moved parsing of saml request to saml20 lib (#486)

2024-02-04 13:35:59 +00:00 · 2024-02-04 13:35:59 +00:00 · 0ad3b3bfac
commit 0ad3b3bfac
parent 4028487c13
5 changed files with 7 additions and 83 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -9,20 +9,18 @@
      "version": "1.3.1",
      "license": "Apache 2.0",
      "dependencies": {
-        "@boxyhq/saml20": "1.4.2",
+        "@boxyhq/saml20": "1.4.5",
        "daisyui": "4.6.1",
        "next": "14.1.0",
        "react": "18.2.0",
        "react-dom": "18.2.0",
        "react-gtm-module": "2.0.11",
        "xml2js": "0.6.2",
        "xmlbuilder": "15.1.1"
      },
      "devDependencies": {
        "@types/node": "20.11.16",
        "@types/react": "18.2.51",
        "@types/react-gtm-module": "2.0.3",
        "@types/xml2js": "0.4.14",
        "@typescript-eslint/parser": "6.20.0",
        "autoprefixer": "10.4.17",
        "eslint": "8.56.0",
@ -250,9 +248,9 @@
      }
    },
    "node_modules/@boxyhq/saml20": {
-      "version": "1.4.2",
+      "version": "1.4.5",
-      "resolved": "https://registry.npmjs.org/@boxyhq/saml20/-/saml20-1.4.2.tgz",
+      "resolved": "https://registry.npmjs.org/@boxyhq/saml20/-/saml20-1.4.5.tgz",
-      "integrity": "sha512-eAYoPfAMOSawyw5YFHpe4wIg7vALDgza0c/D5jfGEfg7GoI8MOsa7bLCo8FR45kGDji2NSfM8HkCexr8pkqw6A==",
+      "integrity": "sha512-iI+pEmCzl3r0RrIZ6L6QwuCoCZAkkcYTLJZbHLwNxll5JuDEXwg/tZu4Df7j5rO08aggf1w6cpIf/Ng/6hhLLw==",
      "dependencies": {
        "@xmldom/xmldom": "0.8.10",
        "lodash": "4.17.21",
@ -1050,15 +1048,6 @@
      "integrity": "sha512-s/FPdYRmZR8SjLWGMCuax7r3qCWQw9QKHzXVukAuuIJkXkDRwp+Pu5LMIVFi0Fxbav35WURicYr8u1QsoybnQw==",
      "dev": true
    },
    "node_modules/@types/xml2js": {
      "version": "0.4.14",
      "resolved": "https://registry.npmjs.org/@types/xml2js/-/xml2js-0.4.14.tgz",
      "integrity": "sha512-4YnrRemBShWRO2QjvUin8ESA41rH+9nQGLUGZV/1IDhi3SL9OhdpNC/MrulTWuptXKwhx/aDxE7toV0f/ypIXQ==",
      "dev": true,
      "dependencies": {
        "@types/node": "*"
      }
    },
    "node_modules/@typescript-eslint/parser": {
      "version": "6.20.0",
      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-6.20.0.tgz",
--- a/package.json
+++ b/package.json
@ -12,20 +12,18 @@
    "release": "git checkout release && git merge origin/main && release-it && git checkout main && git merge origin/release && git push origin main"
  },
  "dependencies": {
-    "@boxyhq/saml20": "1.4.2",
+    "@boxyhq/saml20": "1.4.5",
    "daisyui": "4.6.1",
    "next": "14.1.0",
    "react": "18.2.0",
    "react-dom": "18.2.0",
    "react-gtm-module": "2.0.11",
    "xml2js": "0.6.2",
    "xmlbuilder": "15.1.1"
  },
  "devDependencies": {
    "@types/node": "20.11.16",
    "@types/react": "18.2.51",
    "@types/react-gtm-module": "2.0.3",
    "@types/xml2js": "0.4.14",
    "@typescript-eslint/parser": "6.20.0",
    "autoprefixer": "10.4.17",
    "eslint": "8.56.0",
--- a/pages/api/saml/sso.ts
+++ b/pages/api/saml/sso.ts
@ -1,5 +1,4 @@
 import type { NextApiRequest, NextApiResponse } from 'next';
 import { decodeBase64, extractSAMLRequestAttributes } from 'utils';
 import saml from '@boxyhq/saml20';
 export default async function handler(req: NextApiRequest, res: NextApiResponse<string>) {
@ -30,12 +29,9 @@ async function processSAMLRequest(req: NextApiRequest, res: NextApiResponse, isP
  }
  try {
-    const rawRequest = await decodeBase64(samlRequest, isDeflated);
+    const rawRequest = await saml.decodeBase64(samlRequest, isDeflated);
-    const { id, audience, acsUrl, providerName, publicKey } = await extractSAMLRequestAttributes(
+    const { id, audience, acsUrl, providerName, publicKey } = await saml.parseSAMLRequest(rawRequest, isPost);
      rawRequest,
      isPost
    );
    if (isPost) {
      const { valid } = await saml.hasValidSignature(rawRequest, publicKey, null);
--- a/utils/index.ts
+++ b/utils/index.ts
@ -1,4 +1,3 @@
 export * from './certificate';
 export * from './idp';
 export * from './request';
 export * from './response';
--- a/utils/request.ts
+++ b/utils/request.ts
@ -1,58 +0,0 @@
 import { promisify } from 'util';
 import xml2js from 'xml2js';
 import { inflateRaw } from 'zlib';
 const inflateRawAsync = promisify(inflateRaw);
 // Parse XML
 const parseXML = (xml: string): Promise<Record<string, any>> => {
  return new Promise((resolve, reject) => {
    xml2js.parseString(
      xml,
      {
        tagNameProcessors: [xml2js.processors.stripPrefix],
        strict: true,
      },
      (err: Error | null, result: any) => {
        if (err) {
          reject(err);
        }
        resolve(result);
      }
    );
  });
 };
 // Decode the base64 string
 const decodeBase64 = async (string: string, isDeflated: boolean) => {
  return isDeflated
    ? (await inflateRawAsync(Buffer.from(string, 'base64'))).toString()
    : Buffer.from(string, 'base64').toString();
 };
 // Parse SAMLRequest attributes
 const extractSAMLRequestAttributes = async (rawRequest: string, isPost = true) => {
  const result = await parseXML(rawRequest);
  const attributes = result['AuthnRequest']['$'];
  const issuer = result['AuthnRequest']['Issuer'];
  const publicKey = result['AuthnRequest']['Signature']
    ? result['AuthnRequest']['Signature'][0]['KeyInfo'][0]['X509Data'][0]['X509Certificate'][0]
    : null;
  if (!publicKey && isPost) {
    throw new Error('Missing signature');
  }
  return {
    id: attributes.ID,
    acsUrl: attributes.AssertionConsumerServiceURL,
    providerName: attributes.ProviderName,
    audience: issuer[0]['_'] ?? issuer[0],
    publicKey,
  };
 };
 export { extractSAMLRequestAttributes, decodeBase64 };