Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updating with upstream #1

Open
wants to merge 40 commits into
base: master
Choose a base branch
from
Open

Updating with upstream #1

wants to merge 40 commits into from

Conversation

reisandbeans
Copy link

No description provided.

elahti and others added 30 commits December 2, 2018 10:23
@elahti @markstos
Update xml-crypto to 1.0.2
b5fd79d
@markstos
bump version to v1.0.0.
677424c
@markstos
Add yarn.lock.
562a213
@markstos
Drop support for Node 4. It is EOLed.
d2c8994
@skillsoftstevemarusa @markstos
Add option to disable SAML spec AuthnRequest optional value Assertion…
e2154f2 
…ConsumerServiceURL.

p49 - https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf
options.disableRequestACSUrl - default to undefined falsy so it is automatically included.
@josecolella @markstos
Add SamlResponseXML method to profile object
0544376 
This add the ability to extract the original SamlResponseXML as a method in the profile object.
@stavros-wb @markstos
Support InResponseTo validations in MultiSaml
2afa1ba 
Either use cache provided by user, or a default memory
cache to store InResponse parameters. This cache is not
yet partitioned per provider, which means a malicious
provider could do replay attacks by using anothers
unconsummed `InResponse` values

node-saml#334
@siren @markstos
fix for failing test
c40ccb5
@LoneRifle @markstos
Upgrade xml-crypto to 1.1.2
f54a43c 
This change incorporates a revert that fixes the problem discussed on 
node-saml/xml-crypto#167. It also drops xpath.js in favour of xpath, which
everybody else uses.

Fixes node-saml#324
@Archinowsk @markstos
Update Node version in package.json to >=6
e60ec9e
@markstos
Fix node-saml#128 documentation for body-parser dependancy
0ab4639
@Archinowsk @markstos
Fix Node Buffer deprecation warning: update 'new Buffer' to 'Buffer.f…
a60fda0 
…rom()'
@mlunoe @markstos
Create a way to get provider metadata when using the MultiSamlStrategy
b384277 
This adds a function to pass in a request along with the other `generateServiceProviderMetadata` arguments to retrieve provider metadata when using the MultiSamlStrategy. If there is no request, we cannot call the `_getSamlOptions`-function to retrieve all the necessary options to call the `generateServiceProviderMetadata`-function with.
@larspederamlie @markstos
update xml crypto to 1.1.4
47d0118
@andkrist @markstos
update gitignore
5ae1fa3
@andkrist @markstos
Set explicitChar to true when parsing xml. Now character content of a…
53bfd7d 
… element should be accessed only through ._
@markstos
deps: bump deps
98f1be7 
Some deps had warnings about being outdated.
@VilleMiekkoja @markstos
InResponseTo support for logout
b99deb1
@josecolella @markstos
Update README.md
663c127 
Change attributeName to unknown type to allow for use-case described in DefinitelyTyped/DefinitelyTyped#33950. For example, you may extend the Profile object with an attribute `roles` which is an array of string. Having unknown still allows for typing enforcement, and yet is flexible to allow for these use-cases
@osan15 @markstos
⭐ feat: add RequestedAuthnContext Comparison Type parameter
a466139 
test: add test for check the option comparisonType
@markstos
rename comparisonType to RACComparison
48ac655 
 - 'comparisonType' is too generic.
 - Also, document in the main README.
@cjbarth @markstos
Fix broken tests
3592f07
@cjbarth @markstos
Improve code consistency; fix error handling bugs
ce5351d
@markstos
v1.1.0: bump for release
16fb659
@Archinowsk @markstos
Remove InResponseTo value if response validation fails
5cdf341 
Merge branch 'master' into remove-inresponseto-if-response-validation-fails

Update

Update
@ahavriluk @markstos
NameIDFormat fix (node-saml#375)
6f0876e 
Added a conditional statement to set NameIDFormat only if identifierFormat is specified in options. This should prevent an error in AD FS when identifierFormat  set to null: node-saml#338
@stavros-wb @markstos
Validate signatures on original query string
91bac34 
Before this commit:
signature validation on GET (Redirect binding) requests was done using
`encodeURIComponent` on the already parsed params

After:
the original query params are used to validate the request's signature

The reason for doing this is that Azure ADFS is using lowercase for url
encoding resulting in something like:
`SAMLRequest=dead%2fbeef`
The old processing logic would try to validate against:
`SAMLRequest=dead%2Fbeef`
and failed
@stavros-wb @markstos
Use exact match to check for a compatible crypto algorithm.
403a189 
Before we were using a more vague substring match and choosing the last
possible match.

Now we extract the algorithm name from the expected URL format
and test for an exact match on the algorithm name, case-insensitive.
@markstos
bump version to 1.2.0
3ba244d
@markstos
Drop support for Node 6.
dd1699a 
It has been EOL'ed.
walokra and others added 10 commits October 1, 2019 13:31
@walokra @markstos
Fix node-saml#392 Switching from jshint to eslint
7d71fe2 
 - Fix also Travis to run eslint instead of jshint
 - Upgrade eslint dep
 - fix lint violations
@markstos
Add .editorconfig as suggested in node-saml#373
da64d88 
Using the same rules as nodejs.
@walokra
Fix node-saml#355 missing parts: tests.
571bf42 
Note: self = this is needed and tests fail if using arrow function as suggested in the PR review.
@walokra @markstos
Fix minimum version of Node.js in Travis (node-saml#399)
75ad459 
* Fix minimum version of Node.js in Travis

Support for Node 6 was dropped in dd1699a
@markstos
refactor: replace 'self = this' with arrow functions
53e7363 
Just modernizing the code some.
@markstos
Merge branch 'fix/validate-signature-in-redirect'
1358803
@markstos
add Node support policy to README
4ebfae0
@nishch @markstos
fix node-saml#393 adding 'inResponseTo' in the profile (node-saml#404)
7bffa5c 
* fix node-saml#393 adding 'inResponseTo' in the profile
@LoneRifle @markstos
Bring-up xml-crypto to 1.4.0 (node-saml#400)
c82149d 
This update will pick up the following changes:

node-saml/xml-crypto#171
node-saml/xml-crypto#179
node-saml/xml-crypto#183
@reisandbeans
Merge remote-tracking branch 'upstream/master' into chore/updating-wi…
3ba730f 
…th-upstream
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.