mirror of
https://github.com/netzbegruenung/meteor-accounts-saml.git
synced 2024-05-01 11:24:52 +02:00
Merge branch 'develop'
save
This commit is contained in:
commit
4dd7f8c6cd
249
.npm/package/npm-shrinkwrap.json
generated
249
.npm/package/npm-shrinkwrap.json
generated
|
@ -1,249 +0,0 @@
|
|||
{
|
||||
"dependencies": {
|
||||
"async": {
|
||||
"version": "2.3.0",
|
||||
"resolved": "https://registry.npmjs.org/async/-/async-2.3.0.tgz",
|
||||
"from": "async@2.3.0"
|
||||
},
|
||||
"body-parser": {
|
||||
"version": "1.17.1",
|
||||
"resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.17.1.tgz",
|
||||
"from": "body-parser@1.17.1",
|
||||
"dependencies": {
|
||||
"bytes": {
|
||||
"version": "2.4.0",
|
||||
"resolved": "https://registry.npmjs.org/bytes/-/bytes-2.4.0.tgz",
|
||||
"from": "bytes@2.4.0"
|
||||
},
|
||||
"debug": {
|
||||
"version": "2.6.1",
|
||||
"resolved": "https://registry.npmjs.org/debug/-/debug-2.6.1.tgz",
|
||||
"from": "debug@2.6.1"
|
||||
},
|
||||
"ms": {
|
||||
"version": "0.7.2",
|
||||
"resolved": "https://registry.npmjs.org/ms/-/ms-0.7.2.tgz",
|
||||
"from": "ms@0.7.2"
|
||||
}
|
||||
}
|
||||
},
|
||||
"bytes": {
|
||||
"version": "2.5.0",
|
||||
"resolved": "https://registry.npmjs.org/bytes/-/bytes-2.5.0.tgz",
|
||||
"from": "bytes@2.5.0"
|
||||
},
|
||||
"connect": {
|
||||
"version": "3.6.0",
|
||||
"resolved": "https://registry.npmjs.org/connect/-/connect-3.6.0.tgz",
|
||||
"from": "connect@3.6.0",
|
||||
"dependencies": {
|
||||
"debug": {
|
||||
"version": "2.6.1",
|
||||
"resolved": "https://registry.npmjs.org/debug/-/debug-2.6.1.tgz",
|
||||
"from": "debug@2.6.1"
|
||||
},
|
||||
"ms": {
|
||||
"version": "0.7.2",
|
||||
"resolved": "https://registry.npmjs.org/ms/-/ms-0.7.2.tgz",
|
||||
"from": "ms@0.7.2"
|
||||
}
|
||||
}
|
||||
},
|
||||
"content-type": {
|
||||
"version": "1.0.2",
|
||||
"resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.2.tgz",
|
||||
"from": "content-type@1.0.2"
|
||||
},
|
||||
"debug": {
|
||||
"version": "2.6.3",
|
||||
"resolved": "https://registry.npmjs.org/debug/-/debug-2.6.3.tgz",
|
||||
"from": "debug@2.6.3",
|
||||
"dependencies": {
|
||||
"ms": {
|
||||
"version": "0.7.2",
|
||||
"resolved": "https://registry.npmjs.org/ms/-/ms-0.7.2.tgz",
|
||||
"from": "ms@0.7.2"
|
||||
}
|
||||
}
|
||||
},
|
||||
"depd": {
|
||||
"version": "1.1.0",
|
||||
"resolved": "https://registry.npmjs.org/depd/-/depd-1.1.0.tgz",
|
||||
"from": "depd@1.1.0"
|
||||
},
|
||||
"ee-first": {
|
||||
"version": "1.1.1",
|
||||
"resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
|
||||
"from": "ee-first@1.1.1"
|
||||
},
|
||||
"ejs": {
|
||||
"version": "2.5.6",
|
||||
"resolved": "https://registry.npmjs.org/ejs/-/ejs-2.5.6.tgz",
|
||||
"from": "ejs@2.5.6"
|
||||
},
|
||||
"encodeurl": {
|
||||
"version": "1.0.1",
|
||||
"resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.1.tgz",
|
||||
"from": "encodeurl@>=1.0.1 <1.1.0"
|
||||
},
|
||||
"escape-html": {
|
||||
"version": "1.0.3",
|
||||
"resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
