From 2ab371b99d478fdd9d1139025fb6df6b07aa9b7f Mon Sep 17 00:00:00 2001 From: crew-security Date: Fri, 17 Nov 2023 04:58:24 -0800 Subject: [PATCH 1/3] Update semgrep action to newer version (#139) --- .github/workflows/semgrep.yml | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index b4035d1..39bfd73 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -1,15 +1,20 @@ name: Semgrep + on: - pull_request: {} + pull_request_target: {} push: - branches: ["master"] + branches: ["master", "main"] +permissions: + contents: read jobs: semgrep: name: Scan runs-on: ubuntu-latest + container: + image: returntocorp/semgrep if: (github.actor != 'dependabot[bot]' && github.actor != 'snyk-bot') steps: - - uses: actions/checkout@v2 - - uses: returntocorp/semgrep-action@v1 - with: - publishToken: ${{ secrets.SEMGREP_APP_TOKEN }} \ No newline at end of file + - uses: actions/checkout@v3 + - run: semgrep ci + env: + SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }} \ No newline at end of file From 5274d622b1f4cca04790dcf2acf83840c0b592c6 Mon Sep 17 00:00:00 2001 From: Artiom Ciumac Date: Fri, 17 Nov 2023 15:53:57 +0000 Subject: [PATCH 2/3] fix: support signed logout resposne sent via POST (#140) Co-authored-by: Artiom Ciumac Co-authored-by: Jake Lacey --- lib/utils.js | 5 ++-- test/fixture/signed_response.js | 5 ++++ test/utils.tests.js | 45 ++++++++++++++++++++++++--------- 3 files changed, 41 insertions(+), 14 deletions(-) create mode 100644 test/fixture/signed_response.js diff --git a/lib/utils.js b/lib/utils.js index c091ac3..beeb42d 100644 --- a/lib/utils.js +++ b/lib/utils.js @@ -185,11 +185,12 @@ module.exports.validateSignature = validateSignature; function validateSignature(req, element_type, xml, options) { const type = constants.ELEMENTS[element_type].PROP; - const isRequestSigned = !options.deflate ? + const isPostOrWithoutDeflate = (req.body && req.body[type]) || !options.deflate; + const isRequestSigned = isPostOrWithoutDeflate ? xpath.select(options.signaturePath || constants.ELEMENTS[element_type].SIGNATURE_VALIDATION_PATH, xml).length > 0 : !!req.query.Signature; if (isRequestSigned) { - if ((req.body && req.body[type]) || !options.deflate) { + if (isPostOrWithoutDeflate) { // HTTP-POST or HTTP-Redirect without deflate encoding const validationErrors = signers.validateXmlEmbeddedSignature(xml, options); if (validationErrors && validationErrors.length > 0) { diff --git a/test/fixture/signed_response.js b/test/fixture/signed_response.js new file mode 100644 index 0000000..9ad0d12 --- /dev/null +++ b/test/fixture/signed_response.js @@ -0,0 +1,5 @@ +module.exports = { + xml: `http://SAMLApp1zqNTeIQ1zWkRCz2eSOxlc9CvRpChRhHv6ReB6lEkduA=H/Z5I6MwYtBoPPsMIXKxSIYTgJoXBgbCLIm539zvBicx5iwMfSCtpMkrF8eWaXHsd4nl0pdcEQ5iP0NFdm+4E8tCj31CYt5VR0fABTtMLp2esjGxUSJ4Qb8ZXayZX2Xb044b1lpEZahDyxnI4D/AvgDsSNlSBjz2n5+3gEwuM8Eba4Go5qrE37Z5ELcp1iBCGAX+02A1sD3u4BK6gnsvBreqA1uOZ5tMFz9YqLlXzQ7NTeAYNRH+XOm5jq4YxGni8pyxnbRGY7W9o8nK0PAdLJumHL5seGqDHVt39w3HT/Yn5ylsdSdeBnsNd3vxp6685j6EDZ+OIUl1k0KB69y34iZ7DuESM2fP829gCjXZ73ErR/yVcLgWs6lQOOBEbLgHHF59EiOuLsI5L8h5J4nE1Utf+Tq9z+JFYmSjizW8SBYqTnxnOp/iUI213AukEXmuVghsedDIDifsVQbkSFJ8FtPApkfRGljVQlC5lkUMsG/IbcTobtLzeyRa6oUrxHP/U217tLMx9EJh3xIOSbd5L1iIfS3ZeUjmcrs9tCHRLb2gsPo90Tj3Hor0V9Ubk03t9ZI7WEvax8MyUc1+lHAKppPTZ2FjBCQulmseHvRtJLY4glBxr/2ddFlEYHqoMzpygh3Z8bsAYTekZv3qmss8Fdxm4S/ApYpmVp+pdnnMLZo=MIIFqTCCA5GgAwIBAgIUVekZiYAuhiBBde0NTdvLsYHZHrUwDQYJKoZIhvcNAQELBQAwZDELMAkGA1UEBhMCWFgxDTALBgNVBAgMBENvcmUxETAPBgNVBAcMCFNlc3Npb25zMQ0wCwYDVQQKDARBdGtvMQwwCgYDVQQLDANJQU0xFjAUBgNVBAMMDVNhbWxTbG9TYW1wbGUwHhcNMjMxMTE1MTUzNzAwWhcNMzMxMTEyMTUzNzAwWjBkMQswCQYDVQQGEwJYWDENMAsGA1UECAwEQ29yZTERMA8GA1UEBwwIU2Vzc2lvbnMxDTALBgNVBAoMBEF0a28xDDAKBgNVBAsMA0lBTTEWMBQGA1UEAwwNU2FtbFNsb1NhbXBsZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIvX8H7UosriVgwbYxAeSD/gXr+nrlIvlAghcLyaDkqqKg6ok+rBKHImEhOj8Y0BJohqScAB6Z5UWv2KCEuRl/wL5DoKTcwQq5G7UIcpWvouPfKCretPufE7T+SGyz4MFEaw32K5S16davyMvxO2YaSCSLSz5Y23HSVO9OOJzhNrJrqDNGwK5bMYC8+KGRLru3tktxBUeYuU00XwB9u/QdP4P8TCWP4I3bS1//jRw0nx0BYajcrBxa9bX8ReUo6Yz4p94va0fUZVy9vKe5D+5dn/pU9mqLiTSPKre48rkwN6kDNQN/hwK1cYSzL4bEASIHoqcpYhJgUlIXXd6gQQacjRu8IgjTKmLnb6VGHSESu9Cbdfth5qdXG69s2Hvs63I+RGxQXFrquqtONhHNZlnydFTmzMBCa2fAN51XDBmj8kPA5sPxaosNnmLrwbzoH7A47bqb8gTiEjZdVVX43ZlBu3u5qUY24E/8eSvpn1e2OivO3otV7hFvCXA6vuciEtxJ3jZHr7TfGMCocd01tvILFvAZnaRf8T/d3Z0TZzSh4OsWIh39WYTHyInubThBav56oEiXc4LK1aknlLBBx83qFQlUUMzQ9/zqBw9USw8RX5v78t2En4NNmr1E6vgiWHASZYD6lPGVIhk2e0DdeSNBuTytcCztVwzZeOn6CiTAo5AgMBAAGjUzBRMB0GA