Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

soap

Package Overview
Dependencies
Maintainers
3
Versions
97
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

soap - npm Package Compare versions

Comparing version 0.29.0 to 0.30.0

10

History.md

@@ -0,1 +1,11 @@

0.30.0 / 2019-10-16
===================
* [ENHANCEMENT] Allow a fixed file path for local includes (#1089)
* [ENHANCEMENT] New XML Signing Options, extra tags to sign and small bug fix (#1091)
* [ENHANCEMENT] added forceMTOM option and updated the Readme (#1086)
* [FIX] Added undefined check in WSDL.processAttributes (#1090)
* [FIX] Fixes bug where methodName would not be included in the response event (#1087)
* [FIX] fixed MTOM removing soap12header (#1084)
0.29.0 / 2019-07-26

@@ -2,0 +12,0 @@ ===================

2

lib/client.js

@@ -344,3 +344,3 @@ "use strict";

}
}).join('\n');
}).join(' ');
}

@@ -347,0 +347,0 @@ xml = '<?xml version="1.0" encoding="utf-8"?>' +

@@ -53,3 +53,3 @@ "use strict";

var attachments = exoptions.attachments || [];
if (typeof data === 'string' && attachments.length === 0) {
if (typeof data === 'string' && attachments.length === 0 && !exoptions.forceMTOM) {
headers['Content-Length'] = Buffer.byteLength(data, 'utf8');

@@ -68,6 +68,18 @@ headers['Content-Type'] = 'application/x-www-form-urlencoded';

};
if (attachments.length > 0) {
if (exoptions.forceMTOM || attachments.length > 0) {
var start = uuid();
var action = null;
if (headers['Content-Type'].indexOf('action') > -1) {
for (var _i = 0, _a = headers['Content-Type'].split('; '); _i < _a.length; _i++) {
var ct = _a[_i];
if (ct.indexOf('action') > -1) {
action = ct;
}
}
}
headers['Content-Type'] =
'multipart/related; type="application/xop+xml"; start="<' + start + '>"; start-info="text/xml"; boundary=' + uuid();
if (action) {
headers['Content-Type'] = headers['Content-Type'] + '; ' + action;
}
var multipart_1 = [{

@@ -74,0 +86,0 @@ 'Content-Type': 'application/xop+xml; charset=UTF-8; type="text/xml"',

@@ -6,5 +6,10 @@ import { ISecurity } from '../types';

signatureAlgorithm?: string;
additionalReferences?: string[];
signerOptions?: IXmlSignerOptions;
}
export interface IXmlSignerOptions {
prefix?: string;
attrs?: {
[key: string]: string;
};
existingPrefixes?: {

@@ -23,4 +28,5 @@ [key: string]: string;

private expires;
private additionalReferences;
constructor(privatePEM: any, publicP12PEM: any, password: any, options?: IWSSecurityCertOptions);
postProcess(xml: any, envelopeKey: any): string;
}

@@ -31,2 +31,3 @@ "use strict";

this.signerOptions = {};
this.additionalReferences = [];
this.publicP12PEM = publicP12PEM.toString()

@@ -41,4 +42,18 @@ .replace('-----BEGIN CERTIFICATE-----', '')

}
this.signerOptions = (options.signerOptions) ? this.signerOptions = options.signerOptions
: this.signerOptions = { existingPrefixes: { wsse: oasisBaseUri + "/oasis-200401-wss-wssecurity-secext-1.0.xsd" } };
if (options.additionalReferences && options.additionalReferences.length > 0) {
this.additionalReferences = options.additionalReferences;
}
if (options.signerOptions) {
var signerOptions = options.signerOptions;
this.signerOptions = signerOptions;
if (!this.signerOptions.existingPrefixes) {
this.signerOptions.existingPrefixes = {};
}
if (this.signerOptions.existingPrefixes && !this.signerOptions.existingPrefixes.wsse) {
this.signerOptions.existingPrefixes.wsse = oasisBaseUri + "/oasis-200401-wss-wssecurity-secext-1.0.xsd";
}
}
else {
this.signerOptions = { existingPrefixes: { wsse: oasisBaseUri + "/oasis-200401-wss-wssecurity-secext-1.0.xsd" } };
}
this.signer.signingKey = {

