/); const samlRequestMatchValues = formBody.match( - /[^]*/); @@ -439,7 +439,7 @@ describe("SAML request", function () { const formBody = await oSAML.getAuthorizeFormAsync( "http://localhost/saml/consume", undefined, - {} + {}, ); expect(formBody).to.match(/[^]*/); @@ -506,7 +506,7 @@ describe("SAML request", function () { .then((formBody) => { expect(formBody).to.match(/[^]*/); const samlRequestMatchValues = formBody.match( - / { const samlObj = new SAML({ callbackUrl: "http://localhost/saml/consume", @@ -55,7 +55,7 @@ describe("saml.ts", function () { }) as unknown as typeof parseDomFromString, _parseXml2JsFromString: noop as unknown as typeof parseXml2JsFromString, _validateSignature: (() => true) as unknown as typeof validateSignature, - } + }, ); const pendingResult = getKeyInfosAsPemSpy.returnValues[0]; @@ -77,7 +77,7 @@ describe("saml.ts", function () { expect(pemFiles.length).to.equal(1); expect(pemFiles[0]).to.equal( - `-----BEGIN CERTIFICATE-----\n${TEST_CERT_MULTILINE}\n-----END CERTIFICATE-----\n` + `-----BEGIN CERTIFICATE-----\n${TEST_CERT_MULTILINE}\n-----END CERTIFICATE-----\n`, ); }); @@ -145,7 +145,7 @@ describe("saml.ts", function () { const samlResponseBody = { SAMLResponse: fs.readFileSync( __dirname + "/static/signatures/valid/response.root-signed.assertion-signed.xml", - "base64" + "base64", ), }; let fakeClock: sinon.SinonFakeTimers; @@ -435,7 +435,7 @@ describe("saml.ts", function () { req.samlLogoutRequest, "", {}, - true + true, ); assertRequired(cbTarget); assertRequired(asyncTarget); @@ -444,7 +444,7 @@ describe("saml.ts", function () { } catch (err2) { done(err2); } - } + }, ); }); }); diff --git a/test/test-signatures.spec.ts b/test/test-signatures.spec.ts index bac67a50..f8f1af15 100644 --- a/test/test-signatures.spec.ts +++ b/test/test-signatures.spec.ts @@ -34,7 +34,7 @@ describe("Signatures", function () { samlResponseBody: Record, shouldErrorWith: string | false | undefined, amountOfSignatureChecks = 1, - options: Partial = {} + options: Partial = {}, ) => { //== Instantiate new instance before every test const samlObj = new SAML({ @@ -61,7 +61,7 @@ describe("Signatures", function () { pathToXml: string, shouldErrorWith: string | false, amountOfSignaturesChecks: number | undefined, - options?: Partial + options?: Partial, ) => { //== Create a body based on an XML and run the test return async () => @@ -69,14 +69,14 @@ describe("Signatures", function () { createBody(pathToXml), shouldErrorWith, amountOfSignaturesChecks, - options + options, ); }; describe("Signatures - multiple roots are considered invalid", () => { it( "multiple roots => invalid", - testOneResponse("/invalid/response.root-signed.multiple-root-elements.xml", XMLDOM_ERROR, 0) + testOneResponse("/invalid/response.root-signed.multiple-root-elements.xml", XMLDOM_ERROR, 0), ); }); @@ -94,33 +94,33 @@ describe("Signatures", function () { //== VALID it( "R1A - both signed => valid", - testOneResponse("/valid/response.root-signed.assertion-signed.xml", false, 2) + testOneResponse("/valid/response.root-signed.assertion-signed.xml", false, 2), ); const publicKey = fs.readFileSync(__dirname + "/static/pub.pem", "ascii"); it( "R1A - both signed, verify using public key => valid", testOneResponse("/valid/response.root-signed.assertion-signed.xml", false, 2, { cert: publicKey, - }) + }), ); it( "R1A - root signed => valid", testOneResponse("/valid/response.root-signed.assertion-unsigned.xml", false, 1, { wantAssertionsSigned: false, - }) + }), ); it( "R1A - assertion signed => valid", testOneResponse("/valid/response.root-unsigned.assertion-signed.xml", false, 2, { wantAuthnResponseSigned: false, - }) + }), ); it( "R1A - assertion signed, neither wanted => valid", testOneResponse("/valid/response.root-unsigned.assertion-signed.xml", false, 2, { wantAuthnResponseSigned: false, wantAssertionsSigned: false, - }) + }), ); //== INVALID @@ -129,16 +129,16 @@ describe("Signatures", function () { testOneResponse( "/valid/response.root-unsigned.assertion-signed.xml", INVALID_DOCUMENT_SIGNATURE, - 1 - ) + 1, + ), ); it( "R1A - none signed => error", testOneResponse( "/invalid/response.root-unsigned.assertion-unsigned.xml", INVALID_DOCUMENT_SIGNATURE, - 1 - ) + 1, + ), ); it( "R1A - none signed, none wanted => error", @@ -149,36 +149,36 @@ describe("Signatures", function () { { wantAuthnResponseSigned: false, wantAssertionsSigned: false, - } - ) + }, + ), ); it( "R1A - both signed => error", testOneResponse( "/invalid/response.root-signed.assertion-signed.xml", INVALID_DOCUMENT_SIGNATURE, - 1 - ) + 1, + ), ); it( "R1A - root signed => error", testOneResponse( "/invalid/response.root-signed.assertion-unsigned.xml", INVALID_DOCUMENT_SIGNATURE, - 1 - ) + 1, + ), ); it( "R1A - assertion signed => error", testOneResponse( "/invalid/response.root-unsigned.assertion-signed.xml", INVALID_DOCUMENT_SIGNATURE, - 1 - ) + 1, + ), ); it( "R1A - root signed - wantAssertionsSigned=true => error", - testOneResponse("/valid/response.root-signed.assertion-unsigned.xml", INVALID_SIGNATURE, 2) + testOneResponse("/valid/response.root-signed.assertion-unsigned.xml", INVALID_SIGNATURE, 2), ); it( "R1A - root signed - assertion unsigned encrypted -wantAssertionsSigned=true => error", @@ -188,16 +188,16 @@ describe("Signatures", function () { 2, { decryptionPvk: fs.readFileSync(__dirname + "/static/testshib encryption pvk.pem"), - } - ) + }, + ), ); it( "R1A - root signed - assertion invalidly signed wantAssertionsSigned=true => error", testOneResponse( "/invalid/response.root-signed.assertion-invalidly-signed.xml", INVALID_DOCUMENT_SIGNATURE, - 1 - ) + 1, + ), ); it( "R1A - root signed - assertion invalidly signed encrypted wantAssertionsSigned=true => error", @@ -207,16 +207,16 @@ describe("Signatures", function () { 2, { decryptionPvk: fs.readFileSync(__dirname + "/static/testshib encryption pvk.pem"), - } - ) + }, + ), ); it( "R1A - root signed but with too many transforms => early error", testOneResponse( "/invalid/response.root-signed-transforms.assertion-unsigned.xml", INVALID_TOO_MANY_TRANSFORMS, - 1 - ) + 1, + ), ); it( "R1A - root unsigned, assertion signed but with too many transforms => early error", @@ -226,8 +226,8 @@ describe("Signatures", function () { 2, { wantAuthnResponseSigned: false, - } - ) + }, + ), ); }); @@ -245,11 +245,15 @@ describe("Signatures", function () { //== VALID it( "R1A1Ad - signed root + assertion + advice => valid", - testOneResponse("/valid/response.root-signed.assertion-signed.1advice-signed.xml", false, 2) + testOneResponse("/valid/response.root-signed.assertion-signed.1advice-signed.xml", false, 2), ); it( "R1A1Ad - signed root + assertion => valid", - testOneResponse("/valid/response.root-signed.assertion-signed.1advice-unsigned.xml", false, 2) + testOneResponse( + "/valid/response.root-signed.assertion-signed.1advice-unsigned.xml", + false, + 2, + ), ); it( "R1A1Ad - signed assertion + advice => valid", @@ -257,8 +261,8 @@ describe("Signatures", function () { "/valid/response.root-unsigned.assertion-signed.1advice-signed.xml", false, 2, - { wantAuthnResponseSigned: false } - ) + { wantAuthnResponseSigned: false }, + ), ); it( "R1A1Ad - signed root => valid", @@ -268,8 +272,8 @@ describe("Signatures", function () { 1, { wantAssertionsSigned: false, - } - ) + }, + ), ); it( "R1A1Ad - signed assertion => valid", @@ -277,8 +281,8 @@ describe("Signatures", function () { "/valid/response.root-unsigned.assertion-signed.1advice-unsigned.xml", false, 