-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #17 from JbIPS/master
Makes it compatible with Hapi 17
- Loading branch information
Showing
12 changed files
with
508 additions
and
473 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,46 +1,63 @@ | ||
"use strict"; | ||
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { | ||
return new (P || (P = Promise))(function (resolve, reject) { | ||
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } | ||
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } | ||
function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); } | ||
step((generator = generator.apply(thisArg, _arguments || [])).next()); | ||
}); | ||
}; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
const Boom = require('boom'); | ||
/** | ||
* Endpoint to retrieve metadata | ||
* @function | ||
* @param {Object} request - A Hapi Request | ||
* @param {Object} reply - A Hapi Reply | ||
* @param {Object} h - A Hapi response toolkit | ||
*/ | ||
exports.getMetadata = (saml) => (request, reply) => { | ||
return reply(saml.getSamlLib().generateServiceProviderMetadata(saml.props.decryptionCert)).type('application/xml'); | ||
exports.getMetadata = (saml) => (request, h) => { | ||
const response = h.response(saml.getSamlLib().generateServiceProviderMetadata(saml.props.decryptionCert)); | ||
response.type('application/xml'); | ||
return response; | ||
}; | ||
/** | ||
* Assert endpoint for when login completes | ||
* @function | ||
* @param {Object} request - A Hapi Request | ||
* @param {Object} reply - A Hapi Reply | ||
* @param {Object} h - A Hapi response toolkit | ||
*/ | ||
exports.assert = (saml, onAssertRes, onAssertReq, cookieName, samlCredsPropKey) => (request, reply) => { | ||
exports.assert = (saml, onAssertRes, onAssertReq, cookieName, samlCredsPropKey) => (request, h) => __awaiter(this, void 0, void 0, function* () { | ||
if (request.payload.SAMLRequest) { | ||
// Implement your SAMLRequest handling here | ||
if (onAssertReq) { | ||
return onAssertReq(request, reply); | ||
return onAssertReq(request, h); | ||
} | ||
return reply(500); | ||
throw new Error('Invalid assertion request'); | ||
} | ||
if (request.payload.SAMLResponse) { | ||
// Handles SP use cases, e.g. IdP is external and SP is Hapi | ||
saml.validatePostResponse(request.payload, (err, profile) => { | ||
if (err !== null) { | ||
if (err.message.indexOf('SAML assertion expired') > -1) { | ||
return reply.redirect('/'); | ||
} | ||
return reply(err.message).code(500); | ||
} | ||
try { | ||
const profile = yield new Promise((resolve, reject) => { | ||
saml.validatePostResponse(request.payload, (err, profile) => { | ||
if (err) | ||
reject(err); | ||
else | ||
resolve(profile); | ||
}); | ||
}); | ||
if (onAssertRes) { | ||
// the callback shall return the reply object after using it to redirect/response. | ||
const replyFromCallback = onAssertRes(profile, request, reply).state(cookieName, profile); | ||
if (replyFromCallback) { | ||
return replyFromCallback.state(cookieName, profile); | ||
} | ||
return reply.state(cookieName, profile).code(200); | ||
const replyFromCallback = onAssertRes(profile, request, h); | ||
replyFromCallback.state(cookieName, { [samlCredsPropKey]: profile }); | ||
return replyFromCallback; | ||
} | ||
throw Boom.badImplementation('onAssert is missing'); | ||
} | ||
catch (err) { | ||
if (err.message.indexOf('SAML assertion expired') > -1) { | ||
return h.redirect('/'); | ||
} | ||
throw new Error('onAssert is missing'); | ||
}); | ||
throw Boom.unauthorized(err.message, 'saml'); | ||
} | ||
} | ||
}; | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,33 +1,42 @@ | ||
"use strict"; | ||
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { | ||
return new (P || (P = Promise))(function (resolve, reject) { | ||
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } | ||
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } | ||
function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); } | ||
step((generator = generator.apply(thisArg, _arguments || [])).next()); | ||
}); | ||
}; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
const Boom = require('boom'); | ||
exports.SchemeAuthenticate = (saml, settings, samlCredsPropKey) => (request, reply) => { | ||
exports.SchemeAuthenticate = (saml, settings, samlCredsPropKey) => (request, h) => __awaiter(this, void 0, void 0, function* () { | ||
const state = request.state; | ||
let session = state[settings.cookie]; | ||
if (!session) { | ||
saml.getSamlLib().getAuthorizeUrl({ | ||
headers: request.headers, | ||
body: request.payload, | ||
query: request.query | ||
}, function (err, loginUrl) { | ||
console.log(err); | ||
if (err !== null) { | ||
return reply().code(500); | ||
} | ||
session = {}; | ||
session.redirectTo = request.path; | ||
return reply.redirect(loginUrl).state(settings.cookie, session); | ||
const loginUrl = yield new Promise((resolve, reject) => { | ||
saml.getSamlLib().getAuthorizeUrl({ | ||
headers: request.headers, | ||
body: request.payload, | ||
query: request.query | ||
}, function (err, loginUrl) { | ||
if (err) | ||
reject(err); | ||
else | ||
resolve(loginUrl); | ||
}); | ||
}); | ||
return; | ||
session = {}; | ||
session.redirectTo = request.path; | ||
h.state(settings.cookie, session); | ||
return h.redirect(loginUrl).takeover(); | ||
} | ||
if (session && session[samlCredsPropKey]) { | ||
return reply.continue({ | ||
return h.authenticated({ | ||
credentials: session[samlCredsPropKey] | ||
}); | ||
} | ||
if (request.auth.mode === 'try') { | ||
return reply(null, Boom.unauthorized('Not authenticated')); | ||
throw Boom.unauthorized('Not authenticated'); | ||
} | ||
const err = { error: 'Unauthorized' }; | ||
return reply(err, 'saml'); | ||
}; | ||
throw Boom.unauthorized('Unauthorized', 'saml'); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.