passport-saml
Advanced tools
passport-saml - npm Package Compare versions
Comparing version 0.20.2 to 0.30.0
@@ -97,8 +97,3 @@ var zlib = require('zlib'); | ||
| SAML.prototype.generateUniqueID = function () { | ||
| var chars = "abcdef0123456789"; | ||
| var uniqueID = ""; | ||
| for (var i = 0; i < 20; i++) { | ||
| uniqueID += chars.substr(Math.floor((Math.random()*15)), 1); | ||
| } | ||
| return uniqueID; | ||
| return crypto.randomBytes(10).toString('hex'); | ||
| }; | ||
@@ -516,11 +511,19 @@ | ||
| var self = this; | ||
| var xml = new Buffer(container.SAMLResponse, 'base64').toString('utf8'); | ||
| var doc = new xmldom.DOMParser().parseFromString(xml); | ||
| var inResponseTo = xpath(doc, "/*[local-name()='Response']/@InResponseTo"); | ||
| if(inResponseTo){ | ||
| inResponseTo = inResponseTo.length ? inResponseTo[0].nodeValue : null; | ||
| } | ||
| var xml, doc, inResponseTo; | ||
| Q.fcall(function(){ | ||
| xml = new Buffer(container.SAMLResponse, 'base64').toString('utf8'); | ||
| doc = new xmldom.DOMParser({ | ||
| }).parseFromString(xml); | ||
| if (!doc.hasOwnProperty('documentElement')) | ||
| throw new Error('SAMLResponse is not valid base64-encoded XML'); | ||
| inResponseTo = xpath(doc, "/*[local-name()='Response']/@InResponseTo"); | ||
| if(inResponseTo){ | ||
| inResponseTo = inResponseTo.length ? inResponseTo[0].nodeValue : null; | ||
| } | ||
| if(self.options.validateInResponseTo){ | ||
@@ -527,0 +530,0 @@ if (inResponseTo) { |
| { | ||
| "name": "passport-saml", | ||
| "version": "0.20.2", | ||
| "version": "0.30.0", | ||
| "license" : "MIT", | ||
@@ -48,3 +48,3 @@ "keywords": [ | ||
| "engines": { | ||
| "node": ">= 0.10.0" | ||
| "node": ">= 4" | ||
| }, | ||
@@ -51,0 +51,0 @@ "scripts": { |
@@ -120,4 +120,7 @@ Passport-SAML | ||
| Authentication requests sent by Passport-SAML can be signed using RSA-SHA1. To sign them you need to provide a private key in the PEM format via the `privateCert` configuration key. For example: | ||
| Authentication requests sent by Passport-SAML can be signed using RSA-SHA1. To sign them you need to provide a private key in the PEM format via the `privateCert` configuration key. The certificate | ||
| should start with `-----BEGIN PRIVATE KEY-----` on its own line and end with `-----END PRIVATE KEY-----` on its own line. | ||
| For example: | ||
| ```javascript | ||
@@ -124,0 +127,0 @@ privateCert: fs.readFileSync('./cert.pem', 'utf-8') |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Lines of code
- increased by0.52%
2875
- Number of lines in readme file
- increased by1.34%
227
Worsened metrics
- Total package byte prevSize
- decreased by-9.97%
280348
- Number of package files
- decreased by-12.5%
28