New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature: add facility in config to add <Extensions> element in SAML request
#11
Merged
Merged
Changes from 20 commits
Commits
Show all changes
23 commits
Select commit
Hold shift + click to select a range
54d40b0
test(samlRequst.spec.js): add test to check extensions element in sam…
kdhttps f632cfa
feat(saml.ts): add config and saml extensions element in saml request
kdhttps 76b6b45
docs(README.md): add docs for samlExtensions config
kdhttps d6bf124
docs(README.md): add docs for samlExtensions config
kdhttps 2fea050
feat(utility.ts): add test and validation, element should have namespace
kdhttps d3ed7ec
typo fix.
markstos 0d5e644
test(utility.Test.Js): fix type and update mocha config
kdhttps 6fd46a9
test(samlrequest.Spec.Ts): fix test case values and update readme.md
kdhttps c73d46a
docs(readme.md): update extensions example in readme.md
kdhttps 6d6f096
fix(utility.Test.Ts): remove validation on extensions value
kdhttps 09ae19d
fix(types.Ts): remove saml schema exception class
kdhttps 40cf837
fix(saml.Ts): add a check saml extensions should be object
kdhttps 56dc546
fix(types.Ts): update type for saml extensions
kdhttps ca9d940
refactor(saml.Ts): refactor check saml extensions type
kdhttps 9d2da8c
Refactor tests to throw more actionable errors and use promises
cjbarth 939865e
test(samlRequest.spec.ts): add object check test
kdhttps afe78d1
refactor(saml.ts): rename saml extension property
kdhttps 283d84c
test(tests.spec.ts): test saml logout extensions
kdhttps 5c1dcb0
feat(saml.ts): add logout requrst extensions feature
kdhttps 71d9fe5
docs(README.md): docs about logout requrst extensions feature
kdhttps 9b104ac
test(tests.spec.ts): remove callback and handle using promise
kdhttps 7c8eca9
Merge branch 'master' of github.com:kdhttps/node-saml into feature_sa…
kdhttps 070f7f4
refactor(tests): refactor logout test to use profile type
kdhttps File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,121 @@ | ||
| import { SAML } from "../src/saml"; | ||
cjbarth marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| import { FAKE_CERT } from "./types"; | ||
| import * as zlib from "zlib"; | ||
| import * as should from "should"; | ||
| import { parseStringPromise } from "xml2js"; | ||
| import { assertRequired } from "../src/utility"; | ||
| import { SamlConfig } from "../src/types"; | ||
| import * as assert from "assert"; | ||
|
|
||
| describe("SAML request", function () { | ||
| it("Config with Extensions", function () { | ||
| const config: SamlConfig = { | ||
| entryPoint: "https://wwwexampleIdp.com/saml", | ||
| cert: FAKE_CERT, | ||
| samlAuthnRequestExtensions: { | ||
| "md:RequestedAttribute": { | ||
| "@isRequired": "true", | ||
| "@Name": "Lastname", | ||
| "@xmlns:md": "urn:oasis:names:tc:SAML:2.0:metadata", | ||
| }, | ||
| vetuma: { | ||
| "@xmlns": "urn:vetuma:SAML:2.0:extensions", | ||
| LG: { | ||
| "#text": "sv", | ||
| }, | ||
| }, | ||
| }, | ||
| }; | ||
|
|
||
| const result = { | ||
| "samlp:AuthnRequest": { | ||
| $: { | ||
| "xmlns:samlp": "urn:oasis:names:tc:SAML:2.0:protocol", | ||
| Version: "2.0", | ||
| ProtocolBinding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", | ||
| AssertionConsumerServiceURL: "http://localhost/saml/consume", | ||
| Destination: "https://wwwexampleIdp.com/saml", | ||
| }, | ||
| "saml:Issuer": [ | ||
| { _: "onelogin_saml", $: { "xmlns:saml": "urn:oasis:names:tc:SAML:2.0:assertion" } }, | ||
| ], | ||
| "samlp:Extensions": [ | ||
| { | ||
| $: { | ||
| "xmlns:samlp": "urn:oasis:names:tc:SAML:2.0:protocol", | ||
| }, | ||
| "md:RequestedAttribute": [ | ||
| { | ||
| $: { | ||
| isRequired: "true", | ||
| Name: "Lastname", | ||
| "xmlns:md": "urn:oasis:names:tc:SAML:2.0:metadata", | ||
| }, | ||
| }, | ||
| ], | ||
| vetuma: [ | ||
| { | ||
| $: { xmlns: "urn:vetuma:SAML:2.0:extensions" }, | ||
| LG: ["sv"], | ||
| }, | ||
| ], | ||
| }, | ||
| ], | ||
| "samlp:NameIDPolicy": [ | ||
| { | ||
| $: { | ||
| "xmlns:samlp": "urn:oasis:names:tc:SAML:2.0:protocol", | ||
| Format: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", | ||
| AllowCreate: "true", | ||
| }, | ||
| }, | ||
| ], | ||
| "samlp:RequestedAuthnContext": [ | ||
| { | ||
| $: { "xmlns:samlp": "urn:oasis:names:tc:SAML:2.0:protocol", Comparison: "exact" }, | ||
| "saml:AuthnContextClassRef": [ | ||
| { | ||
| _: "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", | ||
| $: { "xmlns:saml": "urn:oasis:names:tc:SAML:2.0:assertion" }, | ||
| }, | ||
| ], | ||
| }, | ||
| ], | ||
| }, | ||
| }; | ||
|
|
||
| const oSAML = new SAML(config); | ||
| oSAML | ||
| .getAuthorizeFormAsync("http://localhost/saml/consume") | ||
| .then((formBody) => { | ||
| formBody.should.match(/<!DOCTYPE html>[^]*<input.*name="SAMLRequest"[^]*<\/html>/); | ||
| const samlRequestMatchValues = formBody.match(/<input.*name="SAMLRequest" value="([^"]*)"/); | ||
| const encodedSamlRequest = assertRequired(samlRequestMatchValues?.[1]); | ||
|
|
||
| let buffer = Buffer.from(encodedSamlRequest, "base64"); | ||
| if (!config.skipRequestCompression) { | ||
| buffer = zlib.inflateRawSync(buffer); | ||
| } | ||
|
|
||
| return parseStringPromise(buffer.toString()); | ||
| }) | ||
| .then((doc) => { | ||
| delete doc["samlp:AuthnRequest"]["$"]["ID"]; | ||
| delete doc["samlp:AuthnRequest"]["$"]["IssueInstant"]; | ||
| doc.should.eql(result); | ||
| }); | ||
| }); | ||
|
|
||
| it("should throw error when samlAuthnRequestExtensions is not a object", async function () { | ||
| const config: any = { | ||
| entryPoint: "https://wwwexampleIdp.com/saml", | ||
| cert: FAKE_CERT, | ||
| samlAuthnRequestExtensions: "anyvalue", | ||
| }; | ||
|
|
||
| const oSAML = new SAML(config); | ||
| await assert.rejects(oSAML.getAuthorizeFormAsync("http://localhost/saml/consume"), { | ||
| message: "samlAuthnRequestExtensions should be Object", | ||
| }); | ||
| }); | ||
| }); | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do you add the empty value here and then delete it later when not needed? The pattern you used previously just adds the value if you need it and skips the extra logic to delete if not needed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it is because strick type of NameID here
node-saml/src/types.ts
Line 60 in 71d9fe5
and
samlp:Extensionselement should be placed before NameID. There is other way also but I choose and Like to keep this one for safe type.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@cjbarth once you get time, please review it