-
Notifications
You must be signed in to change notification settings - Fork 477
/
multiSamlStrategy.ts
78 lines (66 loc) · 2.82 KB
/
multiSamlStrategy.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
import * as util from 'util';
import * as saml from './saml';
import {CacheProvider as InMemoryCacheProvider} from './inmemory-cache-provider';
import SamlStrategy = require('./strategy');
import type { Request } from 'express';
import { AuthenticateOptions, AuthorizeOptions, MultiSamlConfig, RequestWithUser, VerifyWithoutRequest, VerifyWithRequest } from './types';
class MultiSamlStrategy extends SamlStrategy {
_options: MultiSamlConfig
constructor(options: MultiSamlConfig, verify: VerifyWithRequest | VerifyWithoutRequest) {
if (!options || typeof options.getSamlOptions != 'function') {
throw new Error('Please provide a getSamlOptions function');
}
if(!options.requestIdExpirationPeriodMs){
options.requestIdExpirationPeriodMs = 28800000; // 8 hours
}
if(!options.cacheProvider){
options.cacheProvider = new InMemoryCacheProvider(
{keyExpirationPeriodMs: options.requestIdExpirationPeriodMs });
}
super(options, verify);
this._options = options;
}
authenticate(req: RequestWithUser, options: AuthenticateOptions & AuthorizeOptions) {
this._options.getSamlOptions(req, (err, samlOptions) => {
if (err) {
return this.error(err);
}
const samlService = new saml.SAML({...this._options, ...samlOptions});
const strategy = Object.assign({}, this, {_saml: samlService});
Object.setPrototypeOf(strategy, this);
super.authenticate.call(strategy, req, options);
});
}
logout(req: RequestWithUser, callback: (err: Error | null, url?: string | null | undefined) => void) {
this._options.getSamlOptions(req, (err, samlOptions) => {
if (err) {
return callback(err);
}
const samlService = new saml.SAML(Object.assign({}, this._options, samlOptions));
const strategy = Object.assign({}, this, {_saml: samlService});
Object.setPrototypeOf(strategy, this);
super.logout.call(strategy, req, callback);
});
}
/** @ts-expect-error typescript disallows changing method signature in a subclass */
generateServiceProviderMetadata(
req: Request,
decryptionCert: string | null,
signingCert: string | null,
callback: (err: Error | null, metadata?: string) => void
) {
if (typeof callback !== 'function') {
throw new Error("Metadata can't be provided synchronously for MultiSamlStrategy.");
}
return this._options.getSamlOptions(req, (err, samlOptions) => {
if (err) {
return callback(err);
}
const samlService = new saml.SAML(Object.assign({}, this._options, samlOptions));
const strategy = Object.assign({}, this, {_saml: samlService});
Object.setPrototypeOf(strategy, this);
return callback(null, super.generateServiceProviderMetadata.call(strategy, decryptionCert, signingCert));
});
}
}
export = MultiSamlStrategy;