2, - { wantAuthnResponseSigned: false } - ) + { wantAuthnResponseSigned: false }, + ), ); //== INVALID @@ -287,24 +291,24 @@ describe("Signatures", function () { testOneResponse( "/invalid/response.root-unsigned.assertion-unsigned.1advice-unsigned.xml", INVALID_DOCUMENT_SIGNATURE, - 1 - ) + 1, + ), ); it( "R1A1Ad - signed root + assertion + advice => error", testOneResponse( "/invalid/response.root-signed.assertion-signed.1advice-signed.xml", INVALID_DOCUMENT_SIGNATURE, - 1 - ) + 1, + ), ); it( "R1A1Ad - signed root + assertion => error", testOneResponse( "/invalid/response.root-signed.assertion-signed.1advice-unsigned.xml", INVALID_DOCUMENT_SIGNATURE, - 1 - ) + 1, + ), ); it( "R1A1Ad - signed assertion + advice => error", @@ -312,16 +316,16 @@ describe("Signatures", function () { "/invalid/response.root-unsigned.assertion-signed.1advice-signed.xml", INVALID_SIGNATURE, 2, - { wantAuthnResponseSigned: false } - ) + { wantAuthnResponseSigned: false }, + ), ); it( "R1A1Ad - signed root => error", testOneResponse( "/invalid/response.root-signed.assertion-unsigned.1advice-unsigned.xml", INVALID_DOCUMENT_SIGNATURE, - 1 - ) + 1, + ), ); it( "R1A1Ad - signed assertion => error", @@ -329,8 +333,8 @@ describe("Signatures", function () { "/invalid/response.root-unsigned.assertion-signed.1advice-unsigned.xml", INVALID_SIGNATURE, 2, - { wantAuthnResponseSigned: false } - ) + { wantAuthnResponseSigned: false }, + ), ); }); @@ -348,11 +352,15 @@ describe("Signatures", function () { //== VALID it( "R1A2Ad - signed root + assertion + advice => valid", - testOneResponse("/valid/response.root-signed.assertion-signed.2advice-signed.xml", false, 2) + testOneResponse("/valid/response.root-signed.assertion-signed.2advice-signed.xml", false, 2), ); it( "R1A2Ad - signed root + assertion => valid", - testOneResponse("/valid/response.root-signed.assertion-signed.2advice-unsigned.xml", false, 2) + testOneResponse( + "/valid/response.root-signed.assertion-signed.2advice-unsigned.xml", + false, + 2, + ), ); it( "R1A2Ad - signed root => valid", @@ -360,8 +368,8 @@ describe("Signatures", function () { "/valid/response.root-signed.assertion-unsigned.2advice-unsigned.xml", false, 1, - { wantAssertionsSigned: false } - ) + { wantAssertionsSigned: false }, + ), ); //== INVALID @@ -370,32 +378,32 @@ describe("Signatures", function () { testOneResponse( "/invalid/response.root-unsigned.assertion-unsigned.2advice-unsigned.xml", INVALID_DOCUMENT_SIGNATURE, - 1 - ) + 1, + ), ); it( "R1A2Ad - signed root + assertion + advice => error", testOneResponse( "/invalid/response.root-signed.assertion-signed.2advice-signed.xml", INVALID_DOCUMENT_SIGNATURE, - 1 - ) + 1, + ), ); it( "R1A2Ad - signed root + assertion => error", testOneResponse( "/invalid/response.root-signed.assertion-signed.2advice-unsigned.xml", INVALID_DOCUMENT_SIGNATURE, - 1 - ) + 1, + ), ); it( "R1A2Ad - signed root => error", testOneResponse( "/invalid/response.root-signed.assertion-unsigned.2advice-unsigned.xml", INVALID_DOCUMENT_SIGNATURE, - 1 - ) + 1, + ), ); }); @@ -412,7 +420,7 @@ describe("Signatures", function () { const samlResponseXml = fs .readFileSync( - __dirname + "/static/signatures/valid/response.root-signed.assertion-signed.xml" + __dirname + "/static/signatures/valid/response.root-signed.assertion-signed.xml", ) .toString(); const makeBody = (str: string) => ({ SAMLResponse: Buffer.from(str).toString("base64") }); @@ -443,14 +451,14 @@ describe("Signatures", function () { "Attribute with ", testOneResponse("/valid/response.root-signed.assertion-unsigned-13.xml", false, 1, { wantAssertionsSigned: false, - }) + }), ); it( "Attribute with ", testOneResponse("/valid/response.root-signed.assertion-unsigned-xd.xml", false, 