saml2-js - npm Package Compare versions

Comparing version 2.0.3 to 2.0.5

.circleci/config.yml

test/data/response_notbefore_future_encrypted_decoded.xml

test/data/response_notbefore_future_encrypted_then_signed_base64.xml

test/data/response_notbefore_future_encrypted_then_signed.xml

test/data/response_notbefore_future_encrypted.xml

test/data/response_notbefore_future_signed_then_encrypted_base64.xml

test/data/response_notbefore_future_signed_then_encrypted.xml

test/data/response_notbefore_future_signed.xml

117

lib-js/saml2.js

		@@ -592,3 +592,3 @@ // Generated by CoffeeScript 1.12.7

		parse_authn_response = function(saml_response, sp_private_keys, idp_certificates, allow_unencrypted, ignore_signature, require_session_index, cb) {
		parse_authn_response = function(saml_response, sp_private_keys, idp_certificates, allow_unencrypted, ignore_signature, require_session_index, ignore_timing, notbefore_skew, sp_audience, cb) {
		var user;
		@@ -603,3 +603,3 @@ user = {};
		}
		if (!allow_unencrypted) {
		if (!(allow_unencrypted && err.message === "Expected 1 EncryptedAssertion; found 0.")) {
		return cb_wf(err, result);
		@@ -614,3 +614,3 @@ }
		}, function(result, cb_wf) {
		var assertion, cert, ex, i, j, l, len, len1, ref1, saml_response_str, sd, signed_data, signed_dom;
		var assertion, cert, encryptedAssertion, ex, i, j, l, len, len1, ref1, saml_response_str, sd, signed_data, signed_dom;
		debug(result);
		@@ -640,2 +640,11 @@ if (ignore_signature) {
		}
		encryptedAssertion = signed_dom.getElementsByTagNameNS(XMLNS.SAML, 'EncryptedAssertion');
		if (encryptedAssertion.length === 1) {
		return decrypt_assertion(saml_response, sp_private_keys, function(err, result) {
		if (err == null) {
		return cb_wf(null, (new xmldom.DOMParser()).parseFromString(result));
		}
		return cb_wf(err);
		});
		}
		}
		@@ -646,22 +655,52 @@ return cb_wf(new Error("Signed data did not contain a SAML Assertion!"));
		}, function(decrypted_assertion, cb_wf) {
		var assertion_attributes, err, session_info;
		try {
		session_info = get_session_info(decrypted_assertion, require_session_index);
		user.name_id = get_name_id(decrypted_assertion);
		user.session_index = session_info.index;
		if (session_info.not_on_or_after != null) {
		user.session_not_on_or_after = session_info.not_on_or_after;
		var attribute, audience_restriction, audiences, condition, conditions, j, len, ref1, validAudience;
		conditions = decrypted_assertion.getElementsByTagNameNS(XMLNS.SAML, 'Conditions')[0];
		if (conditions != null) {
		if (ignore_timing !== true) {
		ref1 = conditions.attributes;
		for (j = 0, len = ref1.length; j < len; j++) {
		attribute = ref1[j];
		condition = attribute.name.toLowerCase();
		if (condition === 'notbefore' && Date.parse(attribute.value) > Date.now() + (notbefore_skew * 1000)) {
		return cb_wf(new SAMLError('SAML Response is not yet valid', {
		NotBefore: attribute.value
		}));
		}
		if (condition === 'notonorafter' && Date.parse(attribute.value) <= Date.now()) {
		return cb_wf(new SAMLError('SAML Response is no longer valid', {
		NotOnOrAfter: attribute.value
		}));
		}
		}
		}
		assertion_attributes = parse_assertion_attributes(decrypted_assertion);
		user = _.extend(user, pretty_assertion_attributes(assertion_attributes));
		user = _.extend(user, {
		attributes: assertion_attributes
		});
		return cb_wf(null, {
		user: user
		});
		} catch (error) {
		err = error;
		return cb_wf(err);
		audience_restriction = conditions.getElementsByTagNameNS(XMLNS.SAML, 'AudienceRestriction')[0];
		audiences = audience_restriction != null ? audience_restriction.getElementsByTagNameNS(XMLNS.SAML, 'Audience') : void 0;
		if ((audiences != null ? audiences.length : void 0) > 0) {
		validAudience = _.find(audiences, function(audience) {
		var audienceValue, ref2, ref3;
		audienceValue = (ref2 = audience.firstChild) != null ? (ref3 = ref2.data) != null ? ref3.trim() : void 0 : void 0;