@@ -85,2 +100,13 @@ key: privatePEM,

}
var _loop_1 = function (name_1) {
var xpath = "//*[name(.)='" + name_1 + "']";
if (!(this_1.signer.references.filter(function (ref) { return (ref.xpath === xpath); }).length > 0)) {
this_1.signer.addReference(xpath, references);
}
};
var this_1 = this;
for (var _i = 0, _a = this.additionalReferences; _i < _a.length; _i++) {
var name_1 = _a[_i];
_loop_1(name_1);
}
var timestampXpath = "//*[name(.)='wsse:Security']/*[local-name(.)='Timestamp']";

@@ -87,0 +113,0 @@ if (this.hasTimeStamp && !(this.signer.references.filter(function (ref) { return (ref.xpath === timestampXpath); }).length > 0)) {

@@ -317,2 +317,3 @@ "use strict";

}
methodName = pair.methodName;
_this_1._executeMethod({

@@ -319,0 +320,0 @@ serviceName: serviceName,

@@ -863,3 +863,3 @@ "use strict";

var attr = '';
if (child === null) {
if (child === null || child === undefined) {
child = [];

@@ -1062,3 +1062,9 @@ }

if (!/^https?:/i.test(this.uri) && !/^https?:/i.test(include.location)) {
includePath = path.resolve(path.dirname(this.uri), include.location);
var isFixed = (this.options.wsdl_options !== undefined && this.options.wsdl_options.hasOwnProperty('fixedPath')) ? this.options.wsdl_options.fixedPath : false;
if (isFixed) {
includePath = path.resolve(path.dirname(this.uri), path.parse(include.location).base);
}
else {
includePath = path.resolve(path.dirname(this.uri), include.location);
}
}

@@ -1065,0 +1071,0 @@ else {

{
"name": "soap",
"version": "0.29.0",
"version": "0.30.0",
"description": "A minimal node SOAP client",

@@ -5,0 +5,0 @@ "engines": {

@@ -503,2 +503,15 @@ # Soap [![NPM version][npm-image]][npm-url] [![Downloads][downloads-image]][npm-url] [![Build Status][travis-image]][travis-url] [![Coveralls Status][coveralls-image]][coveralls-url] [![Gitter chat][gitter-image]][gitter-url]

* `forever`: Enables keep-alive connections and pools them
* `attachments`: array of attachment objects. This converts the request into MTOM: _headers['Content-Type']='multipart/related; type="application/xop+xml"; start= ... '_
```
[{
mimetype: content mimetype,
contentId: part id,
name: file name,
body: binary data
},
...
]
```
* `forceMTOM`: set to True if you want to send the request as MTOM even if you don't have attachments

@@ -855,2 +868,16 @@ ### Client.*method*Async(args) - call *method* on the SOAP service.

var password = ''; // optional password
var options = {
hasTimeStamp: true,
additionalReferences: [
'wsa:Action',
'wsa:ReplyTo',
'wsa:To',
],
signerOptions: {
prefix: 'ds',
attrs: { Id: 'Signature' },
existingPrefixes: {
wsse: 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd',
}
}
var wsSecurity = new soap.WSSecurityCert(privateKey, publicKey, password, options);

@@ -860,9 +887,141 @@ client.setSecurity(wsSecurity);

