passport-saml - npm Package Compare versions

Comparing version 0.9.2 to 0.10.0

lib/passport-saml/saml.js

@@ -6,2 +6,3 @@ var zlib = require('zlib');
 var xmldom = require('xmldom');
+var url = require('url');
 var querystring = require('querystring');
@@ -187,2 +188,9 @@ var xmlbuilder = require('xmlbuilder');
 
+  if (req.user.sessionIndex) {
+    request['samlp:LogoutRequest']['saml2p:SessionIndex'] = {
+      '@xmlns:saml2p': 'urn:oasis:names:tc:SAML:2.0:protocol',
+      '#text': req.user.sessionIndex
+    };
+  }
+
   return xmlbuilder.create(request).end();
@@ -231,7 +239,7 @@ };
     var base64 = buffer.toString('base64');
-    var target = self.options.entryPoint + '?';
+    var target = url.parse(self.options.entryPoint, true);
 
     if (operation === 'logout') {
       if (self.options.logoutUrl) {
-        target = self.options.logoutUrl + '?';
+        target = url.parse(self.options.logoutUrl, true);
       }
@@ -255,5 +263,11 @@ } else if (operation !== 'authorize') {
     }
-    target += querystring.stringify(samlMessage);
+    Object.keys(samlMessage).forEach(function(k) {
+      target.query[k] = samlMessage[k];
+    });
 
-    callback(null, target);
+    // Delete 'search' to for pulling query string from 'query'
+    // https://nodejs.org/api/url.html#url_url_format_urlobj
+    delete target.search;
+
+    callback(null, url.format(target));
   }
@@ -534,2 +548,9 @@ };
 
+    var authnStatement = assertion.AuthnStatement;
+    if (authnStatement) {
+      if (authnStatement[0].$ && authnStatement[0].$.SessionIndex) {
+        profile.sessionIndex = authnStatement[0].$.SessionIndex;
+      }
+    }
+
     var subject = assertion.Subject;
@@ -536,0 +557,0 @@ if (subject) {

package.json

 {
   "name": "passport-saml",
-  "version": "0.9.2",
+  "version": "0.10.0",
   "licenses": [
@@ -5,0 +5,0 @@ {

README.md

@@ -45,5 +45,5 @@ Passport-SAML
 * Core
+ * `callbackUrl`: full callbackUrl (overrides path/protocol if supplied)
  * `path`: path to callback; will be combined with protocol and server host information to construct callback url if `callbackUrl` is not specified (default: `/saml/consume`)
- * `protocol`: protocol for callback; will be combined with path and server host information to construct callback url if `callbackUrl` is not specified (default: `https://`)
- * `callbackUrl`: full callbackUrl (overrides path if supplied)
+ * `protocol`: protocol for callback; will be combined with path and server host information to construct callback url if `callbackUrl` is not specified (default: `http://`)
  * `entryPoint`: identity provider entrypoint
@@ -50,0 +50,0 @@ * `issuer`: issuer string to supply to identity provider

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

232187

increased by1.59%

Number of package files

16

increased by6.67%

Lines of code

2357

increased by4.48%

No dependency changes