passport-saml
Advanced tools
Comparing version 0.0.1 to 0.0.2
var express = require('express') | ||
, passport = require('passport') | ||
, util = require('util') | ||
, SamlStrategy = require('../../lib/passport-saml/index').Strategy; | ||
, SamlStrategy = require('../../lib/passport-saml/index').Strategy | ||
, fs = require('fs'); | ||
@@ -43,5 +44,8 @@ | ||
issuer: 'passport-saml', | ||
protocol: 'http://' | ||
protocol: 'http://', | ||
cert: 'MIICizCCAfQCCQCY8tKaMc0BMjANBgkqhkiG9w0BAQUFADCBiTELMAkGA1UEBhMCTk8xEjAQBgNVBAgTCVRyb25kaGVpbTEQMA4GA1UEChMHVU5JTkVUVDEOMAwGA1UECxMFRmVpZGUxGTAXBgNVBAMTEG9wZW5pZHAuZmVpZGUubm8xKTAnBgkqhkiG9w0BCQEWGmFuZHJlYXMuc29sYmVyZ0B1bmluZXR0Lm5vMB4XDTA4MDUwODA5MjI0OFoXDTM1MDkyMzA5MjI0OFowgYkxCzAJBgNVBAYTAk5PMRIwEAYDVQQIEwlUcm9uZGhlaW0xEDAOBgNVBAoTB1VOSU5FVFQxDjAMBgNVBAsTBUZlaWRlMRkwFwYDVQQDExBvcGVuaWRwLmZlaWRlLm5vMSkwJwYJKoZIhvcNAQkBFhphbmRyZWFzLnNvbGJlcmdAdW5pbmV0dC5ubzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAt8jLoqI1VTlxAZ2axiDIThWcAOXdu8KkVUWaN/SooO9O0QQ7KRUjSGKN9JK65AFRDXQkWPAu4HlnO4noYlFSLnYyDxI66LCr71x4lgFJjqLeAvB/GqBqFfIZ3YK/NrhnUqFwZu63nLrZjcUZxNaPjOOSRSDaXpv1kb5k3jOiSGECAwEAATANBgkqhkiG9w0BAQUFAAOBgQBQYj4cAafWaYfjBU2zi1ElwStIaJ5nyp/s/8B8SAPK2T79McMyccP3wSW13LHkmM1jwKe3ACFXBvqGQN0IbcH49hu0FKhYFM/GPDJcIHFBsiyMBXChpye9vBaTNEBCtU3KjjyG0hRT2mAQ9h+bkPmOvlEo/aH0xR68Z9hw4PF13w=='/*, | ||
privateCert: fs.readFileSync('./cert.pem', 'utf-8')*/ | ||
}, | ||
function(profile, done) { | ||
console.log("Auth with", profile); | ||
if (!profile.email) { | ||
@@ -48,0 +52,0 @@ return done(new Error("No email found"), null); |
var zlib = require('zlib'); | ||
var xml2js = require('xml2js'); | ||
var xmlCrypto = require('xml-crypto'); | ||
var crypto = require('crypto'); | ||
var xmldom = require('xmldom'); | ||
var querystring = require('querystring'); | ||
@@ -46,2 +50,8 @@ var SAML = function (options) { | ||
SAML.prototype.signRequest = function (xml) { | ||
var signer = crypto.createSign('RSA-SHA1'); | ||
signer.update(xml); | ||
return signer.sign(this.options.privateCert, 'base64'); | ||
} | ||
SAML.prototype.generateRequest = function (req) { | ||
@@ -52,3 +62,7 @@ var id = "_" + this.generateUniqueID(); | ||
// Post-auth destination | ||
var callbackUrl = this.options.protocol + req.headers.host + this.options.path; | ||
if (this.options.callbackUrl) { | ||
callbackUrl = this.options.callbackUrl; | ||
} else { | ||
var callbackUrl = this.options.protocol + req.headers.host + this.options.path; | ||
} | ||
@@ -75,12 +89,52 @@ var request = | ||
var base64 = buffer.toString('base64'); | ||
var encoded = encodeURIComponent(base64); | ||
var target = self.options.entryPoint + '?' | ||
callback(null, self.options.entryPoint + '?SAMLRequest=' + encoded); | ||
var samlRequest = { | ||
SAMLRequest: base64 | ||
}; | ||
if (self.options.privateCert) { | ||
samlRequest.SigAlg = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'; | ||
samlRequest.Signature = self.signRequest(querystring.stringify(samlRequest)); | ||
} | ||
target += querystring.stringify(samlRequest); | ||
callback(null, target); | ||
}); | ||
}; | ||
SAML.prototype.certToPEM = function (cert) { | ||
cert = cert.match(/.{1,64}/g).join('\n'); | ||
cert = "-----BEGIN CERTIFICATE-----\n" + cert; | ||
cert = cert + "\n-----END CERTIFICATE-----\n"; | ||
return cert; | ||
}; | ||
SAML.prototype.validateSignature = function (xml, cert) { | ||
var self = this; | ||
var doc = new xmldom.DOMParser().parseFromString(xml); | ||
var signature = xmlCrypto.xpath.SelectNodes(doc, "/*/*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']")[0]; | ||
var sig = new xmlCrypto.SignedXml(); | ||
sig.keyInfoProvider = { | ||
getKeyInfo: function (key) { | ||
return "<X509Data></X509Data>" | ||
}, | ||
getKey: function (keyInfo) { | ||
return self.certToPEM(cert); | ||
} | ||
}; | ||
sig.loadSignature(signature.toString()); | ||
return sig.checkSignature(xml); | ||
}; | ||
SAML.prototype.validateResponse = function (samlResponse, callback) { | ||
var self = this; | ||
var xml = new Buffer(samlResponse, 'base64').toString('ascii'); | ||
var parser = new xml2js.Parser(); | ||
parser.parseString(xml, function (err, doc) { | ||
// Verify signature | ||
if (self.options.cert && !self.validateSignature(xml, self.options.cert)) { | ||
return callback(new Error('Invalid signature'), null); | ||
} | ||
profile = {}; | ||
@@ -87,0 +141,0 @@ profile.issuer = doc['saml:Assertion']['saml:Issuer']; |
{ | ||
"name": "passport-saml", | ||
"version": "0.0.1", | ||
"version": "0.0.2", | ||
"licenses": [{ | ||
@@ -21,3 +21,5 @@ "type": "MIT", | ||
"zlib": "1.0.x", | ||
"xml2js": "0.1.x" | ||
"xml2js": "0.1.x", | ||
"xml-crypto": "0.0.x", | ||
"xmldom": "0.1.x" | ||
}, | ||
@@ -24,0 +26,0 @@ "devDependencies": { |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
14844
288
5
2
+ Addedxml-crypto@0.0.x
+ Addedxmldom@0.1.x
+ Addedxml-crypto@0.0.23(transitive)
+ Addedxmldom@0.1.31(transitive)
+ Addedxmldom-fork-fixed@0.0.1(transitive)
+ Addedxpath.js@1.1.0(transitive)