|
||||
"from": "escape-html@>=1.0.3 <1.1.0"
|
||||
},
|
||||
"finalhandler": {
|
||||
"version": "1.0.0",
|
||||
"resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.0.0.tgz",
|
||||
"from": "finalhandler@1.0.0",
|
||||
"dependencies": {
|
||||
"debug": {
|
||||
"version": "2.6.1",
|
||||
"resolved": "https://registry.npmjs.org/debug/-/debug-2.6.1.tgz",
|
||||
"from": "debug@2.6.1"
|
||||
},
|
||||
"ms": {
|
||||
"version": "0.7.2",
|
||||
"resolved": "https://registry.npmjs.org/ms/-/ms-0.7.2.tgz",
|
||||
"from": "ms@0.7.2"
|
||||
}
|
||||
}
|
||||
},
|
||||
"http-errors": {
|
||||
"version": "1.6.1",
|
||||
"resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.6.1.tgz",
|
||||
"from": "http-errors@1.6.1"
|
||||
},
|
||||
"iconv-lite": {
|
||||
"version": "0.4.15",
|
||||
"resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.15.tgz",
|
||||
"from": "iconv-lite@0.4.15"
|
||||
},
|
||||
"inherits": {
|
||||
"version": "2.0.3",
|
||||
"resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz",
|
||||
"from": "inherits@2.0.3"
|
||||
},
|
||||
"lodash": {
|
||||
"version": "4.17.4",
|
||||
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.4.tgz",
|
||||
"from": "lodash@4.17.4"
|
||||
},
|
||||
"media-typer": {
|
||||
"version": "0.3.0",
|
||||
"resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
|
||||
"from": "media-typer@0.3.0"
|
||||
},
|
||||
"mime-db": {
|
||||
"version": "1.27.0",
|
||||
"resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.27.0.tgz",
|
||||
"from": "mime-db@>=1.27.0 <1.28.0"
|
||||
},
|
||||
"mime-types": {
|
||||
"version": "2.1.15",
|
||||
"resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.15.tgz",
|
||||
"from": "mime-types@2.1.15"
|
||||
},
|
||||
"ms": {
|
||||
"version": "1.0.0",
|
||||
"resolved": "https://registry.npmjs.org/ms/-/ms-1.0.0.tgz",
|
||||
"from": "ms@1.0.0"
|
||||
},
|
||||
"node-forge": {
|
||||
"version": "0.7.1",
|
||||
"resolved": "https://registry.npmjs.org/node-forge/-/node-forge-0.7.1.tgz",
|
||||
"from": "node-forge@0.7.1"
|
||||
},
|
||||
"on-finished": {
|
||||
"version": "2.3.0",
|
||||
"resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz",
|
||||
"from": "on-finished@2.3.0"
|
||||
},
|
||||
"parseurl": {
|
||||
"version": "1.3.1",
|
||||
"resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.1.tgz",
|
||||
"from": "parseurl@>=1.3.1 <1.4.0"
|
||||
},
|
||||
"qs": {
|
||||
"version": "6.4.0",
|
||||
"resolved": "https://registry.npmjs.org/qs/-/qs-6.4.0.tgz",
|
||||
"from": "qs@6.4.0"
|
||||
},
|
||||
"querystring": {
|
||||
"version": "0.2.0",
|
||||
"resolved": "https://registry.npmjs.org/querystring/-/querystring-0.2.0.tgz",
|
||||
"from": "querystring@0.2.0"
|
||||
},
|
||||
"raw-body": {
|
||||
"version": "2.2.0",
|
||||
"resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.2.0.tgz",
|
||||
"from": "raw-body@2.2.0",
|
||||
"dependencies": {
|
||||
"bytes": {
|
||||
"version": "2.4.0",
|
||||
"resolved": "https://registry.npmjs.org/bytes/-/bytes-2.4.0.tgz",
|
||||
