Expose InResponseTo in parseLoginResponse extract (#190)

* Fix missing dependency error Like travis has here https://travis-ci.org/tngan/samlify/jobs/401602020 I have encountered an error arround the xml-encryption library. For some reason it seems to have been missing. Adding the prefix `@passify/' seems to fix it. This is not related to the current PR and you might want extract this commit if the rest of the PR fails for some reason. * Return InResponseTo field from parseLoginResponse This seems to be returning the right field and should allow the users to check that the id matches the nonce that was send during sp initiated logins. I've updated the exsiting tests rather than creating a new one because this is not really a new use case.
tngan · Jul 9, 2018 · 20a4f01 · 20a4f01
1 parent c3eddc5
commit 20a4f01
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 2 deletions.
diff --git a/src/entity-sp.ts b/src/entity-sp.ts
@@ -109,7 +109,10 @@ export class ServiceProvider extends Entity {
       }, {
         localName: 'AuthnStatement',
         attributes: ['SessionIndex'],
-      }],
+      }, {
+        localName: 'Response',
+        attributes: ['InResponseTo'] },
+      ],
       from: idp,
       checkSignature: true, // saml response must have signature
       supportBindings: ['post'],

diff --git a/src/libsaml.ts b/src/libsaml.ts
@@ -14,7 +14,7 @@ import { MetadataInterface } from './metadata';
 import { isString, isObject, isUndefined, includes, flattenDeep } from 'lodash';
 import * as nrsa from 'node-rsa';
 import crpyto, { SignedXml, FileKeyInfo } from 'xml-crypto';
-import * as xmlenc from 'xml-encryption';
+import * as xmlenc from '@passify/xml-encryption';
 import * as xsd from 'libxml-xsd';
 import * as path from 'path';
 

diff --git a/test/flow.ts b/test/flow.ts
@@ -271,6 +271,8 @@ test('send response with signed assertion and parse it', async t => {
   // test phrase 2: useful information is included in extract object
   t.is(extract.nameid, '[email protected]');
   t.is(typeof extract.signature, 'string');
+  // Ensure that inresponseto was added to the response
+  t.is(extract.response.inresponseto, 'request_id');
 });
 
 test('send response with [custom template] signed assertion and parse it', async t => {
@@ -297,6 +299,8 @@ test('send response with [custom template] signed assertion and parse it', async
   // test phrase 3: check if attribute is parsed properly
   t.is(extract.attribute.name, 'mynameinsp');
   t.is(extract.attribute.mail, '[email protected]');
+  // Ensure that inresponseto was added to the response
+  t.is(extract.response.inresponseto, '_4606cc1f427fa981e6ffd653ee8d6972fc5ce398c4');
 });
 
 test('send response with signed message and parse it', async t => {
@@ -312,6 +316,8 @@ test('send response with signed message and parse it', async t => {
   // test phrase 2: useful information is included in extract object
   t.is(extract.nameid, '[email protected]');
   t.is(typeof extract.signature, 'string');
+  // Ensure that inresponseto was added to the response
+  t.is(extract.response.inresponseto, 'request_id');
 });
 
 test('send response with [custom template] and signed message and parse it', async t => {
@@ -336,6 +342,8 @@ test('send response with [custom template] and signed message and parse it', asy
   // test phrase 3: check if attribute is parsed properly
   t.is(extract.attribute.name, 'mynameinsp');
   t.is(extract.attribute.mail, '[email protected]');
+  // Ensure that inresponseto was added to the response
+  t.is(extract.response.inresponseto, '_4606cc1f427fa981e6ffd653ee8d6972fc5ce398c4');
 });
 
 test('send login response with signed assertion + signed message and parse it', async t => {
@@ -354,6 +362,8 @@ test('send login response with signed assertion + signed message and parse it',
   // test phrase 2: useful information is included in extract object
   t.is(extract.nameid, '[email protected]');
   t.is(typeof extract.signature, 'object');
+  // Ensure that inresponseto was added to the response
+  t.is(extract.response.inresponseto, 'request_id');
 });
 
 test('send login response with [custom template] and signed assertion + signed message and parse it', async t => {
@@ -381,6 +391,8 @@ test('send login response with [custom template] and signed assertion + signed m
   // test phrase 3: check if attribute is parsed properly
   t.is(extract.attribute.name, 'mynameinsp');
   t.is(extract.attribute.mail, '[email protected]');
+  // Ensure that inresponseto was added to the response
+  t.is(extract.response.inresponseto, '_4606cc1f427fa981e6ffd653ee8d6972fc5ce398c4');
 });
 
 test('send login response with encrypted non-signed assertion and parse it', async t => {
@@ -395,6 +407,8 @@ test('send login response with encrypted non-signed assertion and parse it', asy
   // test phrase 2: useful information is included in extract object
   t.is(extract.nameid, '[email protected]');
   t.is(typeof extract.signature, 'string');
+  // Ensure that inresponseto was added to the response
+  t.is(extract.response.inresponseto, 'request_id');
 });
 
 test('send login response with encrypted signed assertion and parse it', async t => {
@@ -409,6 +423,8 @@ test('send login response with encrypted signed assertion and parse it', async t
   // test phrase 2: useful information is included in extract object
   t.is(extract.nameid, '[email protected]');
   t.is(typeof extract.signature, 'string');
+  // Ensure that inresponseto was added to the response
+  t.is(extract.response.inresponseto, 'request_id');
 });
 
 test('send login response with [custom template] and encrypted signed assertion and parse it', async t => {
@@ -432,6 +448,8 @@ test('send login response with [custom template] and encrypted signed assertion
   // test phrase 3: check if attribute is parsed properly
   t.is(extract.attribute.name, 'mynameinsp');
   t.is(extract.attribute.mail, '[email protected]');
+  // Ensure that inresponseto was added to the response
+  t.is(extract.response.inresponseto, '_4606cc1f427fa981e6ffd653ee8d6972fc5ce398c4');
 });
 
 test('send login response with encrypted signed assertion + signed message and parse it', async t => {
@@ -450,6 +468,8 @@ test('send login response with encrypted signed assertion + signed message and p
   // test phrase 2: useful information is included in extract object
   t.is(extract.nameid, '[email protected]');
   t.is(typeof extract.signature, 'object');
+  // Ensure that inresponseto was added to the response
+  t.is(extract.response.inresponseto, 'request_id');
 });
 
 test('send login response with [custom template] encrypted signed assertion + signed message and parse it', async t => {
@@ -477,6 +497,8 @@ test('send login response with [custom template] encrypted signed assertion + si
   // test phrase 3: check if attribute is parsed properly
   t.is(extract.attribute.name, 'mynameinsp');
   t.is(extract.attribute.mail, '[email protected]');
+  // Ensure that inresponseto was added to the response
+  t.is(extract.response.inresponseto, '_4606cc1f427fa981e6ffd653ee8d6972fc5ce398c4');
 });
 
 // simulate idp-init slo