Comparing version 0.28.0 to 0.29.0
@@ -0,1 +1,10 @@ | ||
0.29.0 / 2019-07-26 | ||
=================== | ||
* [ENHANCEMENT] Added Options object for signer.computeSignature (#1066) | ||
* [FIX] Prototype pollution in lodash versions <=4.17.11. Hence, updating lodash version to ^4.17.15 in package.json and package-lock.json (#1085) | ||
* [FIX] Fix known vulnerabilities found by `npm audit` (#1083) | ||
* [FIX] Adjusts URL detection to be case insensitive (#1082) | ||
* [FIX] Fixed issue causing error message, "TypeError: Cannot read property 'output' of undefined" (#1081) | ||
0.28.0 / 2019-06-20 | ||
@@ -2,0 +11,0 @@ =================== |
@@ -6,6 +6,13 @@ import { ISecurity } from '../types'; | ||
signatureAlgorithm?: string; | ||
signerOptions?: IXmlSignerOptions; | ||
} | ||
export interface IXmlSignerOptions { | ||
existingPrefixes?: { | ||
[key: string]: string; | ||
}; | ||
} | ||
export declare class WSSecurityCert implements ISecurity { | ||
private publicP12PEM; | ||
private signer; | ||
private signerOptions; | ||
private x509Id; | ||
@@ -12,0 +19,0 @@ private hasTimeStamp; |
@@ -28,4 +28,5 @@ "use strict"; | ||
function WSSecurityCert(privatePEM, publicP12PEM, password, options) { | ||
if (options === void 0) { options = {}; } | ||
var _this = this; | ||
options = options || {}; | ||
this.signerOptions = {}; | ||
this.publicP12PEM = publicP12PEM.toString() | ||
@@ -40,2 +41,4 @@ .replace('-----BEGIN CERTIFICATE-----', '') | ||
} | ||
this.signerOptions = (options.signerOptions) ? this.signerOptions = options.signerOptions | ||
: this.signerOptions = { existingPrefixes: { wsse: oasisBaseUri + "/oasis-200401-wss-wssecurity-secext-1.0.xsd" } }; | ||
this.signer.signingKey = { | ||
@@ -86,3 +89,3 @@ key: privatePEM, | ||
} | ||
this.signer.computeSignature(xmlWithSec); | ||
this.signer.computeSignature(xmlWithSec, this.signerOptions); | ||
return insertStr(this.signer.getSignatureXml(), xmlWithSec, xmlWithSec.indexOf('</wsse:Security>')); | ||
@@ -89,0 +92,0 @@ }; |
@@ -295,3 +295,3 @@ "use strict"; | ||
if (binding.style === 'rpc') { | ||
methodName = Object.keys(body)[0]; | ||
methodName = (Object.keys(body)[0] === 'attributes' ? Object.keys(body)[1] : Object.keys(body)[0]); | ||
_this_1.emit('request', obj, methodName); | ||
@@ -298,0 +298,0 @@ if (headers) { |
@@ -1060,3 +1060,3 @@ "use strict"; | ||
var includePath; | ||
if (!/^https?:/.test(this.uri) && !/^https?:/.test(include.location)) { | ||
if (!/^https?:/i.test(this.uri) && !/^https?:/i.test(include.location)) { | ||
includePath = path.resolve(path.dirname(this.uri), include.location); | ||
@@ -1223,3 +1223,3 @@ } | ||
var wsdl; | ||
if (!/^https?:/.test(uri)) { | ||
if (!/^https?:/i.test(uri)) { | ||
debug('Reading file: %s', uri); | ||
@@ -1226,0 +1226,0 @@ fs.readFile(uri, 'utf8', function (err, definition) { |
{ | ||
"name": "soap", | ||
"version": "0.28.0", | ||
"version": "0.29.0", | ||
"description": "A minimal node SOAP client", | ||
@@ -10,2 +10,3 @@ "engines": { | ||
"dependencies": { | ||
"@types/request": "^2.48.1", | ||
"bluebird": "^3.5.0", | ||
@@ -15,3 +16,3 @@ "concat-stream": "^2.0.0", | ||
"httpntlm": "^1.5.2", | ||
"lodash": "^4.17.5", | ||
"lodash": "^4.17.15", | ||
"request": ">=2.9.0", | ||
@@ -21,5 +22,4 @@ "sax": ">=0.6", | ||
"strip-bom": "^3.0.0", | ||
"@types/request": "^2.48.1", | ||
"uuid": "^3.1.0", | ||
"xml-crypto": "^1.2.0" | ||
"xml-crypto": "^1.4.0" | ||
}, | ||
@@ -43,3 +43,3 @@ "repository": { | ||
"toc": "./node_modules/.bin/doctoc Readme.md --github --maxlevel 3", | ||
"cover": "nyc --reporter=lcov --reporter=html --reporter=text mocha --timeout 15000 --exit test/*-test.js test/security/*.js", | ||
"cover": "nyc --extension=.ts --reporter=lcov --reporter=html --reporter=text mocha --timeout 15000 --exit test/*-test.js test/security/*.js", | ||
"coveralls": "cat ./coverage/lcov.info | ./node_modules/coveralls/bin/coveralls.js -v", | ||
@@ -63,3 +63,3 @@ "docs": "typedoc --out docs", | ||
"colors": "^1.3.3", | ||
"coveralls": "^3.0.3", | ||
"coveralls": "^3.0.5", | ||
"diff": "^4.0.1", | ||
@@ -72,4 +72,4 @@ "doctoc": "^1.4.0", | ||
"jshint": "^2.10.1", | ||
"mocha": "^6.0.2", | ||
"nyc": "^13.3.0", | ||
"mocha": "^6.1.4", | ||
"nyc": "^14.1.1", | ||
"readable-stream": "~2.0.2", | ||
@@ -81,3 +81,3 @@ "semver": "^5.6.0", | ||
"timekeeper": "^2.1.2", | ||
"tslint": "^5.13.1", | ||
"tslint": "^5.18.0", | ||
"typedoc": "^0.14.2", | ||
@@ -84,0 +84,0 @@ "typescript": "^3.3.3333" |
@@ -854,6 +854,13 @@ # Soap [![NPM version][npm-image]][npm-url] [![Downloads][downloads-image]][npm-url] [![Build Status][travis-image]][travis-url] [![Coveralls Status][coveralls-image]][coveralls-url] [![Gitter chat][gitter-image]][gitter-url] | ||
var password = ''; // optional password | ||
var wsSecurity = new soap.WSSecurityCert(privateKey, publicKey, password); | ||
var wsSecurity = new soap.WSSecurityCert(privateKey, publicKey, password, options); | ||
client.setSecurity(wsSecurity); | ||
``` | ||
the `options` object is optional and can contain the following properties: | ||
* `hasTimeStamp`: adds Timestamp element (default: `true`) | ||
* `signatureTransformations`: sets the Reference Transforms Algorithm (default ['http://www.w3.org/2000/09/xmldsig#enveloped-signature', 'http://www.w3.org/2001/10/xml-exc-c14n#']). Type is a string array | ||
* `signatureAlgorithm`: set to `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256` to use sha256 | ||
* `signerOptions`: passed options to the XML Signer package - from (https://github.com/yaronn/xml-crypto) | ||
* `existingPrefixes`: A hash of prefixes and namespaces prefix: namespace that shouldn't be in the signature because they already exist in the xml (default: `{ 'wsse': 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' }`) | ||
### NTLMSecurity | ||
@@ -860,0 +867,0 @@ |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
426682
5536
1203
Updatedlodash@^4.17.15
Updatedxml-crypto@^1.4.0