"from": "bytes@2.4.0"
|
||||
}
|
||||
}
|
||||
},
|
||||
"sax": {
|
||||
"version": "1.2.2",
|
||||
"resolved": "https://registry.npmjs.org/sax/-/sax-1.2.2.tgz",
|
||||
"from": "sax@1.2.2"
|
||||
},
|
||||
"setprototypeof": {
|
||||
"version": "1.0.3",
|
||||
"resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.0.3.tgz",
|
||||
"from": "setprototypeof@1.0.3"
|
||||
},
|
||||
"statuses": {
|
||||
"version": "1.3.1",
|
||||
"resolved": "https://registry.npmjs.org/statuses/-/statuses-1.3.1.tgz",
|
||||
"from": "statuses@1.3.1"
|
||||
},
|
||||
"type-is": {
|
||||
"version": "1.6.15",
|
||||
"resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.15.tgz",
|
||||
"from": "type-is@1.6.15"
|
||||
},
|
||||
"unpipe": {
|
||||
"version": "1.0.0",
|
||||
"resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
|
||||
"from": "unpipe@1.0.0"
|
||||
},
|
||||
"utils-merge": {
|
||||
"version": "1.0.0",
|
||||
"resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.0.tgz",
|
||||
"from": "utils-merge@1.0.0"
|
||||
},
|
||||
"xml-crypto": {
|
||||
"version": "0.9.0",
|
||||
"resolved": "https://registry.npmjs.org/xml-crypto/-/xml-crypto-0.9.0.tgz",
|
||||
"from": "xml-crypto@0.9.0"
|
||||
},
|
||||
"xml2js": {
|
||||
"version": "0.4.17",
|
||||
"resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.17.tgz",
|
||||
"from": "xml2js@0.4.17"
|
||||
},
|
||||
"xmlbuilder": {
|
||||
"version": "4.2.1",
|
||||
"resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-4.2.1.tgz",
|
||||
"from": "xmlbuilder@>=4.1.0 <5.0.0"
|
||||
},
|
||||
"xmldom": {
|
||||
"version": "0.1.19",
|
||||
"resolved": "https://registry.npmjs.org/xmldom/-/xmldom-0.1.19.tgz",
|
||||
"from": "xmldom@0.1.19"
|
||||
},
|
||||
"xpath": {
|
||||
"version": "0.0.24",
|
||||
"resolved": "https://registry.npmjs.org/xpath/-/xpath-0.0.24.tgz",
|
||||
"from": "xpath@0.0.24"
|
||||
},
|
||||
"xpath.js": {
|
||||
"version": "1.0.7",
|
||||
"resolved": "https://registry.npmjs.org/xpath.js/-/xpath.js-1.0.7.tgz",
|
||||
"from": "xpath.js@1.0.7"
|
||||
}
|
||||
}
|
||||
}
|
|
@ -31,6 +31,9 @@ settings = {"saml":[{
|
|||
"privateKeyFile": "certs/mykey.pem", // path is relative to $METEOR-PROJECT/private
|
||||
"publicCertFile": "certs/mycert.pem", // eg $METEOR-PROJECT/private/certs/mycert.pem
|
||||
"dynamicProfile": true // set to true if we want to create a user in Meteor.users dynamically if SAML assertion is valid
|
||||
"identifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", // Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
|
||||
"localProfileMatchAttribute": "telephoneNumber" // CAUTION: this will be mapped to profile.<localProfileMatchAttribute> attribute in Mongo if identifierFormat (see above) differs from urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
|
||||
|
||||
}]}
|
||||
|
||||
Meteor.settings = settings;
|
||||
|
|
15
package.js
15
package.js
|
@ -23,6 +23,7 @@ Package.onTest((api) => {
|
|||
|
||||
Npm.depends({
|
||||
"depd": "1.1.0",
|
||||
"xml-crypto": "0.9.0",
|
||||
"bytes": "2.5.0",
|
