From 33865b9d02c91690512ad06c54c9cdc4b751e4f9 Mon Sep 17 00:00:00 2001
From: Siwat Sirichai <siwat@siwatinc.com>
Date: Sun, 5 May 2024 03:11:42 +0700
Subject: [PATCH] saml2 working

---
 .vscode/c_cpp_properties.json | 18 ++++++++
 .vscode/launch.json           | 42 +++++++++++++------
 .vscode/settings.json         | 59 ++++++++++++++++++++++++++
 config/passport.js            | 20 ++++-----
 index.js                      | 79 ++++++++++++++++++++++++++++++-----
 login.html                    |  4 +-
 6 files changed, 184 insertions(+), 38 deletions(-)
 create mode 100644 .vscode/c_cpp_properties.json
 create mode 100644 .vscode/settings.json

diff --git a/.vscode/c_cpp_properties.json b/.vscode/c_cpp_properties.json
new file mode 100644
index 0000000..cea4d3f
--- /dev/null
+++ b/.vscode/c_cpp_properties.json
@@ -0,0 +1,18 @@
+{
+  "configurations": [
+    {
+      "name": "windows-gcc-x64",
+      "includePath": [
+        "${workspaceFolder}/**"
+      ],
+      "compilerPath": "gcc",
+      "cStandard": "${default}",
+      "cppStandard": "${default}",
+      "intelliSenseMode": "windows-gcc-x64",
+      "compilerArgs": [
+        ""
+      ]
+    }
+  ],
+  "version": 4
+}
\ No newline at end of file
diff --git a/.vscode/launch.json b/.vscode/launch.json
index ac44c31..f49fea0 100644
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -1,17 +1,33 @@
 {
-    // Use IntelliSense to learn about possible attributes.
-    // Hover to view descriptions of existing attributes.
-    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
-    "version": "0.2.0",
-    "configurations": [
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "type": "node",
+      "request": "launch",
+      "name": "Launch Program",
+      "skipFiles": [
+        "<node_internals>/**"
+      ],
+      "program": "${workspaceFolder}\\index.js"
+    },
+    {
+      "name": "C/C++ Runner: Debug Session",
+      "type": "cppdbg",
+      "request": "launch",
+      "args": [],
+      "stopAtEntry": false,
+      "externalConsole": true,
+      "cwd": "d:/Git/ESPMegaPRO-v3-SDK/ESPMegaPRO-OS-SDK/lib/ESPMegaPRO",
+      "program": "d:/Git/ESPMegaPRO-v3-SDK/ESPMegaPRO-OS-SDK/lib/ESPMegaPRO/build/Debug/outDebug",
+      "MIMode": "gdb",
+      "miDebuggerPath": "gdb",
+      "setupCommands": [
         {
-            "type": "node",
-            "request": "launch",
-            "name": "Launch Program",
-            "skipFiles": [
-                "<node_internals>/**"
-            ],
-            "program": "${workspaceFolder}\\index.js"
+          "description": "Enable pretty-printing for gdb",
+          "text": "-enable-pretty-printing",
+          "ignoreFailures": true
         }
-    ]
+      ]
+    }
+  ]
 }
\ No newline at end of file
diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 0000000..3e5eb95
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,59 @@
+{
+  "C_Cpp_Runner.cCompilerPath": "gcc",
+  "C_Cpp_Runner.cppCompilerPath": "g++",
+  "C_Cpp_Runner.debuggerPath": "gdb",
+  "C_Cpp_Runner.cStandard": "",
+  "C_Cpp_Runner.cppStandard": "",
+  "C_Cpp_Runner.msvcBatchPath": "",
+  "C_Cpp_Runner.useMsvc": false,
+  "C_Cpp_Runner.warnings": [
+    "-Wall",
+    "-Wextra",
+    "-Wpedantic",
+    "-Wshadow",
+    "-Wformat=2",
