node-saml · gugu · Feb 19, 2021 · Feb 9, 2021 · Feb 9, 2021 · Feb 10, 2021
diff --git a/.eslintrc → .eslintrc.json b/.eslintrc → .eslintrc.json
@@ -1,6 +1,7 @@
 {
   "env": {
     "node": true,
+    "mocha": true,
     "es6": false
   },
   "root": true,
@@ -9,7 +10,6 @@
   "parserOptions": {
     "ecmaVersion": 6
   },
-
   "extends": [
     "eslint:recommended",
     "plugin:@typescript-eslint/eslint-recommended",

diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,7 @@
-lib
-node_modules/
-.tern-port
-.idea
-yarn-error.log
-.DS_Store 
+lib
+node_modules/
+.tern-port
+.idea
+yarn-error.log
+.DS_Store 
+.eslintcache
diff --git a/.mocharc.json b/.mocharc.json
@@ -0,0 +1,9 @@
+{
+  "diff": true,
+  "extension": "spec.ts",
+  "package": "./package.json",
+  "reporter": "spec",
+  "require": ["choma", "ts-node/register"],
+  "files": "test/**/*.spec.ts",
+  "watch-files": "test/**/*.spec.ts"
+}
diff --git a/.prettierignore b/.prettierignore
@@ -1,3 +1,4 @@
-# Ignore artifacts:
-node_modules
-lib
+# Ignore artifacts:
+node_modules
+lib
+package-lock.json
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -37,7 +37,7 @@
   "scripts": {
     "build": "tsc",
     "changelog": "gren changelog --override --generate",
-    "lint": "eslint --ext .ts src",
+    "lint": "eslint --ext .ts **/*.ts --cache",
     "lint-watch": "onchange -k -p 100 \"**/*.ts\" -- eslint {{file}}",
     "lint:fix": "eslint --ext .ts --fix src",
     "prepare": "tsc",
@@ -60,8 +60,11 @@
   },
   "devDependencies": {
     "@types/debug": "^4.1.5",
+    "@types/mocha": "^8.2.0",
     "@types/node": "^14.14.13",
     "@types/passport-strategy": "^0.2.35",
+    "@types/request": "^2.48.5",
+    "@types/sinon": "^9.0.10",
     "@types/xml-crypto": "^1.4.1",
     "@types/xml-encryption": "^1.2.0",
     "@types/xml2js": "^0.4.7",
@@ -85,6 +88,7 @@
     "request": "^2.83.0",
     "should": "*",
     "sinon": "^9.2.2",
+    "ts-node": "^9.1.1",
     "typescript": "^4.1.3"
   },
   "engines": {

diff --git a/src/passport-saml/algorithms.ts b/src/passport-saml/algorithms.ts
@@ -1,33 +1,36 @@
 import * as crypto from "crypto";
 
-export function getSigningAlgorithm(shortName: string): string {
+export function getSigningAlgorithm(shortName?: string): string {
   switch (shortName) {
     case "sha256":
       return "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
     case "sha512":
       return "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
+    case "sha1":
     default:
       return "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
   }
 }
 
-export function getDigestAlgorithm(shortName: string): string {
+export function getDigestAlgorithm(shortName?: string): string {
   switch (shortName) {
     case "sha256":
       return "http://www.w3.org/2001/04/xmlenc#sha256";
     case "sha512":
       return "http://www.w3.org/2001/04/xmlenc#sha512";
+    case "sha1":
     default:
       return "http://www.w3.org/2000/09/xmldsig#sha1";
   }
 }
 
-export function getSigner(shortName: string): crypto.Signer {
+export function getSigner(shortName?: string): crypto.Signer {
   switch (shortName) {
     case "sha256":
       return crypto.createSign("RSA-SHA256");
     case "sha512":
       return crypto.createSign("RSA-SHA512");
+    case "sha1":
     default:
       return crypto.createSign("RSA-SHA1");
   }

diff --git a/src/passport-saml/multiSamlStrategy.ts b/src/passport-saml/multiSamlStrategy.ts
@@ -14,7 +14,10 @@ import {
 
 class MultiSamlStrategy extends SamlStrategy {
   _options: MultiSamlConfig;
-  constructor(options: MultiSamlConfig, verify: VerifyWithRequest | VerifyWithoutRequest) {
+
+  constructor(options: MultiSamlConfig, verify: VerifyWithRequest);
+  constructor(options: MultiSamlConfig, verify: VerifyWithoutRequest);
+  constructor(options: MultiSamlConfig, verify: never) {
     if (!options || typeof options.getSamlOptions != "function") {
       throw new Error("Please provide a getSamlOptions function");
     }
@@ -33,7 +36,7 @@ class MultiSamlStrategy extends SamlStrategy {
     this._options = options;
   }
 
-  authenticate(req: RequestWithUser, options: AuthenticateOptions & AuthorizeOptions) {
+  authenticate(req: RequestWithUser, options: AuthenticateOptions) {
     this._options.getSamlOptions(req, (err, samlOptions) => {
       if (err) {
         return this.error(err);

diff --git a/src/passport-saml/saml-post-signing.ts b/src/passport-saml/saml-post-signing.ts
@@ -1,6 +1,6 @@
 import { SignedXml } from "xml-crypto";
 import * as algorithms from "./algorithms";
-import { SAMLOptions } from "./types";
+import { SamlOptions, SamlSigningOptions } from "./types";
 
 const authnRequestXPath =
   '/*[local-name(.)="AuthnRequest" and namespace-uri(.)="urn:oasis:names:tc:SAML:2.0:protocol"]';
@@ -11,11 +11,11 @@ const defaultTransforms = [
   "http://www.w3.org/2001/10/xml-exc-c14n#",
 ];
 
-export function signSamlPost(samlMessage: string, xpath: string, options: SAMLOptions) {
+export function signSamlPost(samlMessage: string, xpath: string, options: SamlSigningOptions) {
   if (!samlMessage) throw new Error("samlMessage is required");
   if (!xpath) throw new Error("xpath is required");
   if (!options) {
-    options = {} as SAMLOptions;
+    options = {} as SamlSigningOptions;
   }
 
   if (options.privateCert) {
@@ -41,6 +41,6 @@ export function signSamlPost(samlMessage: string, xpath: string, options: SAMLOp
   return sig.getSignedXml();
 }
 
-export function signAuthnRequestPost(authnRequest: string, options: SAMLOptions) {
+export function signAuthnRequestPost(authnRequest: string, options: SamlSigningOptions) {
   return signSamlPost(authnRequest, authnRequestXPath, options);
 }