From b5fd79db749c1dbcdc8a7920fe131e49b504b1a1 Mon Sep 17 00:00:00 2001 From: Esko Lahti Date: Mon, 12 Nov 2018 10:20:29 +0200 Subject: [PATCH 01/38] Update xml-crypto to 1.0.2 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index c844c611..74b210f1 100644 --- a/package.json +++ b/package.json @@ -30,7 +30,7 @@ "debug": "^3.1.0", "passport-strategy": "*", "q": "^1.5.0", - "xml-crypto": "^0.10.1", + "xml-crypto": "^1.0.2", "xml-encryption": "^0.11.0", "xml2js": "0.4.x", "xmlbuilder": "^9.0.4", From 677424cf2f594344e4e70bec0be2d7591a60e089 Mon Sep 17 00:00:00 2001 From: Mark Stosberg Date: Sun, 2 Dec 2018 10:46:54 -0500 Subject: [PATCH 02/38] bump version to v1.0.0. --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 74b210f1..864e8748 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "passport-saml", - "version": "0.35.0", + "version": "1.0.0", "license": "MIT", "keywords": [ "saml", From 562a21343b774f3df24bc7016469c00c5bfc193f Mon Sep 17 00:00:00 2001 From: Mark Stosberg Date: Sun, 2 Dec 2018 10:48:33 -0500 Subject: [PATCH 03/38] Add yarn.lock. --- yarn.lock | 1384 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1384 insertions(+) create mode 100644 yarn.lock diff --git a/yarn.lock b/yarn.lock new file mode 100644 index 00000000..febbd958 --- /dev/null +++ b/yarn.lock @@ -0,0 +1,1384 @@ +# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. +# yarn lockfile v1 + + +accepts@~1.3.5: + version "1.3.5" + resolved "https://registry.yarnpkg.com/accepts/-/accepts-1.3.5.tgz#eb777df6011723a3b14e8a72c0805c8e86746bd2" + integrity sha1-63d99gEXI6OxTopywIBcjoZ0a9I= + dependencies: + mime-types "~2.1.18" + negotiator "0.6.1" + +ajv@^6.5.5: + version "6.6.1" + resolved "https://registry.yarnpkg.com/ajv/-/ajv-6.6.1.tgz#6360f5ed0d80f232cc2b294c362d5dc2e538dd61" + integrity sha512-ZoJjft5B+EJBjUyu9C9Hc0OZyPZSSlOF+plzouTrg6UlA8f+e/n8NIgBFG/9tppJtpPWfthHakK7juJdNDODww== + dependencies: + fast-deep-equal "^2.0.1" + fast-json-stable-stringify "^2.0.0" + json-schema-traverse "^0.4.1" + uri-js "^4.2.2" + +array-flatten@1.1.1: + version "1.1.1" + resolved "https://registry.yarnpkg.com/array-flatten/-/array-flatten-1.1.1.tgz#9a5f699051b1e7073328f2a008968b64ea2955d2" + integrity sha1-ml9pkFGx5wczKPKgCJaLZOopVdI= + +asn1@~0.2.3: + version "0.2.4" + resolved "https://registry.yarnpkg.com/asn1/-/asn1-0.2.4.tgz#8d2475dfab553bb33e77b54e59e880bb8ce23136" + integrity sha512-jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg== + dependencies: + safer-buffer "~2.1.0" + +assert-plus@1.0.0, assert-plus@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/assert-plus/-/assert-plus-1.0.0.tgz#f12e0f3c5d77b0b1cdd9146942e4e96c1e4dd525" + integrity sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU= + +async@^2.1.5: + version "2.6.1" + resolved "https://registry.yarnpkg.com/async/-/async-2.6.1.tgz#b245a23ca71930044ec53fa46aa00a3e87c6a610" + integrity sha512-fNEiL2+AZt6AlAw/29Cr0UDe4sRAHCpEHh54WMz+Bb7QfNcFw4h3loofyJpLeQs4Yx7yuqu/2dLgM5hKOs6HlQ== + dependencies: + lodash "^4.17.10" + +async@~1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/async/-/async-1.0.0.tgz#f8fc04ca3a13784ade9e1641af98578cfbd647a9" + integrity sha1-+PwEyjoTeErenhZBr5hXjPvWR6k= + +asynckit@^0.4.0: + version "0.4.0" + resolved "https://registry.yarnpkg.com/asynckit/-/asynckit-0.4.0.tgz#c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79" + integrity sha1-x57Zf380y48robyXkLzDZkdLS3k= + +aws-sign2@~0.7.0: + version "0.7.0" + resolved "https://registry.yarnpkg.com/aws-sign2/-/aws-sign2-0.7.0.tgz#b46e890934a9591f2d2f6f86d7e6a9f1b3fe76a8" + integrity sha1-tG6JCTSpWR8tL2+G1+ap8bP+dqg= + +aws4@^1.8.0: + version "1.8.0" + resolved "https://registry.yarnpkg.com/aws4/-/aws4-1.8.0.tgz#f0e003d9ca9e7f59c7a508945d7b2ef9a04a542f" + integrity sha512-ReZxvNHIOv88FlT7rxcXIIC0fPt4KZqZbOlivyWtXLt8ESx84zd3kMC6iK5jVeS2qt+g7ftS7ye4fi06X5rtRQ== + +balanced-match@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-1.0.0.tgz#89b4d199ab2bee49de164ea02b89ce462d71b767" + integrity sha1-ibTRmasr7kneFk6gK4nORi1xt2c= + +bcrypt-pbkdf@^1.0.0: + version "1.0.2" + resolved "https://registry.yarnpkg.com/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz#a4301d389b6a43f9b67ff3ca11a3f6637e360e9e" + integrity sha1-pDAdOJtqQ/m2f/PKEaP2Y342Dp4= + dependencies: + tweetnacl "^0.14.3" + +body-parser@1.18.3, body-parser@^1.17.1: + version "1.18.3" + resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.18.3.tgz#5b292198ffdd553b3a0f20ded0592b956955c8b4" + integrity sha1-WykhmP/dVTs6DyDe0FkrlWlVyLQ= + dependencies: + bytes "3.0.0" + content-type "~1.0.4" + debug "2.6.9" + depd "~1.1.2" + http-errors "~1.6.3" + iconv-lite "0.4.23" + on-finished "~2.3.0" + qs "6.5.2" + raw-body "2.3.3" + type-is "~1.6.16" + +brace-expansion@^1.1.7: + version "1.1.11" + resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.11.tgz#3c7fcbf529d87226f3d2f52b966ff5271eb441dd" + integrity sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA== + dependencies: + balanced-match "^1.0.0" + concat-map "0.0.1" + +browser-stdout@1.3.1: + version "1.3.1" + resolved "https://registry.yarnpkg.com/browser-stdout/-/browser-stdout-1.3.1.tgz#baa559ee14ced73452229bad7326467c61fabd60" + integrity sha512-qhAVI1+Av2X7qelOfAIYwXONood6XlZE/fXaBSmW/T5SzLAmCgzi+eiWE7fUvbHaeNBQH13UftjpXxsfLkMpgw== + +buffer-from@^1.0.0: + version "1.1.1" + resolved "https://registry.yarnpkg.com/buffer-from/-/buffer-from-1.1.1.tgz#32713bc028f75c02fdb710d7c7bcec1f2c6070ef" + integrity sha512-MQcXEUbCKtEo7bhqEs6560Hyd4XaovZlO/k9V3hjVUF/zwW7KBVdSK4gIt/bzwS9MbR5qob+F5jusZsb0YQK2A== + +bytes@3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.0.0.tgz#d32815404d689699f85a4ea4fa8755dd13a96048" + integrity sha1-0ygVQE1olpn4Wk6k+odV3ROpYEg= + +caseless@~0.12.0: + version "0.12.0" + resolved "https://registry.yarnpkg.com/caseless/-/caseless-0.12.0.tgz#1b681c21ff84033c826543090689420d187151dc" + integrity sha1-G2gcIf+EAzyCZUMJBolCDRhxUdw= + +cli@~1.0.0: + version "1.0.1" + resolved "https://registry.yarnpkg.com/cli/-/cli-1.0.1.tgz#22817534f24bfa4950c34d532d48ecbc621b8c14" + integrity sha1-IoF1NPJL+klQw01TLUjsvGIbjBQ= + dependencies: + exit "0.1.2" + glob "^7.1.1" + +colors@1.0.x: + version "1.0.3" + resolved "https://registry.yarnpkg.com/colors/-/colors-1.0.3.tgz#0433f44d809680fdeb60ed260f1b0c262e82a40b" + integrity sha1-BDP0TYCWgP3rYO0mDxsMJi6CpAs= + +combined-stream@^1.0.6, combined-stream@~1.0.6: + version "1.0.7" + resolved "https://registry.yarnpkg.com/combined-stream/-/combined-stream-1.0.7.tgz#2d1d24317afb8abe95d6d2c0b07b57813539d828" + integrity sha512-brWl9y6vOB1xYPZcpZde3N9zDByXTosAeMDo4p1wzo6UMOX4vumB+TP1RZ76sfE6Md68Q0NJSrE/gbezd4Ul+w== + dependencies: + delayed-stream "~1.0.0" + +commander@2.15.1: + version "2.15.1" + resolved "https://registry.yarnpkg.com/commander/-/commander-2.15.1.tgz#df46e867d0fc2aec66a34662b406a9ccafff5b0f" + integrity sha512-VlfT9F3V0v+jr4yxPc5gg9s62/fIVWsd2Bk2iD435um1NlGMYdVCq+MjcXnhYq2icNOizHr1kK+5TI6H0Hy0ag== + +concat-map@0.0.1: + version "0.0.1" + resolved "https://registry.yarnpkg.com/concat-map/-/concat-map-0.0.1.tgz#d8a96bd77fd68df7793a73036a3ba0d5405d477b" + integrity sha1-2Klr13/Wjfd5OnMDajug1UBdR3s= + +concat-stream@1.6.2: + version "1.6.2" + resolved "https://registry.yarnpkg.com/concat-stream/-/concat-stream-1.6.2.tgz#904bdf194cd3122fc675c77fc4ac3d4ff0fd1a34" + integrity sha512-27HBghJxjiZtIk3Ycvn/4kbJk/1uZuJFfuPEns6LaEvpvG1f0hTea8lilrouyo9mVc2GWdcEZ8OLoGmSADlrCw== + dependencies: + buffer-from "^1.0.0" + inherits "^2.0.3" + readable-stream "^2.2.2" + typedarray "^0.0.6" + +console-browserify@1.1.x: + version "1.1.0" + resolved "https://registry.yarnpkg.com/console-browserify/-/console-browserify-1.1.0.tgz#f0241c45730a9fc6323b206dbf38edc741d0bb10" + integrity sha1-8CQcRXMKn8YyOyBtvzjtx0HQuxA= + dependencies: + date-now "^0.1.4" + +content-disposition@0.5.2: + version "0.5.2" + resolved "https://registry.yarnpkg.com/content-disposition/-/content-disposition-0.5.2.tgz#0cf68bb9ddf5f2be7961c3a85178cb85dba78cb4" + integrity sha1-DPaLud318r55YcOoUXjLhdunjLQ= + +content-type@~1.0.4: + version "1.0.4" + resolved "https://registry.yarnpkg.com/content-type/-/content-type-1.0.4.tgz#e138cc75e040c727b1966fe5e5f8c9aee256fe3b" + integrity sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA== + +cookie-signature@1.0.6: + version "1.0.6" + resolved "https://registry.yarnpkg.com/cookie-signature/-/cookie-signature-1.0.6.tgz#e303a882b342cc3ee8ca513a79999734dab3ae2c" + integrity sha1-4wOogrNCzD7oylE6eZmXNNqzriw= + +cookie@0.3.1: + version "0.3.1" + resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.3.1.tgz#e7e0a1f9ef43b4c8ba925c5c5a96e806d16873bb" + integrity sha1-5+Ch+e9DtMi6klxcWpboBtFoc7s= + +core-util-is@1.0.2, core-util-is@~1.0.0: + version "1.0.2" + resolved "https://registry.yarnpkg.com/core-util-is/-/core-util-is-1.0.2.tgz#b5fd54220aa2bc5ab57aab7140c940754503c1a7" + integrity sha1-tf1UIgqivFq1eqtxQMlAdUUDwac= + +cycle@1.0.x: + version "1.0.3" + resolved "https://registry.yarnpkg.com/cycle/-/cycle-1.0.3.tgz#21e80b2be8580f98b468f379430662b046c34ad2" + integrity sha1-IegLK+hYD5i0aPN5QwZisEbDStI= + +dashdash@^1.12.0: + version "1.14.1" + resolved "https://registry.yarnpkg.com/dashdash/-/dashdash-1.14.1.tgz#853cfa0f7cbe2fed5de20326b8dd581035f6e2f0" + integrity sha1-hTz6D3y+L+1d4gMmuN1YEDX24vA= + dependencies: + assert-plus "^1.0.0" + +date-now@^0.1.4: + version "0.1.4" + resolved "https://registry.yarnpkg.com/date-now/-/date-now-0.1.4.tgz#eaf439fd4d4848ad74e5cc7dbef200672b9e345b" + integrity sha1-6vQ5/U1ISK105cx9vvIAZyueNFs= + +debug@2.6.9: + version "2.6.9" + resolved "https://registry.yarnpkg.com/debug/-/debug-2.6.9.tgz#5d128515df134ff327e90a4c93f4e077a536341f" + integrity sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA== + dependencies: + ms "2.0.0" + +debug@3.1.0: + version "3.1.0" + resolved "https://registry.yarnpkg.com/debug/-/debug-3.1.0.tgz#5bb5a0672628b64149566ba16819e61518c67261" + integrity sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g== + dependencies: + ms "2.0.0" + +debug@^3.1.0: + version "3.2.6" + resolved "https://registry.yarnpkg.com/debug/-/debug-3.2.6.tgz#e83d17de16d8a7efb7717edbe5fb10135eee629b" + integrity sha512-mel+jf7nrtEl5Pn1Qx46zARXKDpBbvzezse7p7LqINmdoIk8PYP5SySaxEmYv6TZ0JyEKA1hsCId6DIhgITtWQ== + dependencies: + ms "^2.1.1" + +delayed-stream@~1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/delayed-stream/-/delayed-stream-1.0.0.tgz#df3ae199acadfb7d440aaae0b29e2272b24ec619" + integrity sha1-3zrhmayt+31ECqrgsp4icrJOxhk= + +depd@~1.1.2: + version "1.1.2" + resolved "https://registry.yarnpkg.com/depd/-/depd-1.1.2.tgz#9bcd52e14c097763e749b274c4346ed2e560b5a9" + integrity sha1-m81S4UwJd2PnSbJ0xDRu0uVgtak= + +destroy@~1.0.4: + version "1.0.4" + resolved "https://registry.yarnpkg.com/destroy/-/destroy-1.0.4.tgz#978857442c44749e4206613e37946205826abd80" + integrity sha1-l4hXRCxEdJ5CBmE+N5RiBYJqvYA= + +diff@3.5.0, diff@^3.1.0: + version "3.5.0" + resolved "https://registry.yarnpkg.com/diff/-/diff-3.5.0.tgz#800c0dd1e0a8bfbc95835c202ad220fe317e5a12" + integrity sha512-A46qtFgd+g7pDZinpnwiRJtxbC1hpgf0uzP3iG89scHk0AUC7A1TGxf5OiiOUv/JMZR8GOt8hL900hV0bOy5xA== + +dom-serializer@0: + version "0.1.0" + resolved "https://registry.yarnpkg.com/dom-serializer/-/dom-serializer-0.1.0.tgz#073c697546ce0780ce23be4a28e293e40bc30c82" + integrity sha1-BzxpdUbOB4DOI75KKOKT5AvDDII= + dependencies: + domelementtype "~1.1.1" + entities "~1.1.1" + +domelementtype@1: + version "1.2.1" + resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-1.2.1.tgz#578558ef23befac043a1abb0db07635509393479" + integrity sha512-SQVCLFS2E7G5CRCMdn6K9bIhRj1bS6QBWZfF0TUPh4V/BbqrQ619IdSS3/izn0FZ+9l+uODzaZjb08fjOfablA== + +domelementtype@~1.1.1: + version "1.1.3" + resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-1.1.3.tgz#bd28773e2642881aec51544924299c5cd822185b" + integrity sha1-vSh3PiZCiBrsUVRJJCmcXNgiGFs= + +domhandler@2.3: + version "2.3.0" + resolved "https://registry.yarnpkg.com/domhandler/-/domhandler-2.3.0.tgz#2de59a0822d5027fabff6f032c2b25a2a8abe738" + integrity sha1-LeWaCCLVAn+r/28DLCsloqir5zg= + dependencies: + domelementtype "1" + +domutils@1.5: + version "1.5.1" + resolved "https://registry.yarnpkg.com/domutils/-/domutils-1.5.1.tgz#dcd8488a26f563d61079e48c9f7b7e32373682cf" + integrity sha1-3NhIiib1Y9YQeeSMn3t+Mjc2gs8= + dependencies: + dom-serializer "0" + domelementtype "1" + +ecc-jsbn@~0.1.1: + version "0.1.2" + resolved "https://registry.yarnpkg.com/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz#3a83a904e54353287874c564b7549386849a98c9" + integrity sha1-OoOpBOVDUyh4dMVkt1SThoSamMk= + dependencies: + jsbn "~0.1.0" + safer-buffer "^2.1.0" + +ee-first@1.1.1: + version "1.1.1" + resolved "https://registry.yarnpkg.com/ee-first/-/ee-first-1.1.1.tgz#590c61156b0ae2f4f0255732a158b266bc56b21d" + integrity sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0= + +ejs@^2.5.6: + version "2.6.1" + resolved "https://registry.yarnpkg.com/ejs/-/ejs-2.6.1.tgz#498ec0d495655abc6f23cd61868d926464071aa0" + integrity sha512-0xy4A/twfrRCnkhfk8ErDi5DqdAsAqeGxht4xkCUrsvhhbQNs7E+4jV0CN7+NKIY0aHE72+XvqtBIXzD31ZbXQ== + +encodeurl@~1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/encodeurl/-/encodeurl-1.0.2.tgz#ad3ff4c86ec2d029322f5a02c3a9a606c95b3f59" + integrity sha1-rT/0yG7C0CkyL1oCw6mmBslbP1k= + +entities@1.