siwatsystem-public/satitm-sso-node
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity

sso

Browse source
This commit is contained in:
Siwat Sirichai 2024-05-03 16:11:08 +07:00
parent 029fe23657
commit 1876580d86
911 changed files with 160008 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

367
node_modules/passport-saml/CHANGELOG.md generated vendored Normal file
View file

@ -0,0 +1,367 @@
# Changelog
## v2.0.3 (2021-01-07)
- [**bug**] Reexport SamlConfig type to solve a regression in consumer packages [#516](https://github.com/node-saml/passport-saml/pull/516)
- [**bug**] fix: derive SamlConfig from SAMLOptions [#515](https://github.com/node-saml/passport-saml/pull/515)
- [**bug**] add ts-ignore to generated type definitions for multisaml strategy [#508](https://github.com/node-saml/passport-saml/pull/508)
- [**enhancement**] dev: add @types/xml-encryption [#517](https://github.com/node-saml/passport-saml/pull/517)
- [**dependencies**] upgrade deps to latest versions [#514](https://github.com/node-saml/passport-saml/pull/514)
- [**closed**] normalize signature line endings before loading signature block to xml-crypto [#512](https://github.com/node-saml/passport-saml/pull/512)
- [**closed**] fix(typing): Export Multi SAML types [#505](https://github.com/node-saml/passport-saml/pull/505)
- [**closed**] docs(scoping): fix for example [#504](https://github.com/node-saml/passport-saml/pull/504)
- [**dependencies**] Bump ini from 1.3.5 to 1.3.8 [#513](https://github.com/node-saml/passport-saml/pull/513)
- [**closed**] minor - fix typo in README [#506](https://github.com/node-saml/passport-saml/pull/506)
- [**semver-patch**] fix(typing): multi saml stratey export [#503](https://github.com/node-saml/passport-saml/pull/503)
- [**closed**] Prettier + ESLint + onchange = Happiness [#493](https://github.com/node-saml/passport-saml/pull/493)
- [**semver-patch**] support windows line breaks in keys [#500](https://github.com/node-saml/passport-saml/pull/500)
---
## v2.0.2 (2020-11-05)
- [**semver-patch**] normalize line endings before signature validation [#498](https://github.com/node-saml/passport-saml/pull/498)
---
## v2.0.1 (2020-11-03)
- [**closed**] Add deprecation notice for privateCert; fix bug [#492](https://github.com/node-saml/passport-saml/pull/492)
---
## v2.0.0 (2020-11-03)
- [**semver-minor**] Allow for use of privateKey instead of privateCert [#488](https://github.com/node-saml/passport-saml/pull/488)
- [**closed**] inlineSources option for better source maps [#487](https://github.com/node-saml/passport-saml/pull/487)
- [**2.0**][**breaking-change**] Always throw error objects instead of strings [#412](https://github.com/node-saml/passport-saml/pull/412)
- [**new-feature**][**pending-refinement**][**semver-minor**] feat(authorize-request): idp scoping provider [#428](https://github.com/node-saml/passport-saml/pull/428)
- [**semver-patch**] update version of xml2js to 0.4.23, fixes #479 [#486](https://github.com/node-saml/passport-saml/pull/486)
- [**closed**] fix: disable esmoduleInterop setting [#483](https://github.com/node-saml/passport-saml/pull/483)
---
## v1.5.0 (2020-10-30)
- [**closed**] validateSignature: Support XML docs that contain multiple signed node… [#481](https://github.com/node-saml/passport-saml/pull/481)
- [**needs-review**][**pending-refinement**] validateSignature: Support XML docs that contain multiple signed nodes [#455](https://github.com/node-saml/passport-saml/pull/455)
- [**closed**] Revert "validateSignature: Support XML docs that contain multiple signed nodes" [#480](https://github.com/node-saml/passport-saml/pull/480)
- [**closed**] outdated Q library was removed [#478](https://github.com/node-saml/passport-saml/pull/478)
---
## v1.4.2 (2020-10-29)
- [**closed**] Primary files use typescript [#477](https://github.com/node-saml/passport-saml/pull/477)
---
## v1.4.1 (2020-10-29)
- [**closed**] compatibility with @types/passport-saml, fixes #475 [#476](https://github.com/node-saml/passport-saml/pull/476)
---
## v1.4.0 (2020-10-28)
- [**closed**] try to use curl when wget is not available [#468](https://github.com/node-saml/passport-saml/pull/468)
- [**closed**] Ts secondary files [#474](https://github.com/node-saml/passport-saml/pull/474)
- [**closed**] bumped xml-crypto from 1.5.3 to 2.0.0 [#470](https://github.com/node-saml/passport-saml/pull/470)
- [**closed**] support typescript compilation [#469](https://github.com/node-saml/passport-saml/pull/469)
- [**closed**] Add PR template [#473](https://github.com/node-saml/passport-saml/pull/473)
- [**closed**] Drop support for Node 8 [#462](https://github.com/node-saml/passport-saml/pull/462)
- [**closed**] Fix typo [#434](https://github.com/node-saml/passport-saml/pull/434)
- [**closed**] Upgrade xml-crypto dependancy [#465](https://github.com/node-saml/passport-saml/pull/465)
- [**bug**] Only make an attribute an object if it has child elements [#464](https://github.com/node-saml/passport-saml/pull/464)
- [**closed**] Add GitHub Actions as Continuos Integration provider [#463](https://github.com/node-saml/passport-saml/pull/463)
- [**closed**] fix: add catch block to NameID decryption [#461](https://github.com/node-saml/passport-saml/pull/461)
---
## v1.3.5 (2020-09-16)
- [**dependencies**] Bump lodash from 4.17.15 to 4.17.20 [#449](https://github.com/node-saml/passport-saml/pull/449)
- [**dependencies**] Bump acorn from 7.1.0 to 7.4.0 [#448](https://github.com/node-saml/passport-saml/pull/448)
- [**closed**] Return object for XML-valued AttributeValues [#447](https://github.com/node-saml/passport-saml/pull/447)
- [**closed**] Revert "doc: announce site move." [#446](https://github.com/node-saml/passport-saml/pull/446)
---
## v1.3.4 (2020-07-21)
- [**closed**] Fix multi saml strategy race conditions [#426](https://github.com/node-saml/passport-saml/pull/426)
---
## v1.3.3 (2020-02-19)
- [**closed**] Singleline private keys [#423](https://github.com/node-saml/passport-saml/pull/423)
---
## v1.3.2 (2020-02-12)
- [**closed**] Revert "convert privateCert to PEM for signing" [#421](https://github.com/node-saml/passport-saml/pull/421)
---
## v1.3.1 (2020-02-11)
- [**closed**] Upgrade xml-encryption to 1.0.0 [#420](https://github.com/node-saml/passport-saml/pull/420)
---
## v1.3.0 (2020-02-06)
- [**pending-refinement**] Issue #206: Support signing AuthnRequests using the HTTP-POST Binding [#207](https://github.com/node-saml/passport-saml/pull/207)
- [**closed**] Add tests to check for correct logout [#418](https://github.com/node-saml/passport-saml/pull/418)
- [**closed**] added passReqToCallback to docs [#417](https://github.com/node-saml/passport-saml/pull/417)
- [**closed**] Fix an issue readme formatting [#416](https://github.com/node-saml/passport-saml/pull/416)
- [**closed**] attributeConsumingServiceIndex can be zero [#414](https://github.com/node-saml/passport-saml/pull/414)
- [**pending-refinement**] convert privateCert to PEM for signing [#390](https://github.com/node-saml/passport-saml/pull/390)
- [**pending-refinement**] add support for encrypted nameIDs in SLO request handling [#408](https://github.com/node-saml/passport-saml/pull/408)
- [**need-more-info**][**peer-review-welcome**] Bring-up xml-crypto to 1.4.0 [#400](https://github.com/node-saml/passport-saml/pull/400)
- [**closed**] fix #393 adding 'inResponseTo' in the profile [#404](https://github.com/node-saml/passport-saml/pull/404)
- [**closed**] Fix #355 missing parts: tests. [#402](https://github.com/node-saml/passport-saml/pull/402)
- [**closed**] Fix minimum version of Node.js in Travis [#399](https://github.com/node-saml/passport-saml/pull/399)
- [**closed**] Add .editorconfig as suggested in #373 [#398](https://github.com/node-saml/passport-saml/pull/398)
---
## v1.2.0 (2019-09-12)
- [**peer-review-welcome**] NameIDFormat fix [#375](https://github.com/node-saml/passport-saml/pull/375)
- [**peer-review-welcome**] Remove InResponseTo value if response validation fails [#341](https://github.com/node-saml/passport-saml/pull/341)
---
## v1.1.0 (2019-05-10)
- [**closed**] Fix broken tests [#367](https://github.com/node-saml/passport-saml/pull/367)
- [**peer-review-welcome**] Create a way to get provider metadata when using the MultiSamlStrategy [#323](https://github.com/node-saml/passport-saml/pull/323)
- [**pending-refinement**] feat: add RequestedAuthnContext Comparison Type parameter [#360](https://github.com/node-saml/passport-saml/pull/360)
- [**closed**] Update README.md [#363](https://github.com/node-saml/passport-saml/pull/363)
- [**peer-review-welcome**] InResponseTo support for logout [#356](https://github.com/node-saml/passport-saml/pull/356)
---
## v1.0.0 (2018-12-02)
- [**closed**] Handle case of missing InResponseTo when validation is on [#302](https://github.com/node-saml/passport-saml/pull/302)
- [**closed**] Extend and document the profile object [#301](https://github.com/node-saml/passport-saml/pull/301)
---
## v0.35.0 (2018-08-14)
_No changelog for this release._
---
## v0.34.0 (2018-08-14)
_No changelog for this release._
---
## v0.33.0 (2018-02-16)
_No changelog for this release._
---
## v0.32.1 (2018-01-03)
- [**closed**] README: fix typo `s/ADSF/ADFS/` [#251](https://github.com/node-saml/passport-saml/pull/251)
---
## v0.31.0 (2017-11-01)
_No changelog for this release._
---
## v0.30.0 (2017-10-12)
_No changelog for this release._
---
## v0.20.2 (2017-10-10)
_No changelog for this release._
---
## v0.20.1 (2017-10-10)
_No changelog for this release._
---
## v0.20.0 (2017-10-09)
_No changelog for this release._
---
## v0.16.2 (2017-10-07)
_No changelog for this release._
---
## v0.16.1 (2017-10-05)
_No changelog for this release._
---
## v0.16.0 (2017-10-04)
_No changelog for this release._
---
## v0.15.0 (2015-12-30)
_No changelog for this release._
---
## v0.14.0 (2015-11-02)
_No changelog for this release._
---
## v0.13.0 (2015-10-09)
_No changelog for this release._
---
## v0.12.0 (2015-08-19)
_No changelog for this release._
---
## v0.11.1 (2015-08-18)
_No changelog for this release._
---
## v0.11.0 (2015-08-10)
_No changelog for this release._
---
## v0.10.0 (2015-06-08)
_No changelog for this release._
---
## v0.9.2 (2015-04-26)
_No changelog for this release._
---
## v0.9.1 (2015-02-18)
_No changelog for this release._
---
## v0.9.0 (2015-02-05)
_No changelog for this release._
---
## v0.8.0 (2015-01-23)
_No changelog for this release._
---
## v0.7.0 (2015-01-13)
_No changelog for this release._
---
## v0.6.2 (2015-01-06)
_No changelog for this release._
---
## v0.6.1 (2014-12-18)
_No changelog for this release._
---
## v0.6.0 (2014-11-14)
_No changelog for this release._
---
## v0.5.3 (2014-09-11)
_No changelog for this release._
---
## v0.5.2 (2014-07-02)
_No changelog for this release._
---
## v0.5.1 (2014-07-02)
_No changelog for this release._
---
## v0.5.0 (2014-07-01)
_No changelog for this release._
---
## v0.4.0 (2014-06-20)
_No changelog for this release._
---
## v0.3.0 (2014-06-09)
_No changelog for this release._
---
## v0.2.1 (2014-06-05)
_No changelog for this release._
---
## v0.2.0 (2014-06-03)
_No changelog for this release._
---
## v0.1.0 (2014-05-31)
_No changelog for this release._

23
node_modules/passport-saml/LICENSE generated vendored Normal file
View file

@ -0,0 +1,23 @@
Copyright (c) 2012 Henri Bergius
Copyright (c) 2011 Michael Bosworth
Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation
files (the "Software"), to deal in the Software without
restriction, including without limitation the rights to use,
copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the
Software is furnished to do so, subject to the following
conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.

404
node_modules/passport-saml/README.md generated vendored Normal file
View file

@ -0,0 +1,404 @@
Passport-SAML
=============
[![Build Status](https://github.com/node-saml/passport-saml/workflows/Build%20Status/badge.svg)](https://github.com/node-saml/passport-saml/actions?query=workflow%3ABuild%Status) [![GitHub version](https://badge.fury.io/gh/node-saml%2Fpassport-saml.svg)](https://badge.fury.io/gh/node-saml%2Fpassport-saml) [![npm version](https://badge.fury.io/js/passport-saml.svg)](http://badge.fury.io/js/passport-saml) [![NPM](https://nodei.co/npm/passport-saml.png?downloads=true&downloadRank=true&stars=true)](https://nodei.co/npm/passport-saml/) [![code style: prettier](https://img.shields.io/badge/code_style-prettier-ff69b4.svg?style=flat-square)](https://github.com/prettier/prettier)
This is a [SAML 2.0](http://en.wikipedia.org/wiki/SAML_2.0) authentication provider for [Passport](http://passportjs.org/), the Node.js authentication library.
The code was originally based on Michael Bosworth's [express-saml](https://github.com/bozzltron/express-saml) library.
Passport-SAML has been tested to work with Onelogin, Okta, Shibboleth, [SimpleSAMLphp](http://simplesamlphp.org/) based Identity Providers, and with [Active Directory Federation Services](http://en.wikipedia.org/wiki/Active_Directory_Federation_Services).
## Installation
$ npm install passport-saml
/
## Usage
The examples utilize the [Feide OpenIdp identity provider](https://openidp.feide.no/). You need an account there to log in with this. You also need to [register your site](https://openidp.feide.no/simplesaml/module.php/metaedit/index.php) as a service provider.
### Configure strategy
The SAML identity provider will redirect you to the URL provided by the `path` configuration.
```javascript
var SamlStrategy = require('passport-saml').Strategy;
[...]
passport.use(new SamlStrategy(
{
path: '/login/callback',
entryPoint: 'https://openidp.feide.no/simplesaml/saml2/idp/SSOService.php',
issuer: 'passport-saml'
},
function(profile, done) {
findByEmail(profile.email, function(err, user) {
if (err) {
return done(err);
}
return done(null, user);
});
})
);
```
### Configure strategy for multiple providers
You can pass a `getSamlOptions` parameter to `MultiSamlStrategy` which will be called before the SAML flows. Passport-SAML will pass in the request object so you can decide which configuation is appropriate.
```javascript
var MultiSamlStrategy = require('passport-saml/multiSamlStrategy');
[...]
passport.use(new MultiSamlStrategy(
{
passReqToCallback: true, //makes req available in callback
getSamlOptions: function(request, done) {
findProvider(request, function(err, provider) {
if (err) {
return done(err);
}
return done(null, provider.configuration);
});
}
},
function(req, profile, done) {
findByEmail(profile.email, function(err, user) {
if (err) {
return done(err);
}
return done(null, user);
});
})
);
```
The options passed when the `MultiSamlStrategy` is initialized are also passed as default values to each provider.
e.g. If you provide an `issuer` on `MultiSamlStrategy`, this will be also a default value for every provider.
You can override these defaults by passing a new value through the `getSamlOptions` function.
Using multiple providers supports `validateInResponseTo`, but all the `InResponse` values are stored on the same Cache. This means, if you're using the default `InMemoryCache`, that all providers have access to it and a provider might get its response validated against another's request. [Issue Report](!https://github.com/node-saml/passport-saml/issues/334). To amend this you should provide a different cache provider per SAML provider, through the `getSamlOptions` function.
> :warning: **There's a race condition [bug](https://github.com/node-saml/passport-saml/issues/425) in versions < 1.3.3 which makes it vulnerable to DOS attacks**: Please use > 1.3.3 if you want to use this issue
#### The profile object:
The profile object referenced above contains the following:
```typescript
type Profile = {
issuer?: string;
sessionIndex?: string;
nameID?: string;
nameIDFormat?: string;
nameQualifier?: string;
spNameQualifier?: string;
mail?: string; // InCommon Attribute urn:oid:0.9.2342.19200300.100.1.3
email?: string; // `mail` if not present in the assertion
getAssertionXml(): string; // get the raw assertion XML
getAssertion(): object; // get the assertion XML parsed as a JavaScript object
getSamlResponseXml(): string; // get the raw SAML response XML
ID?: string;
} & {
[attributeName: string]: unknown; // arbitrary `AttributeValue`s
}
```
#### Config parameter details:
* **Core**
* `callbackUrl`: full callbackUrl (overrides path/protocol if supplied)
* `path`: path to callback; will be combined with protocol and server host information to construct callback url if `callbackUrl` is not specified (default: `/saml/consume`)
* `protocol`: protocol for callback; will be combined with path and server host information to construct callback url if `callbackUrl` is not specified (default: `http://`)
* `host`: host for callback; will be combined with path and protocol to construct callback url if `callbackUrl` is not specified (default: `localhost`)
* `entryPoint`: identity provider entrypoint (is required to be spec-compliant when the request is signed)
* `issuer`: issuer string to supply to identity provider
* `audience`: expected saml response Audience (if not provided, Audience won't be verified)
* `cert`: the IDP's public signing certificate used to validate the signatures of the incoming SAML Responses, see [Security and signatures](#security-and-signatures)
* `privateKey`: see [Security and signatures](#security-and-signatures). Old name of `privateCert` is accepted alternative.
* `decryptionPvk`: optional private key that will be used to attempt to decrypt any encrypted assertions that are received
* `signatureAlgorithm`: optionally set the signature algorithm for signing requests, valid values are 'sha1' (default), 'sha256', or 'sha512'
* `digestAlgorithm`: optionally set the digest algorithm used to provide a digest for the signed data object, valid values are 'sha1' (default), 'sha256', or 'sha512'
* `xmlSignatureTransforms`: optionally set an array of signature transforms to be used in HTTP-POST signatures. By default this is `[ 'http://www.w3.org/2000/09/xmldsig#enveloped-signature', 'http://www.w3.org/2001/10/xml-exc-c14n#' ]`
* **Additional SAML behaviors**
* `additionalParams`: dictionary of additional query params to add to all requests; if an object with this key is passed to `authenticate`, the dictionary of additional query params will be appended to those present on the returned URL, overriding any specified by initialization options' additional parameters (`additionalParams`, `additionalAuthorizeParams`, and `additionalLogoutParams`)
* `additionalAuthorizeParams`: dictionary of additional query params to add to 'authorize' requests
* `identifierFormat`: if truthy, name identifier format to request from identity provider (default: `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`)
* `acceptedClockSkewMs`: Time in milliseconds of skew that is acceptable between client and server when checking `OnBefore` and `NotOnOrAfter` assertion condition validity timestamps. Setting to `-1` will disable checking these conditions entirely. Default is `0`.
* `attributeConsumingServiceIndex`: optional `AttributeConsumingServiceIndex` attribute to add to AuthnRequest to instruct the IDP which attribute set to attach to the response ([link](http://blog.aniljohn.com/2014/01/data-minimization-front-channel-saml-attribute-requests.html))
* `disableRequestedAuthnContext`: if truthy, do not request a specific authentication context. This is [known to help when authenticating against Active Directory](https://github.com/node-saml/passport-saml/issues/226) (AD FS) servers.
* `authnContext`: if truthy, name identifier format to request auth context (default: `urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport`); array of values is also supported
* `racComparison`: Requested Authentication Context comparison type. Possible values are 'exact','minimum','maximum','better'. Default is 'exact'.
* `forceAuthn`: if set to true, the initial SAML request from the service provider specifies that the IdP should force re-authentication of the user, even if they possess a valid session.
* `providerName`: optional human-readable name of the requester for use by the presenter's user agent or the identity provider
* `skipRequestCompression`: if set to true, the SAML request from the service provider won't be compressed.
* `authnRequestBinding`: if set to `HTTP-POST`, will request authentication from IDP via HTTP POST binding, otherwise defaults to HTTP Redirect
* `disableRequestAcsUrl`: if truthy, SAML AuthnRequest from the service provider will not include the optional AssertionConsumerServiceURL. Default is falsy so it is automatically included.
* `scoping`: An optional configuration which implements the functionality [explained in the SAML spec paragraph "3.4.1.2 Element <Scoping>"](https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf). The config object is structured as following:
```javascript
{
idpList: [ // optional
{
entries: [ // required
{
providerId: 'yourProviderId', // required for each entry
name: 'yourName', // optional
loc: 'yourLoc', // optional
}
],
getComplete: 'URI to your complete IDP list', // optional
},
],
proxyCount: 2, // optional
requesterId: 'requesterId', // optional
}
```
* **InResponseTo Validation**
* `validateInResponseTo`: if truthy, then InResponseTo will be validated from incoming SAML responses
* `requestIdExpirationPeriodMs`: Defines the expiration time when a Request ID generated for a SAML request will not be valid if seen in a SAML response in the `InResponseTo` field. Default is 8 hours.
* `cacheProvider`: Defines the implementation for a cache provider used to store request Ids generated in SAML requests as part of `InResponseTo` validation. Default is a built-in in-memory cache provider. For details see the 'Cache Provider' section.
* **Issuer Validation**
* `idpIssuer`: if provided, then the IdP issuer will be validated for incoming Logout Requests/Responses. For ADFS this looks like `https://acme_tools.windows.net/deadbeef`
* **Passport**
* `passReqToCallback`: if truthy, `req` will be passed as the first argument to the verify callback (default: `false`)
* `name`: Optionally, provide a custom name. (default: `saml`). Useful If you want to instantiate the strategy multiple times with different configurations,
allowing users to authenticate against multiple different SAML targets from the same site. You'll need to use a unique set of URLs
for each target, and use this custom name when calling `passport.authenticate()` as well.
* **Logout**
* `logoutUrl`: base address to call with logout requests (default: `entryPoint`)
* `additionalLogoutParams`: dictionary of additional query params to add to 'logout' requests
* `logoutCallbackUrl`: The value with which to populate the `Location` attribute in the `SingleLogoutService` elements in the generated service provider metadata.
### Provide the authentication callback
You need to provide a route corresponding to the `path` configuration parameter given to the strategy:
The authentication callback must be invoked after the `body-parser` middlerware.
```javascript
const bodyParser = require('body-parser');
app.post('/login/callback',
bodyParser.urlencoded({ extended: false }),
passport.authenticate('saml', { failureRedirect: '/', failureFlash: true }),
function(req, res) {
res.redirect('/');
}
);
```
### Authenticate requests
Use `passport.authenticate()`, specifying `saml` as the strategy:
```javascript
app.get('/login',
passport.authenticate('saml', { failureRedirect: '/', failureFlash: true }),
function(req, res) {
res.redirect('/');
}
);
```
...or, if you wish to add or override query string parameters:
```javascript
app.get('/login',
passport.authenticate('saml', { additionalParams: { 'username': 'user@domain.com' }}),
function(req, res) {
res.redirect('/');
}
);
```
### generateServiceProviderMetadata( decryptionCert, signingCert )
As a convenience, the strategy object exposes a `generateServiceProviderMetadata` method which will generate a service provider metadata document suitable for supplying to an identity provider. This method will only work on strategies which are configured with a `callbackUrl` (since the relative path for the callback is not sufficient information to generate a complete metadata document).
The `decryptionCert` argument should be a public certificate matching the `decryptionPvk` and is required if the strategy is configured with a `decryptionPvk`.
The `signingCert` argument should be a public certificate matching the `privateCert` and is required if the strategy is configured with a `privateCert`.
The `generateServiceProviderMetadata` method is also available on the `MultiSamlStrategy`, but needs an extra request and a callback argument (`generateServiceProviderMetadata( req, decryptionCert, signingCert, next )`), which are passed to the `getSamlOptions` to retrieve the correct configuration.
## Security and signatures
Passport-SAML uses the HTTP Redirect Binding for its `AuthnRequest`s (unless overridden with the `authnRequestBinding` parameter), and expects to receive the messages back via the HTTP POST binding.
Authentication requests sent by Passport-SAML can be signed using RSA signature with SHA1, SHA256 or SHA512 hashing algorithms.
To select hashing algorithm, use:
```js
...
signatureAlgorithm: 'sha1' // (default, but not recommended anymore these days)
signatureAlgorithm: 'sha256', // (preferred - your IDP should support it, otherwise think about upgrading it)
signatureAlgorithm: 'sha512' // (most secure - check if your IDP supports it)
...
```
To sign them you need to provide a private key in the PEM format via the `privateKey` configuration key.
Formats supported for `privateKey` field are,
1. Well formatted PEM:
```
-----BEGIN PRIVATE KEY-----
<private key contents here delimited at 64 characters per row>
-----END PRIVATE KEY-----
```
```
-----BEGIN RSA PRIVATE KEY-----
<private key contents here delimited at 64 characters per row>
-----END RSA PRIVATE KEY-----
```
(both versions work)
See example from tests of the first version of [well formatted private key](test/static/acme_tools_com.key).
2. Alternativelly a single line private key without start/end lines where all rows are joined into single line:
See example from tests of [singleline private key](test/static/singleline_acme_tools_com.key).
Add it to strategy options like this:
```javascript
privateCert: fs.readFileSync('./privateCert.pem', 'utf-8')
```
It is a good idea to validate the signatures of the incoming SAML Responses. For this, you can provide the Identity Provider's public PEM-encoded X.509 signing certificate using the `cert` configuration key. The "BEGIN CERTIFICATE" and "END CERTIFICATE" lines should be stripped out and the certificate should be provided on a single line.
```javascript
cert: 'MIICizCCAfQCCQCY8tKaMc0BMjANBgkqh ... W=='
```
If you have a certificate in the binary DER encoding, you can convert it to the necessary PEM encoding like this:
```bash
openssl x509 -inform der -in my_certificate.cer -out my_certificate.pem
````
If the Identity Provider has multiple signing certificates that are valid (such as during the rolling from an old key to a new key and responses signed with either key are valid) then the `cert` configuration key can be an array:
```javascript
cert: [ 'MIICizCCAfQCCQCY8tKaMc0BMjANBgkqh ... W==', 'MIIEOTCCAyGgAwIBAgIJAKZgJdKdCdL6M ... g=' ]
```
The `cert` configuration key can also be a function that receives a callback as argument calls back a possible error and a certificate or array of certificates. This allows the Identity Provider to be polled for valid certificates and the new certificate can be used if it is changed:
```javascript
cert: function(callback) { callback(null,polledCertificates); }
```
## Usage with Active Directory Federation Services
Here is a configuration that has been proven to work with ADFS:
```javascript
{
entryPoint: 'https://ad.example.net/adfs/ls/',
issuer: 'https://your-app.example.net/login/callback',
callbackUrl: 'https://your-app.example.net/login/callback',
cert: 'MIICizCCAfQCCQCY8tKaMc0BMjANBgkqh ... W==',
authnContext: 'http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/windows',
identifierFormat: null
}
```
Please note that ADFS needs to have a trust established to your service in order for this to work.
For more detailed instructions, see [ADFS documentation](docs/adfs/README.md).
## SAML Response Validation - NotBefore and NotOnOrAfter
If the `NotBefore` or the `NotOnOrAfter` attributes are returned in the SAML response, Passport-SAML will validate them
against the current time +/- a configurable clock skew value. The default for the skew is 0s. This is to account for
differences between the clock time on the client (Node server with Passport-SAML) and the server (Identity provider).
`NotBefore` and `NotOnOrAfter` can be part of either the `SubjectConfirmation` element, or within in the `Assertion/Conditions` element
in the SAML response.
## Subject confirmation validation
When configured (turn `validateInResponseTo` to `true` in the Passport-SAML config), the `InResponseTo` attribute will be validated.
Validation will succeed if Passport-SAML previously generated a SAML request with an id that matches the value of `InResponseTo`.
Also note that `InResponseTo` is validated as an attribute of the top level `Response` element in the SAML response, as well
as part of the `SubjectConfirmation` element.
Previous request id's generated for SAML requests will eventually expire. This is controlled with the `requestIdExpirationPeriodMs` option
passed into the Passport-SAML config. The default is 28,800,000 ms (8 hours). Once expired, a subsequent SAML response
received with an `InResponseTo` equal to the expired id will not validate and an error will be returned.
## Cache Provider
When `InResponseTo` validation is turned on, Passport-SAML will store generated request ids used in SAML requests to the IdP. The implementation
of how things are stored, checked to see if they exist, and eventually removed is from the Cache Provider used by Passport-SAML.
The default implementation is a simple in-memory cache provider. For multiple server/process scenarios, this will not be sufficient as
the server/process that generated the request id and stored in memory could be different than the server/process handling the
SAML response. The `InResponseTo` could fail in this case erroneously.
To support this scenario you can provide an implementation for a cache provider by providing an object with following functions:
```javascript
{
save: function(key, value, callback) {
// save the key with the optional value, invokes the callback with the value saves
},
get: function(key, callback) {
// invokes 'callback' and passes the value if found, null otherwise
},
remove: function(key, callback) {
// removes the key from the cache, invokes `callback` with the
// key removed, null if no key is removed
}
}
```
The `callback` argument is a function in the style of normal Node callbacks:
```
function callback(err, result)
{
}
```
Provide an instance of an object which has these functions passed to the `cacheProvider` config option when using Passport-SAML.
## SLO (single logout)
Passport-SAML has built in support for SLO including
* Signature validation
* IdP initiated and SP initiated logouts
* Decryption of encrypted name identifiers in IdP initiated logout
* `Redirect` and `POST` SAML Protocol Bindings
## ChangeLog
See [Releases](https://github.com/node-saml/passport-saml/releases) to find the changes that go into each release.
## FAQ
### Is there an example I can look at?
Gerard Braad has provided an example app at https://github.com/gbraad/passport-saml-example/
## Node Support Policy
We only support [Long-Term Support](https://github.com/nodejs/Release) versions of Node.
We specifically limit our support to LTS versions of Node, not because this package won't work on other versions, but because we have a limited amount of time, and supporting LTS offers the greatest return on that investment.
It's possible this package will work correctly on newer versions of Node. It may even be possible to use this package on older versions of Node, though that's more unlikely as we'll make every effort to take advantage of features available in the oldest LTS version we support.
As each Node LTS version reaches its end-of-life we will remove that version from the `node` `engines` property of our package's `package.json` file. Removing a Node version is considered a breaking change and will entail the publishing of a new major version of this package. We will not accept any requests to support an end-of-life version of Node. Any merge requests or issues supporting an end-of-life version of Node will be closed.
We will accept code that allows this package to run on newer, non-LTS, versions of Node.

