Major changes

.editorconfig

@@ -2,18 +2,11 @@ root = true
 
 [*]
 indent_style = tab
-end_of_line = lf
+# indent_size = 4
 charset = utf-8
 trim_trailing_whitespace = true
 insert_final_newline = true
 
-[*.{json,js,ts,jsx,html,css}]
+[*.{yaml,yml}]
 indent_style = space
 indent_size = 2
-
-[.eslintrc]
-indent_style = space
-indent_size = 2
-
-[*.md]
-trim_trailing_whitespace = false

.eslintignore

@@ -0,0 +1,18 @@
+# Hidden but still want to process
+!.*.js
+!.*.json
+!.vscode
+# Do NOT want to process
+node_modules/
+package-lock.json
+*.lock
+*.yaml
+*.log
+*.d.ts
+/.build/
+/lib/
+/docs/
+/.nyc_output/
+/test/key/
+/test/misk/
+.idea/

.eslintrc.json

@@ -0,0 +1,8 @@
+{
+	"root": true,
+	"extends": ["./tools/eslintrc"],
+	"rules": {
+		"security/detect-non-literal-fs-filename": "off",
+		"security/detect-object-injection": "off"
+	}
+}

.gitignore

@@ -1,3 +1,13 @@
+# OS generated files #
+######################
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+
 # Logs
 logs
 *.log
@@ -18,19 +28,18 @@ coverage
 # https://www.npmjs.org/doc/misc/npm-faq.html#should-i-check-my-node_modules-folder-into-git-
 node_modules
 
-build
-types/
+/.build/
+/lib/
+/types/
 
 .yarnclean
 
 .nyc_output
+/test.txt
 
 #jetbrains IDEs
 .idea
 
-#vscode
-.vscode
-
 *.tgz
 
-package-lock.json
+package-lock.json

.npmrc

@@ -0,0 +1 @@
+registry=https://registry.yarnpkg.com

.prettierignore

@@ -0,0 +1,16 @@
+# Hidden but still want to process
+!.*.js
+!.*.json
+!.vscode
+# Do NOT want to process
+node_modules/
+package-lock.json
+*.lock
+*.yaml
+*.log
+/.build/
+/lib/
+/docs/
+/.nyc_output/
+/test/misc/attack_response_signed.xml
+/test/misc/multiple_entitydescriptor.xml

.prettierrc.yaml

@@ -0,0 +1,6 @@
+trailingComma: 'es5'
+# tabWidth: 2
+semi: true
+singleQuote: true
+useTabs: true
+printWidth: 120

.vscode/extensions.json

@@ -0,0 +1,3 @@
+{
+	"recommendations": ["dbaeumer.vscode-eslint", "esbenp.prettier-vscode"]
+}

.vscode/launch.json

@@ -0,0 +1,12 @@
+{
+	"version": "0.2.0",
+	"configurations": [
+		{
+			"type": "node",
+			"request": "attach",
+			"name": "Attach",
+			"restart": true,
+			"processId": "${command:PickProcess}"
+		}
+	]
+}

.vscode/settings.json

@@ -0,0 +1,37 @@
+{
+	"typescript.tsdk": "./node_modules/typescript/lib",
+	"files.trimTrailingWhitespace": true,
+	"files.insertFinalNewline": true,
+	"files.exclude": {
+		"**/node_modules/": true
+	},
+	"search.exclude": {
+		"**/.build/": true,
+		"server/": true
+	},
+	"editor.tabCompletion": "on",
+	"editor.defaultFormatter": "esbenp.prettier-vscode",
+	"[json]": {
+		"editor.defaultFormatter": "esbenp.prettier-vscode"
+	},
+	"[markdown]": {
+		"editor.defaultFormatter": "esbenp.prettier-vscode"
+	},
+	"[html]": {
+		"editor.defaultFormatter": "esbenp.prettier-vscode"
+	},
+	"[xml]": {
+		"editor.defaultFormatter": "esbenp.prettier-vscode"
+	},
+	"editor.formatOnSave": true,
+	"editor.codeActionsOnSave": {
+		"source.organizeImports": true,
+		"source.fixAll": true
+	},
+	"eslint.probe": ["javascript", "typescript"],
+	"eslint.options": {
+		"extensions": [".js", ".ts"],
+		"cache": true,
+		"cacheLocation": ".build/caches/eslint"
+	}
+}

.vscode/tasks.json

@@ -0,0 +1,6 @@
+{
+	// See https://go.microsoft.com/fwlink/?LinkId=733558
+	// for the documentation about the tasks.json format
+	"version": "2.0.0",
+	"tasks": []
+}

Makefile

@@ -7,12 +7,11 @@ clean:	;
 				rm -rf node_modules
 
 rebuild: ;
-	       rm -rf build; \
-				 tsc; \
+	       rm -rf .build lib; tsc -b --verbose; \
 
 pretest:	;
-					mkdir -p build/test; \
-					cp -a test/key test/misc build/test;
+					mkdir -p .build/test; \
+					cp -a test/key test/misc .build/test;
 
 install_jdk:
 	sudo add-apt-repository ppa:openjdk-r/ppa -y

README.md

@@ -14,8 +14,7 @@ Welcome all PRs for maintaining this project, or provide a link to the repositor
 ### Sponsor
 
 | <img width="50" src="https://user-images.githubusercontent.com/83319/31722733-de95bbde-b3ea-11e7-96bf-4f4e8f915588.png"> | <div style="text-align: left;">If you want to quickly implement SAML SSO, feel free to check out Auth0's NodeJS SDK and free plan at [auth0.com/developers](https://auth0.com/developers?utm_source=GHsponsor&utm_medium=GHsponsor&utm_campaign=samlify&utm_content=auth).</div> |
-| :----------------------------------------------------------------------------------------------------------------------: | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-
+| :----------------------------------------------------------------------------------------------------------------------: | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 
 ### Installation
 