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/entities/-/entities-1.0.0.tgz#b2987aa3821347fcde642b24fdfc9e4fb712bf26" + integrity sha1-sph6o4ITR/zeZCsk/fyeT7cSvyY= + +entities@~1.1.1: + version "1.1.2" + resolved "https://registry.yarnpkg.com/entities/-/entities-1.1.2.tgz#bdfa735299664dfafd34529ed4f8522a275fea56" + integrity sha512-f2LZMYl1Fzu7YSBKg+RoROelpOaNrcGmE9AZubeDfrCEia483oW4MI4VyFd5VNHIgQ/7qm1I0wUHK1eJnn2y2w== + +es6-promise@^4.0.3: + version "4.2.5" + resolved "https://registry.yarnpkg.com/es6-promise/-/es6-promise-4.2.5.tgz#da6d0d5692efb461e082c14817fe2427d8f5d054" + integrity sha512-n6wvpdE43VFtJq+lUDYDBFUwV8TZbuGXLV4D6wKafg13ldznKsyEvatubnmUe31zcvelSzOHF+XbaT+Bl9ObDg== + +escape-html@~1.0.3: + version "1.0.3" + resolved "https://registry.yarnpkg.com/escape-html/-/escape-html-1.0.3.tgz#0258eae4d3d0c0974de1c169188ef0051d1d1988" + integrity sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg= + +escape-string-regexp@1.0.5: + version "1.0.5" + resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz#1b61c0562190a8dff6ae3bb2cf0200ca130b86d4" + integrity sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ= + +etag@~1.8.1: + version "1.8.1" + resolved "https://registry.yarnpkg.com/etag/-/etag-1.8.1.tgz#41ae2eeb65efa62268aebfea83ac7d79299b0887" + integrity sha1-Qa4u62XvpiJorr/qg6x9eSmbCIc= + +exit@0.1.2, exit@0.1.x: + version "0.1.2" + resolved "https://registry.yarnpkg.com/exit/-/exit-0.1.2.tgz#0632638f8d877cc82107d30a0fff1a17cba1cd0c" + integrity sha1-BjJjj42HfMghB9MKD/8aF8uhzQw= + +express@^4.16.2: + version "4.16.4" + resolved "https://registry.yarnpkg.com/express/-/express-4.16.4.tgz#fddef61926109e24c515ea97fd2f1bdbf62df12e" + integrity sha512-j12Uuyb4FMrd/qQAm6uCHAkPtO8FDTRJZBDd5D2KOL2eLaz1yUNdUB/NOIyq0iU4q4cFarsUCrnFDPBcnksuOg== + dependencies: + accepts "~1.3.5" + array-flatten "1.1.1" + body-parser "1.18.3" + content-disposition "0.5.2" + content-type "~1.0.4" + cookie "0.3.1" + cookie-signature "1.0.6" + debug "2.6.9" + depd "~1.1.2" + encodeurl "~1.0.2" + escape-html "~1.0.3" + etag "~1.8.1" + finalhandler "1.1.1" + fresh "0.5.2" + merge-descriptors "1.0.1" + methods "~1.1.2" + on-finished "~2.3.0" + parseurl "~1.3.2" + path-to-regexp "0.1.7" + proxy-addr "~2.0.4" + qs "6.5.2" + range-parser "~1.2.0" + safe-buffer "5.1.2" + send "0.16.2" + serve-static "1.13.2" + setprototypeof "1.1.0" + statuses "~1.4.0" + type-is "~1.6.16" + utils-merge "1.0.1" + vary "~1.1.2" + +extend@~3.0.2: + version "3.0.2" + resolved "https://registry.yarnpkg.com/extend/-/extend-3.0.2.tgz#f8b1136b4071fbd8eb140aff858b1019ec2915fa" + integrity sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g== + +extract-zip@^1.6.5: + version "1.6.7" + resolved "https://registry.yarnpkg.com/extract-zip/-/extract-zip-1.6.7.tgz#a840b4b8af6403264c8db57f4f1a74333ef81fe9" + integrity sha1-qEC0uK9kAyZMjbV/Txp0Mz74H+k= + dependencies: + concat-stream "1.6.2" + debug "2.6.9" + mkdirp "0.5.1" + yauzl "2.4.1" + +extsprintf@1.3.0: + version "1.3.0" + resolved "https://registry.yarnpkg.com/extsprintf/-/extsprintf-1.3.0.tgz#96918440e3041a7a414f8c52e3c574eb3c3e1e05" + integrity sha1-lpGEQOMEGnpBT4xS48V06zw+HgU= + +extsprintf@^1.2.0: + version "1.4.0" + resolved "https://registry.yarnpkg.com/extsprintf/-/extsprintf-1.4.0.tgz#e2689f8f356fad62cca65a3a91c5df5f9551692f" + integrity sha1-4mifjzVvrWLMplo6kcXfX5VRaS8= + +eyes@0.1.x: + version "0.1.8" + resolved "https://registry.yarnpkg.com/eyes/-/eyes-0.1.8.tgz#62cf120234c683785d902348a800ef3e0cc20bc0" + integrity sha1-Ys8SAjTGg3hdkCNIqADvPgzCC8A= + +fast-deep-equal@^2.0.1: + version "2.0.1" + resolved "https://registry.yarnpkg.com/fast-deep-equal/-/fast-deep-equal-2.0.1.tgz#7b05218ddf9667bf7f370bf7fdb2cb15fdd0aa49" + integrity sha1-ewUhjd+WZ79/Nwv3/bLLFf3Qqkk= + +fast-json-stable-stringify@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/fast-json-stable-stringify/-/fast-json-stable-stringify-2.0.0.tgz#d5142c0caee6b1189f87d3a76111064f86c8bbf2" + integrity sha1-1RQsDK7msRifh9OnYREGT4bIu/I= + +fd-slicer@~1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/fd-slicer/-/fd-slicer-1.0.1.tgz#8b5bcbd9ec327c5041bf9ab023fd6750f1177e65" + integrity sha1-i1vL2ewyfFBBv5qwI/1nUPEXfmU= + dependencies: + pend "~1.2.0" + +finalhandler@1.1.1: + version "1.1.1" + resolved "https://registry.yarnpkg.com/finalhandler/-/finalhandler-1.1.1.tgz#eebf4ed840079c83f4249038c9d703008301b105" + integrity sha512-Y1GUDo39ez4aHAw7MysnUD5JzYX+WaIj8I57kO3aEPT1fFRL4sr7mjei97FgnwhAyyzRYmQZaTHb2+9uZ1dPtg== + dependencies: + debug "2.6.9" + encodeurl "~1.0.2" + escape-html "~1.0.3" + on-finished "~2.3.0" + parseurl "~1.3.2" + statuses "~1.4.0" + unpipe "~1.0.0" + +forever-agent@~0.6.1: + version "0.6.1" + resolved "https://registry.yarnpkg.com/forever-agent/-/forever-agent-0.6.1.tgz#fbc71f0c41adeb37f96c577ad1ed42d8fdacca91" + integrity sha1-+8cfDEGt6zf5bFd60e1C2P2sypE= + +form-data@~2.3.2: + version "2.3.3" + resolved "https://registry.yarnpkg.com/form-data/-/form-data-2.3.3.tgz#dcce52c05f644f298c6a7ab936bd724ceffbf3a6" + integrity sha512-1lLKB2Mu3aGP1Q/2eCOx0fNbRMe7XdwktwOruhfqqd0rIJWwN4Dh+E3hrPSlDCXnSR7UtZ1N38rVXm+6+MEhJQ== + dependencies: + asynckit "^0.4.0" + combined-stream "^1.0.6" + mime-types "^2.1.12" + +formatio@1.2.0: + version "1.2.0" + resolved "https://registry.yarnpkg.com/formatio/-/formatio-1.2.0.tgz#f3b2167d9068c4698a8d51f4f760a39a54d818eb" + integrity sha1-87IWfZBoxGmKjVH092CjmlTYGOs= + dependencies: + samsam "1.x" + +forwarded@~0.1.2: + version "0.1.2" + resolved "https://registry.yarnpkg.com/forwarded/-/forwarded-0.1.2.tgz#98c23dab1175657b8c0573e8ceccd91b0ff18c84" + integrity sha1-mMI9qxF1ZXuMBXPozszZGw/xjIQ= + +fresh@0.5.2: + version "0.5.2" + resolved "https://registry.yarnpkg.com/fresh/-/fresh-0.5.2.tgz#3d8cadd90d976569fa835ab1f8e4b23a105605a7" + integrity sha1-PYyt2Q2XZWn6g1qx+OSyOhBWBac= + +fs-extra@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-1.0.0.tgz#cd3ce5f7e7cb6145883fcae3191e9877f8587950" + integrity sha1-zTzl9+fLYUWIP8rjGR6Yd/hYeVA= + dependencies: + graceful-fs "^4.1.2" + jsonfile "^2.1.0" + klaw "^1.0.0" + +fs.realpath@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/fs.realpath/-/fs.realpath-1.0.0.tgz#1504ad2523158caa40db4a2787cb01411994ea4f" + integrity sha1-FQStJSMVjKpA20onh8sBQRmU6k8= + +getpass@^0.1.1: + version "0.1.7" + resolved "https://registry.yarnpkg.com/getpass/-/getpass-0.1.7.tgz#5eff8e3e684d569ae4cb2b1282604e8ba62149fa" + integrity sha1-Xv+OPmhNVprkyysSgmBOi6YhSfo= + dependencies: + assert-plus "^1.0.0" + +glob@7.1.2: + version "7.1.2" + resolved "https://registry.yarnpkg.com/glob/-/glob-7.1.2.tgz#c19c9df9a028702d678612384a6552404c636d15" + integrity sha512-MJTUg1kjuLeQCJ+ccE4Vpa6kKVXkPYJ2mOCQyUuKLcLQsdrMCpBPUi8qVE6+YuaJkozeA9NusTAw3hLr8Xe5EQ== + dependencies: + fs.realpath "^1.0.0" + inflight "^1.0.4" + inherits "2" + minimatch "^3.0.4" + once "^1.3.0" + path-is-absolute "^1.0.0" + +glob@^7.1.1: + version "7.1.3" + resolved "https://registry.yarnpkg.com/glob/-/glob-7.1.3.tgz#3960832d3f1574108342dafd3a67b332c0969df1" + integrity sha512-vcfuiIxogLV4DlGBHIUOwI0IbrJ8HWPc4MU7HzviGeNho/UJDfi6B5p3sHeWIQ0KGIU0Jpxi5ZHxemQfLkkAwQ== + dependencies: + fs.realpath "^1.0.0" + inflight "^1.0.4" + inherits "2" + minimatch "^3.0.4" + once "^1.3.0" + path-is-absolute "^1.0.0" + +graceful-fs@^4.1.2, graceful-fs@^4.1.6, graceful-fs@^4.1.9: + version "4.1.15" + resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.1.15.tgz#ffb703e1066e8a0eeaa4c8b80ba9253eeefbfb00" + integrity sha512-6uHUhOPEBgQ24HM+r6b/QwWfZq+yiFcipKFrOFiBEnWdy5sdzYoi+pJeQaPI5qOLRFqWmAXUPQNsielzdLoecA== + +growl@1.10.5: + version "1.10.5" + resolved "https://registry.yarnpkg.com/growl/-/growl-1.10.5.tgz#f2735dc2283674fa67478b10181059355c369e5e" + integrity sha512-qBr4OuELkhPenW6goKVXiv47US3clb3/IbuWF9KNKEijAy9oeHxU9IgzjvJhHkUzhaj7rOUD7+YGWqUjLp5oSA== + +har-schema@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/har-schema/-/har-schema-2.0.0.tgz#a94c2224ebcac04782a0d9035521f24735b7ec92" + integrity sha1-qUwiJOvKwEeCoNkDVSHyRzW37JI= + +har-validator@~5.1.0: + version "5.1.3" + resolved "https://registry.yarnpkg.com/har-validator/-/har-validator-5.1.3.tgz#1ef89ebd3e4996557675eed9893110dc350fa080" + integrity sha512-sNvOCzEQNr/qrvJgc3UG/kD4QtlHycrzwS+6mfTrrSq97BvaYcPZZI1ZSqGSPR73Cxn4LKTD4PttRwfU7jWq5g== + dependencies: + ajv "^6.5.5" + har-schema "^2.0.0" + +has-flag@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-3.0.0.tgz#b5d454dc2199ae225699f3467e5a07f3b955bafd" + integrity sha1-tdRU3CGZriJWmfNGfloH87lVuv0= + +hasha@^2.2.0: + version "2.2.0" + resolved "https://registry.yarnpkg.com/hasha/-/hasha-2.2.0.tgz#78d7cbfc1e6d66303fe79837365984517b2f6ee1" + integrity sha1-eNfL/B5tZjA/55g3NlmEUXsvbuE= + dependencies: + is-stream "^1.0.1" + pinkie-promise "^2.0.0" + +he@1.1.1: + version "1.1.1" + resolved "https://registry.yarnpkg.com/he/-/he-1.1.1.tgz#93410fd21b009735151f8868c2f271f3427e23fd" + integrity sha1-k0EP0hsAlzUVH4howvJx80J+I/0= + +htmlparser2@3.8.x: + version "3.8.3" + resolved "https://registry.yarnpkg.com/htmlparser2/-/htmlparser2-3.8.3.tgz#996c28b191516a8be86501a7d79757e5c70c1068" + integrity sha1-mWwosZFRaovoZQGn15dX5ccMEGg= + dependencies: + domelementtype "1" + domhandler "2.3" + domutils "1.5" + entities "1.0" + readable-stream "1.1" + +http-errors@1.6.3, http-errors@~1.6.2, http-errors@~1.6.3: + version "1.6.3" + resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.6.3.tgz#8b55680bb4be283a0b5bf4ea2e38580be1d9320d" + integrity sha1-i1VoC7S+KDoLW/TqLjhYC+HZMg0= + dependencies: + depd "~1.1.2" + inherits "2.0.3" + setprototypeof "1.1.0" + statuses ">= 1.4.0 < 2" + +http-signature@~1.2.0: + version "1.2.0" + resolved "https://registry.yarnpkg.com/http-signature/-/http-signature-1.2.0.tgz#9aecd925114772f3d95b65a60abb8f7c18fbace1" + integrity sha1-muzZJRFHcvPZW2WmCruPfBj7rOE= + dependencies: + assert-plus "^1.0.0" + jsprim "^1.2.2" + sshpk "^1.7.0" + +iconv-lite@0.4.23: + version "0.4.23" + resolved "https://registry.yarnpkg.com/iconv-lite/-/iconv-lite-0.4.23.tgz#297871f63be507adcfbfca715d0cd0eed84e9a63" + integrity sha512-neyTUVFtahjf0mB3dZT77u+8O0QB89jFdnBkd5P1JgYPbPaia3gXXOVL2fq8VyU2gMMD7SaN7QukTB/pmXYvDA== + dependencies: + safer-buffer ">= 2.1.2 < 3" + +inflight@^1.0.4: + version "1.0.6" + resolved "https://registry.yarnpkg.com/inflight/-/inflight-1.0.6.tgz#49bd6331d7d02d0c09bc910a1075ba8165b56df9" + integrity sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk= + dependencies: + once "^1.3.0" + wrappy "1" + +inherits@2, inherits@2.0.3, inherits@^2.0.3, inherits@~2.0.1, inherits@~2.0.3: + version "2.0.3" + resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.3.tgz#633c2c83e3da42a502f52466022480f4208261de" + integrity sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4= + +ipaddr.js@1.8.0: + version "1.8.0" + resolved "https://registry.yarnpkg.com/ipaddr.js/-/ipaddr.js-1.8.0.tgz#eaa33d6ddd7ace8f7f6fe0c9ca0440e706738b1e" + integrity sha1-6qM9bd16zo9/b+DJygRA5wZzix4= + +is-stream@^1.0.1: + version "1.1.0" + resolved "https://registry.yarnpkg.com/is-stream/-/is-stream-1.1.0.tgz#12d4a3dd4e68e0b79ceb8dbc84173ae80d91ca44" + integrity sha1-EtSj3U5o4Lec6428hBc66A2RykQ= + +is-typedarray@~1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/is-typedarray/-/is-typedarray-1.0.0.tgz#e479c80858df0c1b11ddda6940f96011fcda4a9a" + integrity sha1-5HnICFjfDBsR3dppQPlgEfzaSpo= + +isarray@0.0.1: + version "0.0.1" + resolved "https://registry.yarnpkg.com/isarray/-/isarray-0.0.1.tgz#8a18acfca9a8f4177e09abfc6038939b05d1eedf" + integrity sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8= + +isarray@~1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/isarray/-/isarray-1.0.0.tgz#bb935d48582cba168c06834957a54a3e07124f11" + integrity sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE= + +isexe@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/isexe/-/isexe-2.0.0.tgz#e8fbf374dc556ff8947a10dcb0572d633f2cfa10" + integrity sha1-6PvzdNxVb/iUehDcsFctYz8s+hA= + +isstream@0.1.x, isstream@~0.1.2: + version "0.1.2" + resolved "https://registry.yarnpkg.com/isstream/-/isstream-0.1.2.tgz#47e63f7af55afa6f92e1500e690eb8b8529c099a" + integrity sha1-R+Y/evVa+m+S4VAOaQ64uFKcCZo= + +jsbn@~0.1.0: + version "0.1.1" + resolved "https://registry.yarnpkg.com/jsbn/-/jsbn-0.1.1.tgz#a5e654c2e5a2deb5f201d96cefbca80c0ef2f513" + integrity sha1-peZUwuWi3rXyAdls77yoDA7y9RM= + +jshint@*: + version "2.9.6" + resolved "https://registry.yarnpkg.com/jshint/-/jshint-2.9.6.tgz#19b34e578095a34928fe006135a6cb70137b9c08" + integrity sha512-KO9SIAKTlJQOM4lE64GQUtGBRpTOuvbrRrSZw3AhUxMNG266nX9hK2cKA4SBhXOj0irJGyNyGSLT62HGOVDEOA== + dependencies: + cli "~1.0.0" + console-browserify "1.1.x" + exit "0.1.x" + htmlparser2 "3.8.x" + lodash "~4.17.10" + minimatch "~3.0.2" + shelljs "0.3.x" + strip-json-comments "1.0.x" + unicode-5.2.0 "^0.7.5" + optionalDependencies: + phantom "~4.0.1" + phantomjs-prebuilt "~2.1.7" + +json-schema-traverse@^0.4.1: + version "0.4.1" + resolved "https://registry.yarnpkg.com/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz#69f6a87d9513ab8bb8fe63bdb0979c448e684660" + integrity sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg== + +json-schema@0.2.3: + version "0.2.3" + resolved "https://registry.yarnpkg.com/json-schema/-/json-schema-0.2.3.tgz#b480c892e59a2f05954ce727bd3f2a4e882f9e13" + integrity sha1-tIDIkuWaLwWVTOcnvT8qTogvnhM= + +json-stringify-safe@~5.0.1: + version "5.0.1" + resolved "https://registry.yarnpkg.com/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz#1296a2d58fd45f19a0f6ce01d65701e2c735b6eb" + integrity sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus= + +jsonfile@^2.1.0: + version "2.4.0" + resolved "https://registry.yarnpkg.com/jsonfile/-/jsonfile-2.4.0.tgz#3736a2b428b87bbda0cc83b53fa3d633a35c2ae8" + integrity sha1-NzaitCi4e72gzIO1P6PWM6NcKug= + optionalDependencies: + graceful-fs "^4.1.6" + +jsprim@^1.2.2: + version "1.4.1" + resolved "https://registry.yarnpkg.com/jsprim/-/jsprim-1.4.1.tgz#313e66bc1e5cc06e438bc1b7499c2e5c56acb6a2" + integrity sha1-MT5mvB5cwG5Di8G3SZwuXFastqI= + dependencies: + assert-plus "1.0.0" + extsprintf "1.3.0" + json-schema "0.2.3" + verror "1.10.0" + +kew@^0.7.0: + version "0.7.0" + resolved "https://registry.yarnpkg.com/kew/-/kew-0.7.0.tgz#79d93d2d33363d6fdd2970b335d9141ad591d79b" + integrity sha1-edk9LTM2PW/dKXCzNdkUGtWR15s= + +klaw@^1.0.0: + version "1.3.1" + resolved "https://registry.yarnpkg.com/klaw/-/klaw-1.3.1.tgz#4088433b46b3b1ba259d78785d8e96f73ba02439" + integrity sha1-QIhDO0azsbolnXh4XY6W9zugJDk= + optionalDependencies: + graceful-fs "^4.1.9" + +lodash@^4.17.10, lodash@~4.17.10: + version "4.17.11" + resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.11.tgz#b39ea6229ef607ecd89e2c8df12536891cac9b8d" + integrity sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg== + +lolex@^1.6.0: + version "1.6.0" + resolved "https://registry.yarnpkg.com/lolex/-/lolex-1.6.0.tgz#3a9a0283452a47d7439e72731b9e07d7386e49f6" + integrity sha1-OpoCg0UqR9dDnnJzG54H1zhuSfY= + +media-typer@0.3.0: + version "0.3.0" + resolved "https://registry.yarnpkg.com/media-typer/-/media-typer-0.3.0.tgz#8710d7af0aa626f8fffa1ce00168545263255748" + integrity sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g= + +merge-descriptors@1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/merge-descriptors/-/merge-descriptors-1.0.1.tgz#b00aaa556dd8b44568150ec9d1b953f3f90cbb61" + integrity sha1-sAqqVW3YtEVoFQ7J0blT8/kMu2E= + +methods@~1.1.2: + version "1.1.2" + resolved "https://registry.yarnpkg.com/methods/-/methods-1.1.2.tgz#5529a4d67654134edcc5266656835b0f851afcee" + integrity sha1-VSmk1nZUE07cxSZmVoNbD4Ua/O4= + +mime-db@~1.37.0: + version "1.37.0" + resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.37.0.tgz#0b6a0ce6fdbe9576e25f1f2d2fde8830dc0ad0d8" + integrity sha512-R3C4db6bgQhlIhPU48fUtdVmKnflq+hRdad7IyKhtFj06VPNVdk2RhiYL3UjQIlso8L+YxAtFkobT0VK+S/ybg== + +mime-types@^2.1.12, mime-types@~2.1.18, mime-types@~2.1.19: + version "2.1.21" + resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.21.tgz#28995aa1ecb770742fe6ae7e58f9181c744b3f96" + integrity sha512-3iL6DbwpyLzjR3xHSFNFeb9Nz/M8WDkX33t1GFQnFOllWk8pOrh/LSrB5OXlnlW5P9LH73X6loW/eogc+F5lJg== + dependencies: + mime-db "~1.37.0" + +mime@1.4.1: + version "1.4.1" + resolved "https://registry.yarnpkg.com/mime/-/mime-1.4.1.tgz#121f9ebc49e3766f311a76e1fa1c8003c4b03aa6" + integrity sha512-KI1+qOZu5DcW6wayYHSzR/tXKCDC5Om4s1z2QJjDULzLcmf3DvzS7oluY4HCTrc+9FiKmWUgeNLg7W3uIQvxtQ== + +minimatch@3.0.4, minimatch@^3.0.4, minimatch@~3.0.2: + version "3.0.4" + resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.0.4.tgz#5166e286457f03306064be5497e8dbb0c3d32083" + integrity sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA== + dependencies: + brace-expansion "^1.1.7" + +minimist@0.0.8: + version "0.0.8" + resolved "https://registry.yarnpkg.com/minimist/-/minimist-0.0.8.tgz#857fcabfc3397d2625b8228262e86aa7a011b05d" + integrity sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0= + +mkdirp@0.5.1: + version "0.5.1" + resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.1.tgz#30057438eac6cf7f8c4767f38648d6697d75c903" + integrity sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM= + dependencies: + minimist "0.0.8" + +mocha@*: + version "5.2.0" + resolved "https://registry.yarnpkg.com/mocha/-/mocha-5.2.0.tgz#6d8ae508f59167f940f2b5b3c4a612ae50c90ae6" + integrity sha512-2IUgKDhc3J7Uug+FxMXuqIyYzH7gJjXECKe/w43IGgQHTSj3InJi+yAA7T24L9bQMRKiUEHxEX37G5JpVUGLcQ== + dependencies: + browser-stdout "1.3.1" + commander "2.15.1" + debug "3.1.0" + diff "3.5.0" + escape-string-regexp "1.0.5" + glob "7.1.2" + growl "1.10.5" + he "1.1.1" + minimatch "3.0.4" + mkdirp "0.5.1" + supports-color "5.4.0" + +ms@2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8" + integrity sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g= + +ms@^2.1.1: + version "2.1.1" + resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.1.tgz#30a5864eb3ebb0a66f2ebe6d727af06a09d86e0a" + integrity sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg== + +native-promise-only@^0.8.1: + version "0.8.1" + resolved "https://registry.yarnpkg.com/native-promise-only/-/native-promise-only-0.8.1.tgz#20a318c30cb45f71fe7adfbf7b21c99c1472ef11" + integrity sha1-IKMYwwy0X3H+et+/eyHJnBRy7xE= + +negotiator@0.6.1: + version "0.6.1" + resolved "https://registry.yarnpkg.com/negotiator/-/negotiator-0.6.1.tgz#2b327184e8992101177b28563fb5e7102acd0ca9" + integrity sha1-KzJxhOiZIQEXeyhWP7XnECrNDKk= + +node-forge@^0.7.0: + version "0.7.6" + resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.7.6.tgz#fdf3b418aee1f94f0ef642cd63486c77ca9724ac" + integrity sha512-sol30LUpz1jQFBjOKwbjxijiE3b6pjd74YwfD0fJOKPjF+fONKb2Yg8rYgS6+bK6VDl+/wfr4IYpC7jDzLUIfw== + +oauth-sign@~0.9.0: + version "0.9.0" + resolved "https://registry.yarnpkg.com/oauth-sign/-/oauth-sign-0.9.0.tgz#47a7b016baa68b5fa0ecf3dee08a85c679ac6455" + integrity sha512-fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ== + +on-finished@~2.3.0: + version "2.3.0" + resolved "https://registry.yarnpkg.com/on-finished/-/on-finished-2.3.0.tgz#20f1336481b083cd75337992a16971aa2d906947" + integrity sha1-IPEzZIGwg811M3mSoWlxqi2QaUc= + dependencies: + ee-first "1.1.1" + +once@^1.3.0: + version "1.4.0" + resolved "https://registry.yarnpkg.com/once/-/once-1.4.0.tgz#583b1aa775961d4b113ac17d9c50baef9dd76bd1" + integrity sha1-WDsap3WWHUsROsF9nFC6753Xa9E= + dependencies: + wrappy "1" + +parseurl@~1.3.2: + version "1.3.2" + resolved "https://registry.yarnpkg.com/parseurl/-/parseurl-1.3.2.tgz#fc289d4ed8993119460c156253262cdc8de65bf3" + integrity sha1-/CidTtiZMRlGDBViUyYs3I3mW/M= + +passport-strategy@*, passport-strategy@1.x.x: + version "1.0.0" + resolved "https://registry.yarnpkg.com/passport-strategy/-/passport-strategy-1.0.0.tgz#b5539aa8fc225a3d1ad179476ddf236b440f52e4" + integrity sha1-tVOaqPwiWj0a0XlHbd8ja0QPUuQ= + +passport@0.4.x: + version "0.4.0" + resolved "https://registry.yarnpkg.com/passport/-/passport-0.4.0.tgz#c5095691347bd5ad3b5e180238c3914d16f05811" + integrity sha1-xQlWkTR71a07XhgCOMORTRbwWBE= + dependencies: + passport-strategy "1.x.x" + pause "0.0.1" + +path-is-absolute@^1.0.0: + version "1.0.1" + resolved "https://registry.yarnpkg.com/path-is-absolute/-/path-is-absolute-1.0.1.tgz#174b9268735534ffbc7ace6bf53a5a9e1b5c5f5f" + integrity sha1-F0uSaHNVNP+8es5r9TpanhtcX18= + +path-to-regexp@0.1.7: + version "0.1.7" + resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-0.1.7.tgz#df604178005f522f15eb4490e7247a1bfaa67f8c" + integrity sha1-32BBeABfUi8V60SQ5yR6G/qmf4w= + +path-to-regexp@^1.7.0: + version "1.7.0" + resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-1.7.0.tgz#59fde0f435badacba103a84e9d3bc64e96b9937d" + integrity sha1-Wf3g9DW62suhA6hOnTvGTpa5k30= + dependencies: + isarray "0.0.1" + +pause@0.0.1: + version "0.0.1" + resolved "https://registry.yarnpkg.com/pause/-/pause-0.0.1.tgz#1d408b3fdb76923b9543d96fb4c9dfd535d9cb5d" + integrity sha1-HUCLP9t2kjuVQ9lvtMnf1TXZy10= + +pend@~1.2.0: + version "1.2.0" + resolved "https://registry.yarnpkg.com/pend/-/pend-1.2.0.tgz#7a57eb550a6783f9115331fcf4663d5c8e007a50" + integrity sha1-elfrVQpng/kRUzH89GY9XI4AelA= + +performance-now@^2.1.0: + version "2.1.0" + resolved "https://registry.yarnpkg.com/performance-now/-/performance-now-2.1.0.tgz#6309f4e0e5fa913ec1c69307ae364b4b377c9e7b" + integrity sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns= + +phantom@~4.0.1: + version "4.0.12" + resolved "https://registry.yarnpkg.com/phantom/-/phantom-4.0.12.tgz#78d18cf3f2a76fea4909f6160fcabf2742d7dbf0" + integrity sha512-Tz82XhtPmwCk1FFPmecy7yRGZG2btpzY2KI9fcoPT7zT9det0CcMyfBFPp1S8DqzsnQnm8ZYEfdy528mwVtksA== + dependencies: + phantomjs-prebuilt "^2.1.16" + split "^1.0.1" + winston "^2.4.0" + +phantomjs-prebuilt@^2.1.16, phantomjs-prebuilt@~2.1.7: + version "2.1.16" + resolved "https://registry.yarnpkg.com/phantomjs-prebuilt/-/phantomjs-prebuilt-2.1.16.tgz#efd212a4a3966d3647684ea8ba788549be2aefef" + integrity sha1-79ISpKOWbTZHaE6ouniFSb4q7+8= + dependencies: + es6-promise "^4.0.3" + extract-zip "^1.6.5" + fs-extra "^1.0.0" + hasha "^2.2.0" + kew "^0.7.0" + progress "^1.1.8" + request "^2.81.0" + request-progress "^2.0.1" + which "^1.2.10" + +pinkie-promise@^2.0.0: + version "2.0.1" + resolved "https://registry.yarnpkg.com/pinkie-promise/-/pinkie-promise-2.0.1.tgz#2135d6dfa7a358c069ac9b178776288228450ffa" + integrity sha1-ITXW36ejWMBprJsXh3YogihFD/o= + dependencies: + pinkie "^2.0.0" + +pinkie@^2.0.0: + version "2.0.4" + resolved "https://registry.yarnpkg.com/pinkie/-/pinkie-2.0.4.tgz#72556b80cfa0d48a974e80e77248e80ed4f7f870" + integrity sha1-clVrgM+g1IqXToDnckjoDtT3+HA= + +process-nextick-args@~2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/process-nextick-args/-/process-nextick-args-2.0.0.tgz#a37d732f4271b4ab1ad070d35508e8290788ffaa" + integrity sha512-MtEC1TqN0EU5nephaJ4rAtThHtC86dNN9qCuEhtshvpVBkAW5ZO7BASN9REnF9eoXGcRub+pFuKEpOHE+HbEMw== + +progress@^1.1.8: + version "1.1.8" + resolved "https://registry.yarnpkg.com/progress/-/progress-1.1.8.tgz#e260c78f6161cdd9b0e56cc3e0a85de17c7a57be" + integrity sha1-4mDHj2Fhzdmw5WzD4Khd4Xx6V74= + +proxy-addr@~2.0.4: + version "2.0.4" + resolved "https://registry.yarnpkg.com/proxy-addr/-/proxy-addr-2.0.4.tgz#ecfc733bf22ff8c6f407fa275327b9ab67e48b93" + integrity sha512-5erio2h9jp5CHGwcybmxmVqHmnCBZeewlfJ0pex+UW7Qny7OOZXTtH56TGNyBizkgiOwhJtMKrVzDTeKcySZwA== + dependencies: + forwarded "~0.1.2" + ipaddr.js "1.8.0" + +psl@^1.1.24: + version "1.1.29" + resolved "https://registry.yarnpkg.com/psl/-/psl-1.1.29.tgz#60f580d360170bb722a797cc704411e6da850c67" + integrity sha512-AeUmQ0oLN02flVHXWh9sSJF7mcdFq0ppid/JkErufc3hGIV/AMa8Fo9VgDo/cT2jFdOWoFvHp90qqBH54W+gjQ== + +punycode@^1.4.1: + version "1.4.1" + resolved "https://registry.yarnpkg.com/punycode/-/punycode-1.4.1.tgz#c0d5a63b2718800ad8e1eb0fa5269c84dd41845e" + integrity sha1-wNWmOycYgArY4esPpSachN1BhF4= + +punycode@^2.1.0: + version "2.1.1" + resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.1.1.tgz#b58b010ac40c22c5657616c8d2c2c02c7bf479ec" + integrity sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A== + +q@^1.5.0: + version "1.5.1" + resolved "https://registry.yarnpkg.com/q/-/q-1.5.1.tgz#7e32f75b41381291d04611f1bf14109ac00651d7" + integrity sha1-fjL3W0E4EpHQRhHxvxQQmsAGUdc= + +qs@6.5.2, qs@~6.5.2: + version "6.5.2" + resolved "https://registry.yarnpkg.com/qs/-/qs-6.5.2.tgz#cb3ae806e8740444584ef154ce8ee98d403f3e36" + integrity sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA== + +range-parser@~1.2.0: + version "1.2.0" + resolved "https://registry.yarnpkg.com/range-parser/-/range-parser-1.2.0.tgz#f49be6b487894ddc40dcc94a322f611092e00d5e" + integrity sha1-9JvmtIeJTdxA3MlKMi9hEJLgDV4= + +raw-body@2.3.3: + version "2.3.3" + resolved "https://registry.yarnpkg.com/raw-body/-/raw-body-2.3.3.tgz#1b324ece6b5706e153855bc1148c65bb7f6ea0c3" + integrity sha512-9esiElv1BrZoI3rCDuOuKCBRbuApGGaDPQfjSflGxdy4oyzqghxu6klEkkVIvBje+FF0BX9coEv8KqW6X/7njw== + dependencies: + bytes "3.0.0" + http-errors "1.6.3" + iconv-lite "0.4.23" + unpipe "1.0.0" + +readable-stream@1.1: + version "1.1.13" + resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-1.1.13.tgz#f6eef764f514c89e2b9e23146a75ba106756d23e" + integrity sha1-9u73ZPUUyJ4rniMUanW6EGdW0j4= + dependencies: + core-util-is "~1.0.0" + inherits "~2.0.1" + isarray "0.0.1" + string_decoder "~0.10.x" + +readable-stream@^2.2.2: + version "2.3.6" + resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-2.3.6.tgz#b11c27d88b8ff1fbe070643cf94b0c79ae1b0aaf" + integrity sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw== + dependencies: + core-util-is "~1.0.0" + inherits "~2.0.3" + isarray "~1.0.0" + process-nextick-args "~2.0.0" + safe-buffer "~5.1.1" + string_decoder "~1.1.1" + util-deprecate "~1.0.1" + +request-progress@^2.0.1: + version "2.0.1" + resolved "https://registry.yarnpkg.com/request-progress/-/request-progress-2.0.1.tgz#5d36bb57961c673aa5b788dbc8141fdf23b44e08" + integrity sha1-XTa7V5YcZzqlt4jbyBQf3yO0Tgg= + dependencies: + throttleit "^1.0.0" + +request@^2.81.0, request@^2.83.0: + version "2.88.0" + resolved "https://registry.yarnpkg.com/request/-/request-2.88.0.tgz#9c2fca4f7d35b592efe57c7f0a55e81052124fef" + integrity sha512-NAqBSrijGLZdM0WZNsInLJpkJokL72XYjUpnB0iwsRgxh7dB6COrHnTBNwN0E+lHDAJzu7kLAkDeY08z2/A0hg== + dependencies: + aws-sign2 "~0.7.0" + aws4 "^1.8.0" + caseless "~0.12.0" + combined-stream "~1.0.6" + extend "~3.0.2" + forever-agent "~0.6.1" + form-data "~2.3.2" + har-validator "~5.1.0" + http-signature "~1.2.0" + is-typedarray "~1.0.0" + isstream "~0.1.2" + json-stringify-safe "~5.0.1" + mime-types "~2.1.19" + oauth-sign "~0.9.0" + performance-now "^2.1.0" + qs "~6.5.2" + safe-buffer "^5.1.2" + tough-cookie "~2.4.3" + tunnel-agent "^0.6.0" + uuid "^3.3.2" + +safe-buffer@5.1.2, safe-buffer@^5.0.1, safe-buffer@^5.1.2, safe-buffer@~5.1.0, safe-buffer@~5.1.1: + version "5.1.2" + resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.2.tgz#991ec69d296e0313747d59bdfd2b745c35f8828d" + integrity sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g== + +"safer-buffer@>= 2.1.2 < 3", safer-buffer@^2.0.2, safer-buffer@^2.1.0, safer-buffer@~2.1.0: + version "2.1.2" + resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a" + integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg== + +samsam@1.x, samsam@^1.1.3: + version "1.3.0" + resolved "https://registry.yarnpkg.com/samsam/-/samsam-1.3.0.tgz#8d1d9350e25622da30de3e44ba692b5221ab7c50" + integrity sha512-1HwIYD/8UlOtFS3QO3w7ey+SdSDFE4HRNLZoZRYVQefrOY3l17epswImeB1ijgJFQJodIaHcwkp3r/myBjFVbg== + +sax@>=0.6.0: + version "1.2.4" + resolved "https://registry.yarnpkg.com/sax/-/sax-1.2.4.tgz#2816234e2378bddc4e5354fab5caa895df7100d9" + integrity sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw== + +send@0.16.2: + version "0.16.2" + resolved "https://registry.yarnpkg.com/send/-/send-0.16.2.tgz#6ecca1e0f8c156d141597559848df64730a6bbc1" + integrity sha512-E64YFPUssFHEFBvpbbjr44NCLtI1AohxQ8ZSiJjQLskAdKuriYEP6VyGEsRDH8ScozGpkaX1BGvhanqCwkcEZw== + dependencies: + debug "2.6.9" + depd "~1.1.2" + destroy "~1.0.4" + encodeurl "~1.0.2" + escape-html "~1.0.3" + etag "~1.8.1" + fresh "0.5.2" + http-errors "~1.6.2" + mime "1.4.1" + ms "2.0.0" + on-finished "~2.3.0" + range-parser "~1.2.0" + statuses "~1.4.0" + +serve-static@1.13.2: + version "1.13.2" + resolved "https://registry.yarnpkg.com/serve-static/-/serve-static-1.13.2.tgz#095e8472fd5b46237db50ce486a43f4b86c6cec1" + integrity sha512-p/tdJrO4U387R9oMjb1oj7qSMaMfmOyd4j9hOFoxZe2baQszgHcSWjuya/CiT5kgZZKRudHNOA0pYXOl8rQ5nw== + dependencies: + encodeurl "~1.0.2" + escape-html "~1.0.3" + parseurl "~1.3.2" + send "0.16.2" + +setprototypeof@1.1.0: + version "1.1.0" + resolved "https://registry.yarnpkg.com/setprototypeof/-/setprototypeof-1.1.0.tgz#d0bd85536887b6fe7c0d818cb962d9d91c54e656" + integrity sha512-BvE/TwpZX4FXExxOxZyRGQQv651MSwmWKZGqvmPcRIjDqWub67kTKuIMx43cZZrS/cBBzwBcNDWoFxt2XEFIpQ== + +shelljs@0.3.x: + version "0.3.0" + resolved "https://registry.yarnpkg.com/shelljs/-/shelljs-0.3.0.tgz#3596e6307a781544f591f37da618360f31db57b1" + integrity sha1-NZbmMHp4FUT1kfN9phg2DzHbV7E= + +should-equal@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/should-equal/-/should-equal-2.0.0.tgz#6072cf83047360867e68e98b09d71143d04ee0c3" + integrity sha512-ZP36TMrK9euEuWQYBig9W55WPC7uo37qzAEmbjHz4gfyuXrEUgF8cUvQVO+w+d3OMfPvSRQJ22lSm8MQJ43LTA== + dependencies: + should-type "^1.4.0" + +should-format@^3.0.3: + version "3.0.3" + resolved "https://registry.yarnpkg.com/should-format/-/should-format-3.0.3.tgz#9bfc8f74fa39205c53d38c34d717303e277124f1" + integrity sha1-m/yPdPo5IFxT04w01xcwPidxJPE= + dependencies: + should-type "^1.3.0" + should-type-adaptors "^1.0.1" + +should-type-adaptors@^1.0.1: + version "1.1.0" + resolved "https://registry.yarnpkg.com/should-type-adaptors/-/should-type-adaptors-1.1.0.tgz#401e7f33b5533033944d5cd8bf2b65027792e27a" + integrity sha512-JA4hdoLnN+kebEp2Vs8eBe9g7uy0zbRo+RMcU0EsNy+R+k049Ki+N5tT5Jagst2g7EAja+euFuoXFCa8vIklfA== + dependencies: + should-type "^1.3.0" + should-util "^1.0.0" + +should-type@^1.3.0, should-type@^1.4.0: + version "1.4.0" + resolved "https://registry.yarnpkg.com/should-type/-/should-type-1.4.0.tgz#0756d8ce846dfd09843a6947719dfa0d4cff5cf3" + integrity sha1-B1bYzoRt/QmEOmlHcZ36DUz/XPM= + +should-util@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/should-util/-/should-util-1.0.0.tgz#c98cda374aa6b190df8ba87c9889c2b4db620063" + integrity sha1-yYzaN0qmsZDfi6h8mInCtNtiAGM= + +should@*: + version "13.2.3" + resolved "https://registry.yarnpkg.com/should/-/should-13.2.3.tgz#96d8e5acf3e97b49d89b51feaa5ae8d07ef58f10" + integrity sha512-ggLesLtu2xp+ZxI+ysJTmNjh2U0TsC+rQ/pfED9bUZZ4DKefP27D+7YJVVTvKsmjLpIi9jAa7itwDGkDDmt1GQ== + dependencies: + should-equal "^2.0.0" + should-format "^3.0.3" + should-type "^1.4.0" + should-type-adaptors "^1.0.1" + should-util "^1.0.0" + +sinon@^2.1.0: + version "2.4.1" + resolved "https://registry.yarnpkg.com/sinon/-/sinon-2.4.1.tgz#021fd64b54cb77d9d2fb0d43cdedfae7629c3a36" + integrity sha512-vFTrO9Wt0ECffDYIPSP/E5bBugt0UjcBQOfQUMh66xzkyPEnhl/vM2LRZi2ajuTdkH07sA6DzrM6KvdvGIH8xw== + dependencies: + diff "^3.1.0" + formatio "1.2.0" + lolex "^1.6.0" + native-promise-only "^0.8.1" + path-to-regexp "^1.7.0" + samsam "^1.1.3" + text-encoding "0.6.4" + type-detect "^4.0.0" + +split@^1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/split/-/split-1.0.1.tgz#605bd9be303aa59fb35f9229fbea0ddec9ea07d9" + integrity sha512-mTyOoPbrivtXnwnIxZRFYRrPNtEFKlpB2fvjSnCQUiAA6qAZzqwna5envK4uk6OIeP17CsdF3rSBGYVBsU0Tkg== + dependencies: + through "2" + +sshpk@^1.7.0: + version "1.15.2" + resolved "https://registry.yarnpkg.com/sshpk/-/sshpk-1.15.2.tgz#c946d6bd9b1a39d0e8635763f5242d6ed6dcb629" + integrity sha512-Ra/OXQtuh0/enyl4ETZAfTaeksa6BXks5ZcjpSUNrjBr0DvrJKX+1fsKDPpT9TBXgHAFsa4510aNVgI8g/+SzA== + dependencies: + asn1 "~0.2.3" + assert-plus "^1.0.0" + bcrypt-pbkdf "^1.0.0" + dashdash "^1.12.0" + ecc-jsbn "~0.1.1" + getpass "^0.1.1" + jsbn "~0.1.0" + safer-buffer "^2.0.2" + tweetnacl "~0.14.0" + +stack-trace@0.0.x: + version "0.0.10" + resolved "https://registry.yarnpkg.com/stack-trace/-/stack-trace-0.0.10.tgz#547c70b347e8d32b4e108ea1a2a159e5fdde19c0" + integrity sha1-VHxws0fo0ytOEI6hoqFZ5f3eGcA= + +"statuses@>= 1.4.0 < 2": + version "1.5.0" + resolved "https://registry.yarnpkg.com/statuses/-/statuses-1.5.0.tgz#161c7dac177659fd9811f43771fa99381478628c" + integrity sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow= + +statuses@~1.4.0: + version "1.4.0" + resolved "https://registry.yarnpkg.com/statuses/-/statuses-1.4.0.tgz#bb73d446da2796106efcc1b601a253d6c46bd087" + integrity sha512-zhSCtt8v2NDrRlPQpCNtw/heZLtfUDqxBM1udqikb/Hbk52LK4nQSwr10u77iopCW5LsyHpuXS0GnEc48mLeew== + +string_decoder@~0.10.x: + version "0.10.31" + resolved "https://registry.yarnpkg.com/string_decoder/-/string_decoder-0.10.31.tgz#62e203bc41766c6c28c9fc84301dab1c5310fa94" + integrity sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ= + +string_decoder@~1.1.1: + version "1.1.1" + resolved "https://registry.yarnpkg.com/string_decoder/-/string_decoder-1.1.1.tgz#9cf1611ba62685d7030ae9e4ba34149c3af03fc8" + integrity sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg== + dependencies: + safe-buffer "~5.1.0" + +strip-json-comments@1.0.x: + version "1.0.4" + resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-1.0.4.tgz#1e15fbcac97d3ee99bf2d73b4c656b082bbafb91" + integrity sha1-HhX7ysl9Pumb8tc7TGVrCCu6+5E= + +supports-color@5.4.0: + version "5.4.0" + resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-5.4.0.tgz#1c6b337402c2137605efe19f10fec390f6faab54" + integrity sha512-zjaXglF5nnWpsq470jSv6P9DwPvgLkuapYmfDm3JWOm0vkNTVF2tI4UrN2r6jH1qM/uc/WtxYY1hYoA2dOKj5w== + dependencies: + has-flag "^3.0.0" + +text-encoding@0.6.4: + version "0.6.4" + resolved "https://registry.yarnpkg.com/text-encoding/-/text-encoding-0.6.4.tgz#e399a982257a276dae428bb92845cb71bdc26d19" + integrity sha1-45mpgiV6J22uQou5KEXLcb3CbRk= + +throttleit@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/throttleit/-/throttleit-1.0.0.tgz#9e785836daf46743145a5984b6268d828528ac6c" + integrity sha1-nnhYNtr0Z0MUWlmEtiaNgoUorGw= + +through@2: + version "2.3.8" + resolved "https://registry.yarnpkg.com/through/-/through-2.3.8.tgz#0dd4c9ffaabc357960b1b724115d7e0e86a2e1f5" + integrity sha1-DdTJ/6q8NXlgsbckEV1+Doai4fU= + +tough-cookie@~2.4.3: + version "2.4.3" + resolved "https://registry.yarnpkg.com/tough-cookie/-/tough-cookie-2.4.3.tgz#53f36da3f47783b0925afa06ff9f3b165280f781" + integrity sha512-Q5srk/4vDM54WJsJio3XNn6K2sCG+CQ8G5Wz6bZhRZoAe/+TxjWB/GlFAnYEbkYVlON9FMk/fE3h2RLpPXo4lQ== + dependencies: + psl "^1.1.24" + punycode "^1.4.1" + +tunnel-agent@^0.6.0: + version "0.6.0" + resolved "https://registry.yarnpkg.com/tunnel-agent/-/tunnel-agent-0.6.0.tgz#27a5dea06b36b04a0a9966774b290868f0fc40fd" + integrity sha1-J6XeoGs2sEoKmWZ3SykIaPD8QP0= + dependencies: + safe-buffer "^5.0.1" + +tweetnacl@^0.14.3, tweetnacl@~0.14.0: + version "0.14.5" + resolved "https://registry.yarnpkg.com/tweetnacl/-/tweetnacl-0.14.5.tgz#5ae68177f192d4456269d108afa93ff8743f4f64" + integrity sha1-WuaBd/GS1EViadEIr6k/+HQ/T2Q= + +type-detect@^4.0.0: + version "4.0.8" + resolved "https://registry.yarnpkg.com/type-detect/-/type-detect-4.0.8.tgz#7646fb5f18871cfbb7749e69bd39a6388eb7450c" + integrity sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g== + +type-is@~1.6.16: + version "1.6.16" + resolved "https://registry.yarnpkg.com/type-is/-/type-is-1.6.16.tgz#f89ce341541c672b25ee7ae3c73dee3b2be50194" + integrity sha512-HRkVv/5qY2G6I8iab9cI7v1bOIdhm94dVjQCPFElW9W+3GeDOSHmy2EBYe4VTApuzolPcmgFTN3ftVJRKR2J9Q== + dependencies: + media-typer "0.3.0" + mime-types "~2.1.18" + +typedarray@^0.0.6: + version "0.0.6" + resolved "https://registry.yarnpkg.com/typedarray/-/typedarray-0.0.6.tgz#867ac74e3864187b1d3d47d996a78ec5c8830777" + integrity sha1-hnrHTjhkGHsdPUfZlqeOxciDB3c= + +unicode-5.2.0@^0.7.5: + version "0.7.5" + resolved "https://registry.yarnpkg.com/unicode-5.2.0/-/unicode-5.2.0-0.7.5.tgz#e0df129431a28a95263d8c480fb5e9ab2b0973f0" + integrity sha512-KVGLW1Bri30x00yv4HNM8kBxoqFXr0Sbo55735nvrlsx4PYBZol3UtoWgO492fSwmsetzPEZzy73rbU8OGXJcA== + +unpipe@1.0.0, unpipe@~1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/unpipe/-/unpipe-1.0.0.tgz#b2bf4ee8514aae6165b4817829d21b2ef49904ec" + integrity sha1-sr9O6FFKrmFltIF4KdIbLvSZBOw= + +uri-js@^4.2.2: + version "4.2.2" + resolved "https://registry.yarnpkg.com/uri-js/-/uri-js-4.2.2.tgz#94c540e1ff772956e2299507c010aea6c8838eb0" + integrity sha512-KY9Frmirql91X2Qgjry0Wd4Y+YTdrdZheS8TFwvkbLWf/G5KNJDCh6pKL5OZctEW4+0Baa5idK2ZQuELRwPznQ== + dependencies: + punycode "^2.1.0" + +util-deprecate@~1.0.1: + version "1.0.2" + resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf" + integrity sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8= + +utils-merge@1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/utils-merge/-/utils-merge-1.0.1.tgz#9f95710f50a267947b2ccc124741c1028427e713" + integrity sha1-n5VxD1CiZ5R7LMwSR0HBAoQn5xM= + +uuid@^3.3.2: + version "3.3.2" + resolved "https://registry.yarnpkg.com/uuid/-/uuid-3.3.2.tgz#1b4af4955eb3077c501c23872fc6513811587131" + integrity sha512-yXJmeNaw3DnnKAOKJE51sL/ZaYfWJRl1pK9dr19YFCu0ObS231AB1/LbqTKRAQ5kw8A90rA6fr4riOUpTZvQZA== + +vary@~1.1.2: + version "1.1.2" + resolved "https://registry.yarnpkg.com/vary/-/vary-1.1.2.tgz#2299f02c6ded30d4a5961b0b9f74524a18f634fc" + integrity sha1-IpnwLG3tMNSllhsLn3RSShj2NPw= + +verror@1.10.0: + version "1.10.0" + resolved "https://registry.yarnpkg.com/verror/-/verror-1.10.0.tgz#3a105ca17053af55d6e270c1f8288682e18da400" + integrity sha1-OhBcoXBTr1XW4nDB+CiGguGNpAA= + dependencies: + assert-plus "^1.0.0" + core-util-is "1.0.2" + extsprintf "^1.2.0" + +which@^1.2.10: + version "1.3.1" + resolved "https://registry.yarnpkg.com/which/-/which-1.3.1.tgz#a45043d54f5805316da8d62f9f50918d3da70b0a" + integrity sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ== + dependencies: + isexe "^2.0.0" + +winston@^2.4.0: + version "2.4.4" + resolved "https://registry.yarnpkg.com/winston/-/winston-2.4.4.tgz#a01e4d1d0a103cf4eada6fc1f886b3110d71c34b" + integrity sha512-NBo2Pepn4hK4V01UfcWcDlmiVTs7VTB1h7bgnB0rgP146bYhMxX0ypCz3lBOfNxCO4Zuek7yeT+y/zM1OfMw4Q== + dependencies: + async "~1.0.0" + colors "1.0.x" + cycle "1.0.x" + eyes "0.1.x" + isstream "0.1.x" + stack-trace "0.0.x" + +wrappy@1: + version "1.0.2" + resolved "https://registry.yarnpkg.com/wrappy/-/wrappy-1.0.2.tgz#b5243d8f3ec1aa35f1364605bc0d1036e30ab69f" + integrity sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8= + +xml-crypto@^1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/xml-crypto/-/xml-crypto-1.0.2.tgz#248df860b1e3f7326e61bcbd00c234886b0d6e3b" + integrity sha512-bDQkgu1yuwl+QoJbi4GBP9MWxpmYkXc8a9iSHbZ7lKqcxzGlDqMRugcl7qK7TsMI0ydU66GG8/eLNvRUk5T2fw== + dependencies: + xmldom "0.1.27" + xpath.js ">=0.0.3" + +xml-encryption@^0.11.0: + version "0.11.2" + resolved "https://registry.yarnpkg.com/xml-encryption/-/xml-encryption-0.11.2.tgz#c217f5509547e34b500b829f2c0bca85cca73a21" + integrity sha512-jVvES7i5ovdO7N+NjgncA326xYKjhqeAnnvIgRnY7ROLCfFqEDLwP0Sxp/30SHG0AXQV1048T5yinOFyvwGFzg== + dependencies: + async "^2.1.5" + ejs "^2.5.6" + node-forge "^0.7.0" + xmldom "~0.1.15" + xpath "0.0.27" + +xml2js@0.4.x: + version "0.4.19" + resolved "https://registry.yarnpkg.com/xml2js/-/xml2js-0.4.19.tgz#686c20f213209e94abf0d1bcf1efaa291c7827a7" + integrity sha512-esZnJZJOiJR9wWKMyuvSE1y6Dq5LCuJanqhxslH2bxM6duahNZ+HMpCLhBQGZkbX6xRf8x1Y2eJlgt2q3qo49Q== + dependencies: + sax ">=0.6.0" + xmlbuilder "~9.0.1" + +xmlbuilder@^9.0.4, xmlbuilder@~9.0.1: + version "9.0.7" + resolved "https://registry.yarnpkg.com/xmlbuilder/-/xmlbuilder-9.0.7.tgz#132ee63d2ec5565c557e20f4c22df9aca686b10d" + integrity sha1-Ey7mPS7FVlxVfiD0wi35rKaGsQ0= + +xmldom@0.1.27, xmldom@0.1.x, xmldom@~0.1.15: + version "0.1.27" + resolved "https://registry.yarnpkg.com/xmldom/-/xmldom-0.1.27.tgz#d501f97b3bdb403af8ef9ecc20573187aadac0e9" + integrity sha1-1QH5ezvbQDr4757MIFcxh6rawOk= + +xpath.js@>=0.0.3: + version "1.1.0" + resolved "https://registry.yarnpkg.com/xpath.js/-/xpath.js-1.1.0.tgz#3816a44ed4bb352091083d002a383dd5104a5ff1" + integrity sha512-jg+qkfS4K8E7965sqaUl8mRngXiKb3WZGfONgE18pr03FUQiuSV6G+Ej4tS55B+rIQSFEIw3phdVAQ4pPqNWfQ== + +xpath@0.0.27: + version "0.0.27" + resolved "https://registry.yarnpkg.com/xpath/-/xpath-0.0.27.tgz#dd3421fbdcc5646ac32c48531b4d7e9d0c2cfa92" + integrity sha512-fg03WRxtkCV6ohClePNAECYsmpKKTv5L8y/X3Dn1hQrec3POx2jHZ/0P2qQ6HvsrU1BmeqXcof3NGGueG6LxwQ== + +yauzl@2.4.1: + version "2.4.1" + resolved "https://registry.yarnpkg.com/yauzl/-/yauzl-2.4.1.tgz#9528f442dab1b2284e58b4379bb194e22e0c4005" + integrity sha1-lSj0QtqxsihOWLQ3m7GU4i4MQAU= + dependencies: + fd-slicer "~1.0.1" From d2c89947fca1fa79365f5819a0e7326ebc94728a Mon Sep 17 00:00:00 2001 From: Mark Stosberg Date: Sun, 2 Dec 2018 11:02:16 -0500 Subject: [PATCH 04/38] Drop support for Node 4. It is EOLed. --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index efe5851a..637931ab 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,6 +1,6 @@ language: node_js node_js: - - "4.0" + - "6.0" - "stable" script: From e2154f28b9311b3975c95145cf636d198eead959 Mon Sep 17 00:00:00 2001 From: Steven Marusa Date: Fri, 19 Oct 2018 17:35:41 -0400 Subject: [PATCH 05/38] Add option to disable SAML spec AuthnRequest optional value AssertionConsumerServiceURL. p49 - https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf options.disableRequestACSUrl - default to undefined falsy so it is automatically included. --- README.md | 1 + lib/passport-saml/saml.js | 5 ++++- test/tests.js | 21 +++++++++++++++++++-- 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 25e66e50..03b8535d 100644 --- a/README.md +++ b/README.md @@ -121,6 +121,7 @@ type Profile = { * `providerName`: optional human-readable name of the requester for use by the presenter's user agent or the identity provider * `skipRequestCompression`: if set to true, the SAML request from the service provider won't be compressed. * `authnRequestBinding`: if set to `HTTP-POST`, will request authentication from IDP via HTTP POST binding, otherwise defaults to HTTP Redirect + * `disableRequestACSUrl`: if truthy, SAML AuthnRequest from the service provider will not include the optional AssertionConsumerServiceURL. Default is falsy so it is automatically included. * **InResponseTo Validation** * `validateInResponseTo`: if truthy, then InResponseTo will be validated from incoming SAML responses * `requestIdExpirationPeriodMs`: Defines the expiration time when a Request ID generated for a SAML request will not be valid if seen in a SAML response in the `InResponseTo` field. Default is 8 hours. diff --git a/lib/passport-saml/saml.js b/lib/passport-saml/saml.js index ebd92b83..8e2a9035 100644 --- a/lib/passport-saml/saml.js +++ b/lib/passport-saml/saml.js @@ -164,7 +164,6 @@ SAML.prototype.generateAuthorizeRequest = function (req, isPassive, callback) { '@Version': '2.0', '@IssueInstant': instant, '@ProtocolBinding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', - '@AssertionConsumerServiceURL': self.getCallbackUrl(req), '@Destination': self.options.entryPoint, 'saml:Issuer' : { '@xmlns:saml' : 'urn:oasis:names:tc:SAML:2.0:assertion', @@ -180,6 +179,10 @@ SAML.prototype.generateAuthorizeRequest = function (req, isPassive, callback) { request['samlp:AuthnRequest']['@ForceAuthn'] = true; } + if (!self.options.disableRequestACSUrl) { + request['samlp:AuthnRequest']['@AssertionConsumerServiceURL'] = self.getCallbackUrl(req); + } + if (self.options.identifierFormat) { request['samlp:AuthnRequest']['samlp:NameIDPolicy'] = { '@xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol', diff --git a/test/tests.js b/test/tests.js index e5161a45..51038fc3 100644 --- a/test/tests.js +++ b/test/tests.js @@ -458,6 +458,23 @@ describe( 'passport-saml /', function() { 'saml:AuthnContextClassRef': [ { _: 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport', '$': { 'xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion' } } ] } ] } } + }, + { name: "Remove NameIDPolicy, AuthnRequest, and AssertionConsumerServiceURL Config", + config: { + identifierFormat: null, + disableRequestedAuthnContext: true, + disableRequestACSUrl: true, + }, + result: { + 'samlp:AuthnRequest': + { '$': + { 'xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol', + Version: '2.0', + ProtocolBinding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', + Destination: 'https://wwwexampleIdp.com/saml'}, + 'saml:Issuer': + [ { _: 'onelogin_saml', + '$': { 'xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion' } } ] } } } ]; @@ -1062,7 +1079,7 @@ describe( 'passport-saml /', function() { samlObj.getAuthorizeUrl({}, {}, function(err, url) { var qry = require('querystring').parse(require('url').parse(url).query); qry.SigAlg.should.match('http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'); - qry.Signature.should.match('SL85w0h6Pt7ejplGrR4OOTh4Zo9zs/MQHZep27kSzs4+U/0QdQi7hg5T0TKqCSRBZpVtspMpw+i6F0tZrFot0dIJgeCgkvMA2Tllwt6K0DbKWOiNXW5S2M9tUZktdJVfjr2D5e0SG4jQIwa4PVONgNQEKFxydIqwxVh9NGYeDeMUGq5/4QpMDLgYOvLfShyvhlzmqeUs7LBlZbKJLCeXZi/Z5bnF+QOAugtKuh0G6kFOS0CmKVLIW/4XicLHmggUBDlt0VJaskxUx2amHSNUoYe3Z9/9TeZqc7IswNUOEiq/oy0DLhokLnBEj+dBRMlgkAHp/gaWcc1Vp/1jSlVAvg=='); + qry.Signature.should.match('hel9NaoLU0brY/VhrQsY+lTtuAbTsT/ul6nZ/eVlSMXQRaKn5LTbKadzxmPghX7s4xoHwdah+yZHK/0u4StYSj4b5MKcqbsJapVr2R7H90z8YfGfR2C/G0Gng721YV9Da6VBzKg8Was91zQotgsMpZ9pGX1kPKi6cgFwPwM4NEFugn8AYgXEriNvO5+Q23K/MdBT2bgwRTj2FQCWTuQcgwbyWHXoquHztZ0lbh8UhY5BfQRv7c6D9XPkQEMMQFQeME4PIEg3JnynwFZk5wwhkphMd5nXxau+zt7Nfp4fRm0G8WYnxV1etBnWimwSglZVaSHFYeQBRsC2wvKSiVS8JA=='); qry.customQueryStringParam.should.match('CustomQueryStringParamValue'); done(); }); @@ -1109,7 +1126,7 @@ describe( 'passport-saml /', function() { samlObj.getAuthorizeUrl({}, {}, function(err, url) { var qry = require('querystring').parse(require('url').parse(url).query); qry.SigAlg.should.match('http://www.w3.org/2000/09/xmldsig#rsa-sha1'); - qry.Signature.should.match('VnYOXVDiIaio+Vt8D2XXVwdyvwhDcdvgrQSkeq85G+MfU31yK9fvYEPFARK5pF1uJakMsYrKzVBv7HLCFcYuztpuIZloMFvFkado0MxFK4A/QFZn+EYDJE8ddLSvrW3iyuoxyVBSnH0+KLzDiI81B28YZNU3NFJIKCKzQSGIllJ7Vgw6KjH/BmE5DY0eSeUCEe6OygHgazjSrNIWQQjww5nSGIqAQl94OVanZtQBrYIUtik+d1lAhnginG0UnPccstenxEMAun2uMGp9hVqroWQvWRbX/xspRpjPOrIkvv63FzEgmRObXVNqpzDICJRUSlhTLdXAm2hb+ScYocO6EQ=='); + qry.Signature.should.match('MeFo+LjufxP5A+sCRwzR/YH/RV6W14aYSFjUdie62JxkI6hDcVhoSZQUJ3wtWMhL59gJj05tTFnXAZRqUQVsavyy41cmUZVeCsat0gaHBQOILXpp9deB0iSJt1EVQTOJkVx8uu2/WYu/bBiH7w2bpwuCf1gJhlqZb/ca3B6yjHSMjnnVfc2LbNPWHpE5464lrs79VjDXf9GQWfrBr95dh3P51IAb7C+77KDWQUl9WfZfyyuEgS83vyZ0UGOxT4AObJ6NOcLs8+iidDdWJJkBaKQev6U+AghCjLQUYOrflivLIIyqATKu2q9PbOse6Phmnxok50+broXSG23+e+742Q=='); qry.customQueryStringParam.should.match('CustomQueryStringParamValue'); done(); }); From 0544376c51d9061a7d901c76ce19d0412b8765a1 Mon Sep 17 00:00:00 2001 From: Jose Miguel Colella Date: Mon, 17 Dec 2018 17:03:34 -0500 Subject: [PATCH 06/38] Add SamlResponseXML method to profile object This add the ability to extract the original SamlResponseXML as a method in the profile object. --- README.md | 1 + lib/passport-saml/saml.js | 7 ++++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 03b8535d..c3a8938e 100644 --- a/README.md +++ b/README.md @@ -89,6 +89,7 @@ type Profile = { email?: string; // `mail` if not present in the assertion getAssertionXml(): string; // get the raw assertion XML getAssertion(): object; // get the assertion XML parsed as a JavaScript object + getSamlResponseXml(): string; // get the raw SAML response XML ID?: string; } & { [attributeName: string]: string; // arbitrary `AttributeValue`s diff --git a/lib/passport-saml/saml.js b/lib/passport-saml/saml.js index 8e2a9035..295bd016 100644 --- a/lib/passport-saml/saml.js +++ b/lib/passport-saml/saml.js @@ -611,7 +611,7 @@ SAML.prototype.validatePostResponse = function (container, callback) { !self.validateSignature(xml, assertions[0], certs)) { throw new Error('Invalid signature'); } - return self.processValidlySignedAssertion(assertions[0].toString(), inResponseTo, callback); + return self.processValidlySignedAssertion(assertions[0].toString(), xml, inResponseTo, callback); } if (encryptedAssertions.length == 1) { @@ -633,7 +633,7 @@ SAML.prototype.validatePostResponse = function (container, callback) { !self.validateSignature(decryptedXml, decryptedAssertions[0], certs)) throw new Error('Invalid signature from encrypted assertion'); - self.processValidlySignedAssertion(decryptedAssertions[0].toString(), inResponseTo, callback); + self.processValidlySignedAssertion(decryptedAssertions[0].toString(), xml, inResponseTo, callback); }); } @@ -863,7 +863,7 @@ SAML.prototype.verifyIssuer = function (samlMessage) { } }; -SAML.prototype.processValidlySignedAssertion = function(xml, inResponseTo, callback) { +SAML.prototype.processValidlySignedAssertion = function(xml, samlResponseXml, inResponseTo, callback) { var self = this; var msg; var parserConfig = { @@ -1026,6 +1026,7 @@ SAML.prototype.processValidlySignedAssertion = function(xml, inResponseTo, callb profile.getAssertionXml = function() { return xml; }; profile.getAssertion = function() { return parsedAssertion; }; + profile.getSamlResponseXml = function() { return samlResponseXml; }; callback(null, profile, false); }) From 2afa1bace21005c86969b6f054b8adbe1f7fb8dc Mon Sep 17 00:00:00 2001 From: Stavros Soleas Date: Fri, 8 Feb 2019 08:30:59 +0200 Subject: [PATCH 07/38] Support InResponseTo validations in MultiSaml Either use cache provided by user, or a default memory cache to store InResponse parameters. This cache is not yet partitioned per provider, which means a malicious provider could do replay attacks by using anothers unconsummed `InResponse` values https://github.com/bergie/passport-saml/issues/334 --- README.md | 5 +++++ multiSamlStrategy.js | 20 +++++++++++++++----- test/multiSamlStrategy.js | 15 ++++++++++----- 3 files changed, 30 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index c3a8938e..e1d661d0 100644 --- a/README.md +++ b/README.md @@ -72,6 +72,11 @@ passport.use(new MultiSamlStrategy( }) ); ``` +The options passed when the `MultiSamlStrategy` is initialized are also passed as default values to each provider. +e.g. If you provide an `issuer` on `MultiSamlStrategy`, this will be also a default value for every provider. +You can override these defaults by passing a new value through the `getSamlOptions` function. + +Using multiple providers supports `validateInResponseTo`, but all the `InResponse` values are stored on the same Cache. This means, if you're using the default `InMemoryCache`, that all providers have access to it and a provider might get its response validated against another's request. [Issue Report](!https://github.com/bergie/passport-saml/issues/334). To amend this you should provide a different cache provider per SAML provider, through the `getSamlOptions` function. #### The profile object: diff --git a/multiSamlStrategy.js b/multiSamlStrategy.js index f4ba1ad7..ae15db7f 100644 --- a/multiSamlStrategy.js +++ b/multiSamlStrategy.js @@ -1,5 +1,6 @@ var util = require('util'); var saml = require('./lib/passport-saml/saml'); +var InMemoryCacheProvider = require('./lib/passport-saml/inmemory-cache-provider').CacheProvider; var SamlStrategy = require('./lib/passport-saml/strategy'); function MultiSamlStrategy (options, verify) { @@ -7,8 +8,17 @@ function MultiSamlStrategy (options, verify) { throw new Error('Please provide a getSamlOptions function'); } + if(!options.requestIdExpirationPeriodMs){ + options.requestIdExpirationPeriodMs = 28800000; // 8 hours + } + + if(!options.cacheProvider){ + options.cacheProvider = new InMemoryCacheProvider( + {keyExpirationPeriodMs: options.requestIdExpirationPeriodMs }); + } + SamlStrategy.call(this, options, verify); - this._getSamlOptions = options.getSamlOptions; + this._options = options; } util.inherits(MultiSamlStrategy, SamlStrategy); @@ -16,12 +26,12 @@ util.inherits(MultiSamlStrategy, SamlStrategy); MultiSamlStrategy.prototype.authenticate = function (req, options) { var self = this; - this._getSamlOptions(req, function (err, samlOptions) { + this._options.getSamlOptions(req, function (err, samlOptions) { if (err) { return self.error(err); } - self._saml = new saml.SAML(samlOptions); + self._saml = new saml.SAML(Object.assign({}, self._options, samlOptions)); self.constructor.super_.prototype.authenticate.call(self, req, options); }); }; @@ -29,12 +39,12 @@ MultiSamlStrategy.prototype.authenticate = function (req, options) { MultiSamlStrategy.prototype.logout = function (req, options) { var self = this; - this._getSamlOptions(req, function (err, samlOptions) { + this._options.getSamlOptions(req, function (err, samlOptions) { if (err) { return self.error(err); } - self._saml = new saml.SAML(samlOptions); + self._saml = new saml.SAML(Object.assign({}, self._options, samlOptions)); self.constructor.super_.prototype.logout.call(self, req, options); }); }; diff --git a/test/multiSamlStrategy.js b/test/multiSamlStrategy.js index 4f0f1c11..39d7695f 100644 --- a/test/multiSamlStrategy.js +++ b/test/multiSamlStrategy.js @@ -37,7 +37,9 @@ describe('strategy#authenticate', function() { done(); }; - var strategy = new MultiSamlStrategy({ getSamlOptions: getSamlOptions }, verify); + var strategy = new MultiSamlStrategy({ + getSamlOptions: getSamlOptions + }, verify); strategy.authenticate(); }); @@ -57,7 +59,7 @@ describe('strategy#authenticate', function() { strategy.authenticate(); }); - it('uses geted options to setup internal saml provider', function(done) { + it('uses given options to setup internal saml provider', function(done) { var samlOptions = { issuer: 'http://foo.issuer', callbackUrl: 'http://foo.callback', @@ -73,12 +75,15 @@ describe('strategy#authenticate', function() { function getSamlOptions (req, fn) { fn(null, samlOptions); - strategy._saml.options.should.containEql(samlOptions); + strategy._saml.options.should.containEql(Object.assign({}, + { cacheProvider: 'mock cache provider' }, + samlOptions + )); done(); } var strategy = new MultiSamlStrategy( - { getSamlOptions: getSamlOptions }, + { getSamlOptions: getSamlOptions, cacheProvider: 'mock cache provider'}, verify ); strategy.authenticate(); @@ -122,7 +127,7 @@ describe('strategy#logout', function() { strategy.logout(); }); - it('uses geted options to setup internal saml provider', function(done) { + it('uses given options to setup internal saml provider', function(done) { var samlOptions = { issuer: 'http://foo.issuer', callbackUrl: 'http://foo.callback', From c40ccb5e2912393a741f54011beb8afc20c19549 Mon Sep 17 00:00:00 2001 From: Sami Siren Date: Sun, 3 Feb 2019 15:50:44 +0200 Subject: [PATCH 08/38] fix for failing test --- test/tests.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/tests.js b/test/tests.js index 51038fc3..4cd46def 100644 --- a/test/tests.js +++ b/test/tests.js @@ -1888,7 +1888,7 @@ describe( 'passport-saml /', function() { var request = 'onelogin_samlurn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'; samlObj.requestToUrl(request, null, 'authorize', {}, function(err) { should.exist(err); - err.message.should.eql('error:0906D06C:PEM routines:PEM_read_bio:no start line'); + err.message.should.containEql('no start line'); done(); }); }); From f54a43c8cb655087987cc6f92d426de875f7b6e1 Mon Sep 17 00:00:00 2001 From: LoneRifle Date: Tue, 29 Jan 2019 18:49:42 +0800 Subject: [PATCH 09/38] Upgrade xml-crypto to 1.1.2 This change incorporates a revert that fixes the problem discussed on yaronn/xml-crypto#167. It also drops xpath.js in favour of xpath, which everybody else uses. Fixes #324 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 864e8748..6fac5e3e 100644 --- a/package.json +++ b/package.json @@ -30,7 +30,7 @@ "debug": "^3.1.0", "passport-strategy": "*", "q": "^1.5.0", - "xml-crypto": "^1.0.2", + "xml-crypto": "^1.1.2", "xml-encryption": "^0.11.0", "xml2js": "0.4.x", "xmlbuilder": "^9.0.4", From e60ec9ece9bb17d23e12a97c6378aa9dc019e2d8 Mon Sep 17 00:00:00 2001 From: Archinowsk Date: Thu, 24 Jan 2019 12:11:58 +0200 Subject: [PATCH 10/38] Update Node version in package.json to >=6 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 6fac5e3e..87f2d341 100644 --- a/package.json +++ b/package.json @@ -47,7 +47,7 @@ "sinon": "^2.1.0" }, "engines": { - "node": ">= 4" + "node": ">= 6" }, "scripts": { "test": "mocha", From 0ab4639ddfee4156c5043ff50f6ff4dcaf49b9d1 Mon Sep 17 00:00:00 2001 From: Kashif Khan Date: Thu, 13 Dec 2018 09:20:09 +1100 Subject: [PATCH 11/38] Fix #128 documentation for body-parser dependancy --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index e1d661d0..287c89e4 100644 --- a/README.md +++ b/README.md @@ -149,8 +149,13 @@ type Profile = { You need to provide a route corresponding to the `path` configuration parameter given to the strategy: +The authentication callback must be invoked after the `body-parser` middlerware. + ```javascript +const bodyParser = require('body-parser'); + app.post('/login/callback', + bodyParser.urlencoded({ extended: false }), passport.authenticate('saml', { failureRedirect: '/', failureFlash: true }), function(req, res) { res.redirect('/'); From a60fda016862ba9fcffd2e558b8ac35ede37fab3 Mon Sep 17 00:00:00 2001 From: Archinowsk Date: Thu, 24 Jan 2019 13:57:28 +0200 Subject: [PATCH 12/38] Fix Node Buffer deprecation warning: update 'new Buffer' to 'Buffer.from()' --- lib/passport-saml/saml.js | 10 +++---- test/tests.js | 58 +++++++++++++++++++-------------------- 2 files changed, 34 insertions(+), 34 deletions(-) diff --git a/lib/passport-saml/saml.js b/lib/passport-saml/saml.js index 295bd016..8fe7e80c 100644 --- a/lib/passport-saml/saml.js +++ b/lib/passport-saml/saml.js @@ -294,7 +294,7 @@ SAML.prototype.generateLogoutResponse = function (req, logoutRequest) { SAML.prototype.requestToUrl = function (request, response, operation, additionalParameters, callback) { var self = this; if (self.options.skipRequestCompression) - requestToUrlHelper(null, new Buffer(request || response, 'utf8')); + requestToUrlHelper(null, Buffer.from(request || response, 'utf8')); else zlib.deflateRaw(request || response, requestToUrlHelper); @@ -458,7 +458,7 @@ SAML.prototype.getAuthorizeForm = function (req, callback) { } if (self.options.skipRequestCompression) { - getAuthorizeFormHelper(null, new Buffer(request, 'utf8')); + getAuthorizeFormHelper(null, Buffer.from(request, 'utf8')); } else { zlib.deflateRaw(request, getAuthorizeFormHelper); } @@ -570,7 +570,7 @@ SAML.prototype.validatePostResponse = function (container, callback) { var xml, doc, inResponseTo; Q.fcall(function(){ - xml = new Buffer(container.SAMLResponse, 'base64').toString('utf8'); + xml = Buffer.from(container.SAMLResponse, 'base64').toString('utf8'); doc = new xmldom.DOMParser({ }).parseFromString(xml); @@ -730,7 +730,7 @@ SAML.prototype.validateRedirect = function(container, callback) { var self = this; var samlMessageType = container.SAMLRequest ? 