Merge pull request #43 from rubenstolk/hotfix/detect-protocol

Detect protocol if not provided, fixes #42
node-saml · Jun 20, 2014 · c928fdc · c928fdc
2 parents f199e8c + a3a9c3a
commit c928fdc
Showing 1 changed file with 7 additions and 10 deletions.
diff --git a/lib/passport-saml/saml.js b/lib/passport-saml/saml.js
@@ -21,10 +21,6 @@ SAML.prototype.initialize = function (options) {
     options = {};
   }
 
-  if (!options.protocol) {
-    options.protocol = 'https://';
-  }
-
   if (!options.path) {
     options.path = '/saml/consume';
   }
@@ -80,6 +76,7 @@ SAML.prototype.signRequest = function (xml) {
 SAML.prototype.generateAuthorizeRequest = function (req, isPassive) {
   var id = "_" + this.generateUniqueID();
   var instant = this.generateInstant();
+  var protocol = this.options.protocol || (req.protocol || 'http').concat('://');
   var callbackUrl;
 
   if(this.options.validateInResponseTo) {
@@ -90,7 +87,7 @@ SAML.prototype.generateAuthorizeRequest = function (req, isPassive) {
   if (this.options.callbackUrl) {
     callbackUrl = this.options.callbackUrl;
   } else {
-    callbackUrl = this.options.protocol + req.headers.host + this.options.path;
+    callbackUrl = protocol + req.headers.host + this.options.path;
   }
 
   var request = {
@@ -252,7 +249,7 @@ SAML.prototype.certToPEM = function (cert) {
 //   vectors against SAML signature verification.
 SAML.prototype.validateSignature = function (fullXml, currentNode, cert) {
   var self = this;
-  var xpathSigQuery = ".//*[local-name(.)='Signature' and " + 
+  var xpathSigQuery = ".//*[local-name(.)='Signature' and " +
                       "namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']";
   var signatures = xpath(currentNode, xpathSigQuery);
   // This function is expecting to validate exactly one signature, so if we find more or fewer
@@ -279,7 +276,7 @@ SAML.prototype.validateSignature = function (fullXml, currentNode, cert) {
   // If we can't find the reference at the top level, reject
   if (currentNode.getAttribute('ID') != refId)
     return false;
-  // If we find any extra referenced nodes, reject.  (xml-crypto only verifies one digest, so 
+  // If we find any extra referenced nodes, reject.  (xml-crypto only verifies one digest, so
   //   multiple candidate references is bad news)
   var totalReferencedNodes = xpath(currentNode.ownerDocument, "//*[@ID='" + refId + "']");
   if (totalReferencedNodes.length > 1)
@@ -320,8 +317,8 @@ SAML.prototype.validatePostResponse = function (container, callback) {
   }
 
   if (assertions.length == 1) {
-    if (self.options.cert && 
-        !validSignature && 
+    if (self.options.cert &&
+        !validSignature &&
         !self.validateSignature(xml, assertions[0], self.options.cert)) {
       return callback(new Error('Invalid signature'), null, false);
     }
@@ -426,7 +423,7 @@ SAML.prototype.processValidlySignedAssertion = function(xml, inResponseTo, callb
           profile.nameIDFormat = nameID[0].$.Format;
         }
       }
-    } 
+    }
 
     var nowMs = new Date().getTime();
     var subjectConfirmation = subject[0].SubjectConfirmation ?