BIN
node_modules/passport-saml/docs/adfs/NameIDFormatError.jpg generated vendored Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 60 KiB

128
node_modules/passport-saml/docs/adfs/README.md generated vendored Normal file
View file

@ -0,0 +1,128 @@
Active Directory Federation Services
====================================
This document attempts to describe a complete solution for integrating with AD FS.
# Creating a self-signed certificate
Create a folder to contain your keys and certificates.
Download [mellon_create_metadata.sh](https://github.com/UNINETT/mod_auth_mellon/blob/master/mellon_create_metadata.sh)
Create a new key, certificate and relying party XML as follows:
./mellon_create_metadata.sh acme_tools_com https://acme_tools.com/adfs/postResponse
## Retrieve AD FS Certificate
Use retrieve_adfs_certificate.sh to get your AD FS server's signing certificate:
./retrieve_adfs_certificate.sh https://adfs.acme_tools.com/ > adfs.acme_tools.com.crt
# Create Relying Party
Copy the `acme_tools_com.xml` to your AD FS server. Use the AD FS management relying party wizard to import this XML, creating a relying party. Create claim rules to pass authentication information to your application.
This example assumes you will pass in the UPN.
# Create a Passport framework
Create a separate file for passport configuration (assumed to be config/passport.js).
```javascript
var
fs = require('fs')
, passport = require('passport')
, SamlStrategy = require('passport-saml').Strategy
;
passport.serializeUser(function(user, done) {
done(null, user);
});
passport.deserializeUser(function(user, done) {
done(null, user);
});
passport.use(new SamlStrategy(
{
entryPoint: 'https://adfs.acme_tools.com/adfs/ls/',
issuer: 'acme_tools_com',
callbackUrl: 'https://acme_tools.com/adfs/postResponse',
privateCert: fs.readFileSync('/path/to/acme_tools_com.key', 'utf-8'),
cert: fs.readFileSync('/path/to/adfs.acme_tools.com.crt', 'utf-8'),
// other authn contexts are available e.g. windows single sign-on
authnContext: 'http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password',
// not sure if this is necessary?
acceptedClockSkewMs: -1,
identifierFormat: null,
// this is configured under the Advanced tab in AD FS relying party
signatureAlgorithm: 'sha256',
racComparison: 'exact', // default to exact RequestedAuthnContext Comparison Type
},
function(profile, done) {
return done(null,
{
upn: profile['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn'],
// e.g. if you added a Group claim
group: profile['http://schemas.xmlsoap.org/claims/Group']
});
}
));
module.exports = passport;
```
# Express Application
```javascript
var passport = require('passport');
var express = require('express');
... etc.
var app = express();
require('./config/passport.js');
... add the usual express pro-forma
app.use(passport.initialize());
app.use(passport.session());
app.get('/login',
passport.authenticate('saml', { failureRedirect: '/', failureFlash: true }),
function(req, res) {
res.redirect('https://acme_tools.com');
}
);
app.post('/adfs/postResponse',
passport.authenticate('saml', { failureRedirect: '/', failureFlash: true }),
function(req, res) {
res.redirect('https://acme_tools.com');
}
);
app.get('/secure', validUser, routes.secure);
function validUser(req, res, next) {
if (!req.user) {
res.redirect('https://acme_tools.com/login');
}
next();
}
var server = http.createServer(app);
```
# Troubleshooting
## ADFS 2016
If you are setting up an ADFS 2016 server, you might run into the following issue with the previous settings:
```
An error occurred during an attempt to read the federation metadata. Verify that the specified URL or host name is a valid federation metadata endpoint.
Verify your proxy server setting. For more information about how to verify you proxy sever setting, see the AD FS Troubleshooting Guide http://go.microsoft.com/fwlink/?LinkId=182180).
Error message: EntityDescriptor 'acme_tools_com'. ID0014: The value 'NamelDFormat' must be an absolute URI.
```
![NamelDFormat Error Popup](./NameIDFormatError.jpg)
If you remove the `identifierFormat`, it works as expected.

40
node_modules/passport-saml/docs/adfs/retrieve_adfs_certificate.sh generated vendored Normal file
View file

@ -0,0 +1,40 @@
#!/bin/sh
# Author: Tim Brody <T.D.Brody@soton.ac.uk>
# Date: 2015-02-11
#
# Retrieve the signing certificate from an ADFS instance in PEM format.
ADFS_SERVER=$1
if [ "$#" -ne "1" ]; then
echo "Usage: $0 <adfs server URL>"
exit 1
fi
URL=$ADFS_SERVER/FederationMetadata/2007-06/FederationMetadata.xml
TEMPFILE=$(mktemp)
if [[ $(command -v wget) ]]; then
wget --no-check-certificate -q -O $TEMPFILE $URL
elif [[ $(command -v curl) ]]; then
curl -sk $URL -o $TEMPFILE
else
echo "Neither curl or wget was found"
exit 127
fi
if [ $? -ne 0 ]; then
echo "Error requesting $URL"
exit 1
fi
echo "-----BEGIN CERTIFICATE-----"
(xmllint --shell $TEMPFILE | grep -v '^/ >' | grep -v '^ ----' | fold -w 64) << EndOfScript
setns a=urn:oasis:names:tc:SAML:2.0:metadata
setns b=http://www.w3.org/2000/09/xmldsig#
cat /a:EntityDescriptor/b:Signature/b:KeyInfo/b:X509Data/b:X509Certificate/text()
EndOfScript
echo "-----END CERTIFICATE-----"
unlink $TEMPFILE

41
node_modules/passport-saml/docs/xml-signing-example.js generated vendored Normal file
View file

@ -0,0 +1,41 @@
// This will help generate signing info for test cases.
// Simply fill in the data and run it to get <DigestValue /> and <SignatureValue />.
const crypto = require('crypto')
const private_key = `-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
`
const cert = `-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
`
const saml_message = ``
const signed_info = `<SignedInfo...</SignedInfo>`
const signer = crypto.createSign('RSA-SHA1');
signer.update(signed_info);
signer.end();
const signature = signer.sign(private_key)
const signature_b64 = signature.toString('base64')
const verifier = crypto.createVerify('RSA-SHA1')
verifier.update(signed_info)
verifier.end()
const verified = verifier.verify(cert, signature)
const hash = crypto.createHash('RSA-SHA1')
hash.update(saml_message, 'utf8')
const digest_b64 = hash.digest('base64')
console.log(JSON.stringify({
signature: signature_b64,
digest: digest_b64,
verified: verified,
}, null, 2))

5
node_modules/passport-saml/lib/node-saml/algorithms.d.ts generated vendored Normal file
View file

@ -0,0 +1,5 @@
/// <reference types="node" />
import * as crypto from "crypto";
export declare function getSigningAlgorithm(shortName?: string): string;
export declare function getDigestAlgorithm(shortName?: string): string;
export declare function getSigner(shortName?: string): crypto.Signer;

41
node_modules/passport-saml/lib/node-saml/algorithms.js generated vendored Normal file
View file

@ -0,0 +1,41 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.getSigner = exports.getDigestAlgorithm = exports.getSigningAlgorithm = void 0;
const crypto = require("crypto");
function getSigningAlgorithm(shortName) {
switch (shortName) {
case "sha256":
return "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
case "sha512":
return "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
case "sha1":
default:
return "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
}
}
exports.getSigningAlgorithm = getSigningAlgorithm;
function getDigestAlgorithm(shortName) {
switch (shortName) {
case "sha256":
return "http://www.w3.org/2001/04/xmlenc#sha256";
case "sha512":
return "http://www.w3.org/2001/04/xmlenc#sha512";
case "sha1":
default:
return "http://www.w3.org/2000/09/xmldsig#sha1";
}
}
exports.getDigestAlgorithm = getDigestAlgorithm;
function getSigner(shortName) {
switch (shortName) {
case "sha256":
return crypto.createSign("RSA-SHA256");
case "sha512":
return crypto.createSign("RSA-SHA512");
case "sha1":
default:
return crypto.createSign("RSA-SHA1");
}
}
exports.getSigner = getSigner;
//# sourceMappingURL=algorithms.js.map

1
node_modules/passport-saml/lib/node-saml/algorithms.js.map generated vendored Normal file
View file

@ -0,0 +1 @@
{"version":3,"file":"algorithms.js","sourceRoot":"","sources":["../../src/node-saml/algorithms.ts"],"names":[],"mappings":";;;AAAA,iCAAiC;AAEjC,SAAgB,mBAAmB,CAAC,SAAkB;IACpD,QAAQ,SAAS,EAAE;QACjB,KAAK,QAAQ;YACX,OAAO,mDAAmD,CAAC;QAC7D,KAAK,QAAQ;YACX,OAAO,mDAAmD,CAAC;QAC7D,KAAK,MAAM,CAAC;QACZ;YACE,OAAO,4CAA4C,CAAC;KACvD;AACH,CAAC;AAVD,kDAUC;AAED,SAAgB,kBAAkB,CAAC,SAAkB;IACnD,QAAQ,SAAS,EAAE;QACjB,KAAK,QAAQ;YACX,OAAO,yCAAyC,CAAC;QACnD,KAAK,QAAQ;YACX,OAAO,yCAAyC,CAAC;QACnD,KAAK,MAAM,CAAC;QACZ;YACE,OAAO,wCAAwC,CAAC;KACnD;AACH,CAAC;AAVD,gDAUC;AAED,SAAgB,SAAS,CAAC,SAAkB;IAC1C,QAAQ,SAAS,EAAE;QACjB,KAAK,QAAQ;YACX,OAAO,MAAM,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;QACzC,KAAK,QAAQ;YACX,OAAO,MAAM,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;QACzC,KAAK,MAAM,CAAC;QACZ;YACE,OAAO,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;KACxC;AACH,CAAC;AAVD,8BAUC","sourcesContent":["import * as crypto from \"crypto\";\n\nexport function getSigningAlgorithm(shortName?: string): string {\n switch (shortName) {\n case \"sha256\":\n return \"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\";\n case \"sha512\":\n return \"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512\";\n case \"sha1\":\n default:\n return \"http://www.w3.org/2000/09/xmldsig#rsa-sha1\";\n }\n}\n\nexport function getDigestAlgorithm(shortName?: string): string {\n switch (shortName) {\n case \"sha256\":\n return \"http://www.w3.org/2001/04/xmlenc#sha256\";\n case \"sha512\":\n return \"http://www.w3.org/2001/04/xmlenc#sha512\";\n case \"sha1\":\n default:\n return \"http://www.w3.org/2000/09/xmldsig#sha1\";\n }\n}\n\nexport function getSigner(shortName?: string): crypto.Signer {\n switch (shortName) {\n case \"sha256\":\n return crypto.createSign(\"RSA-SHA256\");\n case \"sha512\":\n return crypto.createSign(\"RSA-SHA512\");\n case \"sha1\":\n default:\n return crypto.createSign(\"RSA-SHA1\");\n }\n}\n"]}

3
node_modules/passport-saml/lib/node-saml/index.d.ts generated vendored Normal file
View file

@ -0,0 +1,3 @@
import type { CacheItem, CacheProvider } from "./inmemory-cache-provider";
import { SAML } from "./saml";
export { SAML, CacheItem, CacheProvider };

6
node_modules/passport-saml/lib/node-saml/index.js generated vendored Normal file
View file

@ -0,0 +1,6 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.SAML = void 0;
const saml_1 = require("./saml");
Object.defineProperty(exports, "SAML", { enumerable: true, get: function () { return saml_1.SAML; } });
//# sourceMappingURL=index.js.map

1
node_modules/passport-saml/lib/node-saml/index.js.map generated vendored Normal file
View file

@ -0,0 +1 @@
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/node-saml/index.ts"],"names":[],"mappings":";;;AACA,iCAA8B;AAErB,qFAFA,WAAI,OAEA","sourcesContent":["import type { CacheItem, CacheProvider } from \"./inmemory-cache-provider\";\nimport { SAML } from \"./saml\";\n\nexport { SAML, CacheItem, CacheProvider };\n"]}

45
node_modules/passport-saml/lib/node-saml/inmemory-cache-provider.d.ts generated vendored Normal file
View file

@ -0,0 +1,45 @@
/**
* Simple in memory cache provider. To be used to store state of requests that needs
* to be validated/checked when a response is received.
*
* This is the default implementation of a cache provider used by Passport-SAML. For
* multiple server instances/load balanced scenarios (I.e. the SAML request could have
* been generated from a different server/process handling the SAML response) this
* implementation will NOT be sufficient.
*
* The caller should provide their own implementation for a cache provider as defined
* in the config options for Passport-SAML.
* @param options
* @constructor
*/
export interface CacheItem {
value: string;
createdAt: number;
}
interface CacheProviderOptions {
keyExpirationPeriodMs: number;
}
export declare class CacheProvider {
cacheKeys: Record<string, CacheItem>;
options: CacheProviderOptions;
constructor(options: Partial<CacheProviderOptions>);
/**
* Store an item in the cache, using the specified key and value.
* Internally will keep track of the time the item was added to the cache
* @param id
* @param value
*/
saveAsync(key: string, value: string): Promise<CacheItem | null>;
/**
* Returns the value of the specified key in the cache
* @param id
* @returns {boolean}
*/
getAsync(key: string): Promise<string | null>;
/**
* Removes an item from the cache if it exists
* @param key
*/
removeAsync(key: string): Promise<string | null>;
}
export {};

86
node_modules/passport-saml/lib/node-saml/inmemory-cache-provider.js generated vendored Normal file
View file

@ -0,0 +1,86 @@
"use strict";
/**
* Simple in memory cache provider. To be used to store state of requests that needs
* to be validated/checked when a response is received.
*
* This is the default implementation of a cache provider used by Passport-SAML. For
* multiple server instances/load balanced scenarios (I.e. the SAML request could have
* been generated from a different server/process handling the SAML response) this
* implementation will NOT be sufficient.
*
* The caller should provide their own implementation for a cache provider as defined
* in the config options for Passport-SAML.
* @param options
* @constructor
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.CacheProvider = void 0;
class CacheProvider {
constructor(options) {
var _a;
this.cacheKeys = {};
this.options = {
...options,
keyExpirationPeriodMs: (_a = options === null || options === void 0 ? void 0 : options.keyExpirationPeriodMs) !== null && _a !== void 0 ? _a : 28800000,
};
// Expire old cache keys
const expirationTimer = setInterval(() => {
const nowMs = new Date().getTime();
const keys = Object.keys(this.cacheKeys);
keys.forEach((key) => {
if (nowMs >=
new Date(this.cacheKeys[key].createdAt).getTime() + this.options.keyExpirationPeriodMs) {
this.removeAsync(key);
}
});
}, this.options.keyExpirationPeriodMs);
// we only want this to run if the process is still open; it shouldn't hold the process open (issue #68)
expirationTimer.unref();
}
/**
* Store an item in the cache, using the specified key and value.
* Internally will keep track of the time the item was added to the cache
* @param id
* @param value
*/
async saveAsync(key, value) {
if (!this.cacheKeys[key]) {
this.cacheKeys[key] = {
createdAt: new Date().getTime(),
value: value,
};
return this.cacheKeys[key];
}
else {
return null;
}
}
/**
* Returns the value of the specified key in the cache
* @param id
* @returns {boolean}
*/
async getAsync(key) {
if (this.cacheKeys[key]) {
return this.cacheKeys[key].value;
}
else {
return null;
}
}
/**
* Removes an item from the cache if it exists
* @param key
*/
async removeAsync(key) {
if (this.cacheKeys[key]) {
delete this.cacheKeys[key];
return key;
}
else {
return null;
}
}
}
exports.CacheProvider = CacheProvider;
//# sourceMappingURL=inmemory-cache-provider.js.map

1
node_modules/passport-saml/lib/node-saml/inmemory-cache-provider.js.map generated vendored Normal file
View file

@ -0,0 +1 @@
{"version":3,"file":"inmemory-cache-provider.js","sourceRoot":"","sources":["../../src/node-saml/inmemory-cache-provider.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;AAWH,MAAa,aAAa;IAIxB,YAAY,OAAsC;;QAChD,IAAI,CAAC,SAAS,GAAG,EAAE,CAAC;QAEpB,IAAI,CAAC,OAAO,GAAG;YACb,GAAG,OAAO;YACV,qBAAqB,QAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,qBAAqB,mCAAI,QAAQ;SAClE,CAAC;QAEF,wBAAwB;QACxB,MAAM,eAAe,GAAG,WAAW,CAAC,GAAG,EAAE;YACvC,MAAM,KAAK,GAAG,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACzC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;gBACnB,IACE,KAAK;oBACL,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,qBAAqB,EACtF;oBACA,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;iBACvB;YACH,CAAC,CAAC,CAAC;QACL,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC;QAEvC,wGAAwG;QACxG,eAAe,CAAC,KAAK,EAAE,CAAC;IAC1B,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,SAAS,CAAC,GAAW,EAAE,KAAa;QACxC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE;YACxB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG;gBACpB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE;gBAC/B,KAAK,EAAE,KAAK;aACb,CAAC;YACF,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;SAC5B;aAAM;YACL,OAAO,IAAI,CAAC;SACb;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,QAAQ,CAAC,GAAW;QACxB,IAAI,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE;YACvB,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC;SAClC;aAAM;YACL,OAAO,IAAI,CAAC;SACb;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAW,CAAC,GAAW;QAC3B,IAAI,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE;YACvB,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YAC3B,OAAO,GAAG,CAAC;SACZ;aAAM;YACL,OAAO,IAAI,CAAC;SACb;IACH,CAAC;CACF;AAzED,sCAyEC","sourcesContent":["/**\n * Simple in memory cache provider. To be used to store state of requests that needs\n * to be validated/checked when a response is received.\n *\n * This is the default implementation of a cache provider used by Passport-SAML. For\n * multiple server instances/load balanced scenarios (I.e. the SAML request could have\n * been generated from a different server/process handling the SAML response) this\n * implementation will NOT be sufficient.\n *\n * The caller should provide their own implementation for a cache provider as defined\n * in the config options for Passport-SAML.\n * @param options\n * @constructor\n */\n\nexport interface CacheItem {\n value: string;\n createdAt: number;\n}\n\ninterface CacheProviderOptions {\n keyExpirationPeriodMs: number;\n}\n\nexport class CacheProvider {\n cacheKeys: Record<string, CacheItem>;\n options: CacheProviderOptions;\n\n constructor(options: Partial<CacheProviderOptions>) {\n this.cacheKeys = {};\n\n this.options = {\n ...options,\n keyExpirationPeriodMs: options?.keyExpirationPeriodMs ?? 28800000, // 8 hours,\n };\n\n // Expire old cache keys\n const expirationTimer = setInterval(() => {\n const nowMs = new Date().getTime();\n const keys = Object.keys(this.cacheKeys);\n keys.forEach((key) => {\n if (\n nowMs >=\n new Date(this.cacheKeys[key].createdAt).getTime() + this.options.keyExpirationPeriodMs\n ) {\n this.removeAsync(key);\n }\n });\n }, this.options.keyExpirationPeriodMs);\n\n // we only want this to run if the process is still open; it shouldn't hold the process open (issue #68)\n expirationTimer.unref();\n }\n\n /**\n * Store an item in the cache, using the specified key and value.\n * Internally will keep track of the time the item was added to the cache\n * @param id\n * @param value\n */\n async saveAsync(key: string, value: string): Promise<CacheItem | null> {\n if (!this.cacheKeys[key]) {\n this.cacheKeys[key] = {\n createdAt: new Date().getTime(),\n value: value,\n };\n return this.cacheKeys[key];\n } else {\n return null;\n }\n }\n\n /**\n * Returns the value of the specified key in the cache\n * @param id\n * @returns {boolean}\n */\n async getAsync(key: string): Promise<string | null> {\n if (this.cacheKeys[key]) {\n return this.cacheKeys[key].value;\n } else {\n return null;\n }\n }\n\n /**\n * Removes an item from the cache if it exists\n * @param key\n */\n async removeAsync(key: string): Promise<string | null> {\n if (this.cacheKeys[key]) {\n delete this.cacheKeys[key];\n return key;\n } else {\n return null;\n }\n }\n}\n"]}

3
node_modules/passport-saml/lib/node-saml/saml-post-signing.d.ts generated vendored Normal file
View file

@ -0,0 +1,3 @@
import { SamlSigningOptions } from "./types";
export declare function signSamlPost(samlMessage: string, xpath: string, options: SamlSigningOptions): string;
export declare function signAuthnRequestPost(authnRequest: string, options: SamlSigningOptions): string;

15
node_modules/passport-saml/lib/node-saml/saml-post-signing.js generated vendored Normal file
View file

@ -0,0 +1,15 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.signAuthnRequestPost = exports.signSamlPost = void 0;
const xml_1 = require("./xml");
const authnRequestXPath = '/*[local-name(.)="AuthnRequest" and namespace-uri(.)="urn:oasis:names:tc:SAML:2.0:protocol"]';
const issuerXPath = '/*[local-name(.)="Issuer" and namespace-uri(.)="urn:oasis:names:tc:SAML:2.0:assertion"]';
function signSamlPost(samlMessage, xpath, options) {
return xml_1.signXml(samlMessage, xpath, { reference: xpath + issuerXPath, action: "after" }, options);
}
exports.signSamlPost = signSamlPost;
function signAuthnRequestPost(authnRequest, options) {
return signSamlPost(authnRequest, authnRequestXPath, options);
}
exports.signAuthnRequestPost = signAuthnRequestPost;
//# sourceMappingURL=saml-post-signing.js.map

1
node_modules/passport-saml/lib/node-saml/saml-post-signing.js.map generated vendored Normal file
View file

