Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

xmldom #27

Open
wants to merge 33 commits into
base: master
Choose a base branch
from
Open

xmldom #27

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
af62aba
Update README.md
phylp Oct 8, 2018
2721d05
update lodash to 4.17.5
Oct 8, 2018
3b55fa4
updated patch version
Oct 8, 2018
8fade20
updated readme and package json for updated library name
Oct 8, 2018
cb2cea0
updated readme tutorial for new package name
Oct 8, 2018
1f6799f
fixed typo
Oct 8, 2018
5d25b41
updated vulnerable version of lodash
Feb 14, 2019
05a6b3e
fixed validation tests for saml tokens
Feb 20, 2019
8a8fd00
added travis CI config
Feb 20, 2019
450ec3f
added travis CI status icon in readme
Feb 20, 2019
10dc37e
unlock dependencies for deduplication and easier vulnerability mitiga…
Apr 19, 2019
7c85329
Merge pull request #2 from csimi/unlock-dependencies
phylp Apr 22, 2019
addec69
- updated travis yaml for npm audit
Apr 22, 2019
75933b7
fixed jshint warning for constructor casing
Apr 22, 2019
20d8a7c
updated versioning for latest npm publish
Apr 22, 2019
7ac5a8e
fixed dependencies
Jul 25, 2019
398694c
rev'd version
Jul 25, 2019
0857fb2
Merge pull request #3 from gentleman-turk/master
phylp Jul 25, 2019
626b8b8
updated minimist dev dependency in package-lock
Mar 20, 2020
22d8ca1
adjusted resolved URL for minimist dev dependency
Mar 20, 2020
f367939
updated patch level in semver
Mar 20, 2020
d89b297
addressed mkdirp dependency
Mar 20, 2020
f9d03df
dep update
Dec 2, 2020
7c5d57e
Merge remote-tracking branch 'upstream/master'
Dec 2, 2020
66402da
Merge pull request #4 from gentleman-turk/master
phylp Dec 4, 2020
ccbfd01
updated xmldom from .4 to .5 to patch 1650 vulnerability
Mar 16, 2021
c9a5016
update xml-crypto to fix vulnerability
Mar 16, 2021
5803a09
Merge pull request #5 from Sanyug92/master
phylp Mar 16, 2021
13df09b
0.1.4
phylp Mar 16, 2021
21547c2
updating dependencies
Jan 20, 2022
fbdcb1d
Merge remote-tracking branch 'upstream/master' into dependencies2022
Jan 20, 2022
b9b8c01
updating audit to production only
Jan 20, 2022
dd77ca7
Merge pull request #9 from gentleman-turk/dependencies2022
phylp Jan 25, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions .travis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
language: node_js

node_js:
- node
- 'lts/*'

before_script:
- npm install

script:
- npm test && npm audit --production
12 changes: 6 additions & 6 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
SAML 2.0 & 1.1 Assertion Parser & Validator
SAML 2.0 & 1.1 Assertion Parser & Validator [![Build Status](https://travis-ci.com/phylp/saml20-maintained.svg?branch=master)](https://travis-ci.com/phylp/saml20-maintained)
=============
saml20 is a simple module that allows you to parse and validate SAML 2.0 and 1.1 tokens. It has been tested with [Microsoft ADFS](http://en.wikipedia.org/wiki/Active_Directory_Federation_Services), OKTA, and PingOne tokens.
saml20-maintained is a fork of saml20. It is the same library with updated versions of vulnerable dependencies.

## Installation

```bash
$ npm install saml20
$ npm install saml20-maintained
```

## Usage
Expand All @@ -18,7 +18,7 @@ Parses the `rawAssertion` without validating signature, expiration and audience.

```javascript

var saml = require('saml20');
var saml = require('saml20-maintained');

saml.parse(rawAssertion, function(err, profile) {
// err
Expand All @@ -44,7 +44,7 @@ You can use either `thumbprint` or `publicKey` but you should use at least one.

```javascript

var saml = require('saml20');
var saml = require('saml20-maintained');

var options = {
thumbprint: '1aeabdfa4473ecc7efc5947b18436c575574baf8',
Expand All @@ -64,7 +64,7 @@ or using publicKey:

```javascript

var saml = require('saml20');
var saml = require('saml20-maintained');

var options = {
publicKey: 'MIICDzCCAXygAwIBAgIQVWXAvbbQyI5Bc...',
Expand Down
4 changes: 2 additions & 2 deletions lib/validateSignature.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@

var select = require('xml-crypto').xpath;
var SignedXml = require('xml-crypto').SignedXml;
var dom = require('xmldom').DOMParser;
var Dom = require('@xmldom/xmldom').DOMParser;
var thumbprint = require('thumbprint');

module.exports = function validateSignature(xml, cert, certThumbprint) {
var doc = new dom().parseFromString(xml);
var doc = new Dom().parseFromString(xml);
var signature = select(doc, '/*/*/*[local-name(.)=\'Signature\' and namespace-uri(.)=\'http://www.w3.org/2000/09/xmldsig#\']')[0]
|| select(doc, '/*/*[local-name(.)=\'Signature\' and namespace-uri(.)=\'http://www.w3.org/2000/09/xmldsig#\']')[0];
var signed = new SignedXml(null, {
Expand Down
Loading