Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
saml2-js - npm Package Compare versions
Comparing version 1.2.0 to 1.3.0
| // Generated by CoffeeScript 1.7.1 | ||
| var IdentityProvider, SAMLError, ServiceProvider, XMLNS, async, certificate_to_keyinfo, check_saml_signature, check_status_success, create_authn_request, create_logout_request, create_logout_response, create_metadata, crypto, debug, decrypt_assertion, format_pem, get_name_id, get_session_index, get_status, parseString, parse_assertion_attributes, parse_authn_response, parse_logout_request, parse_response_header, pretty_assertion_attributes, set_option_defaults, sign_request, to_error, url, util, xmlbuilder, xmlcrypto, xmldom, xmlenc, zlib, _, | ||
| var IdentityProvider, SAMLError, ServiceProvider, XMLNS, async, certificate_to_keyinfo, check_saml_signature, check_status_success, create_authn_request, create_logout_request, create_logout_response, create_metadata, crypto, debug, decrypt_assertion, format_pem, get_name_id, get_session_index, get_signed_data, get_status, parseString, parse_assertion_attributes, parse_authn_response, parse_logout_request, parse_response_header, pretty_assertion_attributes, set_option_defaults, sign_request, to_error, url, util, xmlbuilder, xmlcrypto, xmldom, xmlenc, zlib, _, | ||
| __hasProp = {}.hasOwnProperty, | ||
@@ -217,8 +217,8 @@ __extends = function(child, parent) { for (var key in parent) { if (__hasProp.call(parent, key)) child[key] = parent[key]; } function ctor() { this.constructor = child; } ctor.prototype = parent.prototype; child.prototype = new ctor(); child.__super__ = parent.prototype; return child; }, | ||
| check_saml_signature = function(xml, certificate, cb) { | ||
| var doc, sig, signature; | ||
| check_saml_signature = function(xml, certificate) { | ||
| var doc, sig, signature, valid; | ||
| doc = (new xmldom.DOMParser()).parseFromString(xml); | ||
| signature = xmlcrypto.xpath(doc, ".//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']"); | ||
| if (signature.length !== 1) { | ||
| return false; | ||
| return null; | ||
| } | ||
@@ -232,5 +232,37 @@ sig = new xmlcrypto.SignedXml(); | ||
| sig.loadSignature(signature[0].toString()); | ||
| return sig.checkSignature(xml); | ||
| valid = sig.checkSignature(xml); | ||
| if (valid) { | ||
| return get_signed_data(doc, sig.references); | ||
| } else { | ||
| return null; | ||
| } | ||
| }; | ||
| get_signed_data = function(doc, references) { | ||
| return _.map(references, function(ref) { | ||
| var elem, idAttribute, uri, _i, _len, _ref; | ||
| uri = ref.uri; | ||
| if (uri[0] === '#') { | ||
| uri = uri.substring(1); | ||
| } | ||
| elem = []; | ||
| if (uri === "") { | ||
| elem = xmlcrypto.xpath(doc, "//*"); | ||
| } else { | ||
| _ref = ["Id", "ID"]; | ||
| for (_i = 0, _len = _ref.length; _i < _len; _i++) { | ||
| idAttribute = _ref[_i]; | ||
| elem = xmlcrypto.xpath(doc, "//*[@*[local-name(.)='" + idAttribute + "']='" + uri + "']"); | ||
| if (elem.length > 0) { | ||
| break; | ||
| } | ||
| } | ||
| } | ||
| if (!(elem.length > 0)) { | ||
| throw new Error("Invalid signature; must be a reference to '" + ref.uri + "'"); | ||
| } | ||
| return elem[0].toString(); | ||
| }); | ||
| }; | ||
| check_status_success = function(dom) { | ||
@@ -497,10 +529,26 @@ var attr, status, status_code, _i, _j, _len, _len1, _ref, _ref1; | ||
| }, function(result, cb_wf) { | ||
| var assertion, cert, sd, signed_data, signed_dom, _i, _j, _len, _len1; | ||
| debug(result); | ||
| decrypted_assertion = (new xmldom.DOMParser()).parseFromString(result); | ||
| if (!(ignore_signature || _.some(idp_certificates, function(cert) { | ||
| return check_saml_signature(result, cert); | ||
| }))) { | ||
| return cb_wf(new Error("SAML Assertion signature check failed! (checked " + idp_certificates.length + " certificate(s))")); | ||
| if (ignore_signature) { | ||
| decrypted_assertion = (new xmldom.DOMParser()).parseFromString(result); | ||
| return cb_wf(null); | ||
| } | ||
| return cb_wf(null); | ||
| for (_i = 0, _len = idp_certificates.length; _i < _len; _i++) { | ||
| cert = idp_certificates[_i]; | ||
| signed_data = check_saml_signature(result, cert); | ||
| if (!signed_data) { | ||
| continue; | ||
| } | ||
| for (_j = 0, _len1 = signed_data.length; _j < _len1; _j++) { | ||
| sd = signed_data[_j]; | ||
| signed_dom = (new xmldom.DOMParser()).parseFromString(sd); | ||
| assertion = signed_dom.getElementsByTagNameNS(XMLNS.SAML, 'Assertion'); | ||
| if (assertion.length === 1) { | ||
| decrypted_assertion = signed_dom; | ||
| return cb_wf(null); | ||
| } | ||
| } | ||
| return cb_wf(new Error("Signed data did not contain a SAML Assertion!")); | ||
| } | ||
| return cb_wf(new Error("SAML Assertion signature check failed! (checked " + idp_certificates.length + " certificate(s))")); | ||
| }, function(cb_wf) { | ||
@@ -507,0 +555,0 @@ return async.lift(get_name_id)(decrypted_assertion, cb_wf); |
| { | ||
| "name": "saml2-js", | ||
| "version": "1.2.0", | ||
| "version": "1.3.0", | ||
| "description": "SAML 2.0 node helpers", | ||
@@ -5,0 +5,0 @@ "author": "Clever", |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by5.01%
120177
- Number of package files
- increased by3.85%
27
- Lines of code
- increased by6.81%
753
No dependency changes