UNPKG

@pagopa/io-spid-commons

Version:

Common code for integrating SPID authentication

74 lines 4.42 kB
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.SpidStrategy = void 0; const TE = require("fp-ts/lib/TaskEither"); const passport_saml_1 = require("passport-saml"); const function_1 = require("fp-ts/lib/function"); const redis_cache_provider_1 = require("./redis_cache_provider"); const saml_client_1 = require("./saml_client"); class SpidStrategy extends passport_saml_1.Strategy { // eslint-disable-next-line max-params constructor(options, getSamlOptions, verify, redisClient, tamperAuthorizeRequest, tamperMetadata, preValidateResponse, doneCb, extraLoginRequestParamConfig) { var _a; super(options, verify); this.options = options; this.getSamlOptions = getSamlOptions; this.redisClient = redisClient; this.tamperAuthorizeRequest = tamperAuthorizeRequest; this.tamperMetadata = tamperMetadata; this.preValidateResponse = preValidateResponse; this.doneCb = doneCb; this.extraLoginRequestParamConfig = extraLoginRequestParamConfig; if (!options.requestIdExpirationPeriodMs) { // 15 minutes options.requestIdExpirationPeriodMs = 15 * 60 * 1000; } // use our custom cache provider this.extendedRedisCacheProvider = (0, redis_cache_provider_1.getExtendedRedisCacheProvider)(this.redisClient, (_a = this.extraLoginRequestParamConfig) === null || _a === void 0 ? void 0 : _a.codec, Math.floor(options.requestIdExpirationPeriodMs / 1000)); // bypass passport-saml cache provider options.cacheProvider = (0, redis_cache_provider_1.noopCacheProvider)(); } authenticate(req, options) { this.getSamlOptions(req, (err, samlOptions) => { var _a; if (err) { return this.error(err); } const samlService = new saml_client_1.CustomSamlClient(Object.assign(Object.assign({}, this.options), samlOptions), this.extendedRedisCacheProvider, (_a = this.extraLoginRequestParamConfig) === null || _a === void 0 ? void 0 : _a.requestMapper, this.tamperAuthorizeRequest, this.preValidateResponse, (...args) => (this.doneCb ? this.doneCb(req.ip, ...args) : undefined)); // we clone the original strategy to avoid race conditions // see https://github.com/bergie/passport-saml/pull/426/files const strategy = Object.setPrototypeOf(Object.assign(Object.assign({}, this), { _saml: samlService }), this); super.authenticate.call(strategy, req, options); }); } logout(req, callback) { this.getSamlOptions(req, (err, samlOptions) => { if (err) { return this.error(err); } const samlService = new saml_client_1.CustomSamlClient(Object.assign(Object.assign({}, this.options), samlOptions), this.extendedRedisCacheProvider); // we clone the original strategy to avoid race conditions // see https://github.com/bergie/passport-saml/pull/426/files const strategy = Object.setPrototypeOf(Object.assign(Object.assign({}, this), { _saml: samlService }), this); super.logout.call(strategy, req, callback); }); } generateServiceProviderMetadataAsync(req, decryptionCert, signingCert, callback) { return this.getSamlOptions(req, (err, samlOptions) => { if (err) { return this.error(err); } const samlService = new saml_client_1.CustomSamlClient(Object.assign(Object.assign({}, this.options), samlOptions), this.extendedRedisCacheProvider); // we clone the original strategy to avoid race conditions // see https://github.com/bergie/passport-saml/pull/426/files const strategy = Object.setPrototypeOf(Object.assign(Object.assign({}, this), { _saml: samlService }), this); const originalXml = super.generateServiceProviderMetadata.call(strategy, decryptionCert, signingCert); return this.tamperMetadata ? // Tamper the generated XML for service provider metadata (0, function_1.pipe)(this.tamperMetadata(originalXml), TE.map((tamperedXml) => callback(null, tamperedXml)), TE.mapLeft(callback), TE.toUnion)() : callback(null, originalXml); }); } } exports.SpidStrategy = SpidStrategy; //# sourceMappingURL=spid.js.map