saml - npm Package Compare versions

Comparing version 0.2.0 to 0.2.3

lib/saml11.js

@@ -7,3 +7,5 @@
 
-var saml11 = '<saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="" IssueInstant="" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:Conditions><saml:AudienceRestrictionCondition></saml:AudienceRestrictionCondition></saml:Conditions><saml:AttributeStatement><saml:Subject><saml:NameIdentifier></saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject></saml:AttributeStatement></saml:Assertion>';
+var fs = require('fs');
+var path = require('path');
+var saml11 = fs.readFileSync(path.join(__dirname, 'saml11.template'));
 
@@ -94,8 +96,24 @@ var NAMESPACE = 'urn:oasis:names:tc:SAML:1.0:assertion';
 
+  doc.getElementsByTagName('saml:AuthenticationStatement')[0]
+    .setAttribute('AuthenticationInstant', now.format('YYYY-MM-DDTHH:mm:ss.SSS[Z]'));
+
+  var nameID = doc.documentElement.getElementsByTagNameNS(NAMESPACE, 'NameIdentifier')[0];
+  
   if (options.nameIdentifier) {
-    var nameID = doc.documentElement.getElementsByTagNameNS(NAMESPACE, 'NameIdentifier')[0];
     nameID.textContent = options.nameIdentifier;
+  
+    doc.getElementsByTagName('saml:AuthenticationStatement')[0]
+      .getElementsByTagName('saml:NameIdentifier')
+      .textContent = options.nameIdentifier;
   }
   
-  var token = doc.toString();
+  if (options.nameIdentifierFormat) {
+    nameID.setAttribute('Format', options.nameIdentifierFormat);
+  }
+
+  var token = doc.toString()
+                .replace(/\r\n/g, '')
+                .replace(/\n/g,'')
+                .replace(/>(\s*)</g, '><') //unindent
+                .trim();
   sig.computeSignature(token);
@@ -102,0 +120,0 @@ var signed = sig.getSignedXml();

package.json

 {
   "name": "saml",
-  "version": "0.2.0",
+  "version": "0.2.3",
   "devDependencies": {
@@ -20,3 +20,6 @@ "mocha": "*",
     "moment": "~1.7.2"
+  },
+  "scripts": {
+    "test": "mocha"
   }
 }

README.md

@@ -5,2 +5,4 @@ Create SAML assertions.
 
+[![Build Status](https://travis-ci.org/auth0/node-saml.png)](https://travis-ci.org/auth0/node-saml)
+
 ### Usage
@@ -7,0 +9,0 @@

test/saml11.tests.js

@@ -160,2 +160,38 @@ var assert = require('assert'),
 
+  it('should not contains line breaks', function () {
+    var options = {
+      cert: fs.readFileSync(__dirname + '/test-auth0.pem'),
+      key: fs.readFileSync(__dirname + '/test-auth0.key'),
+      nameIdentifier: 'foo'
+    };
+
+    var signedAssertion = saml11.create(options);
+    assert.equal(-1, signedAssertion.indexOf('\n'));
+  });
+
+  it('should set AuthenticationInstant', function () {
+    var options = {
+      cert: fs.readFileSync(__dirname + '/test-auth0.pem'),
+      key: fs.readFileSync(__dirname + '/test-auth0.key'),
+      nameIdentifier: 'foo'
+    };
+
+    var signedAssertion = saml11.create(options);
+    var authenticationStatement = utils.getAuthenticationStatement(signedAssertion);
+    assert.ok(!!authenticationStatement.getAttribute('AuthenticationInstant'));
+  });
+
+  it('should set AuthenticationStatement NameIdentifier', function () {
+    var options = {
+      cert: fs.readFileSync(__dirname + '/test-auth0.pem'),
+      key: fs.readFileSync(__dirname + '/test-auth0.key'),
+      nameIdentifier: 'foo'
+    };
+    var signedAssertion = saml11.create(options);
+    var nameIdentifier = utils.getAuthenticationStatement(signedAssertion)
+                              .getElementsByTagName('saml:NameIdentifier')
+                              .textContent;
+    assert.ok('foo', nameIdentifier);
+  });
+
   it('should test the whole thing', function () {
@@ -172,3 +208,4 @@ var options = {
       },
-      nameIdentifier: 'foo'
+      nameIdentifier:       'foo',
+      nameIdentifierFormat: 'http://schemas.xmlsoap.org/claims/UPN'
     };
@@ -182,2 +219,3 @@
     assert.equal('foo', nameIdentifier.textContent);
+    assert.equal('http://schemas.xmlsoap.org/claims/UPN', nameIdentifier.getAttribute('Format'));
 
@@ -184,0 +222,0 @@ var attributes = utils.getAttributes(signedAssertion);

test/utils.js

@@ -49,2 +49,8 @@ var xmlCrypto = require('xml-crypto'),
 
+exports.getAuthenticationStatement = function(assertion) {
+  var doc = new xmldom.DOMParser().parseFromString(assertion);
+  return doc.documentElement
+            .getElementsByTagName('saml:AuthenticationStatement')[0];
+};
+
 exports.getAttributes = function(assertion) {
@@ -51,0 +57,0 @@ var doc = new xmldom.DOMParser().parseFromString(assertion);

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Non-existent author

Supply chain risk

The package was published by an npm account that no longer exists.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

23105

increased by15.33%

Number of package files

12

increased by20%

Lines of code

395

increased by14.49%

Number of lines in readme file

28

increased by7.69%

Worsened metrics

Number of high supply chain risk alerts

2

increased by100%

Number of low supply chain risk alerts

3

increased by50%

No dependency changes