mocksaml/pages/api/saml/auth.ts

import { createHash } from 'crypto';
import config from 'lib/env';
import type { NextApiRequest, NextApiResponse } from 'next';
import type { User } from 'types';
import { createResponseForm, createResponseXML, signResponseXML } from 'utils';

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
  if (req.method === 'POST') {
    const email = req.body.email;

    if (!email.endsWith('@example.com') && !email.endsWith('@example.org')) {
      res.status(403).send(`${email} denied access`);
    }

    const id = createHash('sha256').update(email).digest('hex');

    const user: User = {
      id,
      email,
      firstName: id,
      lastName: id,
    };

    const xml = await createResponseXML({
      idpIdentityId: config.entityId,
      audience: req.body.audience,
      acsUrl: req.body.acsUrl,
      samlReqId: req.body.id,
      user: user,
    });

    const xmlSigned = await signResponseXML(xml, config.privateKey, config.publicKey);
    const encodedSamlResponse = Buffer.from(xmlSigned).toString('base64');
    const html = createResponseForm(req.body.relayState, encodedSamlResponse, req.body.acsUrl);

    res.send(html);
  } else {
    res.status(405).send(`Method ${req.method} Not Allowed`);
  }
}
Use email hash to generate id 2022-02-24 17:23:35 +00:00			`import { createHash } from 'crypto';`
			`import config from 'lib/env';`
Add example.org to the domain list so that users can test multiple domains (#12) * Add the email domain dropdown * Fix #5 Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com> 2022-03-02 21:02:13 +00:00			`import type { NextApiRequest, NextApiResponse } from 'next';`
Validate email and build SAML response 2022-02-22 08:17:41 +00:00			`import type { User } from 'types';`
Validate AuthnRequest signature (#11) * Validate AuthnRequest signature skelton * Code refactor: Move the base64decode to common method * wip * Add signature validation * Read the keys from config * Lock dep version Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com> 2022-03-02 21:06:04 +00:00			`import { createResponseForm, createResponseXML, signResponseXML } from 'utils';`
Add prettier config and format files 2022-02-22 05:36:06 +00:00
Validate email and build SAML response 2022-02-22 08:17:41 +00:00			`export default async function handler(req: NextApiRequest, res: NextApiResponse) {`
			`if (req.method === 'POST') {`
			`const email = req.body.email;`
Code cleanup 2022-02-23 13:48:20 +00:00
Add example.org to the domain list so that users can test multiple domains (#12) * Add the email domain dropdown * Fix #5 Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com> 2022-03-02 21:02:13 +00:00			`if (!email.endsWith('@example.com') && !email.endsWith('@example.org')) {`
Validate email and build SAML response 2022-02-22 08:17:41 +00:00			res.status(403).send(`${email} denied access`);
			`}`
Add example.org to the domain list so that users can test multiple domains (#12) * Add the email domain dropdown * Fix #5 Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com> 2022-03-02 21:02:13 +00:00
Use email hash to generate id 2022-02-24 17:23:35 +00:00			`const id = createHash('sha256').update(email).digest('hex');`
Code cleanup 2022-02-23 13:48:20 +00:00
Validate email and build SAML response 2022-02-22 08:17:41 +00:00			`const user: User = {`
			`id,`
			`email,`
			`firstName: id,`
			`lastName: id,`
			`};`

			`const xml = await createResponseXML({`
Fix idpIdentityId 2022-02-22 10:20:01 +00:00			`idpIdentityId: config.entityId,`
Validate email and build SAML response 2022-02-22 08:17:41 +00:00			`audience: req.body.audience,`
			`acsUrl: req.body.acsUrl,`
use saml req id 2022-02-23 12:35:58 +00:00			`samlReqId: req.body.id,`
Validate email and build SAML response 2022-02-22 08:17:41 +00:00			`user: user,`
			`});`

Validate AuthnRequest signature (#11) * Validate AuthnRequest signature skelton * Code refactor: Move the base64decode to common method * wip * Add signature validation * Read the keys from config * Lock dep version Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com> 2022-03-02 21:06:04 +00:00			`const xmlSigned = await signResponseXML(xml, config.privateKey, config.publicKey);`
Validate email and build SAML response 2022-02-22 08:17:41 +00:00			`const encodedSamlResponse = Buffer.from(xmlSigned).toString('base64');`
			`const html = createResponseForm(req.body.relayState, encodedSamlResponse, req.body.acsUrl);`

			`res.send(html);`
Add prettier config and format files 2022-02-22 05:36:06 +00:00			`} else {`
			res.status(405).send(`Method ${req.method} Not Allowed`);
			`}`
			`}`