@pagopa/io-spid-commons
Version:
Common code for integrating SPID authentication
81 lines (80 loc) • 4.09 kB
TypeScript
import * as E from "fp-ts/lib/Either";
import * as O from "fp-ts/lib/Option";
import * as TE from "fp-ts/lib/TaskEither";
import * as t from "io-ts";
import { SamlConfig } from "passport-saml";
import { MultiSamlConfig } from "passport-saml/multiSamlStrategy";
import { Builder } from "xml2js";
import { SPID_USER_ATTRIBUTES } from "../config";
import { EventTracker } from "..";
import { ILollipopParams } from "../types/lollipop";
import { IServiceProviderConfig } from "./middleware";
import { IIssueInstantWithAuthnContextCR } from "./saml";
export type SamlAttributeT = keyof typeof SPID_USER_ATTRIBUTES;
export declare const SAML_NAMESPACE: {
ASSERTION: string;
PROTOCOL: string;
SPID: string;
XMLDSIG: string;
};
export declare const XML_TAGS: {
LANG: string;
};
export declare const SPID_TAGS: {
ENTITY_TYPE: string;
FISCAL_CODE: string;
IPA_CODE: string;
VAT_NUMBER: string;
};
export declare const ISSUER_FORMAT = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity";
export declare const ERROR_SAML_RESPONSE_MISSING = "Missing SAMLResponse in ACS";
export declare const InfoNotAvailable = "NOT AVAILABLE";
/**
* If an eventHandler and a feature flag are provided this function logs the timing deltas.
* This is useful to monitor the timings and to adjust the clockSkewMs variable
*/
export declare const extractAndLogTimings: (startTime: number, idpIssuer: string, requestId: string, clockSkewMs?: number, eventHandler?: EventTracker, hasClockSkewLoggingEvent?: boolean) => (info: IIssueInstantWithAuthnContextCR) => TE.TaskEither<never, void>;
export declare const notSignedWithHmacPredicate: <B extends Element>(b: B) => E.Either<Error, B>;
export declare const safeXMLParseFromString: (doc: string) => O.Option<Document>;
export declare const getXmlFromSamlResponse: (body: unknown) => O.Option<Document>;
/**
* Extract StatusMessage from SAML response
*
* ie. for <StatusMessage>ErrorCode nr22</StatusMessage>
* returns "22"
*/
export declare const getErrorCodeFromResponse: (doc: Document) => O.Option<string>;
/**
* Extracts the issuer field from the response body.
*/
export declare const getSamlIssuer: (doc: Document) => O.Option<string>;
export declare const getIDFromRequest: (requestXML: string) => O.Option<string>;
/**
* Reads dates information in x509 certificate
* and logs remaining time to its expiration date.
*
* @param samlCert x509 certificate as string
*/
export declare const logSamlCertExpiration: (samlCert: string) => void;
/**
* This method extracts the correct IDP metadata
* from the passport strategy options.
*
* It's executed for every SPID login (when passport
* middleware is configured) and when generating
* the Service Provider metadata.
*/
export declare const getSamlOptions: MultiSamlConfig["getSamlOptions"];
export declare const getMetadataTamperer: (xmlBuilder: Builder, serviceProviderConfig: IServiceProviderConfig, samlConfig: SamlConfig) => (generateXml: string) => TE.TaskEither<Error, string>;
export declare const getAuthorizeRequestTamperer: (xmlBuilder: Builder, samlConfig: SamlConfig) => (generateXml: string, lollipopParams?: ILollipopParams) => TE.TaskEither<Error, string>;
export declare const validateIssuer: (fatherElement: Element, idpIssuer: string) => E.Either<Error, Element>;
export declare const mainAttributeValidation: (validationTimestamp: number) => (requestOrAssertion: Element, acceptedClockSkewMs?: number) => E.Either<Error, Date>;
export declare const isEmptyNode: (element: Element) => boolean;
export declare const TransformError: t.TypeC<{
idpIssuer: t.StringC;
message: t.StringC;
numberOfTransforms: t.NumberC;
}>;
export type TransformError = t.TypeOf<typeof TransformError>;
export declare const transformsValidation: (targetElement: Element, idpIssuer: string) => E.Either<TransformError, Element>;
export declare const assertionValidation: (validationTimestamp: number) => (Assertion: Element, samlConfig: SamlConfig, InResponseTo: string, requestAuthnContextClassRef: string) => E.Either<Error, HTMLCollectionOf<Element>>;