-
-
Notifications
You must be signed in to change notification settings - Fork 214
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
- Loading branch information
Showing
7 changed files
with
93 additions
and
227 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,6 +5,7 @@ import { PostBindingContext } from '../src/entity'; | |
import * as uuid from 'uuid'; | ||
import * as url from 'url'; | ||
import util from '../src/utility'; | ||
import * as tk from 'timekeeper'; | ||
|
||
import * as validator from '@authenio/samlify-xsd-schema-validator'; | ||
// import * as validator from '@authenio/samlify-validate-with-xmllint'; | ||
|
@@ -125,6 +126,7 @@ const spNoAssertSignCustomConfig = serviceProvider({ ...defaultSpConfig, | |
location: { reference: "/*[local-name(.)='Response']/*[local-name(.)='Issuer']", action: 'after' }, | ||
}, | ||
}); | ||
const spWithClockDrift = serviceProvider({ ...defaultSpConfig, clockDrifts: [-2000, 2000] }); | ||
|
||
function writer(str) { | ||
writeFileSync('test.txt', str); | ||
|
@@ -672,4 +674,50 @@ test('should throw two-tiers code error when the response does not return succes | |
} catch (e) { | ||
t.is(e.message, 'ERR_FAILED_STATUS with top tier code: urn:oasis:names:tc:SAML:2.0:status:Requester, second tier code: urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy'); | ||
} | ||
}); | ||
|
||
test.serial('should throw ERR_SUBJECT_UNCONFIRMED for the expired SAML response without clock drift setup', async t => { | ||
|
||
const now = new Date(); | ||
const fiveMinutesOneSecLater = new Date(now.getTime()); | ||
fiveMinutesOneSecLater.setMinutes(fiveMinutesOneSecLater.getMinutes() + 5); | ||
fiveMinutesOneSecLater.setSeconds(fiveMinutesOneSecLater.getSeconds() + 1); | ||
|
||
const user = { email: '[email protected]' }; | ||
|
||
try { | ||
const { context: SAMLResponse } = await idp.createLoginResponse(sp, sampleRequestInfo, 'post', user, createTemplateCallback(idp, sp, user)); | ||
// simulate the time on client side when response arrives after 5.1 sec | ||
tk.freeze(fiveMinutesOneSecLater); | ||
await sp.parseLoginResponse(idp, 'post', { body: { SAMLResponse } }); | ||
// test failed, it shouldn't happen | ||
t.is(true, false); | ||
} catch (e) { | ||
t.is(e, 'ERR_SUBJECT_UNCONFIRMED'); | ||
} finally { | ||
tk.reset(); | ||
} | ||
}); | ||
|
||
test.serial('should not throw ERR_SUBJECT_UNCONFIRMED for the expired SAML response with clock drift setup', async t => { | ||
|
||
const now = new Date(); | ||
const fiveMinutesOneSecLater = new Date(now.getTime()); | ||
fiveMinutesOneSecLater.setMinutes(fiveMinutesOneSecLater.getMinutes() + 5); | ||
fiveMinutesOneSecLater.setSeconds(fiveMinutesOneSecLater.getSeconds() + 1); | ||
const user = { email: '[email protected]' }; | ||
|
||
try { | ||
const { context: SAMLResponse } = await idp.createLoginResponse(spWithClockDrift, sampleRequestInfo, 'post', user, createTemplateCallback(idp, spWithClockDrift, user)); | ||
// simulate the time on client side when response arrives after 5.1 sec | ||
tk.freeze(fiveMinutesOneSecLater); | ||
await spWithClockDrift.parseLoginResponse(idp, 'post', { body: { SAMLResponse } }); | ||
t.is(true, true); | ||
} catch (e) { | ||
// test failed, it shouldn't happen | ||
t.is(e, false); | ||
} finally { | ||
tk.reset(); | ||
} | ||
|
||
}); |
Oops, something went wrong.