@ -0,0 +1 @@
{"version":3,"file":"saml-post-signing.js","sourceRoot":"","sources":["../../src/node-saml/saml-post-signing.ts"],"names":[],"mappings":";;;AACA,+BAAgC;AAEhC,MAAM,iBAAiB,GACrB,8FAA8F,CAAC;AACjG,MAAM,WAAW,GACf,yFAAyF,CAAC;AAE5F,SAAgB,YAAY,CAC1B,WAAmB,EACnB,KAAa,EACb,OAA2B;IAE3B,OAAO,aAAO,CAAC,WAAW,EAAE,KAAK,EAAE,EAAE,SAAS,EAAE,KAAK,GAAG,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,OAAO,CAAC,CAAC;AACnG,CAAC;AAND,oCAMC;AAED,SAAgB,oBAAoB,CAAC,YAAoB,EAAE,OAA2B;IACpF,OAAO,YAAY,CAAC,YAAY,EAAE,iBAAiB,EAAE,OAAO,CAAC,CAAC;AAChE,CAAC;AAFD,oDAEC","sourcesContent":["import { SamlSigningOptions } from \"./types\";\nimport { signXml } from \"./xml\";\n\nconst authnRequestXPath =\n '/*[local-name(.)=\"AuthnRequest\" and namespace-uri(.)=\"urn:oasis:names:tc:SAML:2.0:protocol\"]';\nconst issuerXPath =\n '/*[local-name(.)=\"Issuer\" and namespace-uri(.)=\"urn:oasis:names:tc:SAML:2.0:assertion\"]';\n\nexport function signSamlPost(\n samlMessage: string,\n xpath: string,\n options: SamlSigningOptions\n): string {\n return signXml(samlMessage, xpath, { reference: xpath + issuerXPath, action: \"after\" }, options);\n}\n\nexport function signAuthnRequestPost(authnRequest: string, options: SamlSigningOptions): string {\n return signSamlPost(authnRequest, authnRequestXPath, options);\n}\n"]}

58
node_modules/passport-saml/lib/node-saml/saml.d.ts generated vendored Normal file
View file

@ -0,0 +1,58 @@
/// <reference types="node" />
import * as querystring from "querystring";
import { CacheProvider as InMemoryCacheProvider } from "./inmemory-cache-provider";
import { ParsedQs } from "qs";
import { SamlOptions } from "./types";
import { AuthenticateOptions, AuthorizeOptions, Profile, SamlConfig } from "../passport-saml/types";
interface NameID {
value: string | null;
format: string | null;
}
declare class SAML {
options: SamlOptions;
cacheProvider: InMemoryCacheProvider;
constructor(ctorOptions: SamlConfig);
initialize(ctorOptions: SamlConfig): SamlOptions;
private getCallbackUrl;
_generateUniqueID(): string;
private generateInstant;
private signRequest;
private generateAuthorizeRequestAsync;
_generateLogoutRequest(user: Profile): Promise<string>;
_generateLogoutResponse(logoutRequest: Profile): string;
_requestToUrlAsync(request: string | null | undefined, response: string | null, operation: string, additionalParameters: querystring.ParsedUrlQuery): Promise<string>;
_getAdditionalParams(RelayState: string, operation: string, overrideParams?: querystring.ParsedUrlQuery): querystring.ParsedUrlQuery;
getAuthorizeUrlAsync(RelayState: string, host: string | undefined, options: AuthorizeOptions): Promise<string>;
getAuthorizeFormAsync(RelayState: string, host?: string): Promise<string>;
getLogoutUrlAsync(user: Profile, RelayState: string, options: AuthenticateOptions & AuthorizeOptions): Promise<string>;
getLogoutResponseUrl(samlLogoutRequest: Profile, RelayState: string, options: AuthenticateOptions & AuthorizeOptions, callback: (err: Error | null, url?: string | null) => void): void;
private getLogoutResponseUrlAsync;
_certToPEM(cert: string): string;
private certsToCheck;
validateSignature(fullXml: string, currentNode: Element, certs: string[]): boolean;
validatePostResponseAsync(container: Record<string, string>): Promise<{
profile?: Profile | null;
loggedOut?: boolean;
}>;
private validateInResponseTo;
validateRedirectAsync(container: ParsedQs, originalQuery: string | null): Promise<{
profile?: Profile | null;
loggedOut?: boolean;
}>;
private hasValidSignatureForRedirect;
private validateSignatureForRedirect;
private verifyLogoutRequest;
private verifyLogoutResponse;
private verifyIssuer;
private processValidlySignedAssertionAsync;
private checkTimestampsValidityError;
private checkAudienceValidityError;
validatePostRequestAsync(container: Record<string, string>): Promise<{
profile?: Profile;
loggedOut?: boolean;
}>;
_getNameIdAsync(self: SAML, doc: Node): Promise<NameID>;
generateServiceProviderMetadata(decryptionCert: string | null, signingCert?: string | null): string;
_keyToPEM(key: string | Buffer): typeof key extends string | Buffer ? string | Buffer : Error;
}
export { SAML };

1076
node_modules/passport-saml/lib/node-saml/saml.js generated vendored Normal file
View file

File diff suppressed because it is too large Load diff

1
node_modules/passport-saml/lib/node-saml/saml.js.map generated vendored Normal file
View file

File diff suppressed because one or more lines are too long

94
node_modules/passport-saml/lib/node-saml/types.d.ts generated vendored Normal file
View file

@ -0,0 +1,94 @@
/// <reference types="node" />
import type { CacheProvider } from "./inmemory-cache-provider";
export declare type SignatureAlgorithm = "sha1" | "sha256" | "sha512";
export interface SamlSigningOptions {
privateKey: string | Buffer;
signatureAlgorithm?: SignatureAlgorithm;
xmlSignatureTransforms?: string[];
digestAlgorithm?: string;
}
export declare const isValidSamlSigningOptions: (options: Partial<SamlSigningOptions>) => options is SamlSigningOptions;
export interface AudienceRestrictionXML {
Audience?: XMLObject[];
}
export declare type XMLValue = string | number | boolean | null | XMLObject | XMLValue[];
export declare type XMLObject = {
[key: string]: XMLValue;
};
export declare type XMLInput = XMLObject;
export declare type XMLOutput = Record<string, any>;
export interface AuthorizeRequestXML {
"samlp:AuthnRequest": XMLInput;
}
export declare type CertCallback = (callback: (err: Error | null, cert?: string | string[]) => void) => void;
/**
* These are SAML options that must be provided to construct a new SAML Strategy
*/
export interface MandatorySamlOptions {
cert: string | string[] | CertCallback;
}
export interface SamlIDPListConfig {
entries: SamlIDPEntryConfig[];
getComplete?: string;
}
export interface SamlIDPEntryConfig {
providerId: string;
name?: string;
loc?: string;
}
export interface LogoutRequestXML {
"samlp:LogoutRequest": {
"saml:NameID": XMLInput;
[key: string]: XMLValue;
};
}
export interface ServiceMetadataXML {
EntityDescriptor: {
[key: string]: XMLValue;
SPSSODescriptor: XMLObject;
};
}
export declare type RacComparision = "exact" | "minimum" | "maximum" | "better";
interface SamlScopingConfig {
idpList?: SamlIDPListConfig[];
proxyCount?: number;
requesterId?: string[] | string;
}
/**
* The options required to use a SAML strategy
* These may be provided by means of defaults specified in the constructor
*/
export interface SamlOptions extends SamlSigningOptions, MandatorySamlOptions {
callbackUrl?: string;
path: string;
protocol?: string;
host: string;
entryPoint?: string;
issuer: string;
decryptionPvk?: string | Buffer;
additionalParams: Record<string, string>;
additionalAuthorizeParams: Record<string, string>;
identifierFormat?: string | null;
acceptedClockSkewMs: number;
attributeConsumingServiceIndex?: string;
disableRequestedAuthnContext: boolean;
authnContext: string[];
forceAuthn: boolean;
skipRequestCompression: boolean;
authnRequestBinding?: string;
racComparison: RacComparision;
providerName?: string;
passive: boolean;
idpIssuer?: string;
audience?: string;
scoping?: SamlScopingConfig;
wantAssertionsSigned?: boolean;
validateInResponseTo: boolean;
requestIdExpirationPeriodMs: number;
cacheProvider: CacheProvider;
logoutUrl: string;
additionalLogoutParams: Record<string, string>;
logoutCallbackUrl?: string;
disableRequestAcsUrl: boolean;
}
export {};

8
node_modules/passport-saml/lib/node-saml/types.js generated vendored Normal file
View file

@ -0,0 +1,8 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.isValidSamlSigningOptions = void 0;
const isValidSamlSigningOptions = (options) => {
return options.privateKey != null;
};
exports.isValidSamlSigningOptions = isValidSamlSigningOptions;
//# sourceMappingURL=types.js.map

1
node_modules/passport-saml/lib/node-saml/types.js.map generated vendored Normal file
View file

@ -0,0 +1 @@
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/node-saml/types.ts"],"names":[],"mappings":";;;AAWO,MAAM,yBAAyB,GAAG,CACvC,OAAoC,EACL,EAAE;IACjC,OAAO,OAAO,CAAC,UAAU,IAAI,IAAI,CAAC;AACpC,CAAC,CAAC;AAJW,QAAA,yBAAyB,6BAIpC","sourcesContent":["import type { CacheProvider } from \"./inmemory-cache-provider\";\n\nexport type SignatureAlgorithm = \"sha1\" | \"sha256\" | \"sha512\";\n\nexport interface SamlSigningOptions {\n privateKey: string | Buffer;\n signatureAlgorithm?: SignatureAlgorithm;\n xmlSignatureTransforms?: string[];\n digestAlgorithm?: string;\n}\n\nexport const isValidSamlSigningOptions = (\n options: Partial<SamlSigningOptions>\n): options is SamlSigningOptions => {\n return options.privateKey != null;\n};\n\nexport interface AudienceRestrictionXML {\n Audience?: XMLObject[];\n}\n\nexport type XMLValue = string | number | boolean | null | XMLObject | XMLValue[];\n\nexport type XMLObject = {\n [key: string]: XMLValue;\n};\n\nexport type XMLInput = XMLObject;\n\nexport type XMLOutput = Record<string, any>;\n\nexport interface AuthorizeRequestXML {\n \"samlp:AuthnRequest\": XMLInput;\n}\n\nexport type CertCallback = (\n callback: (err: Error | null, cert?: string | string[]) => void\n) => void;\n\n/**\n * These are SAML options that must be provided to construct a new SAML Strategy\n */\nexport interface MandatorySamlOptions {\n cert: string | string[] | CertCallback;\n}\n\nexport interface SamlIDPListConfig {\n entries: SamlIDPEntryConfig[];\n getComplete?: string;\n}\n\nexport interface SamlIDPEntryConfig {\n providerId: string;\n name?: string;\n loc?: string;\n}\n\nexport interface LogoutRequestXML {\n \"samlp:LogoutRequest\": {\n \"saml:NameID\": XMLInput;\n [key: string]: XMLValue;\n };\n}\n\nexport interface ServiceMetadataXML {\n EntityDescriptor: {\n [key: string]: XMLValue;\n SPSSODescriptor: XMLObject;\n };\n}\n\nexport type RacComparision = \"exact\" | \"minimum\" | \"maximum\" | \"better\";\n\ninterface SamlScopingConfig {\n idpList?: SamlIDPListConfig[];\n proxyCount?: number;\n requesterId?: string[] | string;\n}\n\n/**\n * The options required to use a SAML strategy\n * These may be provided by means of defaults specified in the constructor\n */\nexport interface SamlOptions extends SamlSigningOptions, MandatorySamlOptions {\n // Core\n callbackUrl?: string;\n path: string;\n protocol?: string;\n host: string;\n entryPoint?: string;\n issuer: string;\n decryptionPvk?: string | Buffer;\n\n // Additional SAML behaviors\n additionalParams: Record<string, string>;\n additionalAuthorizeParams: Record<string, string>;\n identifierFormat?: string | null;\n acceptedClockSkewMs: number;\n attributeConsumingServiceIndex?: string;\n disableRequestedAuthnContext: boolean;\n authnContext: string[];\n forceAuthn: boolean;\n skipRequestCompression: boolean;\n authnRequestBinding?: string;\n racComparison: RacComparision;\n providerName?: string;\n passive: boolean;\n idpIssuer?: string;\n audience?: string;\n scoping?: SamlScopingConfig;\n wantAssertionsSigned?: boolean;\n\n // InResponseTo Validation\n validateInResponseTo: boolean;\n requestIdExpirationPeriodMs: number;\n cacheProvider: CacheProvider;\n\n // Logout\n logoutUrl: string;\n additionalLogoutParams: Record<string, string>;\n logoutCallbackUrl?: string;\n\n // extras\n disableRequestAcsUrl: boolean;\n}\n"]}

3
node_modules/passport-saml/lib/node-saml/utility.d.ts generated vendored Normal file
View file

@ -0,0 +1,3 @@
import { SamlSigningOptions } from "./types";
export declare function assertRequired<T>(value: T | null | undefined, error?: string): T;
export declare function signXmlResponse(samlMessage: string, options: SamlSigningOptions): string;

19
node_modules/passport-saml/lib/node-saml/utility.js generated vendored Normal file
View file

@ -0,0 +1,19 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.signXmlResponse = exports.assertRequired = void 0;
const xml_1 = require("./xml");
function assertRequired(value, error) {
if (value === undefined || value === null || (typeof value === "string" && value.length === 0)) {
throw new TypeError(error !== null && error !== void 0 ? error : "value does not exist");
}
else {
return value;
}
}
exports.assertRequired = assertRequired;
function signXmlResponse(samlMessage, options) {
const responseXpath = '//*[local-name(.)="Response" and namespace-uri(.)="urn:oasis:names:tc:SAML:2.0:protocol"]';
return xml_1.signXml(samlMessage, responseXpath, { reference: responseXpath, action: "append" }, options);
}
exports.signXmlResponse = signXmlResponse;
//# sourceMappingURL=utility.js.map

1
node_modules/passport-saml/lib/node-saml/utility.js.map generated vendored Normal file
View file

@ -0,0 +1 @@
{"version":3,"file":"utility.js","sourceRoot":"","sources":["../../src/node-saml/utility.ts"],"names":[],"mappings":";;;AACA,+BAAgC;AAEhC,SAAgB,cAAc,CAAI,KAA2B,EAAE,KAAc;IAC3E,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,EAAE;QAC9F,MAAM,IAAI,SAAS,CAAC,KAAK,aAAL,KAAK,cAAL,KAAK,GAAI,sBAAsB,CAAC,CAAC;KACtD;SAAM;QACL,OAAO,KAAK,CAAC;KACd;AACH,CAAC;AAND,wCAMC;AAED,SAAgB,eAAe,CAAC,WAAmB,EAAE,OAA2B;IAC9E,MAAM,aAAa,GACjB,2FAA2F,CAAC;IAE9F,OAAO,aAAO,CACZ,WAAW,EACX,aAAa,EACb,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,EAAE,QAAQ,EAAE,EAC9C,OAAO,CACR,CAAC;AACJ,CAAC;AAVD,0CAUC","sourcesContent":["import { SamlSigningOptions } from \"./types\";\nimport { signXml } from \"./xml\";\n\nexport function assertRequired<T>(value: T | null | undefined, error?: string): T {\n if (value === undefined || value === null || (typeof value === \"string\" && value.length === 0)) {\n throw new TypeError(error ?? \"value does not exist\");\n } else {\n return value;\n }\n}\n\nexport function signXmlResponse(samlMessage: string, options: SamlSigningOptions): string {\n const responseXpath =\n '//*[local-name(.)=\"Response\" and namespace-uri(.)=\"urn:oasis:names:tc:SAML:2.0:protocol\"]';\n\n return signXml(\n samlMessage,\n responseXpath,\n { reference: responseXpath, action: \"append\" },\n options\n );\n}\n"]}

21
node_modules/passport-saml/lib/node-saml/xml.d.ts generated vendored Normal file
View file

@ -0,0 +1,21 @@
/// <reference types="node" />
import { SamlSigningOptions } from "./types";
export declare const xpath: {
selectAttributes: (node: Node, xpath: string) => Attr[];
selectElements: (node: Node, xpath: string) => Element[];
};
export declare const decryptXml: (xml: string, decryptionKey: string | Buffer) => Promise<string>;
/**
* This function checks that the |signature| is signed with a given |cert|.
*/
export declare const validateXmlSignatureForCert: (signature: Node, certPem: string, fullXml: string, currentNode: Element) => boolean;
interface XmlSignatureLocation {
reference: string;
action: "append" | "prepend" | "before" | "after";
}
export declare const signXml: (xml: string, xpath: string, location: XmlSignatureLocation, options: SamlSigningOptions) => string;
export declare const parseDomFromString: (xml: string) => Document;
export declare const parseXml2JsFromString: (xml: string | Buffer) => Promise<any>;
export declare const buildXml2JsObject: (rootName: string, xml: any) => string;
export declare const buildXmlBuilderObject: (xml: Record<string, any>, pretty: boolean) => string;
export {};

140
node_modules/passport-saml/lib/node-saml/xml.js generated vendored Normal file
View file

@ -0,0 +1,140 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.buildXmlBuilderObject = exports.buildXml2JsObject = exports.parseXml2JsFromString = exports.parseDomFromString = exports.signXml = exports.validateXmlSignatureForCert = exports.decryptXml = exports.xpath = void 0;
const util = require("util");
const xmlCrypto = require("xml-crypto");
const xmlenc = require("xml-encryption");
const xmldom = require("xmldom");
const xml2js = require("xml2js");
const xmlbuilder = require("xmlbuilder");
const types_1 = require("./types");
const algorithms = require("./algorithms");
const selectXPath = (guard, node, xpath) => {
const result = xmlCrypto.xpath(node, xpath);
if (!guard(result)) {
throw new Error("invalid xpath return type");
}
return result;
};
const attributesXPathTypeGuard = (values) => {
return values.every((value) => {
if (typeof value != "object") {
return false;
}
return typeof value.nodeType === "number" && value.nodeType === value.ATTRIBUTE_NODE;
});
};
const elementsXPathTypeGuard = (values) => {
return values.every((value) => {
if (typeof value != "object") {
return false;
}
return typeof value.nodeType === "number" && value.nodeType === value.ELEMENT_NODE;
});
};
exports.xpath = {
selectAttributes: (node, xpath) => selectXPath(attributesXPathTypeGuard, node, xpath),
selectElements: (node, xpath) => selectXPath(elementsXPathTypeGuard, node, xpath),
};
const decryptXml = async (xml, decryptionKey) => util.promisify(xmlenc.decrypt).bind(xmlenc)(xml, { key: decryptionKey });
exports.decryptXml = decryptXml;
const normalizeNewlines = (xml) => {
// we can use this utility before passing XML to `xml-crypto`
// we are considered the XML processor and are responsible for newline normalization
// https://github.com/node-saml/passport-saml/issues/431#issuecomment-718132752
return xml.replace(/\r\n?/g, "\n");
};
const normalizeXml = (xml) => {
// we can use this utility to parse and re-stringify XML
// `DOMParser` will take care of normalization tasks, like replacing XML-encoded carriage returns with actual carriage returns
return exports.parseDomFromString(xml).toString();
};
/**
* This function checks that the |signature| is signed with a given |cert|.
*/
const validateXmlSignatureForCert = (signature, certPem, fullXml, currentNode) => {
const sig = new xmlCrypto.SignedXml();
sig.keyInfoProvider = {
file: "",
getKeyInfo: () => "<X509Data></X509Data>",
getKey: () => Buffer.from(certPem),
};
const signatureStr = normalizeNewlines(signature.toString());
sig.loadSignature(signatureStr);
// We expect each signature to contain exactly one reference to the top level of the xml we
// are validating, so if we see anything else, reject.
if (sig.references.length != 1)
return false;
const refUri = sig.references[0].uri;
const refId = refUri[0] === "#" ? refUri.substring(1) : refUri;
// If we can't find the reference at the top level, reject
const idAttribute = currentNode.getAttribute("ID") ? "ID" : "Id";
if (currentNode.getAttribute(idAttribute) != refId)
return false;
// If we find any extra referenced nodes, reject. (xml-crypto only verifies one digest, so
// multiple candidate references is bad news)
const totalReferencedNodes = exports.xpath.selectElements(currentNode.ownerDocument, "//*[@" + idAttribute + "='" + refId + "']");
if (totalReferencedNodes.length > 1) {
return false;
}
// normalize XML to replace XML-encoded carriage returns with actual carriage returns
fullXml = normalizeXml(fullXml);
fullXml = normalizeNewlines(fullXml);
return sig.checkSignature(fullXml);
};
exports.validateXmlSignatureForCert = validateXmlSignatureForCert;
const signXml = (xml, xpath, location, options) => {
var _a;
const defaultTransforms = [
"http://www.w3.org/2000/09/xmldsig#enveloped-signature",
"http://www.w3.org/2001/10/xml-exc-c14n#",
];
if (!xml)
throw new Error("samlMessage is required");
if (!location)
throw new Error("location is required");
if (!options)
throw new Error("options is required");
if (!types_1.isValidSamlSigningOptions(options))
throw new Error("options.privateKey is required");
const transforms = (_a = options.xmlSignatureTransforms) !== null && _a !== void 0 ? _a : defaultTransforms;
const sig = new xmlCrypto.SignedXml();
if (options.signatureAlgorithm != null) {
sig.signatureAlgorithm = algorithms.getSigningAlgorithm(options.signatureAlgorithm);
}
sig.addReference(xpath, transforms, algorithms.getDigestAlgorithm(options.digestAlgorithm));
sig.signingKey = options.privateKey;
sig.computeSignature(xml, {
location,
});
return sig.getSignedXml();
};
exports.signXml = signXml;
const parseDomFromString = (xml) => {
return new xmldom.DOMParser().parseFromString(xml);
};
exports.parseDomFromString = parseDomFromString;
const parseXml2JsFromString = async (xml) => {
const parserConfig = {
explicitRoot: true,
explicitCharkey: true,
tagNameProcessors: [xml2js.processors.stripPrefix],
};
const parser = new xml2js.Parser(parserConfig);
return parser.parseStringPromise(xml);
};
exports.parseXml2JsFromString = parseXml2JsFromString;
const buildXml2JsObject = (rootName, xml) => {
const builderOpts = {
rootName,
headless: true,
};
return new xml2js.Builder(builderOpts).buildObject(xml);
};
exports.buildXml2JsObject = buildXml2JsObject;
const buildXmlBuilderObject = (xml, pretty) => {
const options = pretty ? { pretty: true, indent: " ", newline: "\n" } : {};
return xmlbuilder.create(xml).end(options);
};
exports.buildXmlBuilderObject = buildXmlBuilderObject;
//# sourceMappingURL=xml.js.map

1
node_modules/passport-saml/lib/node-saml/xml.js.map generated vendored Normal file
View file

File diff suppressed because one or more lines are too long

5
node_modules/passport-saml/lib/passport-saml/algorithms.d.ts generated vendored Normal file
View file

@ -0,0 +1,5 @@
/// <reference types="node" />
import * as crypto from 'crypto';
export declare function getSigningAlgorithm(shortName: string): string;
export declare function getDigestAlgorithm(shortName: string): string;
export declare function getSigner(shortName: string): crypto.Signer;

38
node_modules/passport-saml/lib/passport-saml/algorithms.js generated vendored Normal file
View file

@ -0,0 +1,38 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.getSigner = exports.getDigestAlgorithm = exports.getSigningAlgorithm = void 0;
const crypto = require("crypto");
function getSigningAlgorithm(shortName) {
switch (shortName) {
case 'sha256':
return 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';
case 'sha512':
return 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512';
default:
return 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';
}
}
exports.getSigningAlgorithm = getSigningAlgorithm;
function getDigestAlgorithm(shortName) {
switch (shortName) {
case 'sha256':
return 'http://www.w3.org/2001/04/xmlenc#sha256';
case 'sha512':
return 'http://www.w3.org/2001/04/xmlenc#sha512';
default:
return 'http://www.w3.org/2000/09/xmldsig#sha1';
}
}
exports.getDigestAlgorithm = getDigestAlgorithm;
function getSigner(shortName) {
switch (shortName) {
case 'sha256':
return crypto.createSign('RSA-SHA256');
case 'sha512':
return crypto.createSign('RSA-SHA512');
default:
return crypto.createSign('RSA-SHA1');
}
}
exports.getSigner = getSigner;
//# sourceMappingURL=algorithms.js.map

1
node_modules/passport-saml/lib/passport-saml/algorithms.js.map generated vendored Normal file
View file

@ -0,0 +1 @@
{"version":3,"file":"algorithms.js","sourceRoot":"","sources":["../../src/passport-saml/algorithms.ts"],"names":[],"mappings":";;;AAAA,iCAAiC;AAEjC,SAAgB,mBAAmB,CAAE,SAAiB;IACpD,QAAO,SAAS,EAAE;QAChB,KAAK,QAAQ;YACX,OAAO,mDAAmD,CAAC;QAC7D,KAAK,QAAQ;YACX,OAAO,mDAAmD,CAAC;QAC7D;YACE,OAAO,4CAA4C,CAAC;KACvD;AACH,CAAC;AATD,kDASC;AAED,SAAgB,kBAAkB,CAAE,SAAiB;IACnD,QAAO,SAAS,EAAE;QAChB,KAAK,QAAQ;YACX,OAAO,yCAAyC,CAAC;QACnD,KAAK,QAAQ;YACX,OAAO,yCAAyC,CAAC;QACnD;YACE,OAAO,wCAAwC,CAAC;KACnD;AACH,CAAC;AATD,gDASC;AAED,SAAgB,SAAS,CAAE,SAAiB;IAC1C,QAAO,SAAS,EAAE;QAChB,KAAK,QAAQ;YACX,OAAO,MAAM,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;QACzC,KAAK,QAAQ;YACX,OAAO,MAAM,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;QACzC;YACE,OAAO,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;KACxC;AACH,CAAC;AATD,8BASC","sourcesContent":["import * as crypto from 'crypto';\n\nexport function getSigningAlgorithm (shortName: string): string {\n switch(shortName) {\n case 'sha256':\n return 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';\n case 'sha512':\n return 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512';\n default:\n return 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';\n }\n}\n\nexport function getDigestAlgorithm (shortName: string): string {\n switch(shortName) {\n case 'sha256':\n return 'http://www.w3.org/2001/04/xmlenc#sha256';\n case 'sha512':\n return 'http://www.w3.org/2001/04/xmlenc#sha512';\n default:\n return 'http://www.w3.org/2000/09/xmldsig#sha1';\n }\n}\n\nexport function getSigner (shortName: string): crypto.Signer {\n switch(shortName) {\n case 'sha256':\n return crypto.createSign('RSA-SHA256');\n case 'sha512':\n return crypto.createSign('RSA-SHA512');\n default:\n return crypto.createSign('RSA-SHA1');\n }\n}\n"]}