1, { wantAssertionsSigned: false, - }) + }), ); }); @@ -469,14 +477,14 @@ describe("Signatures", function () { "Signature attributes with ", testOneResponse("/valid/response.root-signed.assertion-unsigned-13-signature.xml", false, 1, { wantAssertionsSigned: false, - }) + }), ); it( "Signature attributes with ", testOneResponse("/valid/response.root-signed.assertion-unsigned-xd-signature.xml", false, 1, { wantAssertionsSigned: false, - }) + }), ); }); }); diff --git a/test/tests.spec.ts b/test/tests.spec.ts index 0791c2ab..23f270c8 100644 --- a/test/tests.spec.ts +++ b/test/tests.spec.ts @@ -268,7 +268,7 @@ describe("node-saml /", function () { }); const logoutRequest = samlObj._generateLogoutResponse( { ID: "quux", issuer: "issuer", nameID: "nameid", nameIDFormat: "nameidformat" }, - true + true, ); parseString(logoutRequest, function (err, doc) { try { @@ -318,7 +318,7 @@ describe("node-saml /", function () { }); const logoutRequest = samlObj._generateLogoutResponse( { ID: "quux", issuer: "issuer", nameID: "nameid", nameIDFormat: "nameidformat" }, - false + false, ); parseString(logoutRequest, function (err, doc) { try { @@ -430,12 +430,12 @@ describe("node-saml /", function () { function testMetadata( samlConfig: SamlConfig, expectedMetadata: string, - signingCert?: string | string[] + signingCert?: string | string[], ) { const samlObj = new SAML(samlConfig); const decryptionCert = fs.readFileSync( __dirname + "/static/testshib encryption cert.pem", - "utf-8" + "utf-8", ); const metadata = samlObj.generateServiceProviderMetadata(decryptionCert, signingCert); @@ -458,7 +458,7 @@ describe("node-saml /", function () { }; const expectedMetadata = fs.readFileSync( __dirname + "/static/expected metadata.xml", - "utf-8" + "utf-8", ); testMetadata(samlConfig, expectedMetadata); @@ -475,7 +475,7 @@ describe("node-saml /", function () { }; const expectedMetadata = fs.readFileSync( __dirname + "/static/expected metadata without key.xml", - "utf-8" + "utf-8", ); testMetadata(samlConfig, expectedMetadata); @@ -493,7 +493,7 @@ describe("node-saml /", function () { }; const expectedMetadata = fs.readFileSync( __dirname + "/static/expected metadata.xml", - "utf-8" + "utf-8", ); testMetadata(samlConfig, expectedMetadata); @@ -510,7 +510,7 @@ describe("node-saml /", function () { }; const expectedMetadata = fs.readFileSync( __dirname + "/static/expected metadata without key.xml", - "utf-8" + "utf-8", ); testMetadata(samlConfig, expectedMetadata); @@ -529,7 +529,7 @@ describe("node-saml /", function () { }; const expectedMetadata = fs.readFileSync( __dirname + "/static/expectedMetadataWithBothKeys.xml", - "utf-8" + "utf-8", ); const signingCert = fs.readFileSync(__dirname + "/static/acme_tools_com.cert").toString(); @@ -549,11 +549,11 @@ describe("node-saml /", function () { }; const expectedMetadata = fs.readFileSync( __dirname + "/static/expectedMetadataWithBothKeys.xml", - "utf-8" + "utf-8", ); expect(() => testMetadata(samlConfig, expectedMetadata)).to.throw( - "Missing signingCert while generating metadata for signing service provider messages" + "Missing signingCert while generating metadata for signing service provider messages", ); }); @@ -570,7 +570,7 @@ describe("node-saml /", function () { }; const expectedMetadata = fs.readFileSync( __dirname + "/static/expectedMetadataWithEncryptionAndTwoSigningKeys.xml", - "utf-8" + "utf-8", ); const signingCerts = [ fs.readFileSync(__dirname + "/static/acme_tools_com.cert").toString(), @@ -593,7 +593,7 @@ describe("node-saml /", function () { const samlObj = new SAML(samlConfig); const decryptionCert = fs.readFileSync( __dirname + "/static/testshib encryption cert.pem", - "utf-8" + "utf-8", ); const