mocksaml/pages/api/saml/auth.ts

import { createHash } from 'crypto';
import config from 'lib/env';
import type { NextApiRequest, NextApiResponse } from 'next';
import type { User } from 'types';
import { createResponseXML, signResponseXML } from 'utils';
import saml from '@boxyhq/saml20';
import { getEntityId } from 'lib/entity-id';

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
  if (req.method === 'POST') {
    const { email, audience, acsUrl, id, relayState } = req.body;

    if (!email.endsWith('@example.com') && !email.endsWith('@example.org')) {
      res.status(403).send(`${email} denied access`);
    }

    const userId = createHash('sha256').update(email).digest('hex');
    const userName = email.split('@')[0];

    const user: User = {
      id: userId,
      email,
      firstName: userName,
      lastName: userName,
    };

    const xml = await createResponseXML({
      idpIdentityId: getEntityId(config.entityId, req.query.namespace as any),
      audience,
      acsUrl,
      samlReqId: id,
      user: user,
    });

    const xmlSigned = await signResponseXML(xml, config.privateKey, config.publicKey);
    const encodedSamlResponse = Buffer.from(xmlSigned).toString('base64');
    const html = saml.createPostForm(acsUrl, [
      {
        name: 'RelayState',
        value: relayState,
      },
      {
        name: 'SAMLResponse',
        value: encodedSamlResponse,
      },
    ]);

    res.send(html);
  } else {
    res.status(405).send(`Method ${req.method} Not Allowed`);
  }
}
Use email hash to generate id 2022-02-24 17:23:35 +00:00			`import { createHash } from 'crypto';`
			`import config from 'lib/env';`
Add example.org to the domain list so that users can test multiple domains (#12) * Add the email domain dropdown * Fix #5 Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com> 2022-03-02 21:02:13 +00:00			`import type { NextApiRequest, NextApiResponse } from 'next';`
Validate email and build SAML response 2022-02-22 08:17:41 +00:00			`import type { User } from 'types';`
Switch to saml20 (#21) * Use boxyhq/saml20 * use sign from saml20 * cleaned up GetKeyInfo * cleaned up getPublicKeyPemFromCertificate * cleaned up node-forge * use hasValidSignature from saml20 * cleanup and update saml20 to the beta version * throw an error if signature is not valid * updated saml20 2022-04-26 17:02:12 +00:00			`import { createResponseXML, signResponseXML } from 'utils';`
			`import saml from '@boxyhq/saml20';`
Add a namespace page to get unique entity ids for multi tenant use (#472) * allow a unique entity id per org * updated metadata url to support org * org specific login * org -> namespace * updated node and alpine * spacing tweak 2024-01-20 23:20:37 +00:00			`import { getEntityId } from 'lib/entity-id';`
Add prettier config and format files 2022-02-22 05:36:06 +00:00
Validate email and build SAML response 2022-02-22 08:17:41 +00:00			`export default async function handler(req: NextApiRequest, res: NextApiResponse) {`
			`if (req.method === 'POST') {`
tweaked firstName and lastName 2022-03-02 23:50:03 +00:00			`const { email, audience, acsUrl, id, relayState } = req.body;`
Code cleanup 2022-02-23 13:48:20 +00:00
Add example.org to the domain list so that users can test multiple domains (#12) * Add the email domain dropdown * Fix #5 Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com> 2022-03-02 21:02:13 +00:00			`if (!email.endsWith('@example.com') && !email.endsWith('@example.org')) {`
Validate email and build SAML response 2022-02-22 08:17:41 +00:00			res.status(403).send(`${email} denied access`);
			`}`
Add example.org to the domain list so that users can test multiple domains (#12) * Add the email domain dropdown * Fix #5 Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com> 2022-03-02 21:02:13 +00:00
tweaked firstName and lastName 2022-03-02 23:50:03 +00:00			`const userId = createHash('sha256').update(email).digest('hex');`
			`const userName = email.split('@')[0];`
Code cleanup 2022-02-23 13:48:20 +00:00
Validate email and build SAML response 2022-02-22 08:17:41 +00:00			`const user: User = {`
tweaked firstName and lastName 2022-03-02 23:50:03 +00:00			`id: userId,`
Validate email and build SAML response 2022-02-22 08:17:41 +00:00			`email,`
tweaked firstName and lastName 2022-03-02 23:50:03 +00:00			`firstName: userName,`
			`lastName: userName,`
Validate email and build SAML response 2022-02-22 08:17:41 +00:00			`};`

			`const xml = await createResponseXML({`
Add a namespace page to get unique entity ids for multi tenant use (#472) * allow a unique entity id per org * updated metadata url to support org * org specific login * org -> namespace * updated node and alpine * spacing tweak 2024-01-20 23:20:37 +00:00			`idpIdentityId: getEntityId(config.entityId, req.query.namespace as any),`
tweaked firstName and lastName 2022-03-02 23:50:03 +00:00			`audience,`
			`acsUrl,`
			`samlReqId: id,`
Validate email and build SAML response 2022-02-22 08:17:41 +00:00			`user: user,`
			`});`

Validate AuthnRequest signature (#11) * Validate AuthnRequest signature skelton * Code refactor: Move the base64decode to common method * wip * Add signature validation * Read the keys from config * Lock dep version Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com> 2022-03-02 21:06:04 +00:00			`const xmlSigned = await signResponseXML(xml, config.privateKey, config.publicKey);`
Validate email and build SAML response 2022-02-22 08:17:41 +00:00			`const encodedSamlResponse = Buffer.from(xmlSigned).toString('base64');`
updated to saml20 v1.0.1 2022-04-27 20:16:05 +00:00			`const html = saml.createPostForm(acsUrl, [`
			`{`
			`name: 'RelayState',`
			`value: relayState,`
			`},`
			`{`
			`name: 'SAMLResponse',`
			`value: encodedSamlResponse,`
			`},`
			`]);`
Validate email and build SAML response 2022-02-22 08:17:41 +00:00
			`res.send(html);`
Add prettier config and format files 2022-02-22 05:36:06 +00:00			`} else {`
			res.status(405).send(`Method ${req.method} Not Allowed`);
			`}`
			`}`