'SAMLRequest' : 'SAMLResponse'; - var data = new Buffer(container[samlMessageType], "base64"); + var data = Buffer.from(container[samlMessageType], "base64"); zlib.inflateRaw(data, function(err, inflated) { if (err) { return callback(err); @@ -1079,7 +1079,7 @@ SAML.prototype.checkAudienceValidityError = function(expectedAudience, audienceR SAML.prototype.validatePostRequest = function (container, callback) { var self = this; - var xml = new Buffer(container.SAMLRequest, 'base64').toString('utf8'); + var xml = Buffer.from(container.SAMLRequest, 'base64').toString('utf8'); var dom = new xmldom.DOMParser().parseFromString(xml); var parserConfig = { explicitRoot: true, diff --git a/test/tests.js b/test/tests.js index 4cd46def..08e190c0 100644 --- a/test/tests.js +++ b/test/tests.js @@ -527,7 +527,7 @@ describe( 'passport-saml /', function() { encodedSamlRequest = querystring.parse( query ).SAMLRequest; } - var buffer = new Buffer(encodedSamlRequest, 'base64'); + var buffer = Buffer.from(encodedSamlRequest, 'base64'); if (check.config.skipRequestCompression) helper(null, buffer); else @@ -828,7 +828,7 @@ describe( 'passport-saml /', function() { }); it('response with error status message should generate appropriate error', function(done) { var xml = 'https://idp.testshib.org/idp/shibbolethRequired NameID format not supported'; - var base64xml = new Buffer( xml ).toString('base64'); + var base64xml = Buffer.from( xml ).toString('base64'); var container = { SAMLResponse: base64xml }; var samlObj = new SAML( { cert: '-----BEGIN CERTIFICATE-----'+TEST_CERT+'-----END CERTIFICATE-----', @@ -844,7 +844,7 @@ describe( 'passport-saml /', function() { it('response with error status code should generate appropriate error', function(done) { var xml = 'https://idp.testshib.org/idp/shibboleth'; - var base64xml = new Buffer( xml ).toString('base64'); + var base64xml = Buffer.from( xml ).toString('base64'); var container = { SAMLResponse: base64xml }; var samlObj = new SAML( {} ); samlObj.validatePostResponse( container, function( err, profile, logout ) { @@ -897,7 +897,7 @@ describe( 'passport-saml /', function() { var xml = 'https://app.onelogin.com/saml/metadata/371755' + 'https://app.onelogin.com/saml/metadata/371755DCnPTQYBb1hKspbe6fg1U3q8xn4=e0+aFomA0+JAY0f9tKqzIuqIVSSw7LiFUsneEDKPBWdiTz1sMdgr/2y1e9+rjaS2mRmCi/vSQLY3zTYz0hp6nJNU19+TWoXo9kHQyWT4KkeQL4Xs/gZ/AoKC20iHVKtpPps0IQ0Ml/qRoouSitt6Sf/WDz2LV/pWcH2hx5tv3xSw36hK2NQc7qw7r1mEXnvcjXReYo8rrVf7XHGGxNoRIEICUIi110uvsWemSXf0Z0dyb0FVYOWuSsQMDlzNpheADBifFO4UTfSEhFZvn8kVCGZUIwrbOhZ2d/+YEtgyuTg+qtslgfy4dwd4TvEcfuRzQTazeefprSFyiQckAXOjcw=='+TEST_CERT+'ploer@subspacesw.com{audience}urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' + ''; - var base64xml = new Buffer( xml ).toString('base64'); + var base64xml = Buffer.from( xml ).toString('base64'); var container = { SAMLResponse: base64xml }; var samlObj = new SAML( samlConfig ); samlObj.validatePostResponse( container, function( err, profile, logout ) { @@ -911,7 +911,7 @@ describe( 'passport-saml /', function() { var xml = 'https://app.onelogin.com/saml/metadata/371755' + 'https://app.onelogin.com/saml/metadata/371755DCnPTQYBb1hKspbe6fg1U3q8xn4=e0+aFomA0+JAY0f9tKqzIuqIVSSw7LiFUsneEDKPBWdiTz1sMdgr/2y1e9+rjaS2mRmCi/vSQLY3zTYz0hp6nJNU19+TWoXo9kHQyWT4KkeQL4Xs/gZ/AoKC20iHVKtpPps0IQ0Ml/qRoouSitt6Sf/WDz2LV/pWcH2hx5tv3xSw36hK2NQc7qw7r1mEXnvcjXReYo8rrVf7XHGGxNoRIEICUIi110uvsWemSXf0Z0dyb0FVYOWuSsQMDlzNpheADBifFO4UTfSEhFZvn8kVCGZUIwrbOhZ2d/+YEtgyuTg+qtslgfy4dwd4TvEcfuRzQTazeefprSFyiQckAXOjcw=='+TEST_CERT+'ben@subspacesw.com{audience}urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' + ''; - var base64xml = new Buffer( xml ).toString('base64'); + var base64xml = Buffer.from( xml ).toString('base64'); var container = { SAMLResponse: base64xml }; var samlObj = new SAML( samlConfig ); samlObj.validatePostResponse( container, function( err, profile, logout ) { @@ -926,7 +926,7 @@ describe( 'passport-saml /', function() { 'https://app.onelogin.com/saml/metadata/371755DCnPTQYBb1hKspbe6fg1U3q8xn4=e0+aFomA0+JAY0f9tKqzIuqIVSSw7LiFUsneEDKPBWdiTz1sMdgr/2y1e9+rjaS2mRmCi/vSQLY3zTYz0hp6nJNU19+TWoXo9kHQyWT4KkeQL4Xs/gZ/AoKC20iHVKtpPps0IQ0Ml/qRoouSitt6Sf/WDz2LV/pWcH2hx5tv3xSw36hK2NQc7qw7r1mEXnvcjXReYo8rrVf7XHGGxNoRIEICUIi110uvsWemSXf0Z0dyb0FVYOWuSsQMDlzNpheADBifFO4UTfSEhFZvn8kVCGZUIwrbOhZ2d/+YEtgyuTg+qtslgfy4dwd4TvEcfuRzQTazeefprSFyiQckAXOjcw=='+TEST_CERT+'ploer@subspacesw.com{audience}urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' + 'https://app.onelogin.com/saml/metadata/371755DCnPTQYBb1hKspbe6fg1U3q8xn4=e0+aFomA0+JAY0f9tKqzIuqIVSSw7LiFUsneEDKPBWdiTz1sMdgr/2y1e9+rjaS2mRmCi/vSQLY3zTYz0hp6nJNU19+TWoXo9kHQyWT4KkeQL4Xs/gZ/AoKC20iHVKtpPps0IQ0Ml/qRoouSitt6Sf/WDz2LV/pWcH2hx5tv3xSw36hK2NQc7qw7r1mEXnvcjXReYo8rrVf7XHGGxNoRIEICUIi110uvsWemSXf0Z0dyb0FVYOWuSsQMDlzNpheADBifFO4UTfSEhFZvn8kVCGZUIwrbOhZ2d/+YEtgyuTg+qtslgfy4dwd4TvEcfuRzQTazeefprSFyiQckAXOjcw=='+TEST_CERT+'ben@subspacesw.com{audience}urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' + ''; - var base64xml = new Buffer( xml ).toString('base64'); + var base64xml = Buffer.from( xml ).toString('base64'); var container = { SAMLResponse: base64xml }; var samlObj = new SAML( samlConfig ); samlObj.validatePostResponse( container, function( err, profile, logout ) { @@ -941,7 +941,7 @@ describe( 'passport-saml /', function() { 'https://app.onelogin.com/saml/metadata/371755ben@subspacesw.com{audience}urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' + 'https://app.onelogin.com/saml/metadata/371755DCnPTQYBb1hKspbe6fg1U3q8xn4=e0+aFomA0+JAY0f9tKqzIuqIVSSw7LiFUsneEDKPBWdiTz1sMdgr/2y1e9+rjaS2mRmCi/vSQLY3zTYz0hp6nJNU19+TWoXo9kHQyWT4KkeQL4Xs/gZ/AoKC20iHVKtpPps0IQ0Ml/qRoouSitt6Sf/WDz2LV/pWcH2hx5tv3xSw36hK2NQc7qw7r1mEXnvcjXReYo8rrVf7XHGGxNoRIEICUIi110uvsWemSXf0Z0dyb0FVYOWuSsQMDlzNpheADBifFO4UTfSEhFZvn8kVCGZUIwrbOhZ2d/+YEtgyuTg+qtslgfy4dwd4TvEcfuRzQTazeefprSFyiQckAXOjcw=='+TEST_CERT+'ploer@subspacesw.com{audience}urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' + ''; - var base64xml = new Buffer( xml ).toString('base64'); + var base64xml = Buffer.from( xml ).toString('base64'); var container = { SAMLResponse: base64xml }; var samlObj = new SAML( samlConfig ); samlObj.validatePostResponse( container, function( err, profile, logout ) { @@ -959,7 +959,7 @@ describe( 'passport-saml /', function() { '' + 'ploer@subspacesw.com{audience}urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' + ''; - var base64xml = new Buffer( xml ).toString('base64'); + var base64xml = Buffer.from( xml ).toString('base64'); var container = { SAMLResponse: base64xml }; var samlObj = new SAML( samlConfig ); samlObj.validatePostResponse( container, function( err, profile, logout ) { @@ -980,7 +980,7 @@ describe( 'passport-saml /', function() { var xml = 'https://app.onelogin.com/saml/metadata/371755' + 'https://app.onelogin.com/saml/metadata/371755DCnPTQYBb1hKspbe6fg1U3q8xn4=e0+aFomA0+JAY0f9tKqzIuqIVSSw7LiFUsneEDKPBWdiTz1sMdgr/2y1e9+rjaS2mRmCi/vSQLY3zTYz0hp6nJNU19+TWoXo9kHQyWT4KkeQL4Xs/gZ/AoKC20iHVKtpPps0IQ0Ml/qRoouSitt6Sf/WDz2LV/pWcH2hx5tv3xSw36hK2NQc7qw7r1mEXnvcjXReYo8rrVf7XHGGxNoRIEICUIi110uvsWemSXf0Z0dyb0FVYOWuSsQMDlzNpheADBifFO4UTfSEhFZvn8kVCGZUIwrbOhZ2d/+YEtgyuTg+qtslgfy4dwd4TvEcfuRzQTazeefprSFyiQckAXOjcw==' + TEST_CERT + 'ploer@subspacesw.com{audience}urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' + ''; - var base64xml = new Buffer( xml ).toString('base64'); + var base64xml = Buffer.from( xml ).toString('base64'); var container = { SAMLResponse: base64xml }; var samlObj = new SAML( multiCertSamlConfig ); samlObj.validatePostResponse( container, function( err, profile, logout ) { @@ -989,7 +989,7 @@ describe( 'passport-saml /', function() { done(); }); }); - + it( 'cert as a function should validate with the returned cert', function( done ) { var functionCertSamlConfig = { entryPoint: samlConfig.entryPoint, @@ -998,7 +998,7 @@ describe( 'passport-saml /', function() { var xml = 'https://app.onelogin.com/saml/metadata/371755' + 'https://app.onelogin.com/saml/metadata/371755DCnPTQYBb1hKspbe6fg1U3q8xn4=e0+aFomA0+JAY0f9tKqzIuqIVSSw7LiFUsneEDKPBWdiTz1sMdgr/2y1e9+rjaS2mRmCi/vSQLY3zTYz0hp6nJNU19+TWoXo9kHQyWT4KkeQL4Xs/gZ/AoKC20iHVKtpPps0IQ0Ml/qRoouSitt6Sf/WDz2LV/pWcH2hx5tv3xSw36hK2NQc7qw7r1mEXnvcjXReYo8rrVf7XHGGxNoRIEICUIi110uvsWemSXf0Z0dyb0FVYOWuSsQMDlzNpheADBifFO4UTfSEhFZvn8kVCGZUIwrbOhZ2d/+YEtgyuTg+qtslgfy4dwd4TvEcfuRzQTazeefprSFyiQckAXOjcw==' + TEST_CERT + 'ploer@subspacesw.com{audience}urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' + ''; - var base64xml = new Buffer( xml ).toString('base64'); + var base64xml = Buffer.from( xml ).toString('base64'); var container = { SAMLResponse: base64xml }; var samlObj = new SAML( functionCertSamlConfig ); samlObj.validatePostResponse( container, function( err, profile, logout ) { @@ -1007,7 +1007,7 @@ describe( 'passport-saml /', function() { done(); }); }); - + it( 'cert as a function should validate with one of the returned certs', function( done ) { var functionMultiCertSamlConfig = { entryPoint: samlConfig.entryPoint, @@ -1020,7 +1020,7 @@ describe( 'passport-saml /', function() { var xml = 'https://app.onelogin.com/saml/metadata/371755' + 'https://app.onelogin.com/saml/metadata/371755DCnPTQYBb1hKspbe6fg1U3q8xn4=e0+aFomA0+JAY0f9tKqzIuqIVSSw7LiFUsneEDKPBWdiTz1sMdgr/2y1e9+rjaS2mRmCi/vSQLY3zTYz0hp6nJNU19+TWoXo9kHQyWT4KkeQL4Xs/gZ/AoKC20iHVKtpPps0IQ0Ml/qRoouSitt6Sf/WDz2LV/pWcH2hx5tv3xSw36hK2NQc7qw7r1mEXnvcjXReYo8rrVf7XHGGxNoRIEICUIi110uvsWemSXf0Z0dyb0FVYOWuSsQMDlzNpheADBifFO4UTfSEhFZvn8kVCGZUIwrbOhZ2d/+YEtgyuTg+qtslgfy4dwd4TvEcfuRzQTazeefprSFyiQckAXOjcw==' + TEST_CERT + 'ploer@subspacesw.com{audience}urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' + ''; - var base64xml = new Buffer( xml ).toString('base64'); + var base64xml = Buffer.from( xml ).toString('base64'); var container = { SAMLResponse: base64xml }; var samlObj = new SAML( functionMultiCertSamlConfig ); samlObj.validatePostResponse( container, function( err, profile, logout ) { @@ -1039,7 +1039,7 @@ describe( 'passport-saml /', function() { var xml = 'https://app.onelogin.com/saml/metadata/371755' + 'https://app.onelogin.com/saml/metadata/371755DCnPTQYBb1hKspbe6fg1U3q8xn4=e0+aFomA0+JAY0f9tKqzIuqIVSSw7LiFUsneEDKPBWdiTz1sMdgr/2y1e9+rjaS2mRmCi/vSQLY3zTYz0hp6nJNU19+TWoXo9kHQyWT4KkeQL4Xs/gZ/AoKC20iHVKtpPps0IQ0Ml/qRoouSitt6Sf/WDz2LV/pWcH2hx5tv3xSw36hK2NQc7qw7r1mEXnvcjXReYo8rrVf7XHGGxNoRIEICUIi110uvsWemSXf0Z0dyb0FVYOWuSsQMDlzNpheADBifFO4UTfSEhFZvn8kVCGZUIwrbOhZ2d/+YEtgyuTg+qtslgfy4dwd4TvEcfuRzQTazeefprSFyiQckAXOjcw==' + TEST_CERT + 'ploer@subspacesw.com{audience}urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' + ''; - var base64xml = new Buffer( xml ).toString('base64'); + var base64xml = Buffer.from( xml ).toString('base64'); var container = { SAMLResponse: base64xml }; var samlObj = new SAML( functionErrorCertSamlConfig ); samlObj.validatePostResponse( container, function( err, profile, logout ) { @@ -1370,7 +1370,7 @@ describe( 'passport-saml /', function() { var xml = 'https://app.onelogin.com/saml/metadata/371755' + 'https://app.onelogin.com/saml/metadata/371755DCnPTQYBb1hKspbe6fg1U3q8xn4=e0+aFomA0+JAY0f9tKqzIuqIVSSw7LiFUsneEDKPBWdiTz1sMdgr/2y1e9+rjaS2mRmCi/vSQLY3zTYz0hp6nJNU19+TWoXo9kHQyWT4KkeQL4Xs/gZ/AoKC20iHVKtpPps0IQ0Ml/qRoouSitt6Sf/WDz2LV/pWcH2hx5tv3xSw36hK2NQc7qw7r1mEXnvcjXReYo8rrVf7XHGGxNoRIEICUIi110uvsWemSXf0Z0dyb0FVYOWuSsQMDlzNpheADBifFO4UTfSEhFZvn8kVCGZUIwrbOhZ2d/+YEtgyuTg+qtslgfy4dwd4TvEcfuRzQTazeefprSFyiQckAXOjcw=='+TEST_CERT+'ploer@subspacesw.com{audience}urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' + ''; - var base64xml = new Buffer( xml ).toString('base64'); + var base64xml = Buffer.from( xml ).toString('base64'); var container = { SAMLResponse: base64xml }; var samlConfig = { @@ -1401,7 +1401,7 @@ describe( 'passport-saml /', function() { var xml = 'https://app.onelogin.com/saml/metadata/371755' + 'https://app.onelogin.com/saml/metadata/371755DCnPTQYBb1hKspbe6fg1U3q8xn4=e0+aFomA0+JAY0f9tKqzIuqIVSSw7LiFUsneEDKPBWdiTz1sMdgr/2y1e9+rjaS2mRmCi/vSQLY3zTYz0hp6nJNU19+TWoXo9kHQyWT4KkeQL4Xs/gZ/AoKC20iHVKtpPps0IQ0Ml/qRoouSitt6Sf/WDz2LV/pWcH2hx5tv3xSw36hK2NQc7qw7r1mEXnvcjXReYo8rrVf7XHGGxNoRIEICUIi110uvsWemSXf0Z0dyb0FVYOWuSsQMDlzNpheADBifFO4UTfSEhFZvn8kVCGZUIwrbOhZ2d/+YEtgyuTg+qtslgfy4dwd4TvEcfuRzQTazeefprSFyiQckAXOjcw=='+TEST_CERT+'ploer@subspacesw.com{audience}urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' + ''; - var base64xml = new Buffer( xml ).toString('base64'); + var base64xml = Buffer.from( xml ).toString('base64'); var container = { SAMLResponse: base64xml }; var samlConfig = { @@ -1423,7 +1423,7 @@ describe( 'passport-saml /', function() { it( 'xml document with SubjectConfirmation InResponseTo from request should be valid', function(done){ var requestId = '_dfab47d5d46374cd4b71'; var xml = 'Verizon IDP HubQecaVjMY/2M4VMJsakvX8uh2Mrg=QTJ//ZHEQRe9/nA5qTkhECZc2u6M1dHzTkujKBedskLSRPL8LRBb4Yftla0zu848sYvLd3SXzEysYu/jrAjaVDevYZIAdyj/3HCw8pS0ZnQDaCgYuAkH4JmYxBfW1Sc9Kr0vbR58ihwWOZd4xHIn/b8xLs8WNsyTHix2etrLGznioLwTOBO3+SgjwSiSP9NUhrlOvolbuu/6xhLi37/L08JaBvOw3o0k4V8xS87SFczhm4f6wvQM5mP6sZAreoNcWZqQM7vIHFjL0/H9vTaLAN8+fQOc81xFtateTKwFQlJMUmdWKZ8L7ns0Uf1xASQjXtSAACbXI+PuVLjz8nnm3g==MIIC7TCCAdmgAwIBAgIQuIdqos+9yKBC4oygbhtdfzAJBgUrDgMCHQUAMBIxEDAOBgNVBAMTB1Rlc3RTVFMwHhcNMTQwNDE2MTIyMTEwWhcNMzkxMjMxMjM1OTU5WjASMRAwDgYDVQQDEwdUZXN0U1RTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhReamVYbeOWwrrAvHPvS9KKBwv4Tj7wOSGDXbNgfjhSvVyXsnpYRcuoJkvE8b9tCjFTbXCfbhnaVrpoXaWFtP1YvUIZvCJGdOOTXltMNDlNIaFmsIsomza8IyOHXe+3xHWVtxO8FG3qnteSkkVIQuAvBqpPfQtxrXCZOlbQZm7q69QIQ64JvLJfRwHN1EywMBVwbJgrV8gBdE3RITI76coSOK13OBTlGtB0kGKLDrF2JW+5mB+WnFR7GlXUj+V0R9WStBomVipJEwr6Q3fU0deKZ5lLw0+qJ0T6APInwN5TIN/AbFCHd51aaf3zEP+tZacQ9fbZqy9XBAtL2pCAJQIDAQABo0cwRTBDBgNVHQEEPDA6gBDECazhZ8Ar+ULXb0YTs5MvoRQwEjEQMA4GA1UEAxMHVGVzdFNUU4IQuIdqos+9yKBC4oygbhtdfzAJBgUrDgMCHQUAA4IBAQAioMSOU9QFw+yhVxGUNK0p/ghVsHnYdeOE3vSRhmFPsetBt8S35sI4QwnQNiuiEYqp++FabiHgePOiqq5oeY6ekJik1qbs7fgwnaQXsxxSucHvc4BU81x24aKy6jeJzxmFxo3mh6y/OI1peCMSH48iUzmhnoSulp0+oAs3gMEFI0ONbgAA/XoAHaVEsrPj10i3gkztoGdpH0DYUe9rABOJxX/3mNF+dCVJG7t7BoSlNAWlSDErKciNNax1nBskFqNWNIKzUKBIb+GVKkIB2QpATMQB6Oe7inUdT9kkZ/Q7oPBATZk+3mFsIoWr8QRFSqvToOhun7EY2/VtuiV1d932Verizon IDP HubUIS/jochen-workUIS/jochen-workUIS usere9aba0c4-ece8-4b44-9526-d24418aa95dctestorgTest User::1'; - var base64xml = new Buffer( xml ).toString('base64'); + var base64xml = Buffer.from( xml ).toString('base64'); var container = { SAMLResponse: base64xml }; var samlConfig = { @@ -1451,7 +1451,7 @@ describe( 'passport-saml /', function() { it( 'xml document with SubjectConfirmation and missing InResponseTo from request should not be valid', function(done){ var requestId = '_dfab47d5d46374cd4b71'; var xml = 'Verizon IDP Hubc8xR7YMU8KAYbkV7Jx3WEBhIqso=jPOrsXdG/YVyGrykXYUbgVK7iX+tNFjMJnOA2iFWOjjtWco9M5DT9tyUsYAag4o4oDUEJribGWhCYn6nvQ24zfW+eJYGwbxO0TSZ26J0iuhnxr+MMFmJVGjxArD70dea0kITssqCxJNKUwmTqteAQ73+qk91H9E9IDoOjMwQERoyD4sAtvfJErRrRontvg9xeQ0BFtyMzJZkwU24QqHvoHyw9/dVO8/NFPydwjaI9uZMu6/QUYKKvkbf6VUXXQUHIiZgX0GCudpB908BqWIcj0dWv8oKGGajQWp+d8Jlx/nxbUTAs8vL1f0dxW3LYCZsDExHmjRQTBhM0pQVMT+HlA==MIICrjCCAZYCCQDWybyUsLVkXzANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDFA5hY21lX3Rvb2xzLmNvbTAeFw0xNTA4MTgwODQ3MzZaFw0yNTA4MTcwODQ3MzZaMBkxFzAVBgNVBAMUDmFjbWVfdG9vbHMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlyT+OzEymhaZFNfx4+HFxZbBP3egvcUgPvGa7wWCV7vyuCauLBqwO1FQqzaRDxkEihkHqmUz63D25v2QixLxXyqaFQ8TxDFKwYATtSL7x5G2Gww56H0L1XGgYdNW1akPx90P+USmVn1Wb//7AwU+TV+u4jIgKZyTaIFWdFlwBhlp4OBEHCyYwngFgMyVoCBsSmwb4if7Mi5T746J9ZMQpC+ts+kfzley59Nz55pa5fRLwu4qxFUv2oRdXAf2ZLuxB7DPQbRH82/ewZZ8N4BUGiQyAwOsHgp0sb9JJ8uEM/qhyS1dXXxjo+kxsI5HXhxp4P5R9VADuOquaLIo8ptIrQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBW/Y7leJnV76+6bzeqqi+buTLyWc1mASi5LVH68mdailg2WmGfKlSMLGzFkNtg8fJnfaRZ/GtxmSxhpQRHn63ZlyzqVrFcJa0qzPG21PXPHG/ny8pN+BV8fk74CIb/+YN7NvDUrV7jlsPxNT2rQk8G2fM7jsTMYvtz0MBkrZZsUzTv4rZkF/v44J/ACDirKJiE+TYArm70yQPweX6RvYHNZLSzgg4o+hoyBXo5BGQetAjmcIhC6ZOwN3iVhGjp0YpWM0pkqStPy3sIR0//LZbskWWlSRb0fX1c4632Xb+zikfec4DniYV6CxkB2U+plHpOX1rt1R+UiTEIhTSXPNt/Verizon IDP HubUIS/jochen-workUIS/jochen-workUIS usere9aba0c4-ece8-4b44-9526-d24418aa95dctestorgTest User::1'; - var base64xml = new Buffer( xml ).toString('base64'); + var base64xml = Buffer.from( xml ).toString('base64'); var container = { SAMLResponse: base64xml }; var samlConfig = { @@ -1476,7 +1476,7 @@ describe( 'passport-saml /', function() { it( 'xml document with SubjectConfirmation and missing InResponseTo from request should be not problematic if not validated', function(done){ var requestId = '_dfab47d5d46374cd4b71'; var xml = 'Verizon IDP