1UdDgQWBBS56q2GIt39ZyReYIv/GIB3lsLnWDAfBgNVHSMEGDAWgBS56q2GIt39ZyReYIv/GIB3lsLnWDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBLWZty9/0Gh9WjUE6GZuwn6Umhw7DyaEaAGdEuutD6/s6s/BGyGNqNiODjjux7QusrkwFhhy4r+U7V4M40glgVuyjZ3XjQMe4808RrZJGywJvC/2VMyELxE3UEKG18MGsWgQafwBLe8sEvCUf43VnpXFitzqO/W0KEewMIgpMvi2cTiP/3RhCh8SCNvk0P/GVs+Smv3yJRtDV73SMcWfTa707T0ifXyzQFdVOvRp6gT05H+2o22saq/4lpDnPQVdufom2zv0XMzXc1Iq1bZEa6Sr986bm0ZOFXUQrD4x4iOciEES1C8OBs59c5Pmvu2c2hwEXwb66nkQ+fYKcOq3kyNvE/rWv4agHZmsHYR2P6R+PAIleEKCkrSkzitDxTmkmxFVeZaUlM3l+hFkaobFp8k5AwldkJSgYt9S6NxtJ64FtOENcPbBimIxgcBsC0vrEN1hU3V8VhsV5zwfL9pqBG5a3eDx2YBSG70CL4a7P13YCqYotWLs93VDdJwl53lnxDgsn8D4YoOLZ1FP/gwQcqUVnN1uJFLe5FLiLKTATDmwh8Qztu/O+ZzV1EqUTJBjiltfiEdsUrNHJqZlXJ/e7nwdgdwFiaQxzFRZCLoWVBp+DHrckXcuv5lrZy291XKKJCzk46n8JxcqcKsd+UxO+hWaRCY5xQDqmRJe+1E44MIA==`, + response: `PHNhbWxwOkxvZ291dFJlc3BvbnNlIElEPSJfMDM2Y2VjNmMtMWQyZi00MzU1LWJhZmMtMjg5NzM4MWM3ZGNmIiBJblJlc3BvbnNlVG89Il85M2M4MWFlNjliZDg3NmFlNThhMiIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMjMtMTEtMTZUMTE6NTQ6MTJaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9hcnRleC5sb2NhbC5kZXYuYXV0aDAuY29tL3NhbWxwL1JNNjJ5MXlqR3ZONER1ZHBNQU85bTlzREZMY05DTlNaL2xvZ291dCIgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCI+PHNhbWw6SXNzdWVyIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHA6Ly9TQU1MQXBwMTwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+PFNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiIC8+PFJlZmVyZW5jZSBVUkk9IiNfMDM2Y2VjNmMtMWQyZi00MzU1LWJhZmMtMjg5NzM4MWM3ZGNmIj48VHJhbnNmb3Jtcz48VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiIC8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyI+PEluY2x1c2l2ZU5hbWVzcGFjZXMgUHJlZml4TGlzdD0iI2RlZmF1bHQgc2FtbHAgc2FtbCBkcyB4cyB4c2kiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+PC9UcmFuc2Zvcm0+PC9UcmFuc2Zvcm1zPjxEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiIC8+PERpZ2VzdFZhbHVlPnpxTlRlSVExeldrUkN6MmVTT3hsYzlDdlJwQ2hSaEh2NlJlQjZsRWtkdUE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPkgvWjVJNk13WXRCb1BQc01JWEt4U0lZVGdKb1hCZ2JDTEltNTM5enZCaWN4NWl3TWZTQ3RwTWtyRjhlV2FYSHNkNG5sMHBkY0VRNWlQME5GZG0rNEU4dENqMzFDWXQ1VlIwZkFCVHRNTHAyZXNqR3hVU0o0UWI4WlhheVpYMlhiMDQ0YjFscEVaYWhEeXhuSTREL0F2Z0RzU05sU0JqejJuNSszZ0V3dU04