||||
"content-type": "1.0.2",
|
||||
"debug": "2.6.3",
|
||||
|
@ -43,7 +44,7 @@ Npm.depends({
|
|||
"xml2js": "0.4.17",
|
||||
"body-parser": "1.17.1",
|
||||
"sax": "1.2.2",
|
||||
"xmlbuilder": "8.2.2",
|
||||
"xmlbuilder": "9.0.0",
|
||||
"ejs": "2.5.6",
|
||||
"async": "2.3.0",
|
||||
"lodash":"4.17.4",
|
||||
|
@ -52,7 +53,13 @@ Npm.depends({
|
|||
"xpath.js": "1.0.7",
|
||||
"xmldom": "0.1.27",
|
||||
"connect": "3.6.0",
|
||||
"querystring": "0.2.0",
|
||||
"xml-encryption": "0.10.0",
|
||||
"xml-crypto": "0.9.0"
|
||||
"querystring": "0.2.0"
|
||||
// "xml-encryption": "0.10.0"
|
||||
});
|
||||
|
||||
// Npm.depends({
|
||||
// "depd": "1.1.0",
|
||||
// "xml-crypto": "0.9.0",
|
||||
// "xmlbuilder": "9.0.0",
|
||||
// "xml2js": "0.4.17"
|
||||
// });
|
||||
|
|
|
@ -71,28 +71,61 @@ Accounts.registerLoginHandler(function(loginRequest) {
|
|||
if (Meteor.settings.debug) {
|
||||
console.log("RESULT :" + JSON.stringify(loginResult));
|
||||
}
|
||||
if (loginResult && loginResult.profile && loginResult.profile.email) {
|
||||
console.log("Profile: " + JSON.stringify(loginResult.profile.email));
|
||||
|
||||
if (loginResult && loginResult.profile && loginResult.profile.nameID) {
|
||||
console.log("Profile: " + JSON.stringify(loginResult.profile.nameID));
|
||||
var localProfileMatchAttribute;
|
||||
var localFindStructure;
|
||||
var nameIDFormat;
|
||||
// Default nameIDFormat is emailAddress
|
||||
if (!(Meteor.settings.saml[0].identifierFormat) || (Meteor.settings.saml[0].identifierFormat == "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")) {
|
||||
nameIDFormat = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress";
|
||||
} else {
|
||||
nameIDFormat = Meteor.settings.saml[0].identifierFormat;
|
||||
}
|
||||
|
||||
if (nameIDFormat == "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" ) {
|
||||
// If nameID Format is emailAdress, we should not force 'email' as localProfileMatchAttribute
|
||||
localProfileMatchAttribute = "email";
|
||||
localFindStructure = "emails.address";
|
||||
profileOrEmail = "email";
|
||||
profileOrEmailValue = loginResult.profile.nameID;
|
||||
} else // any other nameID format
|
||||
// Check if Meteor.settings.saml[0].localProfileMatchAttribute has value
|
||||
// These values will be stored in profile substructure. They're NOT security relevant because profile isn't a safe place
|
||||
if (Meteor.settings.saml[0].localProfileMatchAttribute){
|
||||
profileOrEmail = "profile";
|
||||
profileOrEmailValue = {
|
||||
[Meteor.settings.saml[0].localProfileMatchAttribute] : loginResult.profile.nameID
|
||||
};
|
||||
localFindStructure = 'profile.' + Meteor.settings.saml[0].localProfileMatchAttribute;
|
||||
}
|
||||
var user = Meteor.users.findOne({
|
||||
'emails.address': loginResult.profile.email
|
||||
//profile[Meteor.settings.saml[0].localProfileMatchAttribute]: loginResult.profile.nameID
|
||||
[localFindStructure]: loginResult.profile.nameID
|
||||
});
|
||||
|
||||
if (!user) {
|
||||
if (Meteor.settings.saml[0].dynamicProfile) {