6
node_modules/passport-saml/lib/passport-saml/index.d.ts generated vendored Normal file
View file

@ -0,0 +1,6 @@
import type { CacheItem, CacheProvider } from './inmemory-cache-provider';
import { SAML } from './saml';
import Strategy = require('./strategy');
import MultiSamlStrategy = require('./multiSamlStrategy');
import type { Profile, SamlConfig, VerifiedCallback, VerifyWithRequest, VerifyWithoutRequest } from './types';
export { SAML, Strategy, MultiSamlStrategy, CacheItem, CacheProvider, Profile, SamlConfig, VerifiedCallback, VerifyWithRequest, VerifyWithoutRequest };

10
node_modules/passport-saml/lib/passport-saml/index.js generated vendored Normal file
View file

@ -0,0 +1,10 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.MultiSamlStrategy = exports.Strategy = exports.SAML = void 0;
const saml_1 = require("./saml");
Object.defineProperty(exports, "SAML", { enumerable: true, get: function () { return saml_1.SAML; } });
const Strategy = require("./strategy");
exports.Strategy = Strategy;
const MultiSamlStrategy = require("./multiSamlStrategy");
exports.MultiSamlStrategy = MultiSamlStrategy;
//# sourceMappingURL=index.js.map

1
node_modules/passport-saml/lib/passport-saml/index.js.map generated vendored Normal file
View file

@ -0,0 +1 @@
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/passport-saml/index.ts"],"names":[],"mappings":";;;AACA,iCAA8B;AAKrB,qFALA,WAAI,OAKA;AAJb,uCAAwC;AAIzB,4BAAQ;AAHvB,yDAA0D;AAGjC,8CAAiB","sourcesContent":["import type { CacheItem, CacheProvider} from './inmemory-cache-provider';\nimport { SAML } from './saml';\nimport Strategy = require('./strategy');\nimport MultiSamlStrategy = require('./multiSamlStrategy');\nimport type { Profile, SamlConfig, VerifiedCallback, VerifyWithRequest, VerifyWithoutRequest } from './types';\n\nexport { SAML, Strategy, MultiSamlStrategy, CacheItem, CacheProvider, Profile, SamlConfig, VerifiedCallback, VerifyWithRequest, VerifyWithoutRequest };\n"]}

45
node_modules/passport-saml/lib/passport-saml/inmemory-cache-provider.d.ts generated vendored Normal file
View file

@ -0,0 +1,45 @@
/**
* Simple in memory cache provider. To be used to store state of requests that needs
* to be validated/checked when a response is received.
*
* This is the default implementation of a cache provider used by Passport-SAML. For
* multiple server instances/load balanced scenarios (I.e. the SAML request could have
* been generated from a different server/process handling the SAML response) this
* implementation will NOT be sufficient.
*
* The caller should provide their own implementation for a cache provider as defined
* in the config options for Passport-SAML.
* @param options
* @constructor
*/
export interface CacheItem {
value: string;
createdAt: number;
}
interface CacheProviderOptions {
keyExpirationPeriodMs: number;
}
export declare class CacheProvider {
cacheKeys: Record<string, CacheItem>;
options: CacheProviderOptions;
constructor(options: Partial<CacheProviderOptions>);
/**
* Store an item in the cache, using the specified key and value.
* Internally will keep track of the time the item was added to the cache
* @param id
* @param value
*/
save(key: string, value: string, callback: (error: null, value: CacheItem | null) => void): void;
/**
* Returns the value of the specified key in the cache
* @param id
* @returns {boolean}
*/
get(key: string, callback: (key: string | null, value: string | null) => void): void;
/**
* Removes an item from the cache if it exists
* @param key
*/
remove(key: string, callback: (err: Error | null, key: string | null) => void): void;
}
export {};

90
node_modules/passport-saml/lib/passport-saml/inmemory-cache-provider.js generated vendored Normal file
View file

@ -0,0 +1,90 @@
"use strict";
/**
* Simple in memory cache provider. To be used to store state of requests that needs
* to be validated/checked when a response is received.
*
* This is the default implementation of a cache provider used by Passport-SAML. For
* multiple server instances/load balanced scenarios (I.e. the SAML request could have
* been generated from a different server/process handling the SAML response) this
* implementation will NOT be sufficient.
*
* The caller should provide their own implementation for a cache provider as defined
* in the config options for Passport-SAML.
* @param options
* @constructor
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.CacheProvider = void 0;
class CacheProvider {
constructor(options) {
this.cacheKeys = {};
if (!options) {
options = {};
}
if (!options.keyExpirationPeriodMs) {
options.keyExpirationPeriodMs = 28800000; // 8 hours
}
this.options = options;
// Expire old cache keys
const expirationTimer = setInterval(() => {
const nowMs = new Date().getTime();
const keys = Object.keys(this.cacheKeys);
keys.forEach((key) => {
if (nowMs >= new Date(this.cacheKeys[key].createdAt).getTime() + this.options.keyExpirationPeriodMs) {
this.remove(key, () => undefined);
}
});
}, this.options.keyExpirationPeriodMs);
// we only want this to run if the process is still open; it shouldn't hold the process open (issue #68)
// (unref only introduced in node 0.9, so check whether we have it)
// Skip this in 0.10.34 due to https://github.com/joyent/node/issues/8900
if (expirationTimer.unref && process.version !== 'v0.10.34')
expirationTimer.unref();
}
/**
* Store an item in the cache, using the specified key and value.
* Internally will keep track of the time the item was added to the cache
* @param id
* @param value
*/
save(key, value, callback) {
if (!this.cacheKeys[key]) {
this.cacheKeys[key] = {
createdAt: new Date().getTime(),
value: value
};
callback(null, this.cacheKeys[key]);
}
else {
callback(null, null);
}
}
/**
* Returns the value of the specified key in the cache
* @param id
* @returns {boolean}
*/
get(key, callback) {
if (this.cacheKeys[key]) {
callback(null, this.cacheKeys[key].value);
}
else {
callback(null, null);
}
}
/**
* Removes an item from the cache if it exists
* @param key
*/
remove(key, callback) {
if (this.cacheKeys[key]) {
delete this.cacheKeys[key];
callback(null, key);
}
else {
callback(null, null);
}
}
}
exports.CacheProvider = CacheProvider;
//# sourceMappingURL=inmemory-cache-provider.js.map

1
node_modules/passport-saml/lib/passport-saml/inmemory-cache-provider.js.map generated vendored Normal file
View file

File diff suppressed because one or more lines are too long

12
node_modules/passport-saml/lib/passport-saml/multiSamlStrategy.d.ts generated vendored Normal file
View file

@ -0,0 +1,12 @@
import SamlStrategy = require('./strategy');
import type { Request } from 'express';
import { AuthenticateOptions, AuthorizeOptions, MultiSamlConfig, RequestWithUser, VerifyWithoutRequest, VerifyWithRequest } from './types';
declare class MultiSamlStrategy extends SamlStrategy {
_options: MultiSamlConfig;
constructor(options: MultiSamlConfig, verify: VerifyWithRequest | VerifyWithoutRequest);
authenticate(req: RequestWithUser, options: AuthenticateOptions & AuthorizeOptions): void;
logout(req: RequestWithUser, callback: (err: Error | null, url?: string | null | undefined) => void): void;
/** @ts-expect-error typescript disallows changing method signature in a subclass */
generateServiceProviderMetadata(req: Request, decryptionCert: string | null, signingCert: string | null, callback: (err: Error | null, metadata?: string) => void): void;
}
export = MultiSamlStrategy;

58
node_modules/passport-saml/lib/passport-saml/multiSamlStrategy.js generated vendored Normal file
View file

@ -0,0 +1,58 @@
"use strict";
const saml = require("./saml");
const inmemory_cache_provider_1 = require("./inmemory-cache-provider");
const SamlStrategy = require("./strategy");
class MultiSamlStrategy extends SamlStrategy {
constructor(options, verify) {
if (!options || typeof options.getSamlOptions != 'function') {
throw new Error('Please provide a getSamlOptions function');
}
if (!options.requestIdExpirationPeriodMs) {
options.requestIdExpirationPeriodMs = 28800000; // 8 hours
}
if (!options.cacheProvider) {
options.cacheProvider = new inmemory_cache_provider_1.CacheProvider({ keyExpirationPeriodMs: options.requestIdExpirationPeriodMs });
}
super(options, verify);
this._options = options;
}
authenticate(req, options) {
this._options.getSamlOptions(req, (err, samlOptions) => {
if (err) {
return this.error(err);
}
const samlService = new saml.SAML({ ...this._options, ...samlOptions });
const strategy = Object.assign({}, this, { _saml: samlService });
Object.setPrototypeOf(strategy, this);
super.authenticate.call(strategy, req, options);
});
}
logout(req, callback) {
this._options.getSamlOptions(req, (err, samlOptions) => {
if (err) {
return callback(err);
}
const samlService = new saml.SAML(Object.assign({}, this._options, samlOptions));
const strategy = Object.assign({}, this, { _saml: samlService });
Object.setPrototypeOf(strategy, this);
super.logout.call(strategy, req, callback);
});
}
/** @ts-expect-error typescript disallows changing method signature in a subclass */
generateServiceProviderMetadata(req, decryptionCert, signingCert, callback) {
if (typeof callback !== 'function') {
throw new Error("Metadata can't be provided synchronously for MultiSamlStrategy.");
}
return this._options.getSamlOptions(req, (err, samlOptions) => {
if (err) {
return callback(err);
}
const samlService = new saml.SAML(Object.assign({}, this._options, samlOptions));
const strategy = Object.assign({}, this, { _saml: samlService });
Object.setPrototypeOf(strategy, this);
return callback(null, super.generateServiceProviderMetadata.call(strategy, decryptionCert, signingCert));
});
}
}
module.exports = MultiSamlStrategy;
//# sourceMappingURL=multiSamlStrategy.js.map

1
node_modules/passport-saml/lib/passport-saml/multiSamlStrategy.js.map generated vendored Normal file
View file

File diff suppressed because one or more lines are too long

3
node_modules/passport-saml/lib/passport-saml/saml-post-signing.d.ts generated vendored Normal file
View file

@ -0,0 +1,3 @@
import { SAMLOptions } from './types';
export declare function signSamlPost(samlMessage: string, xpath: string, options: SAMLOptions): string;
export declare function signAuthnRequestPost(authnRequest: string, options: SAMLOptions): string;

40
node_modules/passport-saml/lib/passport-saml/saml-post-signing.js generated vendored Normal file
View file

@ -0,0 +1,40 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.signAuthnRequestPost = exports.signSamlPost = void 0;
const xml_crypto_1 = require("xml-crypto");
const algorithms = require("./algorithms");
const authnRequestXPath = '/*[local-name(.)="AuthnRequest" and namespace-uri(.)="urn:oasis:names:tc:SAML:2.0:protocol"]';
const issuerXPath = '/*[local-name(.)="Issuer" and namespace-uri(.)="urn:oasis:names:tc:SAML:2.0:assertion"]';
const defaultTransforms = ['http://www.w3.org/2000/09/xmldsig#enveloped-signature', 'http://www.w3.org/2001/10/xml-exc-c14n#'];
function signSamlPost(samlMessage, xpath, options) {
if (!samlMessage)
throw new Error('samlMessage is required');
if (!xpath)
throw new Error('xpath is required');
if (!options) {
options = {};
}
if (options.privateCert) {
console.warn("options.privateCert has been deprecated; use options.privateKey instead.");
if (!options.privateKey) {
options.privateKey = options.privateCert;
}
}
if (!options.privateKey)
throw new Error('options.privateKey is required');
const transforms = options.xmlSignatureTransforms || defaultTransforms;
const sig = new xml_crypto_1.SignedXml();
if (options.signatureAlgorithm) {
sig.signatureAlgorithm = algorithms.getSigningAlgorithm(options.signatureAlgorithm);
}
sig.addReference(xpath, transforms, algorithms.getDigestAlgorithm(options.digestAlgorithm));
sig.signingKey = options.privateKey;
sig.computeSignature(samlMessage, { location: { reference: xpath + issuerXPath, action: 'after' } });
return sig.getSignedXml();
}
exports.signSamlPost = signSamlPost;
function signAuthnRequestPost(authnRequest, options) {
return signSamlPost(authnRequest, authnRequestXPath, options);
}
exports.signAuthnRequestPost = signAuthnRequestPost;
//# sourceMappingURL=saml-post-signing.js.map

1
node_modules/passport-saml/lib/passport-saml/saml-post-signing.js.map generated vendored Normal file
View file

@ -0,0 +1 @@
{"version":3,"file":"saml-post-signing.js","sourceRoot":"","sources":["../../src/passport-saml/saml-post-signing.ts"],"names":[],"mappings":";;;AAAA,2CAAuC;AACvC,2CAA2C;AAG3C,MAAM,iBAAiB,GAAG,8FAA8F,CAAC;AACzH,MAAM,WAAW,GAAG,yFAAyF,CAAC;AAC9G,MAAM,iBAAiB,GAAG,CAAE,uDAAuD,EAAE,yCAAyC,CAAE,CAAC;AAEjI,SAAgB,YAAY,CAAC,WAAmB,EAAE,KAAa,EAAE,OAAoB;IACnF,IAAI,CAAC,WAAW;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7D,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACjD,IAAI,CAAC,OAAO,EAAE;QACZ,OAAO,GAAG,EAAiB,CAAC;KAC7B;IAED,IAAI,OAAO,CAAC,WAAW,EAAE;QACvB,OAAO,CAAC,IAAI,CAAC,0EAA0E,CAAC,CAAC;QAEzF,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE;YACvB,OAAO,CAAC,UAAU,GAAG,OAAO,CAAC,WAAW,CAAC;SAC1C;KACF;IAED,IAAI,CAAC,OAAO,CAAC,UAAU;QAAE,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IAE3E,MAAM,UAAU,GAAG,OAAO,CAAC,sBAAsB,IAAI,iBAAiB,CAAC;IACvE,MAAM,GAAG,GAAG,IAAI,sBAAS,EAAE,CAAC;IAC5B,IAAI,OAAO,CAAC,kBAAkB,EAAE;QAC9B,GAAG,CAAC,kBAAkB,GAAG,UAAU,CAAC,mBAAmB,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;KACrF;IACD,GAAG,CAAC,YAAY,CAAC,KAAK,EAAE,UAAU,EAAE,UAAU,CAAC,kBAAkB,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC;IAC5F,GAAG,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACpC,GAAG,CAAC,gBAAgB,CAAC,WAAW,EAAE,EAAE,QAAQ,EAAE,EAAE,SAAS,EAAE,KAAK,GAAG,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,EAAC,CAAC,CAAC;IACpG,OAAO,GAAG,CAAC,YAAY,EAAE,CAAC;AAC5B,CAAC;AA1BD,oCA0BC;AAED,SAAgB,oBAAoB,CAAC,YAAoB,EAAE,OAAoB;IAC7E,OAAO,YAAY,CAAC,YAAY,EAAE,iBAAiB,EAAE,OAAO,CAAC,CAAC;AAChE,CAAC;AAFD,oDAEC","sourcesContent":["import { SignedXml } from 'xml-crypto';\nimport * as algorithms from './algorithms';\nimport { SAMLOptions } from './types';\n\nconst authnRequestXPath = '/*[local-name(.)=\"AuthnRequest\" and namespace-uri(.)=\"urn:oasis:names:tc:SAML:2.0:protocol\"]';\nconst issuerXPath = '/*[local-name(.)=\"Issuer\" and namespace-uri(.)=\"urn:oasis:names:tc:SAML:2.0:assertion\"]';\nconst defaultTransforms = [ 'http://www.w3.org/2000/09/xmldsig#enveloped-signature', 'http://www.w3.org/2001/10/xml-exc-c14n#' ];\n\nexport function signSamlPost(samlMessage: string, xpath: string, options: SAMLOptions) {\n if (!samlMessage) throw new Error('samlMessage is required');\n if (!xpath) throw new Error('xpath is required');\n if (!options) {\n options = {} as SAMLOptions;\n }\n\n if (options.privateCert) {\n console.warn(\"options.privateCert has been deprecated; use options.privateKey instead.\");\n\n if (!options.privateKey) {\n options.privateKey = options.privateCert;\n }\n }\n\n if (!options.privateKey) throw new Error('options.privateKey is required');\n\n const transforms = options.xmlSignatureTransforms || defaultTransforms;\n const sig = new SignedXml();\n if (options.signatureAlgorithm) {\n sig.signatureAlgorithm = algorithms.getSigningAlgorithm(options.signatureAlgorithm);\n }\n sig.addReference(xpath, transforms, algorithms.getDigestAlgorithm(options.digestAlgorithm));\n sig.signingKey = options.privateKey;\n sig.computeSignature(samlMessage, { location: { reference: xpath + issuerXPath, action: 'after' }});\n return sig.getSignedXml();\n}\n\nexport function signAuthnRequestPost(authnRequest: string, options: SAMLOptions) {\n return signSamlPost(authnRequest, authnRequestXPath, options);\n}\n"]}

56
node_modules/passport-saml/lib/passport-saml/saml.d.ts generated vendored Normal file
View file

@ -0,0 +1,56 @@
/// <reference types="node" />
import * as xml2js from 'xml2js';
import * as crypto from 'crypto';
import * as querystring from 'querystring';
import { CacheProvider as InMemoryCacheProvider } from './inmemory-cache-provider';
import type { Request } from 'express';
import { ParsedQs } from 'qs';
import { AudienceRestrictionXML, AuthenticateOptions, AuthorizeOptions, Profile, RequestWithUser, SAMLOptions, XMLOutput } from './types';
declare class SAML {
options: SAMLOptions;
cacheProvider: InMemoryCacheProvider;
constructor(options: Partial<SAMLOptions>);
initialize(options: Partial<SAMLOptions>): SAMLOptions;
getProtocol(req: Request | {
headers?: undefined;
protocol?: undefined;
}): string;
getCallbackUrl(req: Request | {
headers?: undefined;
protocol?: undefined;
}): string;
generateUniqueID(): string;
generateInstant(): string;
signRequest(samlMessage: querystring.ParsedUrlQueryInput): void;
generateAuthorizeRequest(req: Request, isPassive: boolean, isHttpPostBinding: boolean, callback: (err: Error | null, request?: string) => void): void;
generateLogoutRequest(req: RequestWithUser): Promise<string>;
generateLogoutResponse(req: Request, logoutRequest: Profile): string;
requestToUrl(request: string | null | undefined, response: string | null, operation: string, additionalParameters: querystring.ParsedUrlQuery, callback: (err: Error | null, url?: string | null | undefined) => void): void;
getAdditionalParams(req: Request, operation: string, overrideParams?: querystring.ParsedUrlQuery): querystring.ParsedUrlQuery;
getAuthorizeUrl(req: Request, options: AuthenticateOptions & AuthorizeOptions, callback: (err: Error | null, url?: string | null) => void): void;
getAuthorizeForm(req: Request, callback: (err: Error | null, data?: unknown) => void): void;
getLogoutUrl(req: RequestWithUser, options: AuthenticateOptions & AuthorizeOptions, callback: (err: Error | null, url?: string | null) => void): Promise<void>;
getLogoutResponseUrl(req: RequestWithUser, options: AuthenticateOptions & AuthorizeOptions, callback: (err: Error | null, url?: string | null) => void): void;
certToPEM(cert: string): string;
certsToCheck(): Promise<undefined | string[]>;
validateSignature(fullXml: string, currentNode: HTMLElement, certs: string[]): boolean;
validateSignatureForCert(signature: string | Node, cert: string, fullXml: string, currentNode: HTMLElement): boolean;
validatePostResponse(container: Record<string, string>, callback: (err: Error | null, profile?: Profile | null, loggedOut?: boolean) => void): void;
validateInResponseTo(inResponseTo: string | null): Promise<void>;
validateRedirect(container: ParsedQs, originalQuery: string | null, callback: (err: Error | null, profile?: Profile | null, loggedOut?: boolean) => void): void;
hasValidSignatureForRedirect(container: ParsedQs, originalQuery: string | null): Promise<boolean | void>;
validateSignatureForRedirect(urlString: crypto.BinaryLike, signature: string, alg: string, cert: string): boolean;
verifyLogoutRequest(doc: XMLOutput): void;
verifyLogoutResponse(doc: XMLOutput): Promise<boolean | void>;
verifyIssuer(samlMessage: XMLOutput): void;
processValidlySignedAssertion(xml: xml2js.convertableToString, samlResponseXml: string, inResponseTo: string, callback: (err: Error | null, profile?: Profile | undefined, loggedOut?: boolean | undefined) => void): void;
checkTimestampsValidityError(nowMs: number, notBefore: string, notOnOrAfter: string): Error | null;
checkAudienceValidityError(expectedAudience: string, audienceRestrictions: AudienceRestrictionXML[]): Error | null;
validatePostRequest(container: Record<string, string>, callback: (err: Error | null, profile?: Profile, loggedOut?: boolean) => void): void;
getNameID(self: SAML, doc: Node, callback: (err: Error | null, nameID?: XMLOutput) => void): void | Promise<void>;
generateServiceProviderMetadata(decryptionCert: string | null, signingCert?: string | null): string;
keyToPEM(key: crypto.KeyLike): crypto.KeyLike;
normalizeNewlines(xml: string): string;
normalizeXml(xml: string): string;
}
export { SAML };

1235
node_modules/passport-saml/lib/passport-saml/saml.js generated vendored Normal file
View file

File diff suppressed because it is too large Load diff

1
node_modules/passport-saml/lib/passport-saml/saml.js.map generated vendored Normal file
View file

File diff suppressed because one or more lines are too long

15
node_modules/passport-saml/lib/passport-saml/strategy.d.ts generated vendored Normal file
View file

@ -0,0 +1,15 @@
import { Strategy as PassportStrategy } from 'passport-strategy';
import * as saml from './saml';
import { AuthenticateOptions, AuthorizeOptions, RequestWithUser, SamlConfig, VerifyWithoutRequest, VerifyWithRequest } from './types';
declare class Strategy extends PassportStrategy {
name: string;
_verify: VerifyWithRequest | VerifyWithoutRequest;
_saml: saml.SAML;
_passReqToCallback?: boolean;
_authnRequestBinding?: string;
constructor(options: SamlConfig, verify: VerifyWithRequest | VerifyWithoutRequest);
authenticate(req: RequestWithUser, options: AuthenticateOptions & AuthorizeOptions): void;
logout(req: RequestWithUser, callback: (err: Error | null, url?: string | null) => void): void;
generateServiceProviderMetadata(decryptionCert: string | null, signingCert?: string | null): string;
}
export = Strategy;

112
node_modules/passport-saml/lib/passport-saml/strategy.js generated vendored Normal file
View file

@ -0,0 +1,112 @@
"use strict";
const passport_strategy_1 = require("passport-strategy");
const saml = require("./saml");
const url = require("url");
class Strategy extends passport_strategy_1.Strategy {
constructor(options, verify) {
super();
if (typeof options == 'function') {
verify = options;
options = {};
}
if (!verify) {
throw new Error('SAML authentication strategy requires a verify function');
}
// Customizing the name can be useful to support multiple SAML configurations at the same time.
// Unlike other options, this one gets deleted instead of passed along.
if (options.name) {
this.name = options.name;
}
else {
this.name = 'saml';
}
this._verify = verify;
this._saml = new saml.SAML(options);
this._passReqToCallback = !!options.passReqToCallback;
this._authnRequestBinding = options.authnRequestBinding || 'HTTP-Redirect';
}
authenticate(req, options) {
options.samlFallback = options.samlFallback || 'login-request';
const validateCallback = (err, profile, loggedOut) => {
if (err) {
return this.error(err);
}
if (loggedOut) {
req.logout();
if (profile) {
req.samlLogoutRequest = profile;
return this._saml.getLogoutResponseUrl(req, options, redirectIfSuccess);
}
return this.pass();
}
const verified = (err, user, info) => {
if (err) {
return this.error(err);
}
if (!user) {
return this.fail(info, 401);
}
this.success(user, info);
};
if (this._passReqToCallback) {
this._verify(req, profile, verified);
}
else {
this._verify(profile, verified);
}
};
const redirectIfSuccess = (err, url) => {
if (err) {
this.error(err);
}
else {
this.redirect(url);
}
};
if (req.query && (req.query.SAMLResponse || req.query.SAMLRequest)) {
const originalQuery = url.parse(req.url).query;
this._saml.validateRedirect(req.query, originalQuery, validateCallback);
}
else if (req.body && req.body.SAMLResponse) {
this._saml.validatePostResponse(req.body, validateCallback);
}
else if (req.body && req.body.SAMLRequest) {
this._saml.validatePostRequest(req.body, validateCallback);
}
else {
const requestHandler = {
'login-request': () => {
if (this._authnRequestBinding === 'HTTP-POST') {
this._saml.getAuthorizeForm(req, (err, data) => {
if (err) {
this.error(err);
}
else {
const res = req.res;
res.send(data);
}
});
}
else { // Defaults to HTTP-Redirect
this._saml.getAuthorizeUrl(req, options, redirectIfSuccess);
}
},
'logout-request': () => {
this._saml.getLogoutUrl(req, options, redirectIfSuccess);
}
}[options.samlFallback];
if (typeof requestHandler !== 'function') {
return this.fail(401);
}
requestHandler();
}
}
logout(req, callback) {
this._saml.getLogoutUrl(req, {}, callback);
}
generateServiceProviderMetadata(decryptionCert, signingCert) {
return this._saml.generateServiceProviderMetadata(decryptionCert, signingCert);
}
}
module.exports = Strategy;
//# sourceMappingURL=strategy.js.map

