@pagopa/io-spid-commons
Version:
Common code for integrating SPID authentication
74 lines • 4.42 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.SpidStrategy = void 0;
const TE = require("fp-ts/lib/TaskEither");
const passport_saml_1 = require("passport-saml");
const function_1 = require("fp-ts/lib/function");
const redis_cache_provider_1 = require("./redis_cache_provider");
const saml_client_1 = require("./saml_client");
class SpidStrategy extends passport_saml_1.Strategy {
// eslint-disable-next-line max-params
constructor(options, getSamlOptions, verify, redisClient, tamperAuthorizeRequest, tamperMetadata, preValidateResponse, doneCb, extraLoginRequestParamConfig) {
var _a;
super(options, verify);
this.options = options;
this.getSamlOptions = getSamlOptions;
this.redisClient = redisClient;
this.tamperAuthorizeRequest = tamperAuthorizeRequest;
this.tamperMetadata = tamperMetadata;
this.preValidateResponse = preValidateResponse;
this.doneCb = doneCb;
this.extraLoginRequestParamConfig = extraLoginRequestParamConfig;
if (!options.requestIdExpirationPeriodMs) {
// 15 minutes
options.requestIdExpirationPeriodMs = 15 * 60 * 1000;
}
// use our custom cache provider
this.extendedRedisCacheProvider = (0, redis_cache_provider_1.getExtendedRedisCacheProvider)(this.redisClient, (_a = this.extraLoginRequestParamConfig) === null || _a === void 0 ? void 0 : _a.codec, Math.floor(options.requestIdExpirationPeriodMs / 1000));
// bypass passport-saml cache provider
options.cacheProvider = (0, redis_cache_provider_1.noopCacheProvider)();
}
authenticate(req, options) {
this.getSamlOptions(req, (err, samlOptions) => {
var _a;
if (err) {
return this.error(err);
}
const samlService = new saml_client_1.CustomSamlClient(Object.assign(Object.assign({}, this.options), samlOptions), this.extendedRedisCacheProvider, (_a = this.extraLoginRequestParamConfig) === null || _a === void 0 ? void 0 : _a.requestMapper, this.tamperAuthorizeRequest, this.preValidateResponse, (...args) => (this.doneCb ? this.doneCb(req.ip, ...args) : undefined));
// we clone the original strategy to avoid race conditions
// see https://github.com/bergie/passport-saml/pull/426/files
const strategy = Object.setPrototypeOf(Object.assign(Object.assign({}, this), { _saml: samlService }), this);
super.authenticate.call(strategy, req, options);
});
}
logout(req, callback) {
this.getSamlOptions(req, (err, samlOptions) => {
if (err) {
return this.error(err);
}
const samlService = new saml_client_1.CustomSamlClient(Object.assign(Object.assign({}, this.options), samlOptions), this.extendedRedisCacheProvider);
// we clone the original strategy to avoid race conditions
// see https://github.com/bergie/passport-saml/pull/426/files
const strategy = Object.setPrototypeOf(Object.assign(Object.assign({}, this), { _saml: samlService }), this);
super.logout.call(strategy, req, callback);
});
}
generateServiceProviderMetadataAsync(req, decryptionCert, signingCert, callback) {
return this.getSamlOptions(req, (err, samlOptions) => {
if (err) {
return this.error(err);
}
const samlService = new saml_client_1.CustomSamlClient(Object.assign(Object.assign({}, this.options), samlOptions), this.extendedRedisCacheProvider);
// we clone the original strategy to avoid race conditions
// see https://github.com/bergie/passport-saml/pull/426/files
const strategy = Object.setPrototypeOf(Object.assign(Object.assign({}, this), { _saml: samlService }), this);
const originalXml = super.generateServiceProviderMetadata.call(strategy, decryptionCert, signingCert);
return this.tamperMetadata
? // Tamper the generated XML for service provider metadata
(0, function_1.pipe)(this.tamperMetadata(originalXml), TE.map((tamperedXml) => callback(null, tamperedXml)), TE.mapLeft(callback), TE.toUnion)()
: callback(null, originalXml);
});
}
}
exports.SpidStrategy = SpidStrategy;
//# sourceMappingURL=spid.js.map