+    "-Wcast-align",
+    "-Wconversion",
+    "-Wsign-conversion",
+    "-Wnull-dereference"
+  ],
+  "C_Cpp_Runner.msvcWarnings": [
+    "/W4",
+    "/permissive-",
+    "/w14242",
+    "/w14287",
+    "/w14296",
+    "/w14311",
+    "/w14826",
+    "/w44062",
+    "/w44242",
+    "/w14905",
+    "/w14906",
+    "/w14263",
+    "/w44265",
+    "/w14928"
+  ],
+  "C_Cpp_Runner.enableWarnings": true,
+  "C_Cpp_Runner.warningsAsError": false,
+  "C_Cpp_Runner.compilerArgs": [],
+  "C_Cpp_Runner.linkerArgs": [],
+  "C_Cpp_Runner.includePaths": [],
+  "C_Cpp_Runner.includeSearch": [
+    "*",
+    "**/*"
+  ],
+  "C_Cpp_Runner.excludeSearch": [
+    "**/build",
+    "**/build/**",
+    "**/.*",
+    "**/.*/**",
+    "**/.vscode",
+    "**/.vscode/**"
+  ],
+  "C_Cpp_Runner.useAddressSanitizer": false,
+  "C_Cpp_Runner.useUndefinedSanitizer": false,
+  "C_Cpp_Runner.useLeakSanitizer": false,
+  "C_Cpp_Runner.showCompilationTime": false,
+  "C_Cpp_Runner.useLinkTimeOptimization": false,
+  "C_Cpp_Runner.msvcSecureNoWarnings": false
+}
\ No newline at end of file
diff --git a/config/passport.js b/config/passport.js
index a73deef..ae62674 100644
--- a/config/passport.js
+++ b/config/passport.js
@@ -11,24 +11,18 @@ passport.deserializeUser(function (user, done) {
 passport.use(
   new SamlStrategy(
     {
-      entryPoint: "https://sso.satitm.chula.ac.th/adfs/ls/",
-      issuer: "acme_tools_com",
-      callbackUrl: "https://sso.satitm.chula.ac.th/selfservice/activedirectory/postResponse",
+      entryPoint: "https://sso.satitm.chula.ac.th/adfs/ls",
+      issuer: "https://localhost:3000",
+      callbackUrl: "https://localhost:3000/selfservice/activedirectory/postResponse",
       privateKey: fs.readFileSync("adfs_connect/urn_satitm_sso_selfservice.key", "utf-8"),
-      cert: fs.readFileSync("adfs_connect/urn_satitm_sso_selfservice.cert", "utf-8"),
-      // other authn contexts are available e.g. windows single sign-on
-      // see: https://learn.microsoft.com/en-us/dotnet/api/system.identitymodel.tokens.authenticationmethods?view=netframework-4.8#fields
-      authnContext: [
-        "http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password",
-      ],
+      acceptedClockSkewMs: -1,
       identifierFormat: null,
-      // this is configured under the Advanced tab in AD FS relying party
       signatureAlgorithm: "sha256",
-      racComparison: "exact", // default to exact RequestedAuthnContext Comparison Type
-      // From the metadata document
-      audience: "https://sso.satitm.chula.ac.th/FederationMetadata/2007-06/FederationMetadata.xml",
+      racComparison: "exact",
     },
     function (profile, done) {
+      console.log("profile", profile);
+      let user = profile["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"];
       return done(null, {
         upn: profile["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"],
         // e.g. if you added a Group claim
diff --git a/index.js b/index.js
index 84446b1..e5a2dcd 100644
--- a/index.js
+++ b/index.js
@@ -1,35 +1,94 @@
 let passport = require('passport');
 let express = require('express');
-let http = require('http');
+let https = require('https');
+let fs = require('fs');
 
 let app = express();
 require('./config/passport.js');
 