metadata = samlObj.generateServiceProviderMetadata(decryptionCert); expect(metadata).to.contain("SingleLogoutService"); @@ -612,7 +612,7 @@ describe("node-saml /", function () { const samlObj = new SAML(samlConfig); const decryptionCert = fs.readFileSync( __dirname + "/static/testshib encryption cert.pem", - "utf-8" + "utf-8", ); const metadata = samlObj.generateServiceProviderMetadata(decryptionCert); expect(metadata).to.contain('WantAssertionsSigned="true"'); @@ -635,7 +635,7 @@ describe("node-saml /", function () { // typescript if (error instanceof Error) { expect(error.toString()).to.contain( - "Error: Missing decryptionCert while generating metadata for decrypting service provider" + "Error: Missing decryptionCert while generating metadata for decrypting service provider", ); } } @@ -719,7 +719,7 @@ describe("node-saml /", function () { const expectedMetadata = fs.readFileSync( __dirname + "/static/expected_metadata_metadataExtensions.xml", - "utf-8" + "utf-8", ); testMetadata(samlConfig, expectedMetadata); @@ -845,7 +845,7 @@ describe("node-saml /", function () { fakeClock = sinon.useFakeTimers(Date.parse("2020-09-24T16:00:00+00:00")); const base64xml = fs.readFileSync( __dirname + "/static/response.root-signed.message-signed-double-subjectconfirmation.xml", - "base64" + "base64", ); const container = { SAMLResponse: base64xml }; const signingCert = fs.readFileSync(__dirname + "/static/cert.pem", "utf-8"); @@ -873,7 +873,7 @@ describe("node-saml /", function () { fakeClock = sinon.useFakeTimers(Date.parse("2020-09-25T19:00:00+00:00")); const base64xml = fs.readFileSync( __dirname + "/static/response.root-signed.message-signed-double-subjectconfirmation.xml", - "base64" + "base64", ); const container = { SAMLResponse: base64xml }; const signingCert = fs.readFileSync(__dirname + "/static/cert.pem", "utf-8"); @@ -902,7 +902,7 @@ describe("node-saml /", function () { fakeClock = sinon.useFakeTimers(Date.parse("2020-09-25T16:00:00+00:00")); const base64xml = fs.readFileSync( __dirname + "/static/response.root-signed.message-signed-double-subjectconfirmation.xml", - "base64" + "base64", ); const container = { SAMLResponse: base64xml }; const signingCert = fs.readFileSync(__dirname + "/static/cert.pem", "utf-8"); @@ -930,7 +930,7 @@ describe("node-saml /", function () { fakeClock = sinon.useFakeTimers(Date.parse("2020-09-25T16:00:00+00:00")); const base64xml = fs.readFileSync( __dirname + "/static/response.root-signed.message-signed-double-subjectconfirmation.xml", - "base64" + "base64", ); const container = { SAMLResponse: base64xml }; const signingCert = fs.readFileSync(__dirname + "/static/cert.pem", "utf-8"); @@ -958,7 +958,7 @@ describe("node-saml /", function () { fakeClock = sinon.useFakeTimers(Date.parse("2020-09-25T16:00:00+00:00")); const base64xml = fs.readFileSync( __dirname + "/static/response.root-signed.message-signed-no-subjectconfirmation.xml", - "base64" + "base64", ); const container = { SAMLResponse: base64xml }; const signingCert = fs.readFileSync(__dirname + "/static/cert.pem", "utf-8"); @@ -984,7 +984,7 @@ describe("node-saml /", function () { fakeClock = sinon.useFakeTimers(Date.parse("2020-09-25T16:00:00+00:00")); const base64xml = fs.readFileSync( __dirname + "/static/response.root-signed.message-signed-empty-subjectconfirmation.xml", - "base64" + "base64", ); const container = { SAMLResponse: base64xml }; const signingCert = fs.readFileSync(__dirname + "/static/cert.pem", "utf-8"); @@ -1045,7 +1045,7 @@ describe("node-saml /", function () { expect(await samlObj.cacheProvider.getAsync(requestId)).to.be.null; }); }); - } + }, ); describe("validatePostResponse xml signature checks /", function () { @@ -1572,7 +1572,7 @@ describe("node-saml /", function () { const qry = querystring.parse(new URL(authorizeUrl).searchParams.toString() || ""); expect(qry.SigAlg).to.equal("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"); expect(qry.Signature).to.equal( - "D161m5GVbOfRHk85GvhmQ48OoFZ6n8mJuddzCe0g1Zlh9cb3b4oMMk5RCsoaOBsA3ndRnCWF3YQb78rO/MRQ+HIxIt0JDrhBoyT7GXPIUvbM/B4cJEgbfFAYouKQIy1sPunlLaTNkRL4tArKK7r4W2WF6R0hydcN8aln8/+TlTUfIengvVuXGLdtW0wSt+1HK1PiwrhLtqFHxxq2XL0X6jBqMEYYjByLfZme3Sk6x6uPIW7zhJn6OXzXlLuH9ILxusexu7GaLpw7C5EUQW43R6vlTGw+bBmx+tC0fqaMLOUWHX/uISAAeWYCAGYA8cbRuqIWh/vnVifxF0CP2sf5Vg==" + "D161m5GVbOfRHk85GvhmQ48OoFZ6n8mJuddzCe0g1Zlh9cb3b4oMMk5RCsoaOBsA3ndRnCWF3YQb78rO/MRQ+HIxIt0JDrhBoyT7GXPIUvbM/B4cJEgbfFAYouKQIy1sPunlLaTNkRL4tArKK7r4W2WF6R0hydcN8aln8/+TlTUfIengvVuXGLdtW0wSt+1HK1PiwrhLtqFHxxq2XL0X6jBqMEYYjByLfZme3Sk6x6uPIW7zhJn6OXzXlLuH9ILxusexu7GaLpw7C5EUQW43R6vlTGw+bBmx+tC0fqaMLOUWHX/uISAAeWYCAGYA8cbRuqIWh/vnVifxF0CP2sf5Vg==", ); expect(qry.customQueryStringParam).to.equal("CustomQueryStringParamValue"); }); @@ -1622,7 +1622,7 @@ describe("node-saml /", function () { const qry = querystring.parse(new URL(authorizeUrl).searchParams.toString() || ""); expect(qry.SigAlg).to.equal("http://www.w3.org/2000/09/xmldsig#rsa-sha1"); expect(qry.Signature).to.equal( - "br4UPzZ/Oy/hvG7zMGZ041Lba5WDl/JqwDDf40yxxnYXWLdDY77RD5aE8+YK6BY7BbSkvQSNXFbBXPAITcRhyNCT+3JDfwXLDgOf3xvJOzkWHRO3DUi5IOJ9IdKT/Ted+HC0J9L/4W+VA0n+5v6Lrw83UDib57ICytLvW5jamFQE8pO/Z8fQzOpSbzTwf+Q8u5KYkXeg1+H2u6OJYBFVDYOWxOTuuujW8JccqlCleX9tXDJvx/I0tOkwwnIioh1X2xVHGPy1k1wndpf1eUZtjZ4uUMcwRyxt7YuAnV433DohO3WOm2sNehwOy2AO1DUlbFi6/zbqkRK3TrmD9Q+ZUQ==" + "br4UPzZ/Oy/hvG7zMGZ041Lba5WDl/JqwDDf40yxxnYXWLdDY77RD5aE8+YK6BY7BbSkvQSNXFbBXPAITcRhyNCT+3JDfwXLDgOf3xvJOzkWHRO3DUi5IOJ9IdKT/Ted+HC0J9L/4W+VA0n+5v6Lrw83UDib57ICytLvW5jamFQE8pO/Z8fQzOpSbzTwf+Q8u5KYkXeg1+H2u6OJYBFVDYOWxOTuuujW8JccqlCleX9tXDJvx/I0tOkwwnIioh1X2xVHGPy1k1wndpf1eUZtjZ4uUMcwRyxt7YuAnV433DohO3WOm2sNehwOy2AO1DUlbFi6/zbqkRK3TrmD9Q+ZUQ==", ); expect(qry.customQueryStringParam).to.equal("CustomQueryStringParamValue"); }); @@ -1648,7 +1648,7 @@ describe("node-saml /", function () { const qry = querystring.parse(new URL(authorizeUrl).searchParams.toString() || ""); expect(qry.SigAlg).to.equal("http://www.w3.org/2000/09/xmldsig#rsa-sha1"); expect(qry.Signature).to.equal( - "FL5f9hUYxXaCvr/HJOIKXvDlmWIQilsfcmETqwp8bXCnjEBS44uvEY+FhkYgrFOfaMXkAY+kd8rZ7CkP4SWnPxzhmHqdbBIyAdPpIOOHq7/VTqQXrprijtRBHTxrtOtxi3yOjskRz6ad8igokr9Ut3nlorvelZwtskJP/YsAE3v1CrL/bX3EGbepE3Bq5ehdHaNHxP+dwwhMJ6s5jxKLt5YU+vXohonM8fTBEPzbnQ1+0LK9GL3c6JfqNjjBvdWRXdyReRu+gCHisnrI68vBgCwy4VC9E4tg9JNLggtFkxNbhM8Bgu7eWlyhVLdWKKc1vwaDUOrYOimx6CfTXrAQvg==" + "FL5f9hUYxXaCvr/HJOIKXvDlmWIQilsfcmETqwp8bXCnjEBS44uvEY+FhkYgrFOfaMXkAY+kd8rZ7CkP4SWnPxzhmHqdbBIyAdPpIOOHq7/VTqQXrprijtRBHTxrtOtxi3yOjskRz6ad8igokr9Ut3nlorvelZwtskJP/YsAE3v1CrL/bX3EGbepE3Bq5ehdHaNHxP+dwwhMJ6s5jxKLt5YU+vXohonM8fTBEPzbnQ1+0LK9GL3c6JfqNjjBvdWRXdyReRu+gCHisnrI68vBgCwy4VC9E4tg9JNLggtFkxNbhM8Bgu7eWlyhVLdWKKc1vwaDUOrYOimx6CfTXrAQvg==", ); expect(qry.customQueryStringParam).to.equal("CustomQueryStringParamValue"); }); @@ -1699,7 +1699,7 @@ describe("node-saml /", function () { (["logout", "authorize"] as const).forEach(function (operation) { const additionalParams = samlObj._getAdditionalParams( { RelayState: "test" } as unknown as string, - operation + operation, ); expect(Object.keys(additionalParams)).to.have.lengthOf(0); @@ -1824,7 +1824,7 @@ describe("node-saml /", function () { const additionalAuthorizeParams = samlObj._getAdditionalParams( "", "authorize", - options.additionalParams + options.additionalParams, ); expect(Object.keys(additionalAuthorizeParams)).to.have.lengthOf(3); expect(additionalAuthorizeParams).to.include({ @@ -1836,7 +1836,7 @@ describe("node-saml /", function () { const additionalLogoutParams = samlObj._getAdditionalParams( "", "logout", - options.additionalParams + options.additionalParams, ); expect(Object.keys(additionalLogoutParams)).to.have.lengthOf(3); expect(additionalLogoutParams).to.include({ @@ -1899,7 +1899,7 @@ describe("node-saml /", function () { const additionalAuthorizeParams = samlObj._getAdditionalParams( "", "authorize", - options.additionalParams + options.additionalParams, ); expect(Object.keys(additionalAuthorizeParams)).to.have.lengthOf(1); expect(additionalAuthorizeParams).to.include({ queryParam: "queryParamRuntimeValue" }); @@ -1907,7 +1907,7 @@ describe("node-saml /", function () { const additionalLogoutParams = samlObj._getAdditionalParams( "", "logout", - options.additionalParams + options.additionalParams, ); expect(Object.keys(additionalLogoutParams)).to.have.lengthOf(1); expect(additionalLogoutParams).to.include({ queryParam: "queryParamRuntimeValue" }); @@ -1930,7 +1930,7 @@ describe("node-saml /", function () { }); expect(samlObjBadComparisonType.options.racComparison).equal( "exact", - "the default value of the option `racComparison` must be exact" + "the default value of the option `racComparison` must be exact", ); const validComparisonTypes: RacComparison[] = ["exact", "minimum", "maximum", "better"]; @@ -2179,7 +2179,7 @@ describe("node-saml /", function () { expect(value).to.not.exist; }); }); - } + }, ); it("onelogin xml document without InResponseTo from request should fail", async () => { @@ -2302,7 +2302,7 @@ describe("node-saml /", function () { expect(value).to.eql("2014-06-05T12:07:07.662Z"); }); }); - } + }, ); it("onelogin xml document with InResponseTo not in the cache should validate", async () => { @@ -2839,7 +2839,7 @@ describe("node-saml /", function () { const body = { SAMLRequest: fs.readFileSync( __dirname + "/static/logout_request_with_bad_signature.xml", - "base64" + "base64", ), }; await assert.rejects(samlObj.validatePostRequestAsync(body), { @@ -2851,7 +2851,7 @@ describe("node-saml /", function () { const body = { SAMLRequest: fs.readFileSync( __dirname + "/static/logout_request_with_good_signature.xml", - "base64" + "base64", ), }; const { profile } = await samlObj.validatePostRequestAsync(body); @@ -2866,7 +2866,7 @@ describe("node-saml /", function () { const body = { SAMLRequest: fs.readFileSync( __dirname + "/static/logout_request_with_session_index.xml", - "base64" + "base64", ), }; const { profile } = await samlObj.validatePostRequestAsync(body); @@ -2888,7 +2888,7 @@ describe("node-saml /", function () { const body = { SAMLRequest: fs.readFileSync( __dirname + "/static/logout_request_with_encrypted_name_id.xml", - "base64" + "base64", ), }; const { profile } = await samlObj.validatePostRequestAsync(body); @@ -2946,7 +2946,7 @@ describe("node-saml /", function () { const body = { SAMLRequest: fs.readFileSync( __dirname + "/static/logout_request_with_encrypted_name_id.xml", - "base64" + "base64", ), }; if (process.versions.node.split(".")[0] === "18") { @@ -3021,7 +3021,7 @@ describe("node-saml /", function () { }); this.request = Object.assign( {}, - JSON.parse(fs.readFileSync(__dirname + "/static/idp_slo_redirect.json", "utf8")) + JSON.parse(fs.readFileSync(__dirname + "/static/idp_slo_redirect.json", "utf8")), ); fakeClock = sinon.useFakeTimers(Date.parse("2018-04-11T14:08:00Z")); }); @@ -3041,7 +3041,7 @@ describe("node-saml /", function () { { message: "Unknown SAML issuer. Expected: foo Received: http://localhost:20000/saml2/idp/metadata.php", - } + }, ); }); it("errors if request has expired", async function () { @@ -3050,20 +3050,20 @@ describe("node-saml /", function () { await assert.rejects( samlObj.validateRedirectAsync(this.request, this.request.originalQuery), - { message: "SAML assertion expired: clocks skewed too much" } + { message: "SAML assertion expired: clocks skewed too much" }, ); }); it("errors if request has a bad signature", async function () { this.request.Signature = "foo"; await assert.rejects( samlObj.validateRedirectAsync(this.request, this.request.originalQuery), - { message: "Invalid query signature" } + { message: "Invalid query signature" }, ); }); it("returns profile for valid signature including session index", async function () { const { profile } = await samlObj.validateRedirectAsync( this.request, - this.request.originalQuery + this.request.originalQuery, ); expect(profile).to.deep.equal({ ID: "_8f0effde308adfb6ae7f1e29b414957fc320f5636f", @@ -3087,7 +3087,7 @@ describe("node-saml /", function () { }); this.request = Object.assign( {}, - JSON.parse(fs.readFileSync(__dirname + "/static/sp_slo_redirect.json", "utf8")) + JSON.parse(fs.readFileSync(__dirname + "/static/sp_slo_redirect.json", "utf8")), ); }); afterEach(async function () { @@ -3106,22 +3106,22 @@ describe("node-saml /", function () { { message: "Unknown SAML issuer. Expected: foo Received: http://localhost:20000/saml2/idp/metadata.php", - } + }, ); }); it("errors if unsuccessful", async function () { this.request = JSON.parse( - fs.readFileSync(__dirname + "/static/sp_slo_redirect_failure.json", "utf8") + fs.readFileSync(__dirname + "/static/sp_slo_redirect_failure.json", "utf8"), ); await assert.rejects( samlObj.validateRedirectAsync(this.request, this.request.originalQuery), - { message: "Bad status code: urn:oasis:names:tc:SAML:2.0:status:Requester" } + { message: "Bad status code: urn:oasis:names:tc:SAML:2.0:status:Requester" }, ); }); it("errors if InResponseTo is not found", async function () { await assert.rejects( samlObj.validateRedirectAsync(this.request, this.request.originalQuery), - { message: "InResponseTo is not valid" } + { message: "InResponseTo is not valid" }, ); }); it("errors if bad signature", async function () { @@ -3129,7 +3129,7 @@ describe("node-saml /", function () { this.request.Signature = "foo"; await assert.rejects( samlObj.validateRedirectAsync(this.request, this.request.originalQuery), - { message: "Invalid query signature" } + { message: "Invalid query signature" }, ); }); @@ -3137,7 +3137,7 @@ describe("node-saml /", function () { await samlObj.cacheProvider.saveAsync("_79db1e7ad12ca1d63e5b", new Date().toISOString()); const { loggedOut } = await samlObj.validateRedirectAsync( this.request, - this.request.originalQuery + this.request.originalQuery, ); expect(loggedOut).to.be.true; }); @@ -3145,12 +3145,12 @@ describe("node-saml /", function () { it("accepts cert without header and footer line", async function () { samlObj.options.cert = fs.readFileSync( __dirname + "/static/acme_tools_com_without_header_and_footer.cert", - "ascii" + "ascii", ); await samlObj.cacheProvider.saveAsync("_79db1e7ad12ca1d63e5b", new Date().toISOString()); const { loggedOut } = await samlObj.validateRedirectAsync( this.request, - this.request.originalQuery + this.request.originalQuery, ); expect(loggedOut).to.be.true; }); diff --git a/test/xml.spec.ts b/test/xml.spec.ts index 8fa4efdc..afb81e31 100644 --- a/test/xml.spec.ts +++ b/test/xml.spec.ts @@ -154,11 +154,11 @@ describe("xml /", async function () { assert( evilCommentDoc.documentElement.firstChild?.textContent === "admin@mycompany.com.evil-domain", - "Invalid XML comment parsing." + "Invalid XML comment parsing.", ); assert( goodDoc.documentElement.firstChild?.textContent === "admin@mycompany.com", - "Invalid XML comment parsing." + "Invalid XML comment parsing.", ); }); });