/
multiSamlStrategy.ts
95 lines (82 loc) · 2.96 KB
/
multiSamlStrategy.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
import * as util from "util";
import * as saml from "./saml";
import { CacheProvider as InMemoryCacheProvider } from "./inmemory-cache-provider";
import SamlStrategy = require("./strategy");
import type { Request } from "express";
import {
AuthenticateOptions,
AuthorizeOptions,
MultiSamlConfig,
RequestWithUser,
VerifyWithoutRequest,
VerifyWithRequest,
} from "./types";
class MultiSamlStrategy extends SamlStrategy {
_options: MultiSamlConfig;
constructor(options: MultiSamlConfig, verify: VerifyWithRequest);
constructor(options: MultiSamlConfig, verify: VerifyWithoutRequest);
constructor(options: MultiSamlConfig, verify: never) {
if (!options || typeof options.getSamlOptions != "function") {
throw new Error("Please provide a getSamlOptions function");
}
if (!options.requestIdExpirationPeriodMs) {
options.requestIdExpirationPeriodMs = 28800000; // 8 hours
}
if (!options.cacheProvider) {
options.cacheProvider = new InMemoryCacheProvider({
keyExpirationPeriodMs: options.requestIdExpirationPeriodMs,
});
}
super(options, verify);
this._options = options;
}
authenticate(req: RequestWithUser, options: AuthenticateOptions) {
this._options.getSamlOptions(req, (err, samlOptions) => {
if (err) {
return this.error(err);
}
const samlService = new saml.SAML({ ...this._options, ...samlOptions });
const strategy = Object.assign({}, this, { _saml: samlService });
Object.setPrototypeOf(strategy, this);
super.authenticate.call(strategy, req, options);
});
}
logout(
req: RequestWithUser,
callback: (err: Error | null, url?: string | null | undefined) => void
) {
this._options.getSamlOptions(req, (err, samlOptions) => {
if (err) {
return callback(err);
}
const samlService = new saml.SAML(Object.assign({}, this._options, samlOptions));
const strategy = Object.assign({}, this, { _saml: samlService });
Object.setPrototypeOf(strategy, this);
super.logout.call(strategy, req, callback);
});
}
/** @ts-expect-error typescript disallows changing method signature in a subclass */
generateServiceProviderMetadata(
req: Request,
decryptionCert: string | null,
signingCert: string | null,
callback: (err: Error | null, metadata?: string) => void
) {
if (typeof callback !== "function") {
throw new Error("Metadata can't be provided synchronously for MultiSamlStrategy.");
}
return this._options.getSamlOptions(req, (err, samlOptions) => {
if (err) {
return callback(err);
}
const samlService = new saml.SAML(Object.assign({}, this._options, samlOptions));
const strategy = Object.assign({}, this, { _saml: samlService });
Object.setPrototypeOf(strategy, this);
return callback(
null,
super.generateServiceProviderMetadata.call(strategy, decryptionCert, signingCert)
);
});
}
}
export = MultiSamlStrategy;