1
node_modules/passport-saml/lib/passport-saml/strategy.js.map generated vendored Normal file
View file

File diff suppressed because one or more lines are too long

125
node_modules/passport-saml/lib/passport-saml/types.d.ts generated vendored Normal file
View file

@ -0,0 +1,125 @@
import type * as express from 'express';
import * as passport from 'passport';
import type { CacheProvider } from './inmemory-cache-provider';
export declare type CertCallback = (callback: (err: Error | null, cert?: string | string[]) => void) => void;
export interface AuthenticateOptions extends passport.AuthenticateOptions {
additionalParams?: Record<string, any>;
}
export interface AuthorizeOptions extends AuthenticateOptions {
samlFallback?: 'login-request' | 'logout-request';
}
export interface SAMLOptions {
callbackUrl: string;
path: string;
protocol: string;
host: string;
entryPoint: string;
issuer: string;
/** @deprecated use privateKey field instead */
privateCert?: string;
privateKey: string;
cert: string | string[] | CertCallback;
decryptionPvk: string;
signatureAlgorithm: 'sha1' | 'sha256' | 'sha512';
additionalParams: Record<string, string>;
additionalAuthorizeParams: Record<string, string>;
identifierFormat: string;
acceptedClockSkewMs: number;
attributeConsumingServiceIndex: string | null;
disableRequestedAuthnContext: boolean;
authnContext: string | string[];
forceAuthn: boolean;
skipRequestCompression: boolean;
/** @deprecated use racComparison field instead */
RACComparison?: 'exact' | 'minimum' | 'maximum' | 'better';
racComparison: 'exact' | 'minimum' | 'maximum' | 'better';
providerName: string;
passive: boolean;
idpIssuer: string;
audience: string;
scoping: SamlScopingConfig;
validateInResponseTo: boolean;
requestIdExpirationPeriodMs: number;
cacheProvider: CacheProvider;
logoutUrl: string;
additionalLogoutParams: Record<string, string>;
logoutCallbackUrl: string;
xmlSignatureTransforms: string[];
digestAlgorithm: string;
/** @deprecated use disableRequestAcsUrl field instead */
disableRequestACSUrl?: boolean;
disableRequestAcsUrl: boolean;
}
export declare type SamlConfig = Partial<SAMLOptions> & StrategyOptions;
interface StrategyOptions {
name?: string;
passReqToCallback?: boolean;
authnRequestBinding?: string;
}
export interface SamlScopingConfig {
idpList?: SamlIDPListConfig[];
proxyCount?: number;
requesterId?: string[];
}
export declare type XMLValue = string | number | boolean | null | XMLObject | XMLValue[];
export declare type XMLObject = {
[key: string]: XMLValue;
};
export declare type XMLInput = XMLObject;
export interface AuthorizeRequestXML {
'samlp:AuthnRequest': XMLInput;
}
export interface LogoutRequestXML {
'samlp:LogoutRequest': {
'saml:NameID': XMLInput;
[key: string]: XMLValue;
};
}
export interface ServiceMetadataXML {
EntityDescriptor: {
[key: string]: XMLValue;
SPSSODescriptor: XMLObject;
};
}
export interface AudienceRestrictionXML {
Audience?: XMLObject[];
}
export declare type XMLOutput = Record<string, any>;
export interface SamlIDPListConfig {
entries: SamlIDPEntryConfig[];
getComplete?: string;
}
export interface SamlIDPEntryConfig {
providerId: string;
name?: string;
loc?: string;
}
export declare type Profile = {
issuer?: string;
sessionIndex?: string;
nameID?: string;
nameIDFormat?: string;
nameQualifier?: string;
spNameQualifier?: string;
ID?: string;
mail?: string;
email?: string;
['urn:oid:0.9.2342.19200300.100.1.3']?: string;
getAssertionXml(): string;
getAssertion(): Record<string, unknown>;
getSamlResponseXml(): string;
} & {
[attributeName: string]: unknown;
};
export interface RequestWithUser extends express.Request {
samlLogoutRequest: any;
user?: Profile;
}
export declare type VerifiedCallback = (err: Error | null, user?: Record<string, unknown>, info?: Record<string, unknown>) => void;
export declare type VerifyWithRequest = (req: express.Request, profile: Profile | null | undefined, done: VerifiedCallback) => void;
export declare type VerifyWithoutRequest = (profile: Profile | null | undefined, done: VerifiedCallback) => void;
export declare type SamlOptionsCallback = (err: Error | null, samlOptions?: SamlConfig) => void;
export interface MultiSamlConfig extends SamlConfig {
getSamlOptions(req: express.Request, callback: SamlOptionsCallback): void;
}
export {};

3
node_modules/passport-saml/lib/passport-saml/types.js generated vendored Normal file
View file

@ -0,0 +1,3 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
//# sourceMappingURL=types.js.map

1
node_modules/passport-saml/lib/passport-saml/types.js.map generated vendored Normal file
View file

@ -0,0 +1 @@
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/passport-saml/types.ts"],"names":[],"mappings":"","sourcesContent":["import type * as express from 'express';\nimport * as passport from 'passport';\nimport type { CacheProvider } from './inmemory-cache-provider';\n\nexport type CertCallback = (callback: (err: Error | null, cert?: string | string[]) => void) => void;\n\nexport interface AuthenticateOptions extends passport.AuthenticateOptions {\n additionalParams?: Record<string, any>;\n}\n\nexport interface AuthorizeOptions extends AuthenticateOptions {\n samlFallback?: 'login-request' | 'logout-request';\n}\n\nexport interface SAMLOptions {\n // Core\n callbackUrl: string;\n path: string;\n protocol: string;\n host: string;\n entryPoint: string;\n issuer: string;\n /** @deprecated use privateKey field instead */\n privateCert?: string;\n privateKey: string;\n cert: string | string[] | CertCallback;\n decryptionPvk: string;\n signatureAlgorithm: 'sha1' | 'sha256' | 'sha512';\n\n // Additional SAML behaviors\n additionalParams: Record<string, string>;\n additionalAuthorizeParams: Record<string, string>;\n identifierFormat: string;\n acceptedClockSkewMs: number;\n attributeConsumingServiceIndex: string | null;\n disableRequestedAuthnContext: boolean;\n authnContext: string | string[];\n forceAuthn: boolean;\n skipRequestCompression: boolean;\n /** @deprecated use racComparison field instead */\n RACComparison?: 'exact' | 'minimum' | 'maximum' | 'better';\n racComparison: 'exact' | 'minimum' | 'maximum' | 'better';\n providerName: string;\n passive: boolean;\n idpIssuer: string;\n audience: string;\n scoping : SamlScopingConfig;\n\n // InResponseTo Validation\n validateInResponseTo: boolean;\n requestIdExpirationPeriodMs: number;\n cacheProvider: CacheProvider;\n\n // Logout\n logoutUrl: string;\n additionalLogoutParams: Record<string, string>;\n logoutCallbackUrl: string;\n\n // extras\n xmlSignatureTransforms: string[];\n digestAlgorithm: string;\n /** @deprecated use disableRequestAcsUrl field instead */\n disableRequestACSUrl?: boolean;\n disableRequestAcsUrl: boolean;\n}\n\nexport type SamlConfig = Partial<SAMLOptions> & StrategyOptions\n\ninterface StrategyOptions {\n name?: string;\n passReqToCallback?: boolean;\n authnRequestBinding?: string;\n}\n\nexport interface SamlScopingConfig {\n idpList?: SamlIDPListConfig[];\n proxyCount?: number;\n requesterId?: string[];\n}\n\nexport type XMLValue = string | number | boolean | null | XMLObject | XMLValue[];\n\nexport type XMLObject = {\n [key: string]: XMLValue;\n};\n\nexport type XMLInput = XMLObject;\n\nexport interface AuthorizeRequestXML {\n 'samlp:AuthnRequest': XMLInput;\n}\n\nexport interface LogoutRequestXML {\n 'samlp:LogoutRequest': {\n 'saml:NameID': XMLInput;\n [key: string]: XMLValue;\n };\n}\n\nexport interface ServiceMetadataXML {\n EntityDescriptor: {\n [key: string]: XMLValue;\n SPSSODescriptor: XMLObject;\n };\n}\n\nexport interface AudienceRestrictionXML {\n Audience?: XMLObject[];\n}\n\nexport type XMLOutput = Record<string, any>;\n\nexport interface SamlIDPListConfig {\n entries: SamlIDPEntryConfig[];\n getComplete?: string;\n}\n\nexport interface SamlIDPEntryConfig {\n providerId: string;\n name?: string;\n loc?: string;\n}\n\nexport type Profile = {\n issuer?: string;\n sessionIndex?: string;\n nameID?: string;\n nameIDFormat?: string;\n nameQualifier?: string;\n spNameQualifier?: string;\n ID?: string;\n mail?: string; // InCommon Attribute urn:oid:0.9.2342.19200300.100.1.3\n email?: string; // `mail` if not present in the assertion\n ['urn:oid:0.9.2342.19200300.100.1.3']?: string;\n getAssertionXml(): string; // get the raw assertion XML\n getAssertion(): Record<string, unknown>; // get the assertion XML parsed as a JavaScript object\n getSamlResponseXml(): string; // get the raw SAML response XML\n } & {\n [attributeName: string]: unknown; // arbitrary `AttributeValue`s\n };\n\n export interface RequestWithUser extends express.Request {\n samlLogoutRequest: any;\n user?: Profile\n}\n\nexport type VerifiedCallback = (err: Error | null, user?: Record<string, unknown>, info?: Record<string, unknown>) => void;\n\nexport type VerifyWithRequest = (req: express.Request, profile: Profile | null | undefined, done: VerifiedCallback) => void;\n\nexport type VerifyWithoutRequest = (profile: Profile | null | undefined, done: VerifiedCallback) => void;\n\nexport type SamlOptionsCallback = (err: Error | null, samlOptions?: SamlConfig) => void;\n\nexport interface MultiSamlConfig extends SamlConfig {\n getSamlOptions(req: express.Request, callback: SamlOptionsCallback): void;\n}\n"]}

4
node_modules/passport-saml/lib/passport-saml/utility.d.ts generated vendored Normal file
View file

@ -0,0 +1,4 @@
import { SamlSigningOptions } from "./types";
export declare function assertRequired<T>(value: T | null | undefined, error?: string): T;
export declare function signXml(samlMessage: string, xpath: string, options: SamlSigningOptions): string;
export declare function signXmlResponse(samlMessage: string, options: SamlSigningOptions): string;

47
node_modules/passport-saml/lib/passport-saml/utility.js generated vendored Normal file
View file

@ -0,0 +1,47 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.signXmlResponse = exports.signXml = exports.assertRequired = void 0;
const xml_crypto_1 = require("xml-crypto");
const algorithms = require("./algorithms");
function assertRequired(value, error) {
if (value === undefined || value === null || (typeof value === "string" && value.length === 0)) {
throw new TypeError(error !== null && error !== void 0 ? error : "value does not exist");
}
else {
return value;
}
}
exports.assertRequired = assertRequired;
function signXml(samlMessage, xpath, options) {
const defaultTransforms = [
"http://www.w3.org/2000/09/xmldsig#enveloped-signature",
"http://www.w3.org/2001/10/xml-exc-c14n#",
];
if (!samlMessage)
throw new Error("samlMessage is required");
if (!xpath)
throw new Error("xpath is required");
if (!options) {
options = {};
}
if (!options.privateKey)
throw new Error("options.privateKey is required");
const transforms = options.xmlSignatureTransforms || defaultTransforms;
const sig = new xml_crypto_1.SignedXml();
if (options.signatureAlgorithm) {
sig.signatureAlgorithm = algorithms.getSigningAlgorithm(options.signatureAlgorithm);
}
sig.addReference(xpath, transforms, algorithms.getDigestAlgorithm(options.digestAlgorithm));
sig.signingKey = options.privateKey;
sig.computeSignature(samlMessage, {
location: { reference: xpath, action: "append" },
});
return sig.getSignedXml();
}
exports.signXml = signXml;
function signXmlResponse(samlMessage, options) {
const responseXpath = '//*[local-name(.)="Response" and namespace-uri(.)="urn:oasis:names:tc:SAML:2.0:protocol"]';
return signXml(samlMessage, responseXpath, options);
}
exports.signXmlResponse = signXmlResponse;
//# sourceMappingURL=utility.js.map

1
node_modules/passport-saml/lib/passport-saml/utility.js.map generated vendored Normal file
View file

@ -0,0 +1 @@
{"version":3,"file":"utility.js","sourceRoot":"","sources":["../../src/passport-saml/utility.ts"],"names":[],"mappings":";;;AAAA,2CAAuC;AAEvC,2CAA2C;AAE3C,SAAgB,cAAc,CAAI,KAA2B,EAAE,KAAc;IAC3E,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,EAAE;QAC9F,MAAM,IAAI,SAAS,CAAC,KAAK,aAAL,KAAK,cAAL,KAAK,GAAI,sBAAsB,CAAC,CAAC;KACtD;SAAM;QACL,OAAO,KAAK,CAAC;KACd;AACH,CAAC;AAND,wCAMC;AAED,SAAgB,OAAO,CAAC,WAAmB,EAAE,KAAa,EAAE,OAA2B;IACrF,MAAM,iBAAiB,GAAG;QACxB,uDAAuD;QACvD,yCAAyC;KAC1C,CAAC;IAEF,IAAI,CAAC,WAAW;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7D,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACjD,IAAI,CAAC,OAAO,EAAE;QACZ,OAAO,GAAG,EAAwB,CAAC;KACpC;IAED,IAAI,CAAC,OAAO,CAAC,UAAU;QAAE,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IAE3E,MAAM,UAAU,GAAG,OAAO,CAAC,sBAAsB,IAAI,iBAAiB,CAAC;IACvE,MAAM,GAAG,GAAG,IAAI,sBAAS,EAAE,CAAC;IAC5B,IAAI,OAAO,CAAC,kBAAkB,EAAE;QAC9B,GAAG,CAAC,kBAAkB,GAAG,UAAU,CAAC,mBAAmB,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;KACrF;IACD,GAAG,CAAC,YAAY,CAAC,KAAK,EAAE,UAAU,EAAE,UAAU,CAAC,kBAAkB,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC;IAC5F,GAAG,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACpC,GAAG,CAAC,gBAAgB,CAAC,WAAW,EAAE;QAChC,QAAQ,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE;KACjD,CAAC,CAAC;IAEH,OAAO,GAAG,CAAC,YAAY,EAAE,CAAC;AAC5B,CAAC;AA1BD,0BA0BC;AAED,SAAgB,eAAe,CAAC,WAAmB,EAAE,OAA2B;IAC9E,MAAM,aAAa,GACjB,2FAA2F,CAAC;IAE9F,OAAO,OAAO,CAAC,WAAW,EAAE,aAAa,EAAE,OAAO,CAAC,CAAC;AACtD,CAAC;AALD,0CAKC","sourcesContent":["import { SignedXml } from \"xml-crypto\";\nimport { SamlSigningOptions } from \"./types\";\nimport * as algorithms from \"./algorithms\";\n\nexport function assertRequired<T>(value: T | null | undefined, error?: string): T {\n if (value === undefined || value === null || (typeof value === \"string\" && value.length === 0)) {\n throw new TypeError(error ?? \"value does not exist\");\n } else {\n return value;\n }\n}\n\nexport function signXml(samlMessage: string, xpath: string, options: SamlSigningOptions): string {\n const defaultTransforms = [\n \"http://www.w3.org/2000/09/xmldsig#enveloped-signature\",\n \"http://www.w3.org/2001/10/xml-exc-c14n#\",\n ];\n\n if (!samlMessage) throw new Error(\"samlMessage is required\");\n if (!xpath) throw new Error(\"xpath is required\");\n if (!options) {\n options = {} as SamlSigningOptions;\n }\n\n if (!options.privateKey) throw new Error(\"options.privateKey is required\");\n\n const transforms = options.xmlSignatureTransforms || defaultTransforms;\n const sig = new SignedXml();\n if (options.signatureAlgorithm) {\n sig.signatureAlgorithm = algorithms.getSigningAlgorithm(options.signatureAlgorithm);\n }\n sig.addReference(xpath, transforms, algorithms.getDigestAlgorithm(options.digestAlgorithm));\n sig.signingKey = options.privateKey;\n sig.computeSignature(samlMessage, {\n location: { reference: xpath, action: \"append\" },\n });\n\n return sig.getSignedXml();\n}\n\nexport function signXmlResponse(samlMessage: string, options: SamlSigningOptions): string {\n const responseXpath =\n '//*[local-name(.)=\"Response\" and namespace-uri(.)=\"urn:oasis:names:tc:SAML:2.0:protocol\"]';\n\n return signXml(samlMessage, responseXpath, options);\n}\n"]}

14
node_modules/passport-saml/lib/passport-saml/xml.d.ts generated vendored Normal file
View file

@ -0,0 +1,14 @@
/// <reference types="node" />
export declare const xpath: {
selectAttributes: (node: Node, xpath: string) => Attr[];
selectElements: (node: Node, xpath: string) => Element[];
};
export declare const decryptXml: (xml: string, decryptionKey: string | Buffer) => Promise<string>;
/**
* This function checks that the |signature| is signed with a given |cert|.
*/
export declare const validateXmlSignatureForCert: (signature: Node, certPem: string, fullXml: string, currentNode: Element) => boolean;
export declare const parseDomFromString: (xml: string) => Document;
export declare const parseXml2JsFromString: (xml: string | Buffer) => Promise<any>;
export declare const buildXml2JsObject: (rootName: string, xml: any) => string;
export declare const buildXmlBuilderObject: (xml: Record<string, any>, pretty: boolean) => string;

104
node_modules/passport-saml/lib/passport-saml/xml.js generated vendored Normal file
View file

@ -0,0 +1,104 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.buildXmlBuilderObject = exports.buildXml2JsObject = exports.parseXml2JsFromString = exports.parseDomFromString = exports.validateXmlSignatureForCert = exports.decryptXml = exports.xpath = void 0;
const util = require("util");
const xmlCrypto = require("xml-crypto");
const xmlenc = require("xml-encryption");
const xmldom = require("xmldom");
const xml2js = require("xml2js");
const xmlbuilder = require("xmlbuilder");
const selectXPath = (guard, node, xpath) => {
const result = xmlCrypto.xpath(node, xpath);
if (!guard(result)) {
throw new Error("invalid xpath return type");
}
return result;
};
const attributesXPathTypeGuard = (values) => {
return values.every((value) => {
if (typeof value != "object") {
return false;
}
return typeof value.nodeType === "number" && value.nodeType === value.ATTRIBUTE_NODE;
});
};
const elementsXPathTypeGuard = (values) => {
return values.every((value) => {
if (typeof value != "object") {
return false;
}
return typeof value.nodeType === "number" && value.nodeType === value.ELEMENT_NODE;
});
};
exports.xpath = {
selectAttributes: (node, xpath) => selectXPath(attributesXPathTypeGuard, node, xpath),
selectElements: (node, xpath) => selectXPath(elementsXPathTypeGuard, node, xpath),
};
const decryptXml = async (xml, decryptionKey) => util.promisify(xmlenc.decrypt).bind(xmlenc)(xml, { key: decryptionKey });
exports.decryptXml = decryptXml;
const normalizeNewlines = (xml) => {
// we can use this utility before passing XML to `xml-crypto`
// we are considered the XML processor and are responsible for newline normalization
// https://github.com/node-saml/passport-saml/issues/431#issuecomment-718132752
return xml.replace(/\r\n?/g, "\n");
};
/**
* This function checks that the |signature| is signed with a given |cert|.
*/
const validateXmlSignatureForCert = (signature, certPem, fullXml, currentNode) => {
const sig = new xmlCrypto.SignedXml();
sig.keyInfoProvider = {
file: "",
getKeyInfo: () => "<X509Data></X509Data>",
getKey: () => Buffer.from(certPem),
};
const signatureStr = normalizeNewlines(signature.toString());
sig.loadSignature(signatureStr);
// We expect each signature to contain exactly one reference to the top level of the xml we
// are validating, so if we see anything else, reject.
if (sig.references.length != 1)
return false;
const refUri = sig.references[0].uri;
const refId = refUri[0] === "#" ? refUri.substring(1) : refUri;
// If we can't find the reference at the top level, reject
const idAttribute = currentNode.getAttribute("ID") ? "ID" : "Id";
if (currentNode.getAttribute(idAttribute) != refId)
return false;
// If we find any extra referenced nodes, reject. (xml-crypto only verifies one digest, so
// multiple candidate references is bad news)
const totalReferencedNodes = exports.xpath.selectElements(currentNode.ownerDocument, "//*[@" + idAttribute + "='" + refId + "']");
if (totalReferencedNodes.length > 1) {
return false;
}
fullXml = normalizeNewlines(fullXml);
return sig.checkSignature(fullXml);
};
exports.validateXmlSignatureForCert = validateXmlSignatureForCert;
const parseDomFromString = (xml) => {
return new xmldom.DOMParser().parseFromString(xml);
};
exports.parseDomFromString = parseDomFromString;
const parseXml2JsFromString = async (xml) => {
const parserConfig = {
explicitRoot: true,
explicitCharkey: true,
tagNameProcessors: [xml2js.processors.stripPrefix],
};
const parser = new xml2js.Parser(parserConfig);
return parser.parseStringPromise(xml);
};
exports.parseXml2JsFromString = parseXml2JsFromString;
const buildXml2JsObject = (rootName, xml) => {
const builderOpts = {
rootName,
headless: true,
};
return new xml2js.Builder(builderOpts).buildObject(xml);
};
exports.buildXml2JsObject = buildXml2JsObject;
const buildXmlBuilderObject = (xml, pretty) => {
const options = pretty ? { pretty: true, indent: " ", newline: "\n" } : {};
return xmlbuilder.create(xml).end(options);
};
exports.buildXmlBuilderObject = buildXmlBuilderObject;
//# sourceMappingURL=xml.js.map

1
node_modules/passport-saml/lib/passport-saml/xml.js.map generated vendored Normal file
View file

File diff suppressed because one or more lines are too long

5
node_modules/passport-saml/lib/src/passport-saml/algorithms.d.ts generated vendored Normal file
View file

@ -0,0 +1,5 @@
/// <reference types="node" />
import * as crypto from 'crypto';
export declare function getSigningAlgorithm(shortName: string): string;
export declare function getDigestAlgorithm(shortName: string): string;
export declare function getSigner(shortName: string): crypto.Signer;

38
node_modules/passport-saml/lib/src/passport-saml/algorithms.js generated vendored Normal file
View file

@ -0,0 +1,38 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.getSigner = exports.getDigestAlgorithm = exports.getSigningAlgorithm = void 0;
const crypto = require("crypto");
function getSigningAlgorithm(shortName) {
switch (shortName) {
case 'sha256':
return 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';
case 'sha512':
return 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512';
default:
return 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';
}
}
exports.getSigningAlgorithm = getSigningAlgorithm;
function getDigestAlgorithm(shortName) {
switch (shortName) {
case 'sha256':
return 'http://www.w3.org/2001/04/xmlenc#sha256';
case 'sha512':
return 'http://www.w3.org/2001/04/xmlenc#sha512';
default:
return 'http://www.w3.org/2000/09/xmldsig#sha1';
}
}
exports.getDigestAlgorithm = getDigestAlgorithm;
function getSigner(shortName) {
switch (shortName) {
case 'sha256':
return crypto.createSign('RSA-SHA256');
case 'sha512':
return crypto.createSign('RSA-SHA512');
default:
return crypto.createSign('RSA-SHA1');
}
}
exports.getSigner = getSigner;
//# sourceMappingURL=algorithms.js.map

1
node_modules/passport-saml/lib/src/passport-saml/algorithms.js.map generated vendored Normal file
View file

@ -0,0 +1 @@
{"version":3,"file":"algorithms.js","sourceRoot":"","sources":["../../../src/passport-saml/algorithms.ts"],"names":[],"mappings":";;;AAAA,iCAAiC;AAEjC,SAAgB,mBAAmB,CAAE,SAAiB;IACpD,QAAO,SAAS,EAAE;QAChB,KAAK,QAAQ;YACX,OAAO,mDAAmD,CAAC;QAC7D,KAAK,QAAQ;YACX,OAAO,mDAAmD,CAAC;QAC7D;YACE,OAAO,4CAA4C,CAAC;KACvD;AACH,CAAC;AATD,kDASC;AAED,SAAgB,kBAAkB,CAAE,SAAiB;IACnD,QAAO,SAAS,EAAE;QAChB,KAAK,QAAQ;YACX,OAAO,yCAAyC,CAAC;QACnD,KAAK,QAAQ;YACX,OAAO,yCAAyC,CAAC;QACnD;YACE,OAAO,wCAAwC,CAAC;KACnD;AACH,CAAC;AATD,gDASC;AAED,SAAgB,SAAS,CAAE,SAAiB;IAC1C,QAAO,SAAS,EAAE;QAChB,KAAK,QAAQ;YACX,OAAO,MAAM,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;QACzC,KAAK,QAAQ;YACX,OAAO,MAAM,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;QACzC;YACE,OAAO,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;KACxC;AACH,CAAC;AATD,8BASC","sourcesContent":["import * as crypto from 'crypto';\n\nexport function getSigningAlgorithm (shortName: string): string {\n switch(shortName) {\n case 'sha256':\n return 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';\n case 'sha512':\n return 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512';\n default:\n return 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';\n }\n}\n\nexport function getDigestAlgorithm (shortName: string): string {\n switch(shortName) {\n case 'sha256':\n return 'http://www.w3.org/2001/04/xmlenc#sha256';\n case 'sha512':\n return 'http://www.w3.org/2001/04/xmlenc#sha512';\n default:\n return 'http://www.w3.org/2000/09/xmldsig#sha1';\n }\n}\n\nexport function getSigner (shortName: string): crypto.Signer {\n switch(shortName) {\n case 'sha256':\n return crypto.createSign('RSA-SHA256');\n case 'sha512':\n return crypto.createSign('RSA-SHA512');\n default:\n return crypto.createSign('RSA-SHA1');\n }\n}\n"]}

6
node_modules/passport-saml/lib/src/passport-saml/index.d.ts generated vendored Normal file
View file

@ -0,0 +1,6 @@
import type { CacheItem, CacheProvider } from './inmemory-cache-provider';
import { SAML } from './saml';
import Strategy = require('./strategy');
import MultiSamlStrategy = require('./multiSamlStrategy');
import type { Profile, SamlConfig, VerifiedCallback, VerifyWithRequest, VerifyWithoutRequest } from './types';
export { SAML, Strategy, MultiSamlStrategy, CacheItem, CacheProvider, Profile, SamlConfig, VerifiedCallback, VerifyWithRequest, VerifyWithoutRequest };

10
node_modules/passport-saml/lib/src/passport-saml/index.js generated vendored Normal file
View file

@ -0,0 +1,10 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.MultiSamlStrategy = exports.Strategy = exports.SAML = void 0;
const saml_1 = require("./saml");
Object.defineProperty(exports, "SAML", { enumerable: true, get: function () { return saml_1.SAML; } });
const Strategy = require("./strategy");
exports.Strategy = Strategy;
const MultiSamlStrategy = require("./multiSamlStrategy");
exports.MultiSamlStrategy = MultiSamlStrategy;
//# sourceMappingURL=index.js.map

1
node_modules/passport-saml/lib/src/passport-saml/index.js.map generated vendored Normal file
View file

@ -0,0 +1 @@
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/passport-saml/index.ts"],"names":[],"mappings":";;;AACA,iCAA8B;AAKrB,qFALA,WAAI,OAKA;AAJb,uCAAwC;AAIzB,4BAAQ;AAHvB,yDAA0D;AAGjC,8CAAiB","sourcesContent":["import type { CacheItem, CacheProvider} from './inmemory-cache-provider';\nimport { SAML } from './saml';\nimport Strategy = require('./strategy');\nimport MultiSamlStrategy = require('./multiSamlStrategy');\nimport type { Profile, SamlConfig, VerifiedCallback, VerifyWithRequest, VerifyWithoutRequest } from './types';\n\nexport { SAML, Strategy, MultiSamlStrategy, CacheItem, CacheProvider, Profile, SamlConfig, VerifiedCallback, VerifyWithRequest, VerifyWithoutRequest };\n"]}

45
node_modules/passport-saml/lib/src/passport-saml/inmemory-cache-provider.d.ts generated vendored Normal file
View file

@ -0,0 +1,45 @@
/**
* Simple in memory cache provider. To be used to store state of requests that needs
* to be validated/checked when a response is received.
*
* This is the default implementation of a cache provider used by Passport-SAML. For
* multiple server instances/load balanced scenarios (I.e. the SAML request could have
* been generated from a different server/process handling the SAML response) this
* implementation will NOT be sufficient.
*
* The caller should provide their own implementation for a cache provider as defined
* in the config options for Passport-SAML.
* @param options
* @constructor
*/
export interface CacheItem {
value: string;
createdAt: number;
}
interface CacheProviderOptions {
keyExpirationPeriodMs: number;
}
export declare class CacheProvider {
cacheKeys: Record<string, CacheItem>;
options: CacheProviderOptions;
constructor(options: Partial<CacheProviderOptions>);
/**
* Store an item in the cache, using the specified key and value.
* Internally will keep track of the time the item was added to the cache
* @param id
* @param value
*/
save(key: string, value: string, callback: (error: null, value: CacheItem | null) => void): void;
/**
* Returns the value of the specified key in the cache
* @param id
* @returns {boolean}
*/
get(key: string, callback: (key: string | null, value: string | null) => void): void;
/**
* Removes an item from the cache if it exists
* @param key
*/
remove(key: string, callback: (err: Error | null, key: string | null) => void): void;
}
export {};

90
node_modules/passport-saml/lib/src/passport-saml/inmemory-cache-provider.js generated vendored Normal file
View file

@ -0,0 +1,90 @@
"use strict";
/**
* Simple in memory cache provider. To be used to store state of requests that needs
* to be validated/checked when a response is received.
*
* This is the default implementation of a cache provider used by Passport-SAML. For
* multiple server instances/load balanced scenarios (I.e. the SAML request could have
* been generated from a different server/process handling the SAML response) this
* implementation will NOT be sufficient.
*
* The caller should provide their own implementation for a cache provider as defined
* in the config options for Passport-SAML.
* @param options
* @constructor
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.CacheProvider = void 0;
class CacheProvider {
constructor(options) {
this.cacheKeys = {};
if (!options) {
options = {};
}
if (!options.keyExpirationPeriodMs) {
options.keyExpirationPeriodMs = 28800000; // 8 hours
}
this.options = options;
// Expire old cache keys
const expirationTimer = setInterval(() => {
const nowMs = new Date().getTime();
const keys = Object.keys(this.cacheKeys);
keys.forEach((key) => {
if (nowMs >= new Date(this.cacheKeys[key].createdAt).getTime() + this.options.keyExpirationPeriodMs) {
this.remove(key, () => undefined);
}
});
}, this.options.keyExpirationPeriodMs);
// we only want this to run if the process is still open; it shouldn't hold the process open (issue #68)
// (unref only introduced in node 0.9, so check whether we have it)
// Skip this in 0.10.34 due to https://github.com/joyent/node/issues/8900
if (expirationTimer.unref && process.version !== 'v0.10.34')
expirationTimer.unref();
}
/**
* Store an item in the cache, using the specified key and value.
* Internally will keep track of the time the item was added to the cache
* @param id
* @param value
*/
save(key, value, callback) {
if (!this.cacheKeys[key]) {
this.cacheKeys[key] = {
createdAt: new Date().getTime(),
value: value
};
callback(null, this.cacheKeys[key]);
}
else {
callback(null, null);
}
}
/**
* Returns the value of the specified key in the cache
* @param id
* @returns {boolean}
*/
get(key, callback) {
if (this.cacheKeys[key]) {
callback(null, this.cacheKeys[key].value);
}
else {
callback(null, null);
}
}
/**
* Removes an item from the cache if it exists
* @param key
*/
remove(key, callback) {
if (this.cacheKeys[key]) {
delete this.cacheKeys[key];
callback(null, key);
}
else {
callback(null, null);
}
}
}
exports.CacheProvider = CacheProvider;
//# sourceMappingURL=inmemory-cache-provider.js.map

1
node_modules/passport-saml/lib/src/passport-saml/inmemory-cache-provider.js.map generated vendored Normal file
View file

File diff suppressed because one or more lines are too long

12
node_modules/passport-saml/lib/src/passport-saml/multiSamlStrategy.d.ts generated vendored Normal file
View file

@ -0,0 +1,12 @@
import SamlStrategy = require('./strategy');
import type { Request } from 'express';
import { AuthenticateOptions, AuthorizeOptions, MultiSamlConfig, RequestWithUser, VerifyWithoutRequest, VerifyWithRequest } from './types';
declare class MultiSamlStrategy extends SamlStrategy {
_options: MultiSamlConfig;
constructor(options: MultiSamlConfig, verify: VerifyWithRequest | VerifyWithoutRequest);
authenticate(req: RequestWithUser, options: AuthenticateOptions & AuthorizeOptions): void;
logout(req: RequestWithUser, callback: (err: Error | null, url?: string | null | undefined) => void): void;
/** @ts-expect-error typescript disallows changing method signature in a subclass */
generateServiceProviderMetadata(req: Request, decryptionCert: string | null, signingCert: string | null, callback: (err: Error | null, metadata?: string) => void): void;
}
export = MultiSamlStrategy;

58
node_modules/passport-saml/lib/src/passport-saml/multiSamlStrategy.js generated vendored Normal file
View file

@ -0,0 +1,58 @@
"use strict";
const saml = require("./saml");
const inmemory_cache_provider_1 = require("./inmemory-cache-provider");
const SamlStrategy = require("./strategy");
class MultiSamlStrategy extends SamlStrategy {
constructor(options, verify) {
if (!options || typeof options.getSamlOptions != 'function') {
throw new Error('Please provide a getSamlOptions function');
}
if (!options.requestIdExpirationPeriodMs) {
options.requestIdExpirationPeriodMs = 28800000; // 8 hours
}
if (!options.cacheProvider) {
options.cacheProvider = new inmemory_cache_provider_1.CacheProvider({ keyExpirationPeriodMs: options.requestIdExpirationPeriodMs });
}
super(options, verify);
this._options = options;
}
authenticate(req, options) {
this._options.getSamlOptions(req, (err, samlOptions) => {
if (err) {
return this.error(err);
}
const samlService = new saml.SAML({ ...this._options, ...samlOptions });
const strategy = Object.assign({}, this, { _saml: samlService });
Object.setPrototypeOf(strategy, this);
super.authenticate.call(strategy, req, options);
});
}
logout(req, callback) {
this._options.getSamlOptions(req, (err, samlOptions) => {
if (err) {
return callback(err);
}
const samlService = new saml.SAML(Object.assign({}, this._options, samlOptions));
const strategy = Object.assign({}, this, { _saml: samlService });
Object.setPrototypeOf(strategy, this);
super.logout.call(strategy, req, callback);
});
}
/** @ts-expect-error typescript disallows changing method signature in a subclass */
generateServiceProviderMetadata(req, decryptionCert, signingCert, callback) {
if (typeof callback !== 'function') {
throw new Error("Metadata can't be provided synchronously for MultiSamlStrategy.");
}
return this._options.getSamlOptions(req, (err, samlOptions) => {
if (err) {
return callback(err);
}
const samlService = new saml.SAML(Object.assign({}, this._options, samlOptions));
const strategy = Object.assign({}, this, { _saml: samlService });
Object.setPrototypeOf(strategy, this);
return callback(null, super.generateServiceProviderMetadata.call(strategy, decryptionCert, signingCert));
});
}
}
module.exports = MultiSamlStrategy;
//# sourceMappingURL=multiSamlStrategy.js.map

1
node_modules/passport-saml/lib/src/passport-saml/multiSamlStrategy.js.map generated vendored Normal file
View file

File diff suppressed because one or more lines are too long

3
node_modules/passport-saml/lib/src/passport-saml/saml-post-signing.d.ts generated vendored Normal file
View file

@ -0,0 +1,3 @@
import { SAMLOptions } from './types';
export declare function signSamlPost(samlMessage: string, xpath: string, options: SAMLOptions): string;
export declare function signAuthnRequestPost(authnRequest: string, options: SAMLOptions): string;

40
node_modules/passport-saml/lib/src/passport-saml/saml-post-signing.js generated vendored Normal file
View file

@ -0,0 +1,40 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.signAuthnRequestPost = exports.signSamlPost = void 0;
const xml_crypto_1 = require("xml-crypto");
const algorithms = require("./algorithms");
const authnRequestXPath = '/*[local-name(.)="AuthnRequest" and namespace-uri(.)="urn:oasis:names:tc:SAML:2.0:protocol"]';
const issuerXPath = '/*[local-name(.)="Issuer" and namespace-uri(.)="urn:oasis:names:tc:SAML:2.0:assertion"]';
const defaultTransforms = ['http://www.w3.org/2000/09/xmldsig#enveloped-signature', 'http://www.w3.org/2001/10/xml-exc-c14n#'];
function signSamlPost(samlMessage, xpath, options) {
if (!samlMessage)
throw new Error('samlMessage is required');
if (!xpath)
throw new Error('xpath is required');
if (!options) {
options = {};
}
if (options.privateCert) {
console.warn("options.privateCert has been deprecated; use options.privateKey instead.");
if (!options.privateKey) {
options.privateKey = options.privateCert;
}
}
if (!options.privateKey)
throw new Error('options.privateKey is required');
const transforms = options.xmlSignatureTransforms || defaultTransforms;
const sig = new xml_crypto_1.SignedXml();
if (options.signatureAlgorithm) {
sig.signatureAlgorithm = algorithms.getSigningAlgorithm(options.signatureAlgorithm);
}
sig.addReference(xpath, transforms, algorithms.getDigestAlgorithm(options.digestAlgorithm));
sig.signingKey = options.privateKey;
sig.computeSignature(samlMessage, { location: { reference: xpath + issuerXPath, action: 'after' } });
return sig.getSignedXml();
}
exports.signSamlPost = signSamlPost;
function signAuthnRequestPost(authnRequest, options) {
return signSamlPost(authnRequest, authnRequestXPath, options);
}
exports.signAuthnRequestPost = signAuthnRequestPost;
//# sourceMappingURL=saml-post-signing.js.map

1
node_modules/passport-saml/lib/src/passport-saml/saml-post-signing.js.map generated vendored Normal file
View file

@ -0,0 +1 @@
{"version":3,"file":"saml-post-signing.js","sourceRoot":"","sources":["../../../src/passport-saml/saml-post-signing.ts"],"names":[],"mappings":";;;AAAA,2CAAuC;AACvC,2CAA2C;AAG3C,MAAM,iBAAiB,GAAG,8FAA8F,CAAC;AACzH,MAAM,WAAW,GAAG,yFAAyF,CAAC;AAC9G,MAAM,iBAAiB,GAAG,CAAE,uDAAuD,EAAE,yCAAyC,CAAE,CAAC;AAEjI,SAAgB,YAAY,CAAC,WAAmB,EAAE,KAAa,EAAE,OAAoB;IACnF,IAAI,CAAC,WAAW;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7D,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACjD,IAAI,CAAC,OAAO,EAAE;QACZ,OAAO,GAAG,EAAiB,CAAC;KAC7B;IAED,IAAI,OAAO,CAAC,WAAW,EAAE;QACvB,OAAO,CAAC,IAAI,CAAC,0EAA0E,CAAC,CAAC;QAEzF,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE;YACvB,OAAO,CAAC,UAAU,GAAG,OAAO,CAAC,WAAW,CAAC;SAC1C;KACF;IAED,IAAI,CAAC,OAAO,CAAC,UAAU;QAAE,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IAE3E,MAAM,UAAU,GAAG,OAAO,CAAC,sBAAsB,IAAI,iBAAiB,CAAC;IACvE,MAAM,GAAG,GAAG,IAAI,sBAAS,EAAE,CAAC;IAC5B,IAAI,OAAO,CAAC,kBAAkB,EAAE;QAC9B,GAAG,CAAC,kBAAkB,GAAG,UAAU,CAAC,mBAAmB,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;KACrF;IACD,GAAG,CAAC,YAAY,CAAC,KAAK,EAAE,UAAU,EAAE,UAAU,CAAC,kBAAkB,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC;IAC5F,GAAG,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACpC,GAAG,CAAC,gBAAgB,CAAC,WAAW,EAAE,EAAE,QAAQ,EAAE,EAAE,SAAS,EAAE,KAAK,GAAG,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,EAAC,CAAC,CAAC;IACpG,OAAO,GAAG,CAAC,YAAY,EAAE,CAAC;AAC5B,CAAC;AA1BD,oCA0BC;AAED,SAAgB,oBAAoB,CAAC,YAAoB,EAAE,OAAoB;IAC7E,OAAO,YAAY,CAAC,YAAY,EAAE,iBAAiB,EAAE,OAAO,CAAC,CAAC;AAChE,CAAC;AAFD,oDAEC","sourcesContent":["import { SignedXml } from 'xml-crypto';\nimport * as algorithms from './algorithms';\nimport { SAMLOptions } from './types';\n\nconst authnRequestXPath = '/*[local-name(.)=\"AuthnRequest\" and namespace-uri(.)=\"urn:oasis:names:tc:SAML:2.0:protocol\"]';\nconst issuerXPath = '/*[local-name(.)=\"Issuer\" and namespace-uri(.)=\"urn:oasis:names:tc:SAML:2.0:assertion\"]';\nconst defaultTransforms = [ 'http://www.w3.org/2000/09/xmldsig#enveloped-signature', 'http://www.w3.org/2001/10/xml-exc-c14n#' ];\n\nexport function signSamlPost(samlMessage: string, xpath: string, options: SAMLOptions) {\n if (!samlMessage) throw new Error('samlMessage is required');\n if (!xpath) throw new Error('xpath is required');\n if (!options) {\n options = {} as SAMLOptions;\n }\n\n if (options.privateCert) {\n console.warn(\"options.privateCert has been deprecated; use options.privateKey instead.\");\n\n if (!options.privateKey) {\n options.privateKey = options.privateCert;\n }\n }\n\n if (!options.privateKey) throw new Error('options.privateKey is required');\n\n const transforms = options.xmlSignatureTransforms || defaultTransforms;\n const sig = new SignedXml();\n if (options.signatureAlgorithm) {\n sig.signatureAlgorithm = algorithms.getSigningAlgorithm(options.signatureAlgorithm);\n }\n sig.addReference(xpath, transforms, algorithms.getDigestAlgorithm(options.digestAlgorithm));\n sig.signingKey = options.privateKey;\n sig.computeSignature(samlMessage, { location: { reference: xpath + issuerXPath, action: 'after' }});\n return sig.getSignedXml();\n}\n\nexport function signAuthnRequestPost(authnRequest: string, options: SAMLOptions) {\n return signSamlPost(authnRequest, authnRequestXPath, options);\n}\n"]}

56
node_modules/passport-saml/lib/src/passport-saml/saml.d.ts generated vendored Normal file
View file

@ -0,0 +1,56 @@
/// <reference types="node" />
import * as xml2js from 'xml2js';
import * as crypto from 'crypto';
import * as querystring from 'querystring';
import { CacheProvider as InMemoryCacheProvider } from './inmemory-cache-provider';
import type { Request } from 'express';
import { ParsedQs } from 'qs';
import { AudienceRestrictionXML, AuthenticateOptions, AuthorizeOptions, Profile, RequestWithUser, SAMLOptions, XMLOutput } from './types';
declare class SAML {
options: SAMLOptions;
cacheProvider: InMemoryCacheProvider;
constructor(options: Partial<SAMLOptions>);
initialize(options: Partial<SAMLOptions>): SAMLOptions;
getProtocol(req: Request | {
headers?: undefined;
protocol?: undefined;
}): string;
getCallbackUrl(req: Request | {
headers?: undefined;
protocol?: undefined;
}): string;
generateUniqueID(): string;
generateInstant(): string;
signRequest(samlMessage: querystring.ParsedUrlQueryInput): void;
generateAuthorizeRequest(req: Request, isPassive: boolean, isHttpPostBinding: boolean, callback: (err: Error | null, request?: string) => void): void;
generateLogoutRequest(req: RequestWithUser): Promise<string>;
generateLogoutResponse(req: Request, logoutRequest: Profile): string;
requestToUrl(request: string | null | undefined, response: string | null, operation: string, additionalParameters: querystring.ParsedUrlQuery, callback: (err: Error | null, url?: string | null | undefined) => void): void;
getAdditionalParams(req: Request, operation: string, overrideParams?: querystring.ParsedUrlQuery): querystring.ParsedUrlQuery;
getAuthorizeUrl(req: Request, options: AuthenticateOptions & AuthorizeOptions, callback: (err: Error | null, url?: string | null) => void): void;
getAuthorizeForm(req: Request, callback: (err: Error | null, data?: unknown) => void): void;
getLogoutUrl(req: RequestWithUser, options: AuthenticateOptions & AuthorizeOptions, callback: (err: Error | null, url?: string | null) => void): Promise<void>;
getLogoutResponseUrl(req: RequestWithUser, options: AuthenticateOptions & AuthorizeOptions, callback: (err: Error | null, url?: string | null) => void): void;
certToPEM(cert: string): string;
certsToCheck(): Promise<undefined | string[]>;
validateSignature(fullXml: string, currentNode: HTMLElement, certs: string[]): boolean;
validateSignatureForCert(signature: string | Node, cert: string, fullXml: string, currentNode: HTMLElement): boolean;
validatePostResponse(container: Record<string, string>, callback: (err: Error | null, profile?: Profile | null, loggedOut?: boolean) => void): void;
validateInResponseTo(inResponseTo: string | null): Promise<void>;
validateRedirect(container: ParsedQs, originalQuery: string | null, callback: (err: Error | null, profile?: Profile | null, loggedOut?: boolean) => void): void;
hasValidSignatureForRedirect(container: ParsedQs, originalQuery: string | null): Promise<boolean | void>;
validateSignatureForRedirect(urlString: crypto.BinaryLike, signature: string, alg: string, cert: string): boolean;
verifyLogoutRequest(doc: XMLOutput): void;
verifyLogoutResponse(doc: XMLOutput): Promise<boolean | void>;
verifyIssuer(samlMessage: XMLOutput): void;
processValidlySignedAssertion(xml: xml2js.convertableToString, samlResponseXml: string, inResponseTo: string, callback: (err: Error | null, profile?: Profile | undefined, loggedOut?: boolean | undefined) => void): void;
checkTimestampsValidityError(nowMs: number, notBefore: string, notOnOrAfter: string): Error | null;
checkAudienceValidityError(expectedAudience: string, audienceRestrictions: AudienceRestrictionXML[]): Error | null;
validatePostRequest(container: Record<string, string>, callback: (err: Error | null, profile?: Profile, loggedOut?: boolean) => void): void;
getNameID(self: SAML, doc: Node, callback: (err: Error | null, nameID?: XMLOutput) => void): void | Promise<void>;
generateServiceProviderMetadata(decryptionCert: string | null, signingCert?: string | null): string;
keyToPEM(key: crypto.KeyLike): crypto.KeyLike;
normalizeNewlines(xml: string): string;
normalizeXml(xml: string): string;
}
export { SAML };

1235
node_modules/passport-saml/lib/src/passport-saml/saml.js generated vendored Normal file
View file

File diff suppressed because it is too large Load diff

1
node_modules/passport-saml/lib/src/passport-saml/saml.js.map generated vendored Normal file
View file

File diff suppressed because one or more lines are too long

15
node_modules/passport-saml/lib/src/passport-saml/strategy.d.ts generated vendored Normal file
View file

@ -0,0 +1,15 @@
import { Strategy as PassportStrategy } from 'passport-strategy';
import * as saml from './saml';
import { AuthenticateOptions, AuthorizeOptions, RequestWithUser, SamlConfig, VerifyWithoutRequest, VerifyWithRequest } from './types';
declare class Strategy extends PassportStrategy {
name: string;
_verify: VerifyWithRequest | VerifyWithoutRequest;
_saml: saml.SAML;
_passReqToCallback?: boolean;
_authnRequestBinding?: string;
constructor(options: SamlConfig, verify: VerifyWithRequest | VerifyWithoutRequest);
authenticate(req: RequestWithUser, options: AuthenticateOptions & AuthorizeOptions): void;
logout(req: RequestWithUser, callback: (err: Error | null, url?: string | null) => void): void;
generateServiceProviderMetadata(decryptionCert: string | null, signingCert?: string | null): string;
}
export = Strategy;

112
node_modules/passport-saml/lib/src/passport-saml/strategy.js generated vendored Normal file
View file

@ -0,0 +1,112 @@
"use strict";
const passport_strategy_1 = require("passport-strategy");
const saml = require("./saml");
const url = require("url");
class Strategy extends passport_strategy_1.Strategy {
constructor(options, verify) {
super();
if (typeof options == 'function') {
verify = options;
options = {};
}
if (!verify) {
throw new Error('SAML authentication strategy requires a verify function');
}
// Customizing the name can be useful to support multiple SAML configurations at the same time.
// Unlike other options, this one gets deleted instead of passed along.
if (options.name) {
this.name = options.name;
}
else {
this.name = 'saml';
}
this._verify = verify;
this._saml = new saml.SAML(options);
this._passReqToCallback = !!options.passReqToCallback;
this._authnRequestBinding = options.authnRequestBinding || 'HTTP-Redirect';
}
authenticate(req, options) {
options.samlFallback = options.samlFallback || 'login-request';
const validateCallback = (err, profile, loggedOut) => {
if (err) {
return this.error(err);
}
if (loggedOut) {
req.logout();
if (profile) {
req.samlLogoutRequest = profile;
return this._saml.getLogoutResponseUrl(req, options, redirectIfSuccess);
}
return this.pass();
}
const verified = (err, user, info) => {
if (err) {
return this.error(err);
}
if (!user) {
return this.fail(info, 401);
}
this.success(user, info);
};
if (this._passReqToCallback) {
this._verify(req, profile, verified);
}
else {
this._verify(profile, verified);
}
};
const redirectIfSuccess = (err, url) => {
if (err) {
this.error(err);
}
else {
this.redirect(url);
}
};
if (req.query && (req.query.SAMLResponse || req.query.SAMLRequest)) {
const originalQuery = url.parse(req.url).query;
this._saml.validateRedirect(req.query, originalQuery, validateCallback);
}
else if (req.body && req.body.SAMLResponse) {
this._saml.validatePostResponse(req.body, validateCallback);
}
else if (req.body && req.body.SAMLRequest) {
this._saml.validatePostRequest(req.body, validateCallback);
}
else {
const requestHandler = {
'login-request': () => {
if (this._authnRequestBinding === 'HTTP-POST') {
this._saml.getAuthorizeForm(req, (err, data) => {
if (err) {
this.error(err);
}
else {
const res = req.res;
res.send(data);
}
});
}
else { // Defaults to HTTP-Redirect
this._saml.getAuthorizeUrl(req, options, redirectIfSuccess);
}
},
'logout-request': () => {
this._saml.getLogoutUrl(req, options, redirectIfSuccess);
}
}[options.samlFallback];
if (typeof requestHandler !== 'function') {
return this.fail(401);
}
requestHandler();
}
}
logout(req, callback) {
this._saml.getLogoutUrl(req, {}, callback);
}
generateServiceProviderMetadata(decryptionCert, signingCert) {
return this._saml.generateServiceProviderMetadata(decryptionCert, signingCert);
}
}
module.exports = Strategy;
//# sourceMappingURL=strategy.js.map

1
node_modules/passport-saml/lib/src/passport-saml/strategy.js.map generated vendored Normal file
View file

File diff suppressed because one or more lines are too long

125
node_modules/passport-saml/lib/src/passport-saml/types.d.ts generated vendored Normal file
View file

