From 929fac62dd65d16613dd6328ffa1596c0a41c938 Mon Sep 17 00:00:00 2001
From: Deepak Prabhakara <deepak@boxyhq.com>
Date: Wed, 12 Oct 2022 19:11:50 +0100
Subject: [PATCH] check for missing signature and throw appropriate error (#80)

---
 pages/api/saml/sso.ts |  2 +-
 utils/request.ts      | 11 +++++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/pages/api/saml/sso.ts b/pages/api/saml/sso.ts
index 3d5d49e..c6bc669 100644
--- a/pages/api/saml/sso.ts
+++ b/pages/api/saml/sso.ts
@@ -42,6 +42,6 @@ async function processSAMLRequest(req: NextApiRequest, res: NextApiResponse, isP
   } catch (err) {
     console.error(err);
 
-    res.status(500).send(`Error parsing SAML request`);
+    res.status(500).send(`${err}`);
   }
 }
diff --git a/utils/request.ts b/utils/request.ts
index d29a20b..8d43005 100644
--- a/utils/request.ts
+++ b/utils/request.ts
@@ -31,13 +31,20 @@ const extractSAMLRequestAttributes = async (rawRequest: string) => {
   const attributes = result['samlp:AuthnRequest']['$'];
   const issuer = result['samlp:AuthnRequest']['saml:Issuer'];
 
+  const publicKey = result['samlp:AuthnRequest']['Signature']
+    ? result['samlp:AuthnRequest']['Signature']['KeyInfo'][0]['X509Data'][0]['X509Certificate'][0]
+    : null;
+
+  if (!publicKey) {
+    throw new Error('Missing signature');
+  }
+
   return {
     id: attributes.ID,
     acsUrl: attributes.AssertionConsumerServiceURL,
     providerName: attributes.ProviderName,
     audience: issuer[0]['_'],
-    publicKey:
-      result['samlp:AuthnRequest']['Signature'][0]['KeyInfo'][0]['X509Data'][0]['X509Certificate'][0],
+    publicKey,
   };
 };