RWJhNEdvNXFyRTM3WjVFTGNwMWlCQ0dBWCswMkExc0QzdTRCSzZnbnN2QnJlcUExdU9aNXRNRno5WXFMbFh6UTdOVGVBWU5SSCtYT201anE0WXhHbmk4cHl4bmJSR1k3VzlvOG5LMFBBZExKdW1ITDVzZUdxREhWdDM5dzNIVC9ZbjV5bHNkU2RlQm5zTmQzdnhwNjY4NWo2RURaK09JVWwxazBLQjY5eTM0aVo3RHVFU00yZlA4MjlnQ2pYWjczRXJSL3lWY0xnV3M2bFFPT0JFYkxnSEhGNTlFaU91THNJNUw4aDVKNG5FMVV0ZitUcTl6K0pGWW1Taml6VzhTQllxVG54bk9wL2lVSTIxM0F1a0VYbXVWZ2hzZWRESURpZnNWUWJrU0ZKOEZ0UEFwa2ZSR2xqVlFsQzVsa1VNc0cvSWJjVG9idEx6ZXlSYTZvVXJ4SFAvVTIxN3RMTXg5RUpoM3hJT1NiZDVMMWlJZlMzWmVVam1jcnM5dENIUkxiMmdzUG85MFRqM0hvcjBWOVViazAzdDlaSTdXRXZheDhNeVVjMStsSEFLcHBQVFoyRmpCQ1F1bG1zZUh2UnRKTFk0Z2xCeHIvMmRkRmxFWUhxb016cHlnaDNaOGJzQVlUZWtadjNxbXNzOEZkeG00Uy9BcFlwbVZwK3Bkbm5NTFpvPTwvU2lnbmF0dXJlVmFsdWU+PEtleUluZm8+PFg1MDlEYXRhPjxYNTA5Q2VydGlmaWNhdGU+TUlJRnFUQ0NBNUdnQXdJQkFnSVVWZWtaaVlBdWhpQkJkZTBOVGR2THNZSFpIclV3RFFZSktvWklodmNOQVFFTEJRQXdaREVMTUFrR0ExVUVCaE1DV0ZneERUQUxCZ05WQkFnTUJFTnZjbVV4RVRBUEJnTlZCQWNNQ0ZObGMzTnBiMjV6TVEwd0N3WURWUVFLREFSQmRHdHZNUXd3Q2dZRFZRUUxEQU5KUVUweEZqQVVCZ05WQkFNTURWTmhiV3hUYkc5VFlXMXdiR1V3SGhjTk1qTXhNVEUxTVRVek56QXdXaGNOTXpNeE1URXlNVFV6TnpBd1dqQmtNUXN3Q1FZRFZRUUdFd0pZV0RFTk1Bc0dBMVVFQ0F3RVEyOXlaVEVSTUE4R0ExVUVCd3dJVTJWemMybHZibk14RFRBTEJnTlZCQW9NQkVGMGEyOHhEREFLQmdOVkJBc01BMGxCVFRFV01CUUdBMVVFQXd3TlUyRnRiRk5zYjFOaGJYQnNaVENDQWlJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dJUEFEQ0NBZ29DZ2dJQkFJdlg4SDdVb3NyaVZnd2JZeEFlU0QvZ1hyK25ybEl2bEFnaGNMeWFEa3FxS2c2b2srckJLSEltRWhPajhZMEJKb2hxU2NBQjZaNVVXdjJLQ0V1Umwvd0w1RG9LVGN3UXE1RzdVSWNwV3ZvdVBmS0NyZXRQdWZFN1QrU0d5ejRNRkVhdzMySzVTMTZkYXZ5TXZ4TzJZYVNDU0xTejVZMjNIU1ZPOU9PSnpoTnJKcnFETkd3SzViTVlDOCtLR1JMcnUzdGt0eEJVZVl1VTAwWHdCOXUvUWRQNFA4VENXUDRJM2JTMS8valJ3MG54MEJZYWpjckJ4YTliWDhSZVVvNll6NHA5NHZhMGZVWlZ5OXZLZTVEKzVkbi9wVTltcUxpVFNQS3JlNDhya3dONmtETlFOL2h3SzFjWVN6TDRiRUFTSUhvcWNwWWhKZ1VsSVhYZDZnUVFhY2pSdThJZ2pUS21MbmI2VkdIU0VTdTlDYmRmdGg1cWRYRzY5czJIdnM2M0krUkd4UVhGcnF1cXRPTmhITlpsbnlkRlRtek1CQ2EyZkFONTFYREJtajhrUEE1c1B4YW9zTm5tTHJ3YnpvSDdBNDdicWI4Z1RpRWpaZFZWWDQzWmxCdTN1NXFVWTI0RS84ZVN2cG4xZTJPaXZPM290VjdoRnZDWEE2dnVjaUV0eEozalpIcjdUZkdNQ29jZDAxdHZJTEZ2QVpuYVJmOFQvZDNaMFRaelNoNE9zV0loMzlXWVRIeUludWJUaEJhdjU2b0VpWGM0TEsxYWtubExCQng4M3FGUWxVVU16UTkvenFCdzlVU3c4Ulg1djc4dDJFbjROTm1yMUU2dmdpV0hBU1pZRDZsUEdWSWhrMmUwRGRlU05CdVR5dGNDenRWd3paZU9uNkNpVEFvNUFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUzU2cTJHSXQzOVp5UmVZSXYvR0lCM2xzTG5XREFmQmdOVkhTTUVHREFXZ0JTNTZxMkdJdDM5WnlSZVlJdi9HSUIzbHNMbldEQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQkxXWnR5OS8wR2g5V2pVRTZHWnV3bjZVbWh3N0R5YUVhQUdkRXV1dEQ2L3M2cy9CR3lHTnFOaU9Eamp1eDdRdXNya3dGaGh5NHIrVTdWNE00MGdsZ1Z1eWpaM1hqUU1lNDgwOFJyWkpHeXdKdkMvMlZNeUVMeEUzVUVLRzE4TUdzV2dRYWZ3QkxlOHNFdkNVZjQzVm5wWEZpdHpxTy9XMEtFZXdNSWdwTXZpMmNUaVAvM1JoQ2g4U0NOdmswUC9HVnMrU212M3lKUnREVjczU01jV2ZUYTcwN1QwaWZYeXpRRmRWT3ZScDZnVDA1SCsybzIyc2FxLzRscERuUFFWZHVmb20yenYwWE16WGMxSXExYlpFYTZTcjk4NmJtMFpPRlhVUXJENHg0aU9jaUVFUzFDOE9CczU5YzVQbXZ1MmMyaHdFWHdiNjZua1ErZllLY09xM2t5TnZFL3JXdjRhZ0habXNIWVIyUDZSK1BBSWxlRUtDa3JTa3ppdER4VG1rbXhGVmVaYVVsTTNsK2hGa2FvYkZwOGs1QXdsZGtKU2dZdDlTNk54dEo2NEZ0T0VOY1BiQmltSXhnY0JzQzB2ckVOMWhVM1Y4VmhzVjV6d2ZMOXBxQkc1YTNlRHgyWUJTRzcwQ0w0YTdQMTNZQ3FZb3RXTHM5M1ZEZEp3bDUzbG54RGdzbjhENFlvT0xaMUZQL2d3UWNxVVZuTjF1SkZMZTVGTGlMS1RBVERtd2g4UXp0dS9PK1p6VjFFcVVUSkJqaWx0ZmlFZHNVck5ISnFabFhKL2U3bndkZ2R3RmlhUXh6RlJaQ0xvV1ZCcCtESHJja1hjdXY1bHJaeTI5MVhLS0pDems0Nm44SnhjcWNLc2QrVXhPK2hXYVJDWTV4UURxbVJKZSsxRTQ0TUlBPT08L1g1MDlDZXJ0aWZpY2F0ZT48L1g1MDlEYXRhPjwvS2V5SW5mbz48L1NpZ25hdHVyZT48c2FtbHA6U3RhdHVzPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiIC8+PC9zYW1scDpTdGF0dXM+PC9zYW1scDpMb2dvdXRSZXNwb25zZT4=`, + cert: `-----BEGIN CERTIFICATE-----\nMIIFqTCCA5GgAwIBAgIUVekZiYAuhiBBde0NTdvLsYHZHrUwDQYJKoZIhvcNAQEL\nBQAwZDELMAkGA1UEBhMCWFgxDTALBgNVBAgMBENvcmUxETAPBgNVBAcMCFNlc3Np\nb25zMQ0wCwYDVQQKDARBdGtvMQwwCgYDVQQLDANJQU0xFjAUBgNVBAMMDVNhbWxT\nbG9TYW1wbGUwHhcNMjMxMTE1MTUzNzAwWhcNMzMxMTEyMTUzNzAwWjBkMQswCQYD\nVQQGEwJYWDENMAsGA1UECAwEQ29yZTERMA8GA1UEBwwIU2Vzc2lvbnMxDTALBgNV\nBAoMBEF0a28xDDAKBgNVBAsMA0lBTTEWMBQGA1UEAwwNU2FtbFNsb1NhbXBsZTCC\nAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIvX8H7UosriVgwbYxAeSD/g\nXr+nrlIvlAghcLyaDkqqKg6ok+rBKHImEhOj8Y0BJohqScAB6Z5UWv2KCEuRl/wL\n5DoKTcwQq5G7UIcpWvouPfKCretPufE7T+SGyz4MFEaw32K5S16davyMvxO2YaSC\nSLSz5Y23HSVO9OOJzhNrJrqDNGwK5bMYC8+KGRLru3tktxBUeYuU00XwB9u/QdP4\nP8TCWP4I3bS1//jRw0nx0BYajcrBxa9bX8ReUo6Yz4p94va0fUZVy9vKe5D+5dn/\npU9mqLiTSPKre48rkwN6kDNQN/hwK1cYSzL4bEASIHoqcpYhJgUlIXXd6gQQacjR\nu8IgjTKmLnb6VGHSESu9Cbdfth5qdXG69s2Hvs63I+RGxQXFrquqtONhHNZlnydF\nTmzMBCa2fAN51XDBmj8kPA5sPxaosNnmLrwbzoH7A47bqb8gTiEjZdVVX43ZlBu3\nu5qUY24E/8eSvpn1e2OivO3otV7hFvCXA6vuciEtxJ3jZHr7TfGMCocd01tvILFv\nAZnaRf8T/d3Z0TZzSh4OsWIh39WYTHyInubThBav56oEiXc4LK1aknlLBBx83qFQ\nlUUMzQ9/zqBw9USw8RX5v78t2En4NNmr1E6vgiWHASZYD6lPGVIhk2e0DdeSNBuT\nytcCztVwzZeOn6CiTAo5AgMBAAGjUzBRMB0GA1UdDgQWBBS56q2GIt39ZyReYIv/\nGIB3lsLnWDAfBgNVHSMEGDAWgBS56q2GIt39ZyReYIv/GIB3lsLnWDAPBgNVHRMB\nAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBLWZty9/0Gh9WjUE6GZuwn6Umh\nw7DyaEaAGdEuutD6/s6s/BGyGNqNiODjjux7QusrkwFhhy4r+U7V4M40glgVuyjZ\n3XjQMe4808RrZJGywJvC/2VMyELxE3UEKG18MGsWgQafwBLe8sEvCUf43VnpXFit\nzqO/W0KEewMIgpMvi2cTiP/3RhCh8SCNvk0P/GVs+Smv3yJRtDV73SMcWfTa707T\n0ifXyzQFdVOvRp6gT05H+2o22saq/4lpDnPQVdufom2zv0XMzXc1Iq1bZEa6Sr98\n6bm0ZOFXUQrD4x4iOciEES1C8OBs59c5Pmvu2c2hwEXwb66nkQ+fYKcOq3kyNvE/\nrWv4agHZmsHYR2P6R+PAIleEKCkrSkzitDxTmkmxFVeZaUlM3l+hFkaobFp8k5Aw\nldkJSgYt9S6NxtJ64FtOENcPbBimIxgcBsC0vrEN1hU3V8VhsV5zwfL9pqBG5a3e\nDx2YBSG70CL4a7P13YCqYotWLs93VDdJwl53lnxDgsn8D4YoOLZ1FP/gwQcqUVnN\n1uJFLe5FLiLKTATDmwh8Qztu/O+ZzV1EqUTJBjiltfiEdsUrNHJqZlXJ/e7nwdgd\nwFiaQxzFRZCLoWVBp+DHrckXcuv5lrZy291XKKJCzk46n8JxcqcKsd+UxO+hWaRC\nY5xQDqmRJe+1E44MIA==\n-----END CERTIFICATE-----\n`, +} \ No newline at end of file diff --git a/test/utils.tests.js b/test/utils.tests.js index 583d110..0786efa 100644 --- a/test/utils.tests.js +++ b/test/utils.tests.js @@ -1,24 +1,45 @@ -const timekeeper = require('timekeeper'); -const expect = require('chai').expect; +const timekeeper = require("timekeeper"); +const DOMParser = require("@auth0/xmldom").DOMParser; +const expect = require("chai").expect; -const utils = require('../lib/utils'); +const utils = require("../lib/utils"); -describe('utils', function () { - describe('generateInstant', function () { - it('should pad the millis appropriately', function () { +const signedResponse = require("./fixture/signed_response"); + +describe("utils", function () { + describe("generateInstant", function () { + it("should pad the millis appropriately", function () { timekeeper.withFreeze(0, () => { - expect(utils.generateInstant()).to.equal('1970-01-01T00:00:00.000Z'); + expect(utils.generateInstant()).to.equal("1970-01-01T00:00:00.000Z"); }); }); }); - describe('generateUniqueID', function() { - it('should generate an ID 20 chars long', function() { + describe("generateUniqueID", function () { + it("should generate an ID 20 chars long", function () { expect(utils.generateUniqueID().length).to.equal(20); }); }); - describe('generateUniqueID', function() { - it('should generate an ID from the alphabet', function() { - expect('abcdef0123456789'.split('')).to.include.members(utils.generateUniqueID().split('')); + describe("generateUniqueID", function () { + it("should generate an ID from the alphabet", function () { + expect("abcdef0123456789".split("")).to.include.members( + utils.generateUniqueID().split("") + ); + }); + }); + describe("validateSignature", function () { + describe("with custom signing certificate", function () { + it("should validate the signature correctly", function () { + const response = signedResponse.response; + + const req = { body: { SAMLResponse: response }, query: {} }; + const element_type = "LOGOUT_RESPONSE"; + const xml = new DOMParser().parseFromString(signedResponse.xml); + const options = { signingCert: signedResponse.cert, deflate: true }; + + // should not throw errors + expect(utils.validateSignature(req, element_type, xml, options)).to.be + .undefined; + }); }); }); }); From 7158002942830af911fdf5469dc3edef03347acc Mon Sep 17 00:00:00 2001 From: Lucas Machado <44952113+machadolucasvp@users.noreply.github.com> Date: Mon, 20 Nov 2023 16:41:06 +0100 Subject: [PATCH 3/3] chore(release): 7.1.1 (#141) * chore(release): 7.1.1 * chore: fix typo in changelog --- CHANGELOG.md | 7 +++++++ package.json | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ea639f2..1dc02a4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +### [7.1.1](https://github.com/auth0/node-samlp/compare/v7.1.0...v7.1.1) (2023-11-20) + + +### Bug Fixes + +* support signed logout response sent via POST ([#140](https://github.com/auth0/node-samlp/issues/140)) ([5274d62](https://github.com/auth0/node-samlp/commit/5274d622b1f4cca04790dcf2acf83840c0b592c6)) + ## [7.1.0](https://github.com/auth0/node-samlp/compare/v7.0.2...v7.1.0) (2023-07-24) diff --git a/package.json b/package.json index 278517a..045fd9e 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "samlp", - "version": "7.1.0", + "version": "7.1.1", "engines": { "node": ">=12" },