@ -0,0 +1,125 @@
import type * as express from 'express';
import * as passport from 'passport';
import type { CacheProvider } from './inmemory-cache-provider';
export declare type CertCallback = (callback: (err: Error | null, cert?: string | string[]) => void) => void;
export interface AuthenticateOptions extends passport.AuthenticateOptions {
additionalParams?: Record<string, any>;
}
export interface AuthorizeOptions extends AuthenticateOptions {
samlFallback?: 'login-request' | 'logout-request';
}
export interface SAMLOptions {
callbackUrl: string;
path: string;
protocol: string;
host: string;
entryPoint: string;
issuer: string;
/** @deprecated use privateKey field instead */
privateCert?: string;
privateKey: string;
cert: string | string[] | CertCallback;
decryptionPvk: string;
signatureAlgorithm: 'sha1' | 'sha256' | 'sha512';
additionalParams: Record<string, string>;
additionalAuthorizeParams: Record<string, string>;
identifierFormat: string;
acceptedClockSkewMs: number;
attributeConsumingServiceIndex: string | null;
disableRequestedAuthnContext: boolean;
authnContext: string | string[];
forceAuthn: boolean;
skipRequestCompression: boolean;
/** @deprecated use racComparison field instead */
RACComparison?: 'exact' | 'minimum' | 'maximum' | 'better';
racComparison: 'exact' | 'minimum' | 'maximum' | 'better';
providerName: string;
passive: boolean;
idpIssuer: string;
audience: string;
scoping: SamlScopingConfig;
validateInResponseTo: boolean;
requestIdExpirationPeriodMs: number;
cacheProvider: CacheProvider;
logoutUrl: string;
additionalLogoutParams: Record<string, string>;
logoutCallbackUrl: string;
xmlSignatureTransforms: string[];
digestAlgorithm: string;
/** @deprecated use disableRequestAcsUrl field instead */
disableRequestACSUrl?: boolean;
disableRequestAcsUrl: boolean;
}
export declare type SamlConfig = Partial<SAMLOptions> & StrategyOptions;
interface StrategyOptions {
name?: string;
passReqToCallback?: boolean;
authnRequestBinding?: string;
}
export interface SamlScopingConfig {
idpList?: SamlIDPListConfig[];
proxyCount?: number;
requesterId?: string[];
}
export declare type XMLValue = string | number | boolean | null | XMLObject | XMLValue[];
export declare type XMLObject = {
[key: string]: XMLValue;
};
export declare type XMLInput = XMLObject;
export interface AuthorizeRequestXML {
'samlp:AuthnRequest': XMLInput;
}
export interface LogoutRequestXML {
'samlp:LogoutRequest': {
'saml:NameID': XMLInput;
[key: string]: XMLValue;
};
}
export interface ServiceMetadataXML {
EntityDescriptor: {
[key: string]: XMLValue;
SPSSODescriptor: XMLObject;
};
}
export interface AudienceRestrictionXML {
Audience?: XMLObject[];
}
export declare type XMLOutput = Record<string, any>;
export interface SamlIDPListConfig {
entries: SamlIDPEntryConfig[];
getComplete?: string;
}
export interface SamlIDPEntryConfig {
providerId: string;
name?: string;
loc?: string;
}
export declare type Profile = {
issuer?: string;
sessionIndex?: string;
nameID?: string;
nameIDFormat?: string;
nameQualifier?: string;
spNameQualifier?: string;
ID?: string;
mail?: string;
email?: string;
['urn:oid:0.9.2342.19200300.100.1.3']?: string;
getAssertionXml(): string;
getAssertion(): Record<string, unknown>;
getSamlResponseXml(): string;
} & {
[attributeName: string]: unknown;
};
export interface RequestWithUser extends express.Request {
samlLogoutRequest: any;
user?: Profile;
}
export declare type VerifiedCallback = (err: Error | null, user?: Record<string, unknown>, info?: Record<string, unknown>) => void;
export declare type VerifyWithRequest = (req: express.Request, profile: Profile | null | undefined, done: VerifiedCallback) => void;
export declare type VerifyWithoutRequest = (profile: Profile | null | undefined, done: VerifiedCallback) => void;
export declare type SamlOptionsCallback = (err: Error | null, samlOptions?: SamlConfig) => void;
export interface MultiSamlConfig extends SamlConfig {
getSamlOptions(req: express.Request, callback: SamlOptionsCallback): void;
}
export {};

3
node_modules/passport-saml/lib/src/passport-saml/types.js generated vendored Normal file
View file

@ -0,0 +1,3 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
//# sourceMappingURL=types.js.map

1
node_modules/passport-saml/lib/src/passport-saml/types.js.map generated vendored Normal file
View file

@ -0,0 +1 @@
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/passport-saml/types.ts"],"names":[],"mappings":"","sourcesContent":["import type * as express from 'express';\nimport * as passport from 'passport';\nimport type { CacheProvider } from './inmemory-cache-provider';\n\nexport type CertCallback = (callback: (err: Error | null, cert?: string | string[]) => void) => void;\n\nexport interface AuthenticateOptions extends passport.AuthenticateOptions {\n additionalParams?: Record<string, any>;\n}\n\nexport interface AuthorizeOptions extends AuthenticateOptions {\n samlFallback?: 'login-request' | 'logout-request';\n}\n\nexport interface SAMLOptions {\n // Core\n callbackUrl: string;\n path: string;\n protocol: string;\n host: string;\n entryPoint: string;\n issuer: string;\n /** @deprecated use privateKey field instead */\n privateCert?: string;\n privateKey: string;\n cert: string | string[] | CertCallback;\n decryptionPvk: string;\n signatureAlgorithm: 'sha1' | 'sha256' | 'sha512';\n\n // Additional SAML behaviors\n additionalParams: Record<string, string>;\n additionalAuthorizeParams: Record<string, string>;\n identifierFormat: string;\n acceptedClockSkewMs: number;\n attributeConsumingServiceIndex: string | null;\n disableRequestedAuthnContext: boolean;\n authnContext: string | string[];\n forceAuthn: boolean;\n skipRequestCompression: boolean;\n /** @deprecated use racComparison field instead */\n RACComparison?: 'exact' | 'minimum' | 'maximum' | 'better';\n racComparison: 'exact' | 'minimum' | 'maximum' | 'better';\n providerName: string;\n passive: boolean;\n idpIssuer: string;\n audience: string;\n scoping : SamlScopingConfig;\n\n // InResponseTo Validation\n validateInResponseTo: boolean;\n requestIdExpirationPeriodMs: number;\n cacheProvider: CacheProvider;\n\n // Logout\n logoutUrl: string;\n additionalLogoutParams: Record<string, string>;\n logoutCallbackUrl: string;\n\n // extras\n xmlSignatureTransforms: string[];\n digestAlgorithm: string;\n /** @deprecated use disableRequestAcsUrl field instead */\n disableRequestACSUrl?: boolean;\n disableRequestAcsUrl: boolean;\n}\n\nexport type SamlConfig = Partial<SAMLOptions> & StrategyOptions\n\ninterface StrategyOptions {\n name?: string;\n passReqToCallback?: boolean;\n authnRequestBinding?: string;\n}\n\nexport interface SamlScopingConfig {\n idpList?: SamlIDPListConfig[];\n proxyCount?: number;\n requesterId?: string[];\n}\n\nexport type XMLValue = string | number | boolean | null | XMLObject | XMLValue[];\n\nexport type XMLObject = {\n [key: string]: XMLValue;\n};\n\nexport type XMLInput = XMLObject;\n\nexport interface AuthorizeRequestXML {\n 'samlp:AuthnRequest': XMLInput;\n}\n\nexport interface LogoutRequestXML {\n 'samlp:LogoutRequest': {\n 'saml:NameID': XMLInput;\n [key: string]: XMLValue;\n };\n}\n\nexport interface ServiceMetadataXML {\n EntityDescriptor: {\n [key: string]: XMLValue;\n SPSSODescriptor: XMLObject;\n };\n}\n\nexport interface AudienceRestrictionXML {\n Audience?: XMLObject[];\n}\n\nexport type XMLOutput = Record<string, any>;\n\nexport interface SamlIDPListConfig {\n entries: SamlIDPEntryConfig[];\n getComplete?: string;\n}\n\nexport interface SamlIDPEntryConfig {\n providerId: string;\n name?: string;\n loc?: string;\n}\n\nexport type Profile = {\n issuer?: string;\n sessionIndex?: string;\n nameID?: string;\n nameIDFormat?: string;\n nameQualifier?: string;\n spNameQualifier?: string;\n ID?: string;\n mail?: string; // InCommon Attribute urn:oid:0.9.2342.19200300.100.1.3\n email?: string; // `mail` if not present in the assertion\n ['urn:oid:0.9.2342.19200300.100.1.3']?: string;\n getAssertionXml(): string; // get the raw assertion XML\n getAssertion(): Record<string, unknown>; // get the assertion XML parsed as a JavaScript object\n getSamlResponseXml(): string; // get the raw SAML response XML\n } & {\n [attributeName: string]: unknown; // arbitrary `AttributeValue`s\n };\n\n export interface RequestWithUser extends express.Request {\n samlLogoutRequest: any;\n user?: Profile\n}\n\nexport type VerifiedCallback = (err: Error | null, user?: Record<string, unknown>, info?: Record<string, unknown>) => void;\n\nexport type VerifyWithRequest = (req: express.Request, profile: Profile | null | undefined, done: VerifiedCallback) => void;\n\nexport type VerifyWithoutRequest = (profile: Profile | null | undefined, done: VerifiedCallback) => void;\n\nexport type SamlOptionsCallback = (err: Error | null, samlOptions?: SamlConfig) => void;\n\nexport interface MultiSamlConfig extends SamlConfig {\n getSamlOptions(req: express.Request, callback: SamlOptionsCallback): void;\n}\n"]}

1
node_modules/passport-saml/lib/test.d.ts generated vendored Normal file
View file

@ -0,0 +1 @@
export {};

22
node_modules/passport-saml/lib/test.js generated vendored Normal file
View file

@ -0,0 +1,22 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const passport = require("passport");
const passport_saml_1 = require("./passport-saml");
function findByEmail(email, cb) {
cb(null);
}
passport.use(new passport_saml_1.Strategy({
path: "/login/callback",
entryPoint: "https://openidp.feide.no/simplesaml/saml2/idp/SSOService.php",
issuer: "passport-saml",
}, function (profile, done) {
if (profile != null && typeof profile.email === "string") {
findByEmail(profile.email, function (err, user) {
if (err) {
return done(err);
}
return done(null, user);
});
}
}));
//# sourceMappingURL=test.js.map

1
node_modules/passport-saml/lib/test.js.map generated vendored Normal file
View file

@ -0,0 +1 @@
{"version":3,"file":"test.js","sourceRoot":"","sources":["../src/test.ts"],"names":[],"mappings":";;AAAA,qCAAqC;AACrC,mDAA2D;AAG3D,SAAS,WAAW,CAAC,KAAa,EAAE,EAAoB;IACtD,EAAE,CAAC,IAAI,CAAC,CAAC;AACX,CAAC;AAED,QAAQ,CAAC,GAAG,CACV,IAAI,wBAAY,CACd;IACE,IAAI,EAAE,iBAAiB;IACvB,UAAU,EACR,8DAA8D;IAChE,MAAM,EAAE,eAAe;CACxB,EACD,UAAU,OAAmC,EAAE,IAAsB;IACnE,IAAI,OAAO,IAAI,IAAI,IAAI,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,EAAE;QACxD,WAAW,CAAC,OAAO,CAAC,KAAK,EAAE,UAAU,GAAG,EAAE,IAAI;YAC5C,IAAI,GAAG,EAAE;gBACP,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;aAClB;YACD,OAAO,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC1B,CAAC,CAAC,CAAC;KACJ;AACH,CAAC,CACF,CACF,CAAC","sourcesContent":["import * as passport from \"passport\";\nimport { Strategy as SamlStrategy } from \"./passport-saml\";\nimport { Profile, VerifiedCallback } from \"./passport-saml/types\";\n\nfunction findByEmail(email: string, cb: VerifiedCallback) {\n cb(null);\n}\n\npassport.use(\n new SamlStrategy(\n {\n path: \"/login/callback\",\n entryPoint:\n \"https://openidp.feide.no/simplesaml/saml2/idp/SSOService.php\",\n issuer: \"passport-saml\",\n },\n function (profile: Profile | null | undefined, done: VerifiedCallback) {\n if (profile != null && typeof profile.email === \"string\") {\n findByEmail(profile.email, function (err, user) {\n if (err) {\n return done(err);\n }\n return done(null, user);\n });\n }\n }\n )\n);\n"]}

2
node_modules/passport-saml/multiSamlStrategy.d.ts generated vendored Normal file
View file

@ -0,0 +1,2 @@
import * as MultiSAMLStrategy from './lib/passport-saml/multiSamlStrategy';
export = MultiSAMLStrategy;

2
node_modules/passport-saml/multiSamlStrategy.js generated vendored Normal file
View file

@ -0,0 +1,2 @@
const MultiSamlStrategy = require('./lib/passport-saml/multiSamlStrategy.js');
module.exports = MultiSamlStrategy;

20
node_modules/passport-saml/node_modules/debug/LICENSE generated vendored Normal file
View file

@ -0,0 +1,20 @@
(The MIT License)
Copyright (c) 2014-2017 TJ Holowaychuk <tj@vision-media.ca>
Copyright (c) 2018-2021 Josh Junon
Permission is hereby granted, free of charge, to any person obtaining a copy of this software
and associated documentation files (the 'Software'), to deal in the Software without restriction,
including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial
portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

481
node_modules/passport-saml/node_modules/debug/README.md generated vendored Normal file
View file

@ -0,0 +1,481 @@
# debug
[![Build Status](https://travis-ci.org/debug-js/debug.svg?branch=master)](https://travis-ci.org/debug-js/debug) [![Coverage Status](https://coveralls.io/repos/github/debug-js/debug/badge.svg?branch=master)](https://coveralls.io/github/debug-js/debug?branch=master) [![Slack](https://visionmedia-community-slackin.now.sh/badge.svg)](https://visionmedia-community-slackin.now.sh/) [![OpenCollective](https://opencollective.com/debug/backers/badge.svg)](#backers)
[![OpenCollective](https://opencollective.com/debug/sponsors/badge.svg)](#sponsors)
<img width="647" src="https://user-images.githubusercontent.com/71256/29091486-fa38524c-7c37-11e7-895f-e7ec8e1039b6.png">
A tiny JavaScript debugging utility modelled after Node.js core's debugging
technique. Works in Node.js and web browsers.
## Installation
```bash
$ npm install debug
```
## Usage
`debug` exposes a function; simply pass this function the name of your module, and it will return a decorated version of `console.error` for you to pass debug statements to. This will allow you to toggle the debug output for different parts of your module as well as the module as a whole.
Example [_app.js_](./examples/node/app.js):
```js
var debug = require('debug')('http')
, http = require('http')
, name = 'My App';
// fake app
debug('booting %o', name);
http.createServer(function(req, res){
debug(req.method + ' ' + req.url);
res.end('hello\n');
}).listen(3000, function(){
debug('listening');
});
// fake worker of some kind
require('./worker');
```
Example [_worker.js_](./examples/node/worker.js):
```js
var a = require('debug')('worker:a')
, b = require('debug')('worker:b');
function work() {
a('doing lots of uninteresting work');
setTimeout(work, Math.random() * 1000);
}
work();
function workb() {
b('doing some work');
setTimeout(workb, Math.random() * 2000);
}
workb();
```
The `DEBUG` environment variable is then used to enable these based on space or
comma-delimited names.
Here are some examples:
<img width="647" alt="screen shot 2017-08-08 at 12 53 04 pm" src="https://user-images.githubusercontent.com/71256/29091703-a6302cdc-7c38-11e7-8304-7c0b3bc600cd.png">
<img width="647" alt="screen shot 2017-08-08 at 12 53 38 pm" src="https://user-images.githubusercontent.com/71256/29091700-a62a6888-7c38-11e7-800b-db911291ca2b.png">
<img width="647" alt="screen shot 2017-08-08 at 12 53 25 pm" src="https://user-images.githubusercontent.com/71256/29091701-a62ea114-7c38-11e7-826a-2692bedca740.png">
#### Windows command prompt notes
##### CMD
On Windows the environment variable is set using the `set` command.
```cmd
set DEBUG=*,-not_this
```
Example:
```cmd
set DEBUG=* & node app.js
```
##### PowerShell (VS Code default)
PowerShell uses different syntax to set environment variables.
```cmd
$env:DEBUG = "*,-not_this"
```
Example:
```cmd
$env:DEBUG='app';node app.js
```
Then, run the program to be debugged as usual.
npm script example:
```js
"windowsDebug": "@powershell -Command $env:DEBUG='*';node app.js",
```
## Namespace Colors
Every debug instance has a color generated for it based on its namespace name.
This helps when visually parsing the debug output to identify which debug instance
a debug line belongs to.
#### Node.js
In Node.js, colors are enabled when stderr is a TTY. You also _should_ install
the [`supports-color`](https://npmjs.org/supports-color) module alongside debug,
otherwise debug will only use a small handful of basic colors.
<img width="521" src="https://user-images.githubusercontent.com/71256/29092181-47f6a9e6-7c3a-11e7-9a14-1928d8a711cd.png">
#### Web Browser
Colors are also enabled on "Web Inspectors" that understand the `%c` formatting
option. These are WebKit web inspectors, Firefox ([since version
31](https://hacks.mozilla.org/2014/05/editable-box-model-multiple-selection-sublime-text-keys-much-more-firefox-developer-tools-episode-31/))
and the Firebug plugin for Firefox (any version).
<img width="524" src="https://user-images.githubusercontent.com/71256/29092033-b65f9f2e-7c39-11e7-8e32-f6f0d8e865c1.png">
## Millisecond diff
When actively developing an application it can be useful to see when the time spent between one `debug()` call and the next. Suppose for example you invoke `debug()` before requesting a resource, and after as well, the "+NNNms" will show you how much time was spent between calls.
<img width="647" src="https://user-images.githubusercontent.com/71256/29091486-fa38524c-7c37-11e7-895f-e7ec8e1039b6.png">
When stdout is not a TTY, `Date#toISOString()` is used, making it more useful for logging the debug information as shown below:
<img width="647" src="https://user-images.githubusercontent.com/71256/29091956-6bd78372-7c39-11e7-8c55-c948396d6edd.png">
## Conventions
If you're using this in one or more of your libraries, you _should_ use the name of your library so that developers may toggle debugging as desired without guessing names. If you have more than one debuggers you _should_ prefix them with your library name and use ":" to separate features. For example "bodyParser" from Connect would then be "connect:bodyParser". If you append a "*" to the end of your name, it will always be enabled regardless of the setting of the DEBUG environment variable. You can then use it for normal output as well as debug output.
## Wildcards
The `*` character may be used as a wildcard. Suppose for example your library has
debuggers named "connect:bodyParser", "connect:compress", "connect:session",
instead of listing all three with
`DEBUG=connect:bodyParser,connect:compress,connect:session`, you may simply do
`DEBUG=connect:*`, or to run everything using this module simply use `DEBUG=*`.
You can also exclude specific debuggers by prefixing them with a "-" character.
For example, `DEBUG=*,-connect:*` would include all debuggers except those
starting with "connect:".
## Environment Variables
When running through Node.js, you can set a few environment variables that will
change the behavior of the debug logging:
| Name | Purpose |
|-----------|-------------------------------------------------|
| `DEBUG` | Enables/disables specific debugging namespaces. |
| `DEBUG_HIDE_DATE` | Hide date from debug output (non-TTY). |
| `DEBUG_COLORS`| Whether or not to use colors in the debug output. |
| `DEBUG_DEPTH` | Object inspection depth. |
| `DEBUG_SHOW_HIDDEN` | Shows hidden properties on inspected objects. |
__Note:__ The environment variables beginning with `DEBUG_` end up being
converted into an Options object that gets used with `%o`/`%O` formatters.
See the Node.js documentation for
[`util.inspect()`](https://nodejs.org/api/util.html#util_util_inspect_object_options)
for the complete list.
## Formatters
Debug uses [printf-style](https://wikipedia.org/wiki/Printf_format_string) formatting.
Below are the officially supported formatters:
| Formatter | Representation |
|-----------|----------------|
| `%O` | Pretty-print an Object on multiple lines. |
| `%o` | Pretty-print an Object all on a single line. |
| `%s` | String. |
| `%d` | Number (both integer and float). |
| `%j` | JSON. Replaced with the string '[Circular]' if the argument contains circular references. |
| `%%` | Single percent sign ('%'). This does not consume an argument. |
### Custom formatters
You can add custom formatters by extending the `debug.formatters` object.
For example, if you wanted to add support for rendering a Buffer as hex with
`%h`, you could do something like:
```js
const createDebug = require('debug')
createDebug.formatters.h = (v) => {
return v.toString('hex')
}
// …elsewhere
const debug = createDebug('foo')
debug('this is hex: %h', new Buffer('hello world'))
// foo this is hex: 68656c6c6f20776f726c6421 +0ms
```
## Browser Support
You can build a browser-ready script using [browserify](https://github.com/substack/node-browserify),
or just use the [browserify-as-a-service](https://wzrd.in/) [build](https://wzrd.in/standalone/debug@latest),
if you don't want to build it yourself.
Debug's enable state is currently persisted by `localStorage`.
Consider the situation shown below where you have `worker:a` and `worker:b`,
and wish to debug both. You can enable this using `localStorage.debug`:
```js
localStorage.debug = 'worker:*'
```
And then refresh the page.
```js
a = debug('worker:a');
b = debug('worker:b');
setInterval(function(){
a('doing some work');
}, 1000);
setInterval(function(){
b('doing some work');
}, 1200);
```
In Chromium-based web browsers (e.g. Brave, Chrome, and Electron), the JavaScript console will—by default—only show messages logged by `debug` if the "Verbose" log level is _enabled_.
<img width="647" src="https://user-images.githubusercontent.com/7143133/152083257-29034707-c42c-4959-8add-3cee850e6fcf.png">
## Output streams
By default `debug` will log to stderr, however this can be configured per-namespace by overriding the `log` method:
Example [_stdout.js_](./examples/node/stdout.js):
```js
var debug = require('debug');
var error = debug('app:error');
// by default stderr is used
error('goes to stderr!');
var log = debug('app:log');
// set this namespace to log via console.log
log.log = console.log.bind(console); // don't forget to bind to console!
log('goes to stdout');
error('still goes to stderr!');
// set all output to go via console.info
// overrides all per-namespace log settings
debug.log = console.info.bind(console);
error('now goes to stdout via console.info');
log('still goes to stdout, but via console.info now');
```
## Extend
You can simply extend debugger
```js
const log = require('debug')('auth');
//creates new debug instance with extended namespace
const logSign = log.extend('sign');
const logLogin = log.extend('login');
log('hello'); // auth hello
logSign('hello'); //auth:sign hello
logLogin('hello'); //auth:login hello
```
## Set dynamically
You can also enable debug dynamically by calling the `enable()` method :
```js
let debug = require('debug');
console.log(1, debug.enabled('test'));
debug.enable('test');
console.log(2, debug.enabled('test'));
debug.disable();
console.log(3, debug.enabled('test'));
```
print :
```
1 false
2 true
3 false
```
Usage :
`enable(namespaces)`
`namespaces` can include modes separated by a colon and wildcards.
Note that calling `enable()` completely overrides previously set DEBUG variable :
```
$ DEBUG=foo node -e 'var dbg = require("debug"); dbg.enable("bar"); console.log(dbg.enabled("foo"))'
=> false
```
`disable()`
Will disable all namespaces. The functions returns the namespaces currently
enabled (and skipped). This can be useful if you want to disable debugging
temporarily without knowing what was enabled to begin with.
For example:
```js
let debug = require('debug');
debug.enable('foo:*,-foo:bar');
let namespaces = debug.disable();
debug.enable(namespaces);
```
Note: There is no guarantee that the string will be identical to the initial
enable string, but semantically they will be identical.
## Checking whether a debug target is enabled
After you've created a debug instance, you can determine whether or not it is
enabled by checking the `enabled` property:
```javascript
const debug = require('debug')('http');
if (debug.enabled) {
// do stuff...
}
```
You can also manually toggle this property to force the debug instance to be
enabled or disabled.
## Usage in child processes
Due to the way `debug` detects if the output is a TTY or not, colors are not shown in child processes when `stderr` is piped. A solution is to pass the `DEBUG_COLORS=1` environment variable to the child process.
For example:
```javascript
worker = fork(WORKER_WRAP_PATH, [workerPath], {
stdio: [
/* stdin: */ 0,
/* stdout: */ 'pipe',
/* stderr: */ 'pipe',
'ipc',
],
env: Object.assign({}, process.env, {
DEBUG_COLORS: 1 // without this settings, colors won't be shown
}),
});
worker.stderr.pipe(process.stderr, { end: false });
```
## Authors
- TJ Holowaychuk
- Nathan Rajlich
- Andrew Rhyne
- Josh Junon
## Backers
Support us with a monthly donation and help us continue our activities. [[Become a backer](https://opencollective.com/debug#backer)]
<a href="https://opencollective.com/debug/backer/0/website" target="_blank"><img src="https://opencollective.com/debug/backer/0/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/1/website" target="_blank"><img src="https://opencollective.com/debug/backer/1/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/2/website" target="_blank"><img src="https://opencollective.com/debug/backer/2/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/3/website" target="_blank"><img src="https://opencollective.com/debug/backer/3/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/4/website" target="_blank"><img src="https://opencollective.com/debug/backer/4/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/5/website" target="_blank"><img src="https://opencollective.com/debug/backer/5/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/6/website" target="_blank"><img src="https://opencollective.com/debug/backer/6/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/7/website" target="_blank"><img src="https://opencollective.com/debug/backer/7/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/8/website" target="_blank"><img src="https://opencollective.com/debug/backer/8/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/9/website" target="_blank"><img src="https://opencollective.com/debug/backer/9/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/10/website" target="_blank"><img src="https://opencollective.com/debug/backer/10/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/11/website" target="_blank"><img src="https://opencollective.com/debug/backer/11/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/12/website" target="_blank"><img src="https://opencollective.com/debug/backer/12/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/13/website" target="_blank"><img src="https://opencollective.com/debug/backer/13/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/14/website" target="_blank"><img src="https://opencollective.com/debug/backer/14/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/15/website" target="_blank"><img src="https://opencollective.com/debug/backer/15/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/16/website" target="_blank"><img src="https://opencollective.com/debug/backer/16/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/17/website" target="_blank"><img src="https://opencollective.com/debug/backer/17/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/18/website" target="_blank"><img src="https://opencollective.com/debug/backer/18/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/19/website" target="_blank"><img src="https://opencollective.com/debug/backer/19/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/20/website" target="_blank"><img src="https://opencollective.com/debug/backer/20/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/21/website" target="_blank"><img src="https://opencollective.com/debug/backer/21/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/22/website" target="_blank"><img src="https://opencollective.com/debug/backer/22/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/23/website" target="_blank"><img src="https://opencollective.com/debug/backer/23/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/24/website" target="_blank"><img src="https://opencollective.com/debug/backer/24/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/25/website" target="_blank"><img src="https://opencollective.com/debug/backer/25/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/26/website" target="_blank"><img src="https://opencollective.com/debug/backer/26/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/27/website" target="_blank"><img src="https://opencollective.com/debug/backer/27/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/28/website" target="_blank"><img src="https://opencollective.com/debug/backer/28/avatar.svg"></a>
<a href="https://opencollective.com/debug/backer/29/website" target="_blank"><img src="https://opencollective.com/debug/backer/29/avatar.svg"></a>
## Sponsors
Become a sponsor and get your logo on our README on Github with a link to your site. [[Become a sponsor](https://opencollective.com/debug#sponsor)]
<a href="https://opencollective.com/debug/sponsor/0/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/0/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/1/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/1/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/2/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/2/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/3/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/3/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/4/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/4/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/5/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/5/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/6/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/6/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/7/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/7/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/8/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/8/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/9/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/9/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/10/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/10/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/11/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/11/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/12/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/12/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/13/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/13/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/14/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/14/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/15/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/15/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/16/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/16/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/17/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/17/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/18/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/18/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/19/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/19/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/20/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/20/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/21/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/21/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/22/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/22/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/23/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/23/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/24/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/24/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/25/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/25/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/26/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/26/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/27/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/27/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/28/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/28/avatar.svg"></a>
<a href="https://opencollective.com/debug/sponsor/29/website" target="_blank"><img src="https://opencollective.com/debug/sponsor/29/avatar.svg"></a>
## License
(The MIT License)
Copyright (c) 2014-2017 TJ Holowaychuk &lt;tj@vision-media.ca&gt;
Copyright (c) 2018-2021 Josh Junon
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
'Software'), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