@@ -42,10 +41,8 @@ Now you can create your own schema validator and even suppress it but you have t
 
 ```typescript
 samlify.setSchemaValidator({
-  validate: (response: string) => {
-    /* implment your own or always returns a resolved promise to skip */
-    return Promise.resolve('skipped');
-  }
+	/* implment your own or always returns a resolved promise to skip */
+	validate: async (response: string) => 'skipped';
 });
 ```
 

docs/encrypted-saml-response.md

@@ -7,7 +7,7 @@ const idp = IdentityProvider({
   isAssertionEncrypted: true,
   metadata: fs.readFileSync('./metadata_idp.xml'),
   dataEncryptionAlgorithm: 'http://www.w3.org/2001/04/xmlenc#aes128-cbc',
-  keyEncryptionAlgorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' 
+  keyEncryptionAlgorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p'
 });
 ```
 
@@ -46,7 +46,7 @@ Currently, we support the following encrpytion algorithms:
 * http://www.w3.org/2009/xmlenc11#aes128-gcm
 
 **Key encryption algorithms**
-* http://www.w3.org/2001/04/xmlenc#rsa-1_5
 * http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
+* http://www.w3.org/2001/04/xmlenc#rsa-1_5
 
 Credits to [auth0/node-xml-encryption](https://github.com/auth0/node-xml-encryption)

docs/idp-configuration.md

@@ -25,13 +25,13 @@ const idp = new IdentityProvider({
 OR
 
 - **entityID: String**<br/> Entity identifier. It is used to identify your entity, and match the equivalence in each saml request/response.
-  
+
 - **signingCert: String**<br/>
   _Optional_: Specify the certificate used for signing purpose if you construct the idp without a metadata.
 
 - **encryptCert: String**<br/>
   _Optional_: Specify the certificate used for encryption purpose if you construct the idp without a metadata.
-  
+
 - **singleSignOnService: SignOnService[]**<br/>
   _Optional_: Declare the single sign on service if you construct the idp without a metadata.
 
@@ -58,32 +58,32 @@ const idp = new IdentityProvider({
   Declare the tag of specific xml document node. `TagPrefixKey` currently supports `encryptedAssertion` only. (See more [#220](https://github.com/tngan/samlify/issues/220))
 
 - **loginResponseTemplate: {context: String, attributes: Attributes}**<br/>
-  Customize the login response template, and user can reuse it in the callback function to do runtime interpolation. (See [more](/template)) 
+  Customize the login response template, and user can reuse it in the callback function to do runtime interpolation. (See [more](/template))
 
-- **wantLogoutResponseSigned: Boolean**<br/> 
+- **wantLogoutResponseSigned: Boolean**<br/>
   Declare if idp guarantees the logout response from sp is signed.
 
 - **messageSigningOrder: SigningOrder**<br/>
   Declare the message signing order, either `sign-then-encrypt` (default) or `encrypt-then-sign`.
 
 - **relayState: String**<br/>
-  Specify the relayState of the request. 
+  Specify the relayState of the request.
 
   !> It will be deprecated soon and put into request level instead of entity level.
 
 - **isAssertionEncrypted: Boolean**<br/>
   Decalre if idp would encrypt the assertion in the response.
-  
+
   !> It will be deprecated soon, then samlify will automatically detect if the document is encrypted.
-  
+
 - **requestSignatureAlgorithm: SigningAlgorithm**<br/>
   The signature algorithm used in request. Default to `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256`. We also support rsa-sha1 (not recommended) `http://www.w3.org/2000/09/xmldsig#rsa-sha1` and rsa-sha2 `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512`.
-  
-- **dataEncryptionAlgorithm: EncryptionAlgorithm**<br/> 
+
+- **dataEncryptionAlgorithm: EncryptionAlgorithm**<br/>
   The encryption algorithm used in response. Default to `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256`. We also support aes256 `http://www.w3.org/2001/04/xmlenc#aes256-cbc`, tripledes `http://www.w3.org/2001/04/xmlenc#tripledes-cbc` and aes128 `http://www.w3.org/2009/xmlenc11#aes128-gcm`.
 
 - **keyEncryptionAlgorithm: KeyEncryptionAlgorithm**<br/>
-  The key encryption algorithm. Default to rsa-1_5 `http://www.w3.org/2001/04/xmlenc#rsa-1_5`. We also support rsa-oaep-mgf1p `http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p`.
+  The key encryption algorithm. Default to rsa-oaep-mgf1p `http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p`. We also support rsa-1_5 `http://www.w3.org/2001/04/xmlenc#rsa-1_5`.
 
 - **generateID: (): String**<br/>
   A function to generate the document identifier in root node. Default to `_${UUID_V4}`.