@boxyhq/saml20 - npm Package Compare versions

Comparing version 1.0.13 to 1.0.14

dist/decrypt.js

@@ -27,3 +27,2 @@ "use strict";
 exports.decryptXml = void 0;
-const xmldom_1 = require("@xmldom/xmldom");
 const xpath_1 = require("xpath");
@@ -46,3 +45,3 @@ const xmlenc = __importStar(require("xml-encryption"));
         }
-        const assertionNode = new xmldom_1.DOMParser().parseFromString(res);
+        const assertionNode = (0, utils_1.parseFromString)(res);
         xml.documentElement.removeChild(encryptedAssertions[0]);
@@ -57,30 +56,3 @@ xml.documentElement.appendChild(assertionNode);
     }
-    const errors = {};
-    let multiRootErrFound = false;
-    const errorHandler = (key, msg) => {
-        if (!errors[key])
-            errors[key] = [];
-        if (msg.indexOf('Only one element can be added and only after doctype')) {
-            if (!multiRootErrFound) {
-                multiRootErrFound = true;
-                errors[key].push(msg);
-            }
-        }
-        else {
-            errors[key].push(msg);
-        }
-    };
-    const xml = new xmldom_1.DOMParser({ errorHandler }).parseFromString(entireXML);
-    Object.keys(errors).forEach((key) => {
-        if (errors[key].indexOf('Only one element can be added and only after doctype')) {
-            throw new Error('multirooted xml not allowed.');
-        }
-    });
-    const rootNodeCount = (0, utils_1.countRootNodes)(xml);
-    if (rootNodeCount > 1) {
-        throw new Error('multirooted xml not allowed.');
-    }
-    if (rootNodeCount === 0) {
-        throw new Error('Invalid assertion.');
-    }
+    const xml = (0, utils_1.parseFromString)(entireXML);
     const encryptedAssertions = (0, xpath_1.select)("/*[contains(local-name(), 'Response')]/*[local-name(.)='EncryptedAssertion']", xml);
@@ -87,0 +59,0 @@ if (encryptedAssertions.length >= 1) {

dist/response.js

@@ -20,3 +20,2 @@ "use strict";
 const decrypt_1 = require("./decrypt");
-const xmldom_1 = require("@xmldom/xmldom");
 const xpath_1 = require("xpath");
@@ -73,10 +72,3 @@ const saml20_1 = __importDefault(require("./saml20"));
     }
-    const xml = new xmldom_1.DOMParser().parseFromString(rawAssertion);
-    const rootNodeCount = (0, utils_1.countRootNodes)(xml);
-    if (rootNodeCount > 1) {
-        throw new Error('multirooted xml not allowed.');
-    }
-    if (rootNodeCount === 0) {
-        throw new Error('Invalid assertion.');
-    }
+    const xml = (0, utils_1.parseFromString)(rawAssertion);
     const issuerValue = (0, xpath_1.select)("/*[contains(local-name(), 'Response')]/*[local-name(.)='Issuer']", xml);
@@ -83,0 +75,0 @@ if (issuerValue && issuerValue.length > 0) {

dist/utils.d.ts

@@ -1,2 +0,2 @@
-declare const countRootNodes: (xmlDoc: Document) => number;
-export { countRootNodes };
+declare const parseFromString: (xmlString: string) => Document;
+export { parseFromString };

dist/utils.js

 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.countRootNodes = void 0;
+exports.parseFromString = void 0;
+const xmldom_1 = require("@xmldom/xmldom");
 const countRootNodes = (xmlDoc) => {
@@ -8,2 +9,34 @@ const rootNodes = Array.from(xmlDoc.childNodes).filter((n) => n.tagName != null && n.childNodes != null);
 };
-exports.countRootNodes = countRootNodes;
+const parseFromString = (xmlString) => {
+    const errors = {};
+    let multiRootErrFound = false;
+    const errorHandler = (key, msg) => {
+        if (!errors[key])
+            errors[key] = [];
+        if (msg.indexOf('Only one element can be added and only after doctype')) {
+            if (!multiRootErrFound) {
+                multiRootErrFound = true;
+                errors[key].push(msg);
+            }
+        }
+        else {
+            errors[key].push(msg);
+        }
+    };
+    const xml = new xmldom_1.DOMParser({ errorHandler }).parseFromString(xmlString);
+    if (multiRootErrFound) {
+        throw new Error('multirooted xml not allowed.');
+    }
+    else if (Object.keys(errors).length > 0) {
+        throw new Error('Invalid XML.');
+    }
+    const rootNodeCount = countRootNodes(xml);
+    if (rootNodeCount > 1) {
+        throw new Error('multirooted xml not allowed.');
+    }
+    if (rootNodeCount === 0) {
+        throw new Error('Invalid assertion.');
+    }
+    return xml;
+};
+exports.parseFromString = parseFromString;

dist/validateSignature.js

@@ -9,3 +9,3 @@ "use strict";
 const thumbprint_1 = __importDefault(require("thumbprint"));
-const xmldom_1 = require("@xmldom/xmldom");
+const utils_1 = require("./utils");
 const select = xml_crypto_1.default.xpath;
@@ -26,3 +26,3 @@ const SignedXml = xml_crypto_1.default.SignedXml;
 const hasValidSignature = (xml, cert, certThumbprint) => {
-    const doc = new xmldom_1.DOMParser().parseFromString(xml);
+    const doc = (0, utils_1.parseFromString)(xml);
     let signature = select(doc, "/*/*/*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']")[0] ||
@@ -29,0 +29,0 @@ select(doc, "/*/*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']")[0] ||

package.json

 {
   "name": "@boxyhq/saml20",
-  "version": "1.0.13",
+  "version": "1.0.14",
   "description": "SAML 2.0 token parser for Node.js",
@@ -5,0 +5,0 @@ "keywords": [

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Worsened metrics

Total package byte prevSize

44406

decreased by-0.54%

Lines of code

923

decreased by-0.32%

No dependency changes