|
||||
if (Meteor.settings.debug) {
|
||||
console.log("User not found. Will dynamically create one with '" + Meteor.settings.saml[0].localProfileMatchAttribute + "' = " + loginResult.profile[Meteor.settings.saml[0].localProfileMatchAttribute])
|
||||
}
|
||||
Accounts.createUser({
|
||||
email: loginResult.profile.email,
|
||||
//email: loginResult.profile.email,
|
||||
password: "",
|
||||
username: loginResult.profile.nameID,
|
||||
profile: ""
|
||||
[profileOrEmail]: profileOrEmailValue
|
||||
|
||||
//[Meteor.settings.saml[0].localProfileMatchAttribute]: loginResult.profile[Meteor.settings.saml[0].localProfileMatchAttribute]
|
||||
});
|
||||
user = Meteor.users.findOne({
|
||||
"emails.address": loginResult.profile.email
|
||||
"username": loginResult.profile.nameID
|
||||
});
|
||||
if (Meteor.settings.debug) {
|
||||
console.log("Created new user");
|
||||
}
|
||||
} else {
|
||||
throw new Error("Could not find an existing user with supplied email " + loginResult.profile.email);
|
||||
throw new Error("Could not find an existing user with supplied attribute '" + Meteor.settings.saml[0].localProfileMatchAttribute + "' and value:" + loginResult.profile[Meteor.settings.saml[0].localProfileMatchAttribute]);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -142,7 +175,7 @@ Accounts.registerLoginHandler(function(loginRequest) {
|
|||
return result
|
||||
|
||||
} else {
|
||||
throw new Error("SAML Profile did not contain an email address");
|
||||
throw new Error("SAML Assertion did not contain a proper SAML subject value");
|
||||
}
|
||||
});
|
||||
|
||||
|
@ -273,6 +306,9 @@ middleware = function(req, res, next) {
|
|||
break;
|
||||
case "validate":
|
||||
_saml = new SAML(service);
|
||||
if (Meteor.settings.debug) {
|
||||
console.log("Service: " + JSON.stringify(service));
|
||||
};
|
||||
Accounts.saml.RelayState = req.body.RelayState;
|
||||
_saml.validateResponse(req.body.SAMLResponse, req.body.RelayState, function(err, profile, loggedOut) {
|
||||
if (err)
|
||||
|
|
|
@ -485,24 +485,12 @@ SAML.prototype.generateServiceProviderMetadata = function(callbackUrl) {
|
|||
}
|
||||
}
|
||||
},
|
||||
'#list': [
|
||||
// this should be the set that the xmlenc library supports
|
||||
{
|
||||
'EncryptionMethod': {
|
||||
'@Algorithm': 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
|
||||
}
|
||||
},
|
||||
{
|
||||
'EncryptionMethod': {
|
||||
'@Algorithm': 'http://www.w3.org/2001/04/xmlenc#aes128-cbc'
|
||||
}
|
||||
},
|
||||
{
|
||||
'EncryptionMethod': {
|
||||
'@Algorithm': 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc'
|
||||
}
|
||||
}
|
||||
]
|
||||
'EncryptionMethod': [
|
||||
// this should be the set that the xmlenc library supports
|
||||
{'@Algorithm': 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'},
|
||||
{'@Algorithm': 'http://www.w3.org/2001/04/xmlenc#aes128-cbc'},
|
||||
{'@Algorithm': 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc'}
|
||||
]
|
||||
};
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue