Enforce valid setting for validateInResponseTo (#314)

src/saml.ts

@@ -150,6 +150,10 @@ class SAML {
       racComparison: ctorOptions.racComparison ?? "exact",
     };
 
+    if (!Object.values(ValidateInResponseTo).includes(options.validateInResponseTo)) {
+      throw new TypeError("validateInResponseTo must be one of ['never', 'ifPresent', 'always']");
+    }
+
     /**
      * List of possible values:
      * - exact : Assertion context must exactly match a context in the list

test/tests.spec.ts

@@ -1946,6 +1946,34 @@ describe("node-saml /", function () {
           expect(samlObjValidComparisonType.options.racComparison).to.equal(racComparison);
         });
       });
+
+      it("should check the value of the option `validateInResponseTo`", function () {
+        expect(() => {
+          new SAML({
+            callbackUrl: "http://localhost/saml/consume",
+            validateInResponseTo: "bad_value" as ValidateInResponseTo,
+            cert: FAKE_CERT,
+            issuer: "onesaml_login",
+          }).options;
+        }).to.throw("validateInResponseTo must be one of ['never', 'ifPresent', 'always']");
+
+        const validInResponseToTypes: string[] = Object.keys(ValidateInResponseTo);
+        let samlObjValidInResponseToType: SAML;
+        validInResponseToTypes.forEach(function (validateInResponseTo) {
+          samlObjValidInResponseToType = new SAML({
+            callbackUrl: "http://localhost/saml/consume",
+            validateInResponseTo: validateInResponseTo as ValidateInResponseTo,
+            cert: FAKE_CERT,
+            issuer: "onesaml_login",
+          });
+          expect(samlObjValidInResponseToType.options.validateInResponseTo).to.equal(
+            validateInResponseTo,
+          );
+          expect(samlObjValidInResponseToType.options.validateInResponseTo).to.equal(
+            validateInResponseTo,
+          );
+        });
+      });
     });
 
     describe("getAuthorizeMessageAsync checks /", function () {