		return !_.isEmpty(audienceValue != null ? audienceValue.trim() : void 0) && ((_.isRegExp(sp_audience) && sp_audience.test(audienceValue)) \|\| (_.isString(sp_audience) && sp_audience.toLowerCase() === audienceValue.toLowerCase()));
		});
		if (validAudience == null) {
		return cb_wf(new SAMLError('SAML Response is not valid for this audience'));
		}
		}
		}
		return cb_wf(null, decrypted_assertion);
		}, function(validated_assertion, cb_wf) {
		var assertion_attributes, session_info;
		session_info = get_session_info(validated_assertion, require_session_index);
		user.name_id = get_name_id(validated_assertion);
		user.session_index = session_info.index;
		if (session_info.not_on_or_after != null) {
		user.session_not_on_or_after = session_info.not_on_or_after;
		}
		assertion_attributes = parse_assertion_attributes(validated_assertion);
		user = _.extend(user, pretty_assertion_attributes(assertion_attributes));
		user = _.extend(user, {
		attributes: assertion_attributes
		});
		return cb_wf(null, {
		user: user
		});
		}
		@@ -790,3 +829,3 @@ ], cb);
		return function(response_buffer, cb_wf) {
		var attribute, audience_restriction, audiences, condition, conditions, err, j, len, ref3, saml_response_abnormalized, validAudience;
		var err, saml_response_abnormalized;
		debug(saml_response);
		@@ -811,35 +850,3 @@ saml_response_abnormalized = add_namespaces_to_child_assertions(response_buffer.toString());
		response.type = 'authn_response';
		conditions = saml_response.getElementsByTagNameNS(XMLNS.SAML, 'Conditions')[0];
		if (conditions != null) {
		if (options.ignore_timing !== true) {
		ref3 = conditions.attributes;
		for (j = 0, len = ref3.length; j < len; j++) {
		attribute = ref3[j];
		condition = attribute.name.toLowerCase();
		if (condition === 'notbefore' && Date.parse(attribute.value) > Date.now() + (options.notbefore_skew * 1000)) {
		return cb_wf(new SAMLError('SAML Response is not yet valid', {
		NotBefore: attribute.value
		}));
		}
		if (condition === 'notonorafter' && Date.parse(attribute.value) <= Date.now()) {
		return cb_wf(new SAMLError('SAML Response is no longer valid', {
		NotOnOrAfter: attribute.value
		}));
		}
		}
		}
		audience_restriction = conditions.getElementsByTagNameNS(XMLNS.SAML, 'AudienceRestriction')[0];
		audiences = audience_restriction != null ? audience_restriction.getElementsByTagNameNS(XMLNS.SAML, 'Audience') : void 0;
		if ((audiences != null ? audiences.length : void 0) > 0) {
		validAudience = _.find(audiences, function(audience) {
		var audienceValue, ref4, ref5;
		audienceValue = (ref4 = audience.firstChild) != null ? (ref5 = ref4.data) != null ? ref5.trim() : void 0 : void 0;
		return !_.isEmpty(audienceValue != null ? audienceValue.trim() : void 0) && ((_.isRegExp(options.audience) && options.audience.test(audienceValue)) \|\| (_.isString(options.audience) && options.audience.toLowerCase() === audienceValue.toLowerCase()));
		});
		if (validAudience == null) {
		return cb_wf(new SAMLError('SAML Response is not valid for this audience'));
		}
		}
		}
		return parse_authn_response(saml_response, [_this.private_key].concat(_this.alt_private_keys), identity_provider.certificates, options.allow_unencrypted_assertion, options.ignore_signature, options.require_session_index, cb_wf);
		return parse_authn_response(saml_response, [_this.private_key].concat(_this.alt_private_keys), identity_provider.certificates, options.allow_unencrypted_assertion, options.ignore_signature, options.require_session_index, options.ignore_timing, options.notbefore_skew, options.audience, cb_wf);
		case saml_response.getElementsByTagNameNS(XMLNS.SAMLP, 'LogoutResponse').length !== 1:
		@@ -846,0 +853,0 @@ if (!check_status_success(saml_response)) {

package.json

		{
		"name": "saml2-js",
		"version": "2.0.3",
		"version": "2.0.5",
		"description": "SAML 2.0 node helpers",
		@@ -5,0 +5,0 @@ "author": "Clever",

.npmignore

circle.yml

test/saml2.coffee

Sorry, the diff of this file is not supported yet

saml2-js - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics