UNPKG

n8n

Version:

n8n Workflow Automation Tool

n8n.io

n8n-io/n8n

130 lines 6.32 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
"use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; var desc = Object.getOwnPropertyDescriptor(m, k); if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { desc = { enumerable: true, get: function() { return m[k]; } }; } Object.defineProperty(o, k2, desc); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) { var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d; if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc); else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r; return c > 3 && r && Object.defineProperty(target, key, r), r; }; var __importStar = (this && this.__importStar) || (function () { var ownKeys = function(o) { ownKeys = Object.getOwnPropertyNames || function (o) { var ar = []; for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k; return ar; }; return ownKeys(o); }; return function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]); __setModuleDefault(result, mod); return result; }; })(); var __metadata = (this && this.__metadata) || function (k, v) { if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v); }; Object.defineProperty(exports, "__esModule", { value: true }); exports.SamlValidator = void 0; const backend_common_1 = require("@n8n/backend-common"); const di_1 = require("@n8n/di"); const samlify_1 = require("samlify"); const invalid_saml_metadata_error_1 = require("./errors/invalid-saml-metadata.error"); let SamlValidator = class SamlValidator { constructor(logger) { this.logger = logger; this.preload = []; } async init() { await this.loadSchemas(); this.xmllint = await Promise.resolve().then(() => __importStar(require('xmllint-wasm'))); } validateIdentiyProvider(idp) { const binding = idp.entityMeta.getSingleSignOnService(samlify_1.Constants.wording.binding.redirect); if (typeof binding !== 'string') { throw new invalid_saml_metadata_error_1.InvalidSamlMetadataError('only SAML redirect binding is supported.'); } } async validateMetadata(metadata) { const validXML = await this.validateXml('metadata', metadata); if (validXML) { const idp = (0, samlify_1.IdentityProvider)({ metadata, }); this.validateIdentiyProvider(idp); } return validXML; } async validateResponse(response) { return await this.validateXml('response', response); } async loadSchemas() { this.xmlProtocol = (await Promise.resolve().then(() => __importStar(require('./schema/saml-schema-protocol-2.0.xsd')))).xmlFileInfo; this.xmlMetadata = (await Promise.resolve().then(() => __importStar(require('./schema/saml-schema-metadata-2.0.xsd')))).xmlFileInfo; this.preload = (await Promise.all([ Promise.resolve().then(() => __importStar(require('./schema/saml-schema-assertion-2.0.xsd'))), Promise.resolve().then(() => __importStar(require('./schema/xmldsig-core-schema.xsd'))), Promise.resolve().then(() => __importStar(require('./schema/xenc-schema.xsd'))), Promise.resolve().then(() => __importStar(require('./schema/xml.xsd'))), Promise.resolve().then(() => __importStar(require('./schema/ws-federation.xsd'))), Promise.resolve().then(() => __importStar(require('./schema/oasis-200401-wss-wssecurity-secext-1.0.xsd'))), Promise.resolve().then(() => __importStar(require('./schema/oasis-200401-wss-wssecurity-utility-1.0.xsd'))), Promise.resolve().then(() => __importStar(require('./schema/ws-addr.xsd'))), Promise.resolve().then(() => __importStar(require('./schema/metadata-exchange.xsd'))), Promise.resolve().then(() => __importStar(require('./schema/ws-securitypolicy-1.2.xsd'))), Promise.resolve().then(() => __importStar(require('./schema/ws-authorization.xsd'))), ])).map((m) => m.xmlFileInfo); } async validateXml(type, contents) { const fileName = `${type}.xml`; const schema = type === 'metadata' ? [this.xmlMetadata] : [this.xmlProtocol]; const preload = [type === 'metadata' ? this.xmlProtocol : this.xmlMetadata, ...this.preload]; try { const validationResult = await this.xmllint.validateXML({ xml: [{ fileName, contents }], extension: 'schema', schema, preload, }); if (validationResult?.valid) { this.logger.debug(`SAML ${type} is valid`); return true; } else { this.logger.debug(`SAML ${type} is invalid`); this.logger.warn(validationResult ? validationResult.errors .map((error) => `${error.message} - ${error.rawMessage}`) .join('\n') : ''); } } catch (error) { this.logger.warn(error); } return false; } }; exports.SamlValidator = SamlValidator; exports.SamlValidator = SamlValidator = __decorate([ (0, di_1.Service)(), __metadata("design:paramtypes", [backend_common_1.Logger]) ], SamlValidator); //# sourceMappingURL=saml-validator.js.map