Merge pull request #260 from Clever/SECNG-1381/update-modernize-rebuild

SECNG-1381 | Modernize and rebuild
Clever · Oct 15, 2022 · 46df4ae · 46df4ae
2 parents 32bd670 + c197310
commit 46df4ae
Show file tree

Hide file tree

Showing 5 changed files with 129 additions and 34 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -1,23 +1,108 @@
-version: 2
-jobs:
-  build:
+version: 2.1
+
+references:
+  defaults: &defaults
     working_directory: ~/Clever/saml2
-    docker:
-    - image: circleci/node:12-stretch
     environment:
       CIRCLE_ARTIFACTS: /tmp/circleci-artifacts
       CIRCLE_TEST_REPORTS: /tmp/circleci-test-results
+
+  test-settings: &test-settings
+    steps:
+      - attach_workspace:
+          at: ~/Clever
+      - run: npm run test
+
+executors:
+  # TODO: Pull the latest major.minor version.
+  node-v10:
+    <<: *defaults
+    docker:
+      - image: cimg/node:10.24
+  node-v12:
+    <<: *defaults
+    docker:
+      - image: cimg/node:12.22
+  node-v14:
+    <<: *defaults
+    docker:
+      - image: cimg/node:14.20
+  node-v16:
+    <<: *defaults
+    docker:
+      - image: cimg/node:16.18
+  node-v18:
+    <<: *defaults
+    docker:
+      - image: cimg/node:18.10
+
+commands:
+  clone-ci-scripts:
+    description: Clone the ci-scripts repo
+    steps:
+      - run:
+          name: Clone ci-scripts
+          command: cd .. && git clone --depth 1 -v https://github.com/Clever/ci-scripts.git && cd ci-scripts && git show --oneline -s
+
+jobs:
+  build:
+    executor: node-v12
+    steps:
+      - checkout
+      - run: npm install
+      - persist_to_workspace:
+          root: ~/Clever
+          paths: ["."]
+
+  test-v10:
+    <<: *test-settings
+    executor: node-v10
+
+  test-v12:
+    <<: *test-settings
+    executor: node-v12
+
+  test-v14:
+    <<: *test-settings
+    executor: node-v14
+
+  test-v16:
+    <<: *test-settings
+    executor: node-v16
+
+  test-v18:
+    <<: *test-settings
+    executor: node-v18
+
+  publish:
+    executor: node-v12
     steps:
-    - run:
-        command: cd $HOME && git clone --depth 1 -v https://github.com/Clever/ci-scripts.git && cd ci-scripts && git show --oneline -s
-        name: Clone ci-scripts
-    - checkout
-    - setup_remote_docker
-    - run:
-        command: mkdir -p $CIRCLE_ARTIFACTS $CIRCLE_TEST_REPORTS
-        name: Set up CircleCI artifacts directories
-    - run:
-        command: npm install
-        name: npm install
-    - run: npm test
-    - run: if [ "${CIRCLE_BRANCH}" == "master" ]; then $HOME/ci-scripts/circleci/npm-publish $NPM_TOKEN .; fi;
+      - attach_workspace:
+          at: ~/Clever
+      - clone-ci-scripts
+      - run: if [ "${CIRCLE_BRANCH}" == "master" ]; then $HOME/ci-scripts/circleci/npm-publish $NPM_TOKEN .; fi;
+
+workflows:
+  version: 2
+  build_test_publish_deploy:
+    jobs:
+      - build
+      - test-v10:
+          requires:
+            - build
+      - test-v12:
+          requires:
+            - build
+      - test-v14:
+          requires:
+            - build
+      - test-v16:
+          requires:
+            - build
+      - test-v18:
+          requires:
+            - build
+      - publish:
+          requires:
+            - build
+            - test-v12
diff --git a/README.md b/README.md
@@ -1,8 +1,14 @@
+# Maintenance Notice
+
+This library is currently in maintenance mode. Until further notice, the primary directive is to handle bug reports and security issues with this library.
+
+Any library alternatives and suggestions can be filed under an issue.
+
 # SAML2-js
 
 [![CircleCI](https://circleci.com/gh/Clever/saml2/tree/master.svg?style=svg)](https://circleci.com/gh/Clever/saml2/tree/master)
 
-`saml2-js` is a node module that abstracts away the complexities of the SAML protocol behind an easy to use interface.
+`saml2-js` is a node module that abstracts away the complexities of the SAML protocol behind an easy to use interface. It achieves this this by helping you implement a service provider for the SAML protocol. It currently does not implement the features to act as an identity provider.
 