+let session = require('express-session');
+
+app.use(session({
+  secret: 'RLCCDwstDuT6nMJf5kko7C',
+  resave: false,
+  saveUninitialized: true
+}));
+
+// ... rest of your code ...
+
 app.use(passport.initialize());
 app.use(passport.session());
 
+app.use(express.json());
+app.use(express.urlencoded({ extended: true }));
+
+app.get('/', function (req, res) {
+  res.send('Hello World!<br><a href="/login">Login</a>');
+  console.log('User:', req.user);
+  if (req.user) {
+    console.log('User:', req.user);
+  }
+});
+
 app.get('/login',
   passport.authenticate('saml', { failureRedirect: '/selfservice', failureFlash: true }),
-  function(req, res) {
-    res.redirect('https://sso.satitm.chula.ac.th/selfservice');
+  function (req, res) {
+    res.redirect('https://localhost:3000/');
   }
 );
-app.post('/selfservice/activediretory/postResponse',
-  passport.authenticate('saml', { failureRedirect: '/selfservice', failureFlash: true }),
-  function(req, res) {
-    res.redirect('https://sso.satitm.chula.ac.th/selfservice');
+
+app.use(function(req, res, next) {
+  console.log('Received request:', req.method, req.url);
+  console.log('Data:', req.body);
+  next();
+});
+
+app.post('/selfservice/activedirectory/postResponse',
+  passport.authenticate('saml', { failureRedirect: '/selfservice',successRedirect: '/', failureFlash: true }),
+  function (req, res) {
+    console.log('SAML authentication successful');
+    res.redirect('https://localhost:3000/');
   }
 );
 //app.get('selfservice/secure', validUser, routes.secure);
 
 function validUser(req, res, next) {
   if (!req.user) {
-    res.redirect('https://sso.satitm.chula.ac.th/selfservice/login');
+    res.redirect('https://localhost:3000/login');
   }
   next();
 }
 
-let server = http.createServer(app);
-server.listen(3000, function() {
+const options = {
+  key: fs.readFileSync('adfs_connect/urn_satitm_sso_selfservice.key'),
+  cert: fs.readFileSync('adfs_connect/urn_satitm_sso_selfservice.cert'),
+  ciphers: [
+    'ECDHE-RSA-AES128-GCM-SHA256',
+    'ECDHE-ECDSA-AES128-GCM-SHA256',
+    'ECDHE-RSA-AES256-GCM-SHA384',
+    'ECDHE-ECDSA-AES256-GCM-SHA384',
+    'DHE-RSA-AES128-GCM-SHA256',
+    'ECDHE-RSA-AES128-SHA256',
+    'DHE-RSA-AES128-SHA256',
+    'ECDHE-RSA-AES256-SHA384',
+    'DHE-RSA-AES256-SHA384',
+    'ECDHE-RSA-AES256-SHA256',
+    'DHE-RSA-AES256-SHA256',
+    'HIGH',
+    '!aNULL',
+    '!eNULL',
+    '!EXPORT',
+    '!DES',
+    '!RC4',
+    '!MD5',
+    '!PSK',
+    '!SRP',
+    '!CAMELLIA'
+  ].join(':'),
+  honorCipherOrder: true
+};
+
+let server = https.createServer(options, app);
+server.listen(3000, function () {
   console.log('Listening on port 3000');
 });
\ No newline at end of file
diff --git a/login.html b/login.html
index 69479ac..b02a9ba 100644
--- a/login.html
+++ b/login.html
@@ -23,7 +23,7 @@
       background-color: rgba(255, 255, 255, 0.8);
       padding: 20px;
       border-radius: 10px;
-      
+
     }
 
     input[type=date],
@@ -212,7 +212,7 @@
                   <input name="%%PASSWORDID%%" id="ft_pd" type="password" autocomplete="off">
                 </div>
               </div>
-              <div class="form-footer" >
+              <div class="form-footer">
                 <button class="primary" type="submit" style="margin-bottom: 0;">
                   Continue
                 </button>