59
node_modules/passport-saml/node_modules/debug/package.json generated vendored Normal file
View file

@ -0,0 +1,59 @@
{
"name": "debug",
"version": "4.3.4",
"repository": {
"type": "git",
"url": "git://github.com/debug-js/debug.git"
},
"description": "Lightweight debugging utility for Node.js and the browser",
"keywords": [
"debug",
"log",
"debugger"
],
"files": [
"src",
"LICENSE",
"README.md"
],
"author": "Josh Junon <josh.junon@protonmail.com>",
"contributors": [
"TJ Holowaychuk <tj@vision-media.ca>",
"Nathan Rajlich <nathan@tootallnate.net> (http://n8.io)",
"Andrew Rhyne <rhyneandrew@gmail.com>"
],
"license": "MIT",
"scripts": {
"lint": "xo",
"test": "npm run test:node && npm run test:browser && npm run lint",
"test:node": "istanbul cover _mocha -- test.js",
"test:browser": "karma start --single-run",
"test:coverage": "cat ./coverage/lcov.info | coveralls"
},
"dependencies": {
"ms": "2.1.2"
},
"devDependencies": {
"brfs": "^2.0.1",
"browserify": "^16.2.3",
"coveralls": "^3.0.2",
"istanbul": "^0.4.5",
"karma": "^3.1.4",
"karma-browserify": "^6.0.0",
"karma-chrome-launcher": "^2.2.0",
"karma-mocha": "^1.3.0",
"mocha": "^5.2.0",
"mocha-lcov-reporter": "^1.2.0",
"xo": "^0.23.0"
},
"peerDependenciesMeta": {
"supports-color": {
"optional": true
}
},
"main": "./src/index.js",
"browser": "./src/browser.js",
"engines": {
"node": ">=6.0"
}
}

269
node_modules/passport-saml/node_modules/debug/src/browser.js generated vendored Normal file
View file

@ -0,0 +1,269 @@
/* eslint-env browser */
/**
* This is the web browser implementation of `debug()`.
*/
exports.formatArgs = formatArgs;
exports.save = save;
exports.load = load;
exports.useColors = useColors;
exports.storage = localstorage();
exports.destroy = (() => {
let warned = false;
return () => {
if (!warned) {
warned = true;
console.warn('Instance method `debug.destroy()` is deprecated and no longer does anything. It will be removed in the next major version of `debug`.');
}
};
})();
/**
* Colors.
*/
exports.colors = [
'#0000CC',
'#0000FF',
'#0033CC',
'#0033FF',
'#0066CC',
'#0066FF',
'#0099CC',
'#0099FF',
'#00CC00',
'#00CC33',
'#00CC66',
'#00CC99',
'#00CCCC',
'#00CCFF',
'#3300CC',
'#3300FF',
'#3333CC',
'#3333FF',
'#3366CC',
'#3366FF',
'#3399CC',
'#3399FF',
'#33CC00',
'#33CC33',
'#33CC66',
'#33CC99',
'#33CCCC',
'#33CCFF',
'#6600CC',
'#6600FF',
'#6633CC',
'#6633FF',
'#66CC00',
'#66CC33',
'#9900CC',
'#9900FF',
'#9933CC',
'#9933FF',
'#99CC00',
'#99CC33',
'#CC0000',
'#CC0033',
'#CC0066',
'#CC0099',
'#CC00CC',
'#CC00FF',
'#CC3300',
'#CC3333',
'#CC3366',
'#CC3399',
'#CC33CC',
'#CC33FF',
'#CC6600',
'#CC6633',
'#CC9900',
'#CC9933',
'#CCCC00',
'#CCCC33',
'#FF0000',
'#FF0033',
'#FF0066',
'#FF0099',
'#FF00CC',
'#FF00FF',
'#FF3300',
'#FF3333',
'#FF3366',
'#FF3399',
'#FF33CC',
'#FF33FF',
'#FF6600',
'#FF6633',
'#FF9900',
'#FF9933',
'#FFCC00',
'#FFCC33'
];
/**
* Currently only WebKit-based Web Inspectors, Firefox >= v31,
* and the Firebug extension (any Firefox version) are known
* to support "%c" CSS customizations.
*
* TODO: add a `localStorage` variable to explicitly enable/disable colors
*/
// eslint-disable-next-line complexity
function useColors() {
// NB: In an Electron preload script, document will be defined but not fully
// initialized. Since we know we're in Chrome, we'll just detect this case
// explicitly
if (typeof window !== 'undefined' && window.process && (window.process.type === 'renderer' || window.process.__nwjs)) {
return true;
}
// Internet Explorer and Edge do not support colors.
if (typeof navigator !== 'undefined' && navigator.userAgent && navigator.userAgent.toLowerCase().match(/(edge|trident)\/(\d+)/)) {
return false;
}
// Is webkit? http://stackoverflow.com/a/16459606/376773
// document is undefined in react-native: https://github.com/facebook/react-native/pull/1632
return (typeof document !== 'undefined' && document.documentElement && document.documentElement.style && document.documentElement.style.WebkitAppearance) ||
// Is firebug? http://stackoverflow.com/a/398120/376773
(typeof window !== 'undefined' && window.console && (window.console.firebug || (window.console.exception && window.console.table))) ||
// Is firefox >= v31?
// https://developer.mozilla.org/en-US/docs/Tools/Web_Console#Styling_messages
(typeof navigator !== 'undefined' && navigator.userAgent && navigator.userAgent.toLowerCase().match(/firefox\/(\d+)/) && parseInt(RegExp.$1, 10) >= 31) ||
// Double check webkit in userAgent just in case we are in a worker
(typeof navigator !== 'undefined' && navigator.userAgent && navigator.userAgent.toLowerCase().match(/applewebkit\/(\d+)/));
}
/**
* Colorize log arguments if enabled.
*
* @api public
*/
function formatArgs(args) {
args[0] = (this.useColors ? '%c' : '') +
this.namespace +
(this.useColors ? ' %c' : ' ') +
args[0] +
(this.useColors ? '%c ' : ' ') +
'+' + module.exports.humanize(this.diff);
if (!this.useColors) {
return;
}
const c = 'color: ' + this.color;
args.splice(1, 0, c, 'color: inherit');
// The final "%c" is somewhat tricky, because there could be other
// arguments passed either before or after the %c, so we need to
// figure out the correct index to insert the CSS into
let index = 0;
let lastC = 0;
args[0].replace(/%[a-zA-Z%]/g, match => {
if (match === '%%') {
return;
}
index++;
if (match === '%c') {
// We only are interested in the *last* %c
// (the user may have provided their own)
lastC = index;
}
});
args.splice(lastC, 0, c);
}
/**
* Invokes `console.debug()` when available.
* No-op when `console.debug` is not a "function".
* If `console.debug` is not available, falls back
* to `console.log`.
*
* @api public
*/
exports.log = console.debug || console.log || (() => {});
/**
* Save `namespaces`.
*
* @param {String} namespaces
* @api private
*/
function save(namespaces) {
try {
if (namespaces) {
exports.storage.setItem('debug', namespaces);
} else {
exports.storage.removeItem('debug');
}
} catch (error) {
// Swallow
// XXX (@Qix-) should we be logging these?
}
}
/**
* Load `namespaces`.
*
* @return {String} returns the previously persisted debug modes
* @api private
*/
function load() {
let r;
try {
r = exports.storage.getItem('debug');
} catch (error) {
// Swallow
// XXX (@Qix-) should we be logging these?
}
// If debug isn't set in LS, and we're in Electron, try to load $DEBUG
if (!r && typeof process !== 'undefined' && 'env' in process) {
r = process.env.DEBUG;
}
return r;
}
/**
* Localstorage attempts to return the localstorage.
*
* This is necessary because safari throws
* when a user disables cookies/localstorage
* and you attempt to access it.
*
* @return {LocalStorage}
* @api private
*/
function localstorage() {
try {
// TVMLKit (Apple TV JS Runtime) does not have a window object, just localStorage in the global context
// The Browser also has localStorage in the global context.
return localStorage;
} catch (error) {
// Swallow
// XXX (@Qix-) should we be logging these?
}
}
module.exports = require('./common')(exports);
const {formatters} = module.exports;
/**
* Map %j to `JSON.stringify()`, since no Web Inspectors do that by default.
*/
formatters.j = function (v) {
try {
return JSON.stringify(v);
} catch (error) {
return '[UnexpectedJSONParseError]: ' + error.message;
}
};

274
node_modules/passport-saml/node_modules/debug/src/common.js generated vendored Normal file
View file

@ -0,0 +1,274 @@
/**
* This is the common logic for both the Node.js and web browser
* implementations of `debug()`.
*/
function setup(env) {
createDebug.debug = createDebug;
createDebug.default = createDebug;
createDebug.coerce = coerce;
createDebug.disable = disable;
createDebug.enable = enable;
createDebug.enabled = enabled;
createDebug.humanize = require('ms');
createDebug.destroy = destroy;
Object.keys(env).forEach(key => {
createDebug[key] = env[key];
});
/**
* The currently active debug mode names, and names to skip.
*/
createDebug.names = [];
createDebug.skips = [];
/**
* Map of special "%n" handling functions, for the debug "format" argument.
*
* Valid key names are a single, lower or upper-case letter, i.e. "n" and "N".
*/
createDebug.formatters = {};
/**
* Selects a color for a debug namespace
* @param {String} namespace The namespace string for the debug instance to be colored
* @return {Number|String} An ANSI color code for the given namespace
* @api private
*/
function selectColor(namespace) {
let hash = 0;
for (let i = 0; i < namespace.length; i++) {
hash = ((hash << 5) - hash) + namespace.charCodeAt(i);
hash |= 0; // Convert to 32bit integer
}
return createDebug.colors[Math.abs(hash) % createDebug.colors.length];
}
createDebug.selectColor = selectColor;
/**
* Create a debugger with the given `namespace`.
*
* @param {String} namespace
* @return {Function}
* @api public
*/
function createDebug(namespace) {
let prevTime;
let enableOverride = null;
let namespacesCache;
let enabledCache;
function debug(...args) {
// Disabled?
if (!debug.enabled) {
return;
}
const self = debug;
// Set `diff` timestamp
const curr = Number(new Date());
const ms = curr - (prevTime || curr);
self.diff = ms;
self.prev = prevTime;
self.curr = curr;
prevTime = curr;
args[0] = createDebug.coerce(args[0]);
if (typeof args[0] !== 'string') {
// Anything else let's inspect with %O
args.unshift('%O');
}
// Apply any `formatters` transformations
let index = 0;
args[0] = args[0].replace(/%([a-zA-Z%])/g, (match, format) => {
// If we encounter an escaped % then don't increase the array index
if (match === '%%') {
return '%';
}
index++;
const formatter = createDebug.formatters[format];
if (typeof formatter === 'function') {
const val = args[index];
match = formatter.call(self, val);
// Now we need to remove `args[index]` since it's inlined in the `format`
args.splice(index, 1);
index--;
}
return match;
});
// Apply env-specific formatting (colors, etc.)
createDebug.formatArgs.call(self, args);
const logFn = self.log || createDebug.log;
logFn.apply(self, args);
}
debug.namespace = namespace;
debug.useColors = createDebug.useColors();
debug.color = createDebug.selectColor(namespace);
debug.extend = extend;
debug.destroy = createDebug.destroy; // XXX Temporary. Will be removed in the next major release.
Object.defineProperty(debug, 'enabled', {
enumerable: true,
configurable: false,
get: () => {
if (enableOverride !== null) {
return enableOverride;
}
if (namespacesCache !== createDebug.namespaces) {
namespacesCache = createDebug.namespaces;
enabledCache = createDebug.enabled(namespace);
}
return enabledCache;
},
set: v => {
enableOverride = v;
}
});
// Env-specific initialization logic for debug instances
if (typeof createDebug.init === 'function') {
createDebug.init(debug);
}
return debug;
}
function extend(namespace, delimiter) {
const newDebug = createDebug(this.namespace + (typeof delimiter === 'undefined' ? ':' : delimiter) + namespace);
newDebug.log = this.log;
return newDebug;
}
/**
* Enables a debug mode by namespaces. This can include modes
* separated by a colon and wildcards.
*
* @param {String} namespaces
* @api public
*/
function enable(namespaces) {
createDebug.save(namespaces);
createDebug.namespaces = namespaces;
createDebug.names = [];
createDebug.skips = [];
let i;
const split = (typeof namespaces === 'string' ? namespaces : '').split(/[\s,]+/);
const len = split.length;
for (i = 0; i < len; i++) {
if (!split[i]) {
// ignore empty strings
continue;
}
namespaces = split[i].replace(/\*/g, '.*?');
if (namespaces[0] === '-') {
createDebug.skips.push(new RegExp('^' + namespaces.slice(1) + '$'));
} else {
createDebug.names.push(new RegExp('^' + namespaces + '$'));
}
}
}
/**
* Disable debug output.
*
* @return {String} namespaces
* @api public
*/
function disable() {
const namespaces = [
...createDebug.names.map(toNamespace),
...createDebug.skips.map(toNamespace).map(namespace => '-' + namespace)
].join(',');
createDebug.enable('');
return namespaces;
}
/**
* Returns true if the given mode name is enabled, false otherwise.
*
* @param {String} name
* @return {Boolean}
* @api public
*/
function enabled(name) {
if (name[name.length - 1] === '*') {
return true;
}
let i;
let len;
for (i = 0, len = createDebug.skips.length; i < len; i++) {
if (createDebug.skips[i].test(name)) {
return false;
}
}
for (i = 0, len = createDebug.names.length; i < len; i++) {
if (createDebug.names[i].test(name)) {
return true;
}
}
return false;
}
/**
* Convert regexp to namespace
*
* @param {RegExp} regxep
* @return {String} namespace
* @api private
*/
function toNamespace(regexp) {
return regexp.toString()
.substring(2, regexp.toString().length - 2)
.replace(/\.\*\?$/, '*');
}
/**
* Coerce `val`.
*
* @param {Mixed} val
* @return {Mixed}
* @api private
*/
function coerce(val) {
if (val instanceof Error) {
return val.stack || val.message;
}
return val;
}
/**
* XXX DO NOT USE. This is a temporary stub function.
* XXX It WILL be removed in the next major release.
*/
function destroy() {
console.warn('Instance method `debug.destroy()` is deprecated and no longer does anything. It will be removed in the next major version of `debug`.');
}
createDebug.enable(createDebug.load());
return createDebug;
}
module.exports = setup;

10
node_modules/passport-saml/node_modules/debug/src/index.js generated vendored Normal file
View file

@ -0,0 +1,10 @@
/**
* Detect Electron renderer / nwjs process, which is node, but we should
* treat as a browser.
*/
if (typeof process === 'undefined' || process.type === 'renderer' || process.browser === true || process.__nwjs) {
module.exports = require('./browser.js');
} else {
module.exports = require('./node.js');
}

263
node_modules/passport-saml/node_modules/debug/src/node.js generated vendored Normal file
View file

@ -0,0 +1,263 @@
/**
* Module dependencies.
*/
const tty = require('tty');
const util = require('util');
/**
* This is the Node.js implementation of `debug()`.
*/
exports.init = init;
exports.log = log;
exports.formatArgs = formatArgs;
exports.save = save;
exports.load = load;
exports.useColors = useColors;
exports.destroy = util.deprecate(
() => {},
'Instance method `debug.destroy()` is deprecated and no longer does anything. It will be removed in the next major version of `debug`.'
);
/**
* Colors.
*/
exports.colors = [6, 2, 3, 4, 5, 1];
try {
// Optional dependency (as in, doesn't need to be installed, NOT like optionalDependencies in package.json)
// eslint-disable-next-line import/no-extraneous-dependencies
const supportsColor = require('supports-color');
if (supportsColor && (supportsColor.stderr || supportsColor).level >= 2) {
exports.colors = [
20,
21,
26,
27,
32,
33,
38,
39,
40,
41,
42,
43,
44,
45,
56,
57,
62,
63,
68,
69,
74,
75,
76,
77,
78,
79,
80,
81,
92,
93,
98,
99,
112,
113,
128,
129,
134,
135,
148,
149,
160,
161,
162,
163,
164,
165,
166,
167,
168,
169,
170,
171,
172,
173,
178,
179,
184,
185,
196,
197,
198,
199,
200,
201,
202,
203,
204,
205,
206,
207,
208,
209,
214,
215,
220,
221
];
}
} catch (error) {
// Swallow - we only care if `supports-color` is available; it doesn't have to be.
}
/**
* Build up the default `inspectOpts` object from the environment variables.
*
* $ DEBUG_COLORS=no DEBUG_DEPTH=10 DEBUG_SHOW_HIDDEN=enabled node script.js
*/
exports.inspectOpts = Object.keys(process.env).filter(key => {
return /^debug_/i.test(key);
}).reduce((obj, key) => {
// Camel-case
const prop = key
.substring(6)
.toLowerCase()
.replace(/_([a-z])/g, (_, k) => {
return k.toUpperCase();
});
// Coerce string value into JS value
let val = process.env[key];
if (/^(yes|on|true|enabled)$/i.test(val)) {
val = true;
} else if (/^(no|off|false|disabled)$/i.test(val)) {
val = false;
} else if (val === 'null') {
val = null;
} else {
val = Number(val);
}
obj[prop] = val;
return obj;
}, {});
/**
* Is stdout a TTY? Colored output is enabled when `true`.
*/
function useColors() {
return 'colors' in exports.inspectOpts ?
Boolean(exports.inspectOpts.colors) :
tty.isatty(process.stderr.fd);
}
/**
* Adds ANSI color escape codes if enabled.
*
* @api public
*/
function formatArgs(args) {
const {namespace: name, useColors} = this;
if (useColors) {
const c = this.color;
const colorCode = '\u001B[3' + (c < 8 ? c : '8;5;' + c);
const prefix = ` ${colorCode};1m${name} \u001B[0m`;
args[0] = prefix + args[0].split('\n').join('\n' + prefix);
args.push(colorCode + 'm+' + module.exports.humanize(this.diff) + '\u001B[0m');
} else {
args[0] = getDate() + name + ' ' + args[0];
}
}
function getDate() {
if (exports.inspectOpts.hideDate) {
return '';
}
return new Date().toISOString() + ' ';
}
/**
* Invokes `util.format()` with the specified arguments and writes to stderr.
*/
function log(...args) {
return process.stderr.write(util.format(...args) + '\n');
}
/**
* Save `namespaces`.
*
* @param {String} namespaces
* @api private
*/
function save(namespaces) {
if (namespaces) {
process.env.DEBUG = namespaces;
} else {
// If you set a process.env field to null or undefined, it gets cast to the
// string 'null' or 'undefined'. Just delete instead.
delete process.env.DEBUG;
}
}
/**
* Load `namespaces`.
*
* @return {String} returns the previously persisted debug modes
* @api private
*/
function load() {
return process.env.DEBUG;
}
/**
* Init logic for `debug` instances.
*
* Create a new `inspectOpts` object in case `useColors` is set
* differently for a particular `debug` instance.
*/
function init(debug) {
debug.inspectOpts = {};
const keys = Object.keys(exports.inspectOpts);
for (let i = 0; i < keys.length; i++) {
debug.inspectOpts[keys[i]] = exports.inspectOpts[keys[i]];
}
}
module.exports = require('./common')(exports);
const {formatters} = module.exports;
/**
* Map %o to `util.inspect()`, all on a single line.
*/
formatters.o = function (v) {
this.inspectOpts.colors = this.useColors;
return util.inspect(v, this.inspectOpts)
.split('\n')
.map(str => str.trim())
.join(' ');
};
/**
* Map %O to `util.inspect()`, allowing multiple lines if needed.
*/
formatters.O = function (v) {
this.inspectOpts.colors = this.useColors;
return util.inspect(v, this.inspectOpts);
};

162
node_modules/passport-saml/node_modules/ms/index.js generated vendored Normal file
View file

@ -0,0 +1,162 @@
/**
* Helpers.
*/
var s = 1000;
var m = s * 60;
var h = m * 60;
var d = h * 24;
var w = d * 7;
var y = d * 365.25;
/**
* Parse or format the given `val`.
*
* Options:
*
* - `long` verbose formatting [false]
*
* @param {String|Number} val
* @param {Object} [options]
* @throws {Error} throw an error if val is not a non-empty string or a number
* @return {String|Number}
* @api public
*/
module.exports = function(val, options) {
options = options || {};
var type = typeof val;
if (type === 'string' && val.length > 0) {
return parse(val);
} else if (type === 'number' && isFinite(val)) {
return options.long ? fmtLong(val) : fmtShort(val);
}
throw new Error(
'val is not a non-empty string or a valid number. val=' +
JSON.stringify(val)
);
};
/**
* Parse the given `str` and return milliseconds.
*
* @param {String} str
* @return {Number}
* @api private
*/
function parse(str) {
str = String(str);
if (str.length > 100) {
return;
}
var match = /^(-?(?:\d+)?\.?\d+) *(milliseconds?|msecs?|ms|seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)?$/i.exec(
str
);
if (!match) {
return;
}
var n = parseFloat(match[1]);
var type = (match[2] || 'ms').toLowerCase();
switch (type) {
case 'years':
case 'year':
case 'yrs':
case 'yr':
case 'y':
return n * y;
case 'weeks':
case 'week':
case 'w':
return n * w;
case 'days':
case 'day':
case 'd':
return n * d;
case 'hours':
case 'hour':
case 'hrs':
case 'hr':
case 'h':
return n * h;
case 'minutes':
case 'minute':
case 'mins':
case 'min':
case 'm':
return n * m;
case 'seconds':
case 'second':
case 'secs':
case 'sec':
case 's':
return n * s;
case 'milliseconds':
case 'millisecond':
case 'msecs':
case 'msec':
case 'ms':
return n;
default:
return undefined;
}
}
/**
* Short format for `ms`.
*
* @param {Number} ms
* @return {String}
* @api private
*/
function fmtShort(ms) {
var msAbs = Math.abs(ms);
if (msAbs >= d) {
return Math.round(ms / d) + 'd';
}
if (msAbs >= h) {
return Math.round(ms / h) + 'h';
}
if (msAbs >= m) {
return Math.round(ms / m) + 'm';
}
if (msAbs >= s) {
return Math.round(ms / s) + 's';
}
return ms + 'ms';
}
/**
* Long format for `ms`.
*
* @param {Number} ms
* @return {String}
* @api private
*/
function fmtLong(ms) {
var msAbs = Math.abs(ms);
if (msAbs >= d) {
return plural(ms, msAbs, d, 'day');
}
if (msAbs >= h) {
return plural(ms, msAbs, h, 'hour');
}
if (msAbs >= m) {
return plural(ms, msAbs, m, 'minute');
}
if (msAbs >= s) {
return plural(ms, msAbs, s, 'second');
}
return ms + ' ms';
}
/**
* Pluralization helper.
*/
function plural(ms, msAbs, n, name) {
var isPlural = msAbs >= n * 1.5;
return Math.round(ms / n) + ' ' + name + (isPlural ? 's' : '');
}

21
node_modules/passport-saml/node_modules/ms/license.md generated vendored Normal file
View file

@ -0,0 +1,21 @@
The MIT License (MIT)
Copyright (c) 2016 Zeit, Inc.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

37
node_modules/passport-saml/node_modules/ms/package.json generated vendored Normal file
View file

@ -0,0 +1,37 @@
{
"name": "ms",
"version": "2.1.2",
"description": "Tiny millisecond conversion utility",
"repository": "zeit/ms",
"main": "./index",
"files": [
"index.js"
],
"scripts": {
"precommit": "lint-staged",
"lint": "eslint lib/* bin/*",
"test": "mocha tests.js"
},
"eslintConfig": {
"extends": "eslint:recommended",
"env": {
"node": true,
"es6": true
}
},
"lint-staged": {
"*.js": [
"npm run lint",
"prettier --single-quote --write",
"git add"
]
},
"license": "MIT",
"devDependencies": {
"eslint": "4.12.1",
"expect.js": "0.3.1",
"husky": "0.14.3",
"lint-staged": "5.0.0",
"mocha": "4.0.1"
}
}

Some files were not shown because too many files have changed in this diff Show more