 ## Usage
 
@@ -229,10 +235,12 @@ var saml2 = require('saml2-js');
 var fs = require('fs');
 var express = require('express');
 var app = express();
-var bodyParser = require('body-parser');
-app.use(bodyParser.urlencoded({
-  extended: true
-}));
+// If you're using express <4.0:
+// var bodyParser = require('body-parser');
+// app.use(bodyParser.urlencoded({
+//   extended: true
+// }));
+app.use(express.urlencoded());
 
 // Create service provider
 var sp_options = {
@@ -268,6 +276,9 @@ app.get("/login", function(req, res) {
   });
 });
 
+// Variables used in login/logout process
+var name_id, session_index;
+
 // Assert endpoint for when login completes
 app.post("/assert", function(req, res) {
   var options = {request_body: req.body};
@@ -280,7 +291,7 @@ app.post("/assert", function(req, res) {
     name_id = saml_response.user.name_id;
     session_index = saml_response.user.session_index;
 
-    res.send("Hello #{saml_response.user.name_id}!");
+    res.send("Hello #{name_id}! session_index: #{session_index}.");
   });
 });
 

diff --git a/lib/saml2.coffee b/lib/saml2.coffee
@@ -354,8 +354,8 @@ parse_assertion_attributes = (dom) ->
     attribute_name = get_attribute_value attribute, 'Name'
     throw new Error("Invalid attribute without name") unless attribute_name?
     attribute_values = attribute.getElementsByTagNameNS(XMLNS.SAML, 'AttributeValue')
-    assertion_attributes[attribute_name] = _(attribute_values).map (attribute_value) ->
-      attribute_value.childNodes[0]?.data or ''
+    assertion_attributes[attribute_name] = _.map(attribute_values, (attribute_value) ->
+      attribute_value.childNodes[0]?.data or '')
   assertion_attributes
 
 # Takes in an object containing SAML Assertion Attributes and returns an object with certain common attributes changed
@@ -382,8 +382,7 @@ pretty_assertion_attributes = (assertion_attributes) ->
     "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid": "primary_sid"
     "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname": "windows_account_name"
 
-  _(assertion_attributes)
-    .chain()
+  _.chain(assertion_attributes)
     .pairs()
     .filter(([k, v]) -> (claim_map[k]? and v.length > 0))
     .map(([k, v]) -> [claim_map[k], v[0]])
@@ -541,7 +540,7 @@ module.exports.ServiceProvider =
       @alt_private_keys = [].concat(@alt_private_keys or [])
       @alt_certs = [].concat(@alt_certs or [])
 
-      @shared_options = _(options).pick(
+      @shared_options = _.pick(options,
         "force_authn", "auth_context", "nameid_format", "sign_get_request", "allow_unencrypted_assertion", "audience", "notbefore_skew")
 
     # Returns:
@@ -563,7 +562,7 @@ module.exports.ServiceProvider =
           return cb ex
         delete uri.search # If you provide search and query search overrides query :/
         if options.sign_get_request
-          _(uri.query).extend sign_request(deflated.toString('base64'), @private_key, options.relay_state)
+          _.extend(uri.query, sign_request(deflated.toString('base64'), @private_key, options.relay_state))
         else
           uri.query.SAMLRequest = deflated.toString 'base64'
           uri.query.RelayState = options.relay_state if options.relay_state?
@@ -617,7 +616,7 @@ module.exports.ServiceProvider =
 
       async.waterfall [
         (cb_wf) ->
-          raw = new Buffer(options.request_body.SAMLResponse or options.request_body.SAMLRequest, 'base64')
+          raw = Buffer.from(options.request_body.SAMLResponse or options.request_body.SAMLRequest, 'base64')
 
           # Inflate response for redirect requests before parsing it.
           if (options.get_request)

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "saml2-js",
-  "version": "3.0.1",
+  "version": "3.1.0",
   "description": "SAML 2.0 node helpers",
   "author": "Clever",
   "license": "Apache-2.0",

diff --git a/test/saml2.coffee b/test/saml2.coffee
@@ -1117,7 +1117,7 @@ describe 'saml2', ->
       sp.create_login_request_url idp, request_options, (err, login_url, id) ->
         assert not err?, "Error creating login URL: #{err}"
         parsed_url = url.parse login_url, true
-        saml_request = new Buffer(parsed_url.query?.SAMLRequest, 'base64')
+        saml_request = Buffer.from(parsed_url.query?.SAMLRequest, 'base64')
         zlib.inflateRaw saml_request, (err, result) ->
           assert.notEqual result.toString('utf8').indexOf("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"), -1
           done()
@@ -1142,7 +1142,7 @@ describe 'saml2', ->
       sp.create_login_request_url idp, request_options, (err, login_url, id) ->
         assert not err?, "Error creating login URL: #{err}"
         parsed_url = url.parse login_url, true
-        saml_request = new Buffer(parsed_url.query?.SAMLRequest, 'base64')
+        saml_request = Buffer.from(parsed_url.query?.SAMLRequest, 'base64')
         zlib.inflateRaw saml_request, (err, result) ->
           assert.notEqual result.toString('utf8').indexOf("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"), -1
           done()