forked from auth0/node-samlp
-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.js
136 lines (115 loc) · 3.75 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
"use strict";
const constants = require("../constants");
const debug = require("debug");
const LOG_FORMAT = constants.LOG_FORMAT;
const debugLog = debug("samlp");
function SessionParticipants(sessions) {
this._participants = sessions || [];
}
function matchingIndex(issuer, sessionIndex, nameId) {
return function (session) {
// If we had the issuer in session and it is provided, they should match
if (session.serviceProviderId && issuer) {
if (session.serviceProviderId !== issuer) {
debugLog(LOG_FORMAT, {
title: "Service Provider Id does not match issuer",
session,
sessionIndex,
nameId,
serviceProviderId: session.serviceProviderId,
issuer,
});
return false;
}
}
debugLog(LOG_FORMAT, {
title: "Checking SessionIndex and NameId",
session,
sessionIndex,
nameId,
issuer,
matches:
session.sessionIndex === sessionIndex && session.nameId === nameId,
});
// SessionIndex and NameID should match
return session.sessionIndex === sessionIndex && session.nameId === nameId;
};
}
/**
* Retrieves a Session Participant object based on the issuer
* of a SAMLRequest/SAMLResponse. The 'issuer' should be
* used to find the correct Session Participant object which
* represents the issuer of the previous mentions request/response.
*
* @issuer {string} The string as it was received in the SAML request/response
* @sessionIndex {string} The string as it was received in the SAML request/response. Only available in LogoutRequests
* @cb {function} The callback that will be called with '(err, sessionParticipant)'
*/
SessionParticipants.prototype.get = function (
issuer,
sessionIndex,
nameId,
cb
) {
// SessionIndex should be mandatory, but not issuer
// Let's keep using issuer only if available
const s = this._participants.find(
matchingIndex(issuer, sessionIndex, nameId)
);
if (cb) {
return cb(null, s);
}
};
/**
* This method should return 'true' if there are still Session Participant
* Objects left on the data structure. 'false' otherwise.
*/
SessionParticipants.prototype.hasElements = function () {
return this._participants.length > 0;
};
/**
* Get the first Session Participant object from the data structure.
* This method should not remove the object from the data structure.
* If no elements are left, should return 'undefined'
*
* @cb {function} The callback that will be called with '(err, sessionParticipant)'
*/
SessionParticipants.prototype.getFirst = function (cb) {
let next;
if (this.hasElements()) {
next = this._participants[0];
}
return cb(null, next);
};
/**
* Remove a Session Participant from the data structure.
*
* @issuer {string} The string as it was received in the SAML request/response
* @sessionIndex {string} The string as it was received in the SAML request/response. Only available in LogoutRequests
* @cb {function} The callback that will be called with '(err, removedElement)'
*/
SessionParticipants.prototype.remove = function (
issuer,
sessionIndex,
nameId,
cb
) {
if (!this._participants || this._participants.length === 0 || !issuer) {
return cb();
}
// SessionIndex should be mandatory, but not issuer
// Let's keep using issuer only if available
const sessionIndexToRemove = this._participants.findIndex(
matchingIndex(issuer, sessionIndex, nameId)
);
let removedElement;
// Remove the session from the array
if (sessionIndexToRemove > -1) {
removedElement = this._participants.splice(sessionIndexToRemove, 1);
removedElement = removedElement.length > 0 ? removedElement[0] : null;
}
if (cb) {
return cb(null, removedElement);
}
};
module.exports = SessionParticipants;