UNPKG

@pagopa/io-spid-commons

Version:

Common code for integrating SPID authentication

81 lines (80 loc) 4.09 kB
import * as E from "fp-ts/lib/Either"; import * as O from "fp-ts/lib/Option"; import * as TE from "fp-ts/lib/TaskEither"; import * as t from "io-ts"; import { SamlConfig } from "passport-saml"; import { MultiSamlConfig } from "passport-saml/multiSamlStrategy"; import { Builder } from "xml2js"; import { SPID_USER_ATTRIBUTES } from "../config"; import { EventTracker } from ".."; import { ILollipopParams } from "../types/lollipop"; import { IServiceProviderConfig } from "./middleware"; import { IIssueInstantWithAuthnContextCR } from "./saml"; export type SamlAttributeT = keyof typeof SPID_USER_ATTRIBUTES; export declare const SAML_NAMESPACE: { ASSERTION: string; PROTOCOL: string; SPID: string; XMLDSIG: string; }; export declare const XML_TAGS: { LANG: string; }; export declare const SPID_TAGS: { ENTITY_TYPE: string; FISCAL_CODE: string; IPA_CODE: string; VAT_NUMBER: string; }; export declare const ISSUER_FORMAT = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"; export declare const ERROR_SAML_RESPONSE_MISSING = "Missing SAMLResponse in ACS"; export declare const InfoNotAvailable = "NOT AVAILABLE"; /** * If an eventHandler and a feature flag are provided this function logs the timing deltas. * This is useful to monitor the timings and to adjust the clockSkewMs variable */ export declare const extractAndLogTimings: (startTime: number, idpIssuer: string, requestId: string, clockSkewMs?: number, eventHandler?: EventTracker, hasClockSkewLoggingEvent?: boolean) => (info: IIssueInstantWithAuthnContextCR) => TE.TaskEither<never, void>; export declare const notSignedWithHmacPredicate: <B extends Element>(b: B) => E.Either<Error, B>; export declare const safeXMLParseFromString: (doc: string) => O.Option<Document>; export declare const getXmlFromSamlResponse: (body: unknown) => O.Option<Document>; /** * Extract StatusMessage from SAML response * * ie. for <StatusMessage>ErrorCode nr22</StatusMessage> * returns "22" */ export declare const getErrorCodeFromResponse: (doc: Document) => O.Option<string>; /** * Extracts the issuer field from the response body. */ export declare const getSamlIssuer: (doc: Document) => O.Option<string>; export declare const getIDFromRequest: (requestXML: string) => O.Option<string>; /** * Reads dates information in x509 certificate * and logs remaining time to its expiration date. * * @param samlCert x509 certificate as string */ export declare const logSamlCertExpiration: (samlCert: string) => void; /** * This method extracts the correct IDP metadata * from the passport strategy options. * * It's executed for every SPID login (when passport * middleware is configured) and when generating * the Service Provider metadata. */ export declare const getSamlOptions: MultiSamlConfig["getSamlOptions"]; export declare const getMetadataTamperer: (xmlBuilder: Builder, serviceProviderConfig: IServiceProviderConfig, samlConfig: SamlConfig) => (generateXml: string) => TE.TaskEither<Error, string>; export declare const getAuthorizeRequestTamperer: (xmlBuilder: Builder, samlConfig: SamlConfig) => (generateXml: string, lollipopParams?: ILollipopParams) => TE.TaskEither<Error, string>; export declare const validateIssuer: (fatherElement: Element, idpIssuer: string) => E.Either<Error, Element>; export declare const mainAttributeValidation: (validationTimestamp: number) => (requestOrAssertion: Element, acceptedClockSkewMs?: number) => E.Either<Error, Date>; export declare const isEmptyNode: (element: Element) => boolean; export declare const TransformError: t.TypeC<{ idpIssuer: t.StringC; message: t.StringC; numberOfTransforms: t.NumberC; }>; export type TransformError = t.TypeOf<typeof TransformError>; export declare const transformsValidation: (targetElement: Element, idpIssuer: string) => E.Either<TransformError, Element>; export declare const assertionValidation: (validationTimestamp: number) => (Assertion: Element, samlConfig: SamlConfig, InResponseTo: string, requestAuthnContextClassRef: string) => E.Either<Error, HTMLCollectionOf<Element>>;