Hubc8xR7YMU8KAYbkV7Jx3WEBhIqso=jPOrsXdG/YVyGrykXYUbgVK7iX+tNFjMJnOA2iFWOjjtWco9M5DT9tyUsYAag4o4oDUEJribGWhCYn6nvQ24zfW+eJYGwbxO0TSZ26J0iuhnxr+MMFmJVGjxArD70dea0kITssqCxJNKUwmTqteAQ73+qk91H9E9IDoOjMwQERoyD4sAtvfJErRrRontvg9xeQ0BFtyMzJZkwU24QqHvoHyw9/dVO8/NFPydwjaI9uZMu6/QUYKKvkbf6VUXXQUHIiZgX0GCudpB908BqWIcj0dWv8oKGGajQWp+d8Jlx/nxbUTAs8vL1f0dxW3LYCZsDExHmjRQTBhM0pQVMT+HlA==MIICrjCCAZYCCQDWybyUsLVkXzANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDFA5hY21lX3Rvb2xzLmNvbTAeFw0xNTA4MTgwODQ3MzZaFw0yNTA4MTcwODQ3MzZaMBkxFzAVBgNVBAMUDmFjbWVfdG9vbHMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlyT+OzEymhaZFNfx4+HFxZbBP3egvcUgPvGa7wWCV7vyuCauLBqwO1FQqzaRDxkEihkHqmUz63D25v2QixLxXyqaFQ8TxDFKwYATtSL7x5G2Gww56H0L1XGgYdNW1akPx90P+USmVn1Wb//7AwU+TV+u4jIgKZyTaIFWdFlwBhlp4OBEHCyYwngFgMyVoCBsSmwb4if7Mi5T746J9ZMQpC+ts+kfzley59Nz55pa5fRLwu4qxFUv2oRdXAf2ZLuxB7DPQbRH82/ewZZ8N4BUGiQyAwOsHgp0sb9JJ8uEM/qhyS1dXXxjo+kxsI5HXhxp4P5R9VADuOquaLIo8ptIrQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBW/Y7leJnV76+6bzeqqi+buTLyWc1mASi5LVH68mdailg2WmGfKlSMLGzFkNtg8fJnfaRZ/GtxmSxhpQRHn63ZlyzqVrFcJa0qzPG21PXPHG/ny8pN+BV8fk74CIb/+YN7NvDUrV7jlsPxNT2rQk8G2fM7jsTMYvtz0MBkrZZsUzTv4rZkF/v44J/ACDirKJiE+TYArm70yQPweX6RvYHNZLSzgg4o+hoyBXo5BGQetAjmcIhC6ZOwN3iVhGjp0YpWM0pkqStPy3sIR0//LZbskWWlSRb0fX1c4632Xb+zikfec4DniYV6CxkB2U+plHpOX1rt1R+UiTEIhTSXPNt/Verizon IDP HubUIS/jochen-workUIS/jochen-workUIS usere9aba0c4-ece8-4b44-9526-d24418aa95dctestorgTest User::1'; - var base64xml = new Buffer( xml ).toString('base64'); + var base64xml = Buffer.from( xml ).toString('base64'); var container = { SAMLResponse: base64xml }; var samlConfig = { @@ -1505,7 +1505,7 @@ describe( 'passport-saml /', function() { it( 'xml document with multiple AttributeStatements should have all attributes present on profile', function(done){ var requestId = '_dfab47d5d46374cd4b71'; var xml = 'Verizon IDP HubVerizon IDP HubUIS/jochen-workUIS/jochen-workUIS usere9aba0c4-ece8-4b44-9526-d24418aa95dctestorgTest User::1qD+sVCaEdy1dTJoUQdo6o+tYsuU=aLl+1yT7zdT4WnRXKh9cx7WWZnUi/NoxMJWhXP5d+Zu9A4/fjKApSywimU0MTTQxYpvZLjOZPsSwmvc1boJOlXveDsL7A3YWi/f7/zqlVWOfXLE8TVLqUE4jtLsJHFWIJXmh8CI0loqQNf6QcYi9BwCK82FhhXC+qWA5WCZIIWUUMxjxnPbunQ7mninEeW568wqyhb9pLV8QkThzZrZINCqxNvWyGuK/XGPx7ciD6ywbBkdOjlDbwRMaKQ9YeCzZGGzJwOe/NuCXj+oUyzfmzUCobIIR0HYLc4B5UplL7XIKQzpOA2lDDsLe6ZzdTv1qjxSm+dlVfo24onmiPlQUgA=='; - var base64xml = new Buffer( xml ).toString('base64'); + var base64xml = Buffer.from( xml ).toString('base64'); var container = { SAMLResponse: base64xml }; var samlConfig = { @@ -1616,7 +1616,7 @@ describe( 'passport-saml /', function() { var xml = 'https://app.onelogin.com/saml/metadata/371755' + 'https://app.onelogin.com/saml/metadata/371755DCnPTQYBb1hKspbe6fg1U3q8xn4=e0+aFomA0+JAY0f9tKqzIuqIVSSw7LiFUsneEDKPBWdiTz1sMdgr/2y1e9+rjaS2mRmCi/vSQLY3zTYz0hp6nJNU19+TWoXo9kHQyWT4KkeQL4Xs/gZ/AoKC20iHVKtpPps0IQ0Ml/qRoouSitt6Sf/WDz2LV/pWcH2hx5tv3xSw36hK2NQc7qw7r1mEXnvcjXReYo8rrVf7XHGGxNoRIEICUIi110uvsWemSXf0Z0dyb0FVYOWuSsQMDlzNpheADBifFO4UTfSEhFZvn8kVCGZUIwrbOhZ2d/+YEtgyuTg+qtslgfy4dwd4TvEcfuRzQTazeefprSFyiQckAXOjcw=='+TEST_CERT+'ploer@subspacesw.com{audience}urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' + ''; - var base64xml = new Buffer( xml ).toString('base64'); + var base64xml = Buffer.from( xml ).toString('base64'); var container = { SAMLResponse: base64xml }; var samlObj = new SAML( samlConfig ); @@ -1635,7 +1635,7 @@ describe( 'passport-saml /', function() { var xml = 'https://app.onelogin.com/saml/metadata/371755' + 'https://app.onelogin.com/saml/metadata/371755DCnPTQYBb1hKspbe6fg1U3q8xn4=e0+aFomA0+JAY0f9tKqzIuqIVSSw7LiFUsneEDKPBWdiTz1sMdgr/2y1e9+rjaS2mRmCi/vSQLY3zTYz0hp6nJNU19+TWoXo9kHQyWT4KkeQL4Xs/gZ/AoKC20iHVKtpPps0IQ0Ml/qRoouSitt6Sf/WDz2LV/pWcH2hx5tv3xSw36hK2NQc7qw7r1mEXnvcjXReYo8rrVf7XHGGxNoRIEICUIi110uvsWemSXf0Z0dyb0FVYOWuSsQMDlzNpheADBifFO4UTfSEhFZvn8kVCGZUIwrbOhZ2d/+YEtgyuTg+qtslgfy4dwd4TvEcfuRzQTazeefprSFyiQckAXOjcw=='+TEST_CERT+'ploer@subspacesw.com{audience}urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' + ''; - var base64xml = new Buffer( xml ).toString('base64'); + var base64xml = Buffer.from( xml ).toString('base64'); var container = { SAMLResponse: base64xml }; var samlObj = new SAML( samlConfig ); @@ -1654,7 +1654,7 @@ describe( 'passport-saml /', function() { var xml = 'https://app.onelogin.com/saml/metadata/371755' + 'https://app.onelogin.com/saml/metadata/371755DCnPTQYBb1hKspbe6fg1U3q8xn4=e0+aFomA0+JAY0f9tKqzIuqIVSSw7LiFUsneEDKPBWdiTz1sMdgr/2y1e9+rjaS2mRmCi/vSQLY3zTYz0hp6nJNU19+TWoXo9kHQyWT4KkeQL4Xs/gZ/AoKC20iHVKtpPps0IQ0Ml/qRoouSitt6Sf/WDz2LV/pWcH2hx5tv3xSw36hK2NQc7qw7r1mEXnvcjXReYo8rrVf7XHGGxNoRIEICUIi110uvsWemSXf0Z0dyb0FVYOWuSsQMDlzNpheADBifFO4UTfSEhFZvn8kVCGZUIwrbOhZ2d/+YEtgyuTg+qtslgfy4dwd4TvEcfuRzQTazeefprSFyiQckAXOjcw=='+TEST_CERT+'ploer@subspacesw.com{audience}urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' + ''; - var base64xml = new Buffer( xml ).toString('base64'); + var base64xml = Buffer.from( xml ).toString('base64'); var container = { SAMLResponse: base64xml }; var samlObj = new SAML( samlConfig ); @@ -1673,7 +1673,7 @@ describe( 'passport-saml /', function() { var xml = 'https://app.onelogin.com/saml/metadata/371755' + 'https://app.onelogin.com/saml/metadata/371755DCnPTQYBb1hKspbe6fg1U3q8xn4=e0+aFomA0+JAY0f9tKqzIuqIVSSw7LiFUsneEDKPBWdiTz1sMdgr/2y1e9+rjaS2mRmCi/vSQLY3zTYz0hp6nJNU19+TWoXo9kHQyWT4KkeQL4Xs/gZ/AoKC20iHVKtpPps0IQ0Ml/qRoouSitt6Sf/WDz2LV/pWcH2hx5tv3xSw36hK2NQc7qw7r1mEXnvcjXReYo8rrVf7XHGGxNoRIEICUIi110uvsWemSXf0Z0dyb0FVYOWuSsQMDlzNpheADBifFO4UTfSEhFZvn8kVCGZUIwrbOhZ2d/+YEtgyuTg+qtslgfy4dwd4TvEcfuRzQTazeefprSFyiQckAXOjcw=='+TEST_CERT+'ploer@subspacesw.com{audience}urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' + ''; - var base64xml = new Buffer( xml ).toString('base64'); + var base64xml = Buffer.from( xml ).toString('base64'); var container = { SAMLResponse: base64xml }; var samlObj = new SAML( samlConfig ); @@ -1692,7 +1692,7 @@ describe( 'passport-saml /', function() { var xml = 'https://app.onelogin.com/saml/metadata/371755' + 'https://app.onelogin.com/saml/metadata/371755DCnPTQYBb1hKspbe6fg1U3q8xn4=e0+aFomA0+JAY0f9tKqzIuqIVSSw7LiFUsneEDKPBWdiTz1sMdgr/2y1e9+rjaS2mRmCi/vSQLY3zTYz0hp6nJNU19+TWoXo9kHQyWT4KkeQL4Xs/gZ/AoKC20iHVKtpPps0IQ0Ml/qRoouSitt6Sf/WDz2LV/pWcH2hx5tv3xSw36hK2NQc7qw7r1mEXnvcjXReYo8rrVf7XHGGxNoRIEICUIi110uvsWemSXf0Z0dyb0FVYOWuSsQMDlzNpheADBifFO4UTfSEhFZvn8kVCGZUIwrbOhZ2d/+YEtgyuTg+qtslgfy4dwd4TvEcfuRzQTazeefprSFyiQckAXOjcw=='+TEST_CERT+'ploer@subspacesw.com{audience}urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' + ''; - var base64xml = new Buffer( xml ).toString('base64'); + var base64xml = Buffer.from( xml ).toString('base64'); var container = { SAMLResponse: base64xml }; var samlObj = new SAML( samlConfig ); @@ -1711,7 +1711,7 @@ describe( 'passport-saml /', function() { var xml = 'https://app.onelogin.com/saml/metadata/371755' + 'https://app.onelogin.com/saml/metadata/371755DCnPTQYBb1hKspbe6fg1U3q8xn4=e0+aFomA0+JAY0f9tKqzIuqIVSSw7LiFUsneEDKPBWdiTz1sMdgr/2y1e9+rjaS2mRmCi/vSQLY3zTYz0hp6nJNU19+TWoXo9kHQyWT4KkeQL4Xs/gZ/AoKC20iHVKtpPps0IQ0Ml/qRoouSitt6Sf/WDz2LV/pWcH2hx5tv3xSw36hK2NQc7qw7r1mEXnvcjXReYo8rrVf7XHGGxNoRIEICUIi110uvsWemSXf0Z0dyb0FVYOWuSsQMDlzNpheADBifFO4UTfSEhFZvn8kVCGZUIwrbOhZ2d/+YEtgyuTg+qtslgfy4dwd4TvEcfuRzQTazeefprSFyiQckAXOjcw=='+TEST_CERT+'ploer@subspacesw.com{audience}urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' + ''; - var base64xml = new Buffer( xml ).toString('base64'); + var base64xml = Buffer.from( xml ).toString('base64'); var container = { SAMLResponse: base64xml }; var samlConfig = { @@ -1736,7 +1736,7 @@ describe( 'passport-saml /', function() { var xml = 'https://app.onelogin.com/saml/metadata/371755' + 'https://app.onelogin.com/saml/metadata/371755DCnPTQYBb1hKspbe6fg1U3q8xn4=e0+aFomA0+JAY0f9tKqzIuqIVSSw7LiFUsneEDKPBWdiTz1sMdgr/2y1e9+rjaS2mRmCi/vSQLY3zTYz0hp6nJNU19+TWoXo9kHQyWT4KkeQL4Xs/gZ/AoKC20iHVKtpPps0IQ0Ml/qRoouSitt6Sf/WDz2LV/pWcH2hx5tv3xSw36hK2NQc7qw7r1mEXnvcjXReYo8rrVf7XHGGxNoRIEICUIi110uvsWemSXf0Z0dyb0FVYOWuSsQMDlzNpheADBifFO4UTfSEhFZvn8kVCGZUIwrbOhZ2d/+YEtgyuTg+qtslgfy4dwd4TvEcfuRzQTazeefprSFyiQckAXOjcw=='+TEST_CERT+'ploer@subspacesw.comurn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' + ''; - var base64xml = new Buffer( xml ).toString('base64'); + var base64xml = Buffer.from( xml ).toString('base64'); var container = { SAMLResponse: base64xml }; var samlConfig = { @@ -1757,7 +1757,7 @@ describe( 'passport-saml /', function() { var xml = 'https://app.onelogin.com/saml/metadata/371755' + 'https://app.onelogin.com/saml/metadata/371755DCnPTQYBb1hKspbe6fg1U3q8xn4=e0+aFomA0+JAY0f9tKqzIuqIVSSw7LiFUsneEDKPBWdiTz1sMdgr/2y1e9+rjaS2mRmCi/vSQLY3zTYz0hp6nJNU19+TWoXo9kHQyWT4KkeQL4Xs/gZ/AoKC20iHVKtpPps0IQ0Ml/qRoouSitt6Sf/WDz2LV/pWcH2hx5tv3xSw36hK2NQc7qw7r1mEXnvcjXReYo8rrVf7XHGGxNoRIEICUIi110uvsWemSXf0Z0dyb0FVYOWuSsQMDlzNpheADBifFO4UTfSEhFZvn8kVCGZUIwrbOhZ2d/+YEtgyuTg+qtslgfy4dwd4TvEcfuRzQTazeefprSFyiQckAXOjcw=='+TEST_CERT+'ploer@subspacesw.com{audience}urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' + ''; - var base64xml = new Buffer( xml ).toString('base64'); + var base64xml = Buffer.from( xml ).toString('base64'); var container = { SAMLResponse: base64xml }; var samlConfig = { @@ -1778,7 +1778,7 @@ describe( 'passport-saml /', function() { var xml = 'https://app.onelogin.com/saml/metadata/371755' + 'https://app.onelogin.com/saml/metadata/371755DCnPTQYBb1hKspbe6fg1U3q8xn4=e0+aFomA0+JAY0f9tKqzIuqIVSSw7LiFUsneEDKPBWdiTz1sMdgr/2y1e9+rjaS2mRmCi/vSQLY3zTYz0hp6nJNU19+TWoXo9kHQyWT4KkeQL4Xs/gZ/AoKC20iHVKtpPps0IQ0Ml/qRoouSitt6Sf/WDz2LV/pWcH2hx5tv3xSw36hK2NQc7qw7r1mEXnvcjXReYo8rrVf7XHGGxNoRIEICUIi110uvsWemSXf0Z0dyb0FVYOWuSsQMDlzNpheADBifFO4UTfSEhFZvn8kVCGZUIwrbOhZ2d/+YEtgyuTg+qtslgfy4dwd4TvEcfuRzQTazeefprSFyiQckAXOjcw=='+TEST_CERT+'ploer@subspacesw.comhttp://sp.example.comurn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' + ''; - var base64xml = new Buffer( xml ).toString('base64'); + var base64xml = Buffer.from( xml ).toString('base64'); var container = { SAMLResponse: base64xml }; var samlConfig = { From b384277361bdda2003152b4a1801e3d8dd3696c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Lun=C3=B8e?= Date: Thu, 29 Nov 2018 00:10:40 +0100 Subject: [PATCH 13/38] Create a way to get provider metadata when using the MultiSamlStrategy This adds a function to pass in a request along with the other `generateServiceProviderMetadata` arguments to retrieve provider metadata when using the MultiSamlStrategy. If there is no request, we cannot call the `_getSamlOptions`-function to retrieve all the necessary options to call the `generateServiceProviderMetadata`-function with. --- README.md | 2 ++ multiSamlStrategy.js | 13 ++++++++ test/multiSamlStrategy.js | 69 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 84 insertions(+) diff --git a/README.md b/README.md index 287c89e4..701b4cac 100644 --- a/README.md +++ b/README.md @@ -196,6 +196,8 @@ The `decryptionCert` argument should be a public certificate matching the `decry The `signingCert` argument should be a public certificate matching the `privateCert` and is required if the strategy is configured with a `privateCert`. +The `generateServiceProviderMetadata` method is also available on the `MultiSamlStrategy`, but needs an extra request and a callback argument (`generateServiceProviderMetadata( req, decryptionCert, signingCert, next )`), which are passed to the `getSamlOptions` to retrieve the correct configuration. + ## Security and signatures diff --git a/multiSamlStrategy.js b/multiSamlStrategy.js index ae15db7f..123d84e4 100644 --- a/multiSamlStrategy.js +++ b/multiSamlStrategy.js @@ -49,4 +49,17 @@ MultiSamlStrategy.prototype.logout = function (req, options) { }); }; +MultiSamlStrategy.prototype.generateServiceProviderMetadata = function( req, decryptionCert, signingCert, next ) { + var self = this; + + return this._getSamlOptions(req, function (err, samlOptions) { + if (err) { + return next(err); + } + + self._saml = new saml.SAML(samlOptions); + return next(null, self.constructor.super_.prototype.generateServiceProviderMetadata.call(self, decryptionCert, signingCert )); + }); +}; + module.exports = MultiSamlStrategy; diff --git a/test/multiSamlStrategy.js b/test/multiSamlStrategy.js index 39d7695f..1acc0912 100644 --- a/test/multiSamlStrategy.js +++ b/test/multiSamlStrategy.js @@ -154,3 +154,72 @@ describe('strategy#logout', function() { strategy.logout(); }); }); + +describe('strategy#generateServiceProviderMetadata', function() { + beforeEach(function() { + this.superGenerateServiceProviderMetadata = sinon.stub(SamlStrategy.prototype, 'generateServiceProviderMetadata').returns('My Metadata Result'); + }); + + afterEach(function() { + this.superGenerateServiceProviderMetadata.restore(); + }); + + it('calls super with request and generateServiceProviderMetadata options', function(done) { + var superGenerateServiceProviderMetadata = this.superGenerateServiceProviderMetadata; + function getSamlOptions (req, fn) { + fn(); + sinon.assert.calledOnce(superGenerateServiceProviderMetadata); + superGenerateServiceProviderMetadata.calledWith('bar', 'baz'); + req.should.eql('foo'); + done(); + }; + + + var strategy = new MultiSamlStrategy({ getSamlOptions: getSamlOptions }, verify); + strategy.generateServiceProviderMetadata('foo', 'bar', 'baz', function () {}); + }); + + it('passes options on to saml strategy', function(done) { + var passportOptions = { + passReqToCallback: true, + authnRequestBinding: 'HTTP-POST', + getSamlOptions: function (req, fn) { + fn(); + strategy._passReqToCallback.should.eql(true); + strategy._authnRequestBinding.should.eql('HTTP-POST'); + done(); + } + }; + + var strategy = new MultiSamlStrategy(passportOptions, verify); + strategy.generateServiceProviderMetadata('foo', 'bar', 'baz', function () {}); + }); + + it('should pass error to callback function', function(done) { + var passportOptions = { + getSamlOptions: function (req, fn) { + fn('My error'); + } + }; + + var strategy = new MultiSamlStrategy(passportOptions, verify); + strategy.generateServiceProviderMetadata('foo', 'bar', 'baz', function (error, result) { + should(error).equal('My error'); + done(); + }); + }); + + it('should pass result to callback function', function(done) { + var passportOptions = { + getSamlOptions: function (req, fn) { + fn(); + } + }; + + var strategy = new MultiSamlStrategy(passportOptions, verify); + strategy.generateServiceProviderMetadata('foo', 'bar', 'baz', function (error, result) { + should(result).equal('My Metadata Result'); + done(); + }); + }); +}); From 47d011884d312db10f20de25d73edd642d2ea1ec Mon Sep 17 00:00:00 2001 From: lpamlie <34286235+lpamlie@users.noreply.github.com> Date: Mon, 11 Feb 2019 15:43:08 -0500 Subject: [PATCH 14/38] update xml crypto to 1.1.4 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 87f2d341..10e59b47 100644 --- a/package.json +++ b/package.json @@ -30,7 +30,7 @@ "debug": "^3.1.0", "passport-strategy": "*", "q": "^1.5.0", - "xml-crypto": "^1.1.2", + "xml-crypto": "^1.1.4", "xml-encryption": "^0.11.0", "xml2js": "0.4.x", "xmlbuilder": "^9.0.4", From 5ae1fa30424e27a8ea773f93d2dd2cc3e5532cd7 Mon Sep 17 00:00:00 2001 From: Andkrist Date: Tue, 5 Mar 2019 13:22:28 +0100 Subject: [PATCH 15/38] update gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index d5733f98..f5c02731 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ node_modules/ .tern-port +.idea \ No newline at end of file From 53bfd7dbb5849f5a8dd214f8d286f3a3c9039fc0 Mon Sep 17 00:00:00 2001 From: Andkrist Date: Thu, 7 Mar 2019 11:16:04 +0100 Subject: [PATCH 16/38] Set explicitChar to true when parsing xml. Now character content of a element should be accessed only through ._ --- lib/passport-saml/saml.js | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/lib/passport-saml/saml.js b/lib/passport-saml/saml.js index 8fe7e80c..a43319e0 100644 --- a/lib/passport-saml/saml.js +++ b/lib/passport-saml/saml.js @@ -739,6 +739,7 @@ SAML.prototype.validateRedirect = function(container, callback) { var dom = new xmldom.DOMParser().parseFromString(inflated.toString()); var parserConfig = { explicitRoot: true, + explicitCharKey: true, tagNameProcessors: [xml2js.processors.stripPrefix] }; var parser = new xml2js.Parser(parserConfig); @@ -855,8 +856,8 @@ SAML.prototype.verifyIssuer = function (samlMessage) { if(this.options.idpIssuer) { var issuer = samlMessage.Issuer; if (issuer) { - if (issuer[0] !== this.options.idpIssuer && issuer[0]._ !== this.options.idpIssuer) - throw 'Unknown SAML issuer. Expected: ' + this.options.idpIssuer + ' Received: ' + issuer[0]; + if (issuer[0]._ !== this.options.idpIssuer) + throw 'Unknown SAML issuer. Expected: ' + this.options.idpIssuer + ' Received: ' + issuer[0]._; } else { throw 'Missing SAML issuer'; } @@ -868,6 +869,7 @@ SAML.prototype.processValidlySignedAssertion = function(xml, samlResponseXml, in var msg; var parserConfig = { explicitRoot: true, + explicitCharkey: true, tagNameProcessors: [xml2js.processors.stripPrefix] }; var nowMs = new Date().getTime(); @@ -881,8 +883,8 @@ SAML.prototype.processValidlySignedAssertion = function(xml, samlResponseXml, in assertion = doc.Assertion; var issuer = assertion.Issuer; - if (issuer) { - profile.issuer = issuer[0]; + if (issuer && issuer[0]._) { + profile.issuer = issuer[0]._; } var authnStatement = assertion.AuthnStatement; @@ -896,8 +898,8 @@ SAML.prototype.processValidlySignedAssertion = function(xml, samlResponseXml, in var subjectConfirmation, confirmData; if (subject) { var nameID = subject[0].NameID; - if (nameID) { - profile.nameID = nameID[0]._ || nameID[0]; + if (nameID && nameID[0]._) { + profile.nameID = nameID[0]._; if (nameID[0].$ && nameID[0].$.Format) { profile.nameIDFormat = nameID[0].$.Format; @@ -1061,10 +1063,10 @@ SAML.prototype.checkAudienceValidityError = function(expectedAudience, audienceR return new Error('SAML assertion has no AudienceRestriction'); } var errors = audienceRestrictions.map(function(restriction) { - if (!restriction.Audience || !restriction.Audience[0]) { + if (!restriction.Audience || !restriction.Audience[0] || !restriction.Audience[0]._) { return new Error('SAML assertion AudienceRestriction has no Audience value'); } - if (restriction.Audience[0] !== expectedAudience) { + if (restriction.Audience[0]._ !== expectedAudience) { return new Error('SAML assertion audience mismatch'); } return null; @@ -1083,6 +1085,7 @@ SAML.prototype.validatePostRequest = function (container, callback) { var dom = new xmldom.DOMParser().parseFromString(xml); var parserConfig = { explicitRoot: true, + explicitCharkey: true, tagNameProcessors: [xml2js.processors.stripPrefix] }; var parser = new xml2js.Parser(parserConfig); @@ -1116,15 +1119,15 @@ function processValidlySignedPostRequest(self, doc, callback) { return callback(new Error('Missing SAML LogoutRequest ID')); } var issuer = request.Issuer; - if (issuer) { - profile.issuer = issuer[0]; + if (issuer && issuer[0]._) { + profile.issuer = issuer[0]._; } else { return callback(new Error('Missing SAML issuer')); } var nameID = request.NameID; if (nameID) { - profile.nameID = nameID[0]._ || nameID[0]; + profile.nameID = nameID[0]._; if (nameID[0].$ && nameID[0].$.Format) { profile.nameIDFormat = nameID[0].$.Format; From 98f1be76baadf2ee05ff377d68f76c1158baaf12 Mon Sep 17 00:00:00 2001 From: Mark Stosberg Date: Tue, 12 Mar 2019 14:11:54 -0400 Subject: [PATCH 17/38] deps: bump deps Some deps had warnings about being outdated. --- package.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/package.json b/package.json index 10e59b47..ae20ad77 100644 --- a/package.json +++ b/package.json @@ -33,18 +33,18 @@ "xml-crypto": "^1.1.4", "xml-encryption": "^0.11.0", "xml2js": "0.4.x", - "xmlbuilder": "^9.0.4", + "xmlbuilder": "^11.0.0", "xmldom": "0.1.x" }, "devDependencies": { "body-parser": "^1.17.1", "express": "^4.16.2", - "jshint": "*", - "mocha": "*", + "jshint": "^2.10.1", + "mocha": "^6.0.2", "passport": "0.4.x", "request": "^2.83.0", "should": "*", - "sinon": "^2.1.0" + "sinon": "^7.2.7" }, "engines": { "node": ">= 6" From b99deb1b83e62187ec06dc3384c46c9f8dda5092 Mon Sep 17 00:00:00 2001 From: Ville Miekk-oja Date: Thu, 14 Feb 2019 17:14:41 +0200 Subject: [PATCH 18/38] InResponseTo support for logout --- lib/passport-saml/saml.js | 16 ++++--- test/tests.js | 92 ++++++++++++++++++++++++++++++--------- 2 files changed, 83 insertions(+), 25 deletions(-) diff --git a/lib/passport-saml/saml.js b/lib/passport-saml/saml.js index a43319e0..1ea39042 100644 --- a/lib/passport-saml/saml.js +++ b/lib/passport-saml/saml.js @@ -261,7 +261,10 @@ SAML.prototype.generateLogoutRequest = function (req) { }; } - return xmlbuilder.create(request).end(); + return Q.ninvoke(this.cacheProvider, 'save', id, instant) + .then(function() { + return xmlbuilder.create(request).end(); + }); }; SAML.prototype.generateLogoutResponse = function (req, logoutRequest) { @@ -467,10 +470,13 @@ SAML.prototype.getAuthorizeForm = function (req, callback) { }; SAML.prototype.getLogoutUrl = function(req, options, callback) { - var request = this.generateLogoutRequest(req); - var operation = 'logout'; - var overrideParams = options ? options.additionalParams || {} : {}; - this.requestToUrl(request, null, operation, this.getAdditionalParams(req, operation, overrideParams), callback); + var self = this; + return self.generateLogoutRequest(req) + .then(function(request) { + var operation = 'logout'; + var overrideParams = options ? options.additionalParams || {} : {}; + return self.requestToUrl(request, null, operation, self.getAdditionalParams(req, operation, overrideParams), callback); + }); }; SAML.prototype.getLogoutResponseUrl = function(req, options, callback) { diff --git a/test/tests.js b/test/tests.js index 08e190c0..b7c2c025 100644 --- a/test/tests.js +++ b/test/tests.js @@ -589,18 +589,21 @@ describe( 'passport-saml /', function() { 'saml:NameID': [ { _: 'bar', '$': { Format: 'foo' } } ] } }; var samlObj = new SAML( { entryPoint: "foo" } ); - var logoutRequest = samlObj.generateLogoutRequest({ + var logoutRequestPromise = samlObj.generateLogoutRequest({ user: { nameIDFormat: 'foo', nameID: 'bar' } }); - parseString( logoutRequest, function( err, doc ) { - delete doc['samlp:LogoutRequest']['$']["ID"]; - delete doc['samlp:LogoutRequest']['$']["IssueInstant"]; - doc.should.eql( expectedRequest ); - done(); - }); + + logoutRequestPromise.then(function(logoutRequest) { + parseString( logoutRequest, function( err, doc ) { + delete doc['samlp:LogoutRequest']['$']["ID"]; + delete doc['samlp:LogoutRequest']['$']["IssueInstant"]; + doc.should.eql( expectedRequest ); + done(); + }); + }) }); it( 'generateLogoutRequest adds the NameQualifier and SPNameQualifier to the saml request', function( done ) { @@ -621,7 +624,7 @@ describe( 'passport-saml /', function() { NameQualifier: 'Identity Provider' } } ] } }; var samlObj = new SAML( { entryPoint: "foo" } ); - var logoutRequest = samlObj.generateLogoutRequest({ + var logoutRequestPromise = samlObj.generateLogoutRequest({ user: { nameIDFormat: 'foo', nameID: 'bar', @@ -629,12 +632,15 @@ describe( 'passport-saml /', function() { spNameQualifier: 'Service Provider' } }); - parseString( logoutRequest, function( err, doc ) { - delete doc['samlp:LogoutRequest']['$']["ID"]; - delete doc['samlp:LogoutRequest']['$']["IssueInstant"]; - doc.should.eql( expectedRequest ); - done(); - }); + + logoutRequestPromise.then(function(logoutRequest) { + parseString( logoutRequest, function( err, doc ) { + delete doc['samlp:LogoutRequest']['$']["ID"]; + delete doc['samlp:LogoutRequest']['$']["IssueInstant"]; + doc.should.eql( expectedRequest ); + done(); + }); + }) }); it( 'generateLogoutResponse', function( done ) { @@ -680,19 +686,65 @@ describe( 'passport-saml /', function() { '$': { 'xmlns:saml2p': 'urn:oasis:names:tc:SAML:2.0:protocol' } } ] } }; var samlObj = new SAML( { entryPoint: "foo" } ); - var logoutRequest = samlObj.generateLogoutRequest({ + var logoutRequestPromise = samlObj.generateLogoutRequest({ user: { nameIDFormat: 'foo', nameID: 'bar', sessionIndex: 'session-id' } }); - parseString( logoutRequest, function( err, doc ) { - delete doc['samlp:LogoutRequest']['$']["ID"]; - delete doc['samlp:LogoutRequest']['$']["IssueInstant"]; - doc.should.eql( expectedRequest ); - done(); + + logoutRequestPromise.then(function(logoutRequest) { + parseString( logoutRequest, function( err, doc ) { + delete doc['samlp:LogoutRequest']['$']["ID"]; + delete doc['samlp:LogoutRequest']['$']["IssueInstant"]; + doc.should.eql( expectedRequest ); + done(); + }); + }) + }); + + it( 'generateLogoutRequest saves id and instant to cache', function( done ) { + var expectedRequest = { + 'samlp:LogoutRequest': + { '$': + { 'xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol', + 'xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion', + //ID: '_85ba0a112df1ffb57805', + Version: '2.0', + //IssueInstant: '2014-05-29T03:32:23Z', + Destination: 'foo' }, + 'saml:Issuer': + [ { _: 'onelogin_saml', + '$': { 'xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion' } } ], + 'saml:NameID': [ { _: 'bar', '$': { Format: 'foo' } } ], + 'saml2p:SessionIndex': + [ { _: 'session-id', + '$': { 'xmlns:saml2p': 'urn:oasis:names:tc:SAML:2.0:protocol' } } ] } }; + + var samlObj = new SAML( { entryPoint: "foo" } ); + var cacheSaveSpy = sinon.spy(samlObj.cacheProvider, 'save') + var logoutRequestPromise = samlObj.generateLogoutRequest({ + user: { + nameIDFormat: 'foo', + nameID: 'bar', + sessionIndex: 'session-id' + } }); + + logoutRequestPromise.then(function(logoutRequest) { + parseString( logoutRequest, function( err, doc ) { + + var id = doc['samlp:LogoutRequest']['$']["ID"]; + var issueInstant = doc['samlp:LogoutRequest']['$']["IssueInstant"]; + + id.should.be.an.instanceOf(String); + issueInstant.should.be.an.instanceOf(String); + cacheSaveSpy.called.should.eql(true); + cacheSaveSpy.calledWith(id, issueInstant).should.eql(true); + done(); + }); + }) }); describe( 'generateServiceProviderMetadata tests /', function() { From 663c127c000c542aa8226df6e22beb17f9c9d62a Mon Sep 17 00:00:00 2001 From: Jose Miguel Colella Date: Mon, 18 Mar 2019 14:48:30 -0400 Subject: [PATCH 19/38] Update README.md Change attributeName to unknown type to allow for use-case described in https://github.com/DefinitelyTyped/DefinitelyTyped/pull/33950. For example, you may extend the Profile object with an attribute `roles` which is an array of string. Having unknown still allows for typing enforcement, and yet is flexible to allow for these use-cases --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 701b4cac..3eac41cf 100644 --- a/README.md +++ b/README.md @@ -97,7 +97,7 @@ type Profile = { getSamlResponseXml(): string; // get the raw SAML response XML ID?: string; } & { - [attributeName: string]: string; // arbitrary `AttributeValue`s + [attributeName: string]: unknown; // arbitrary `AttributeValue`s } ``` From a4661393f4628910160842c3f928a2f2fe2dccd2 Mon Sep 17 00:00:00 2001 From: Antoine Date: Tue, 5 Mar 2019 09:19:41 +0100 Subject: [PATCH 20/38] :star: feat: add RequestedAuthnContext Comparison Type parameter test: add test for check the option comparisonType --- docs/adfs/README.md | 3 ++- lib/passport-saml/saml.js | 13 ++++++++++++- test/tests.js | 13 +++++++++++++ 3 files changed, 27 insertions(+), 2 deletions(-) diff --git a/docs/adfs/README.md b/docs/adfs/README.md index 3472df32..c076d546 100644 --- a/docs/adfs/README.md +++ b/docs/adfs/README.md @@ -56,7 +56,8 @@ passport.use(new SamlStrategy( acceptedClockSkewMs: -1, identifierFormat: null, // this is configured under the Advanced tab in AD FS relying party - signatureAlgorithm: 'sha256' + signatureAlgorithm: 'sha256', + comparisonType: 'exact', // default to exact RequestedAuthnContext Comparison Type }, function(profile, done) { return done(null, diff --git a/lib/passport-saml/saml.js b/lib/passport-saml/saml.js index 1ea39042..f74cee2f 100644 --- a/lib/passport-saml/saml.js +++ b/lib/passport-saml/saml.js @@ -80,6 +80,17 @@ SAML.prototype.initialize = function (options) { options.signatureAlgorithm = 'sha1'; } + /** + * List of possible values: + * - exact : Assertion context must exactly match a context in the list + * - minimum: Assertion context must be at least as strong as a context in the list + * - maximum: Assertion context must be no stronger than a context in the list + * - better: Assertion context must be stronger than all contexts in the list + */ + if (!options.comparisonType || ['exact','minimum','maximum','better'].indexOf(options.comparisonType) === -1){ + options.comparisonType = 'exact'; + } + return options; }; @@ -202,7 +213,7 @@ SAML.prototype.generateAuthorizeRequest = function (req, isPassive, callback) { request['samlp:AuthnRequest']['samlp:RequestedAuthnContext'] = { '@xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol', - '@Comparison': 'exact', + '@Comparison': self.options.comparisonType, 'saml:AuthnContextClassRef': authnContextClassRefs }; } diff --git a/test/tests.js b/test/tests.js index b7c2c025..f697a078 100644 --- a/test/tests.js +++ b/test/tests.js @@ -1405,6 +1405,19 @@ describe( 'passport-saml /', function() { done(); }); + + it('should check the value of the option `comparisonType`', function(done) { + var samlObjBadComparisonType = new SAML({ comparisonType: 'bad_value' }); + should.equal(samlObjBadComparisonType.options.comparisonType, 'exact', ['the default value of the option `comparisonType` must be exact']); + + var validComparisonTypes = ['exact','minimum','maximum','better'], samlObjValidComparisonType; + validComparisonTypes.forEach(function(comparisonType) { + samlObjValidComparisonType = new SAML( {comparisonType: comparisonType} ); + should.equal(samlObjValidComparisonType.options.comparisonType, comparisonType); + }); + done(); + }); + }); describe( 'InResponseTo validation checks /', function(){ From 48ac6558ef57edba8ed90fae53833e17b4b0d0ed Mon Sep 17 00:00:00 2001 From: Mark Stosberg Date: Tue, 26 Mar 2019 14:28:52 -0400 Subject: [PATCH 21/38] rename comparisonType to