the `options` object is optional and can contain the following properties:
* `hasTimeStamp`: adds Timestamp element (default: `true`)
The `options` object is optional and can contain the following properties:
* `hasTimeStamp`: Includes Timestamp tags (default: `true`)
* `signatureTransformations`: sets the Reference Transforms Algorithm (default ['http://www.w3.org/2000/09/xmldsig#enveloped-signature', 'http://www.w3.org/2001/10/xml-exc-c14n#']). Type is a string array
* `signatureAlgorithm`: set to `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256` to use sha256
* `signerOptions`: passed options to the XML Signer package - from (https://github.com/yaronn/xml-crypto)
* `existingPrefixes`: A hash of prefixes and namespaces prefix: namespace that shouldn't be in the signature because they already exist in the xml (default: `{ 'wsse': 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' }`)
* `additionalReferences` : (optional) Array of Soap headers that need to be signed. This need to be added using `client.addSoapHeader('header')`
* `signerOptions`: (optional) passes options to the XML Signer package - from (https://github.com/yaronn/xml-crypto)
* `existingPrefixes`: (optional) A hash of prefixes and namespaces prefix: namespace that shouldn't be in the signature because they already exist in the xml (default: `{ 'wsse': 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' }`)
* `prefix`: (optional) Adds this value as a prefix for the generated signature tags.
* `attrs`: (optional) A hash of attributes and values attrName: value to add to the signature root node
#### Option examples
`hasTimeStamp:true`
``` xml
<soap:Header>
<wsse:Security soap:mustUnderstand="1">
<wsse:BinarySecurityToken>XXX</wsse:BinarySecurityToken>
<!-- The Timestamp group of tags are added and signed -->
<Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Id="Timestamp">
<Created>2019-10-01T08:17:50Z</Created>
<Expires>2019-10-01T08:27:50Z</Expires>
</Timestamp>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
...
<Reference URI="#Timestamp">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>XyZ=</DigestValue>
</Reference>
</SignedInfo>
</Signature>
</wsse:Security>
</soap:Header>
```
`additionalReferences: ['To']`
``` XML
<soap:Header>
<To Id="To">localhost.com</To>
<wsse:Security soap:mustUnderstand="1">
<wsse:BinarySecurityToken>XXX</wsse:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<!-- The "To" tag is signed and added as a reference -->
<Reference URI="#To">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>XYZ</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
Rf6M4F4puQuQHJIPtJz1CZIVvF3qOdpEEcuAiooWkX5ecnAHSf3RW3sOIzFUWW7VOOncJcts/3xr8DuN4+8Wm9hx1MoOcWJ6kyRIdVNbQWLseIcAhxYCntRY57T2TBXzpb0UPA56pry1+TEcnIQXhdIzG5YT+tTVTp+SZHHcnlP5Y+yqnIOH9wzgRvAovbydTYPCODF7Ana9K/7CSGDe7vpVT85CUYUcJE4DfTxaRa9gKkKrBdPN9vFVi0WfxtMF4kv23cZRCZzS5+CoLfPlx3mq65gVXsqH01RLbktNJq9VaQKcZUgapmUCMzrYhqyzUQJ8HrSHqe+ya2GsjlB0VQ==
</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference URI="#x509-c5c0d213676f4a6ba5e6fa58074eb57a"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soap:Header>
```
`signerOptions.prefix:'ds'`
``` XML
<soap:Header>
<To Id="To">localhost.com</To>
<wsse:Security soap:mustUnderstand="1">
<wsse:BinarySecurityToken>XXX</wsse:BinarySecurityToken>
<!-- Signature and children tags are given the prefix defined. -->
<ds:Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#To">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>XYZ</DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
Rf6M4F4puQuQHJIPtJz1CZIVvF3qOdpEEcuAiooWkX5ecnAHSf3RW3sOIzFUWW7VOOncJcts/3xr8DuN4+8Wm9hx1MoOcWJ6kyRIdVNbQWLseIcAhxYCntRY57T2TBXzpb0UPA56pry1+TEcnIQXhdIzG5YT+tTVTp+SZHHcnlP5Y+yqnIOH9wzgRvAovbydTYPCODF7Ana9K/7CSGDe7vpVT85CUYUcJE4DfTxaRa9gKkKrBdPN9vFVi0WfxtMF4kv23cZRCZzS5+CoLfPlx3mq65gVXsqH01RLbktNJq9VaQKcZUgapmUCMzrYhqyzUQJ8HrSHqe+ya2GsjlB0VQ==
</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference URI="#x509-c5c0d213676f4a6ba5e6fa58074eb57a"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soap:Header>
```
`signerOptions.attrs:{ Id: 'signature-100', foo:'bar'}`
``` xml
<soap:Header>
<wsse:Security soap:mustUnderstand="1">
<wsse:BinarySecurityToken>XXX</wsse:BinarySecurityToken>
<!-- The Timestamp group of tags are added and signed -->
<Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Id="Timestamp">
<Created>2019-10-01T08:17:50Z</Created>
<Expires>2019-10-01T08:27:50Z</Expires>
</Timestamp>
<Signature Id="signature-100" foo="bar" xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
...
<Reference URI="#Timestamp">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>XyZ=</DigestValue>
</Reference>
</SignedInfo>
</Signature>
</wsse:Security>
</soap:Header>
```
### NTLMSecurity

@@ -1004,2 +1163,19 @@

```
### Overriding imports relative paths
By default, WSDL and schema files import other schemas and types using relative paths.
However in some systems (i.e. NetSuite) when the wsdl is downloaded for offline caching, all files are flattened under a single directory and all the imports fail.
Passing this option allows `node-soap` to correctly load all files.
```javascript
var options ={
wsdl_options = { fixedPath: true }
};
soap.createClient(__dirname+'/wsdl/fixedPath/netsuite.wsdl', options, function(err, client) {
// your code
});
```
### Specifying the exact namespace definition of the root element

@@ -1006,0 +1182,0 @@ In rare cases, you may want to precisely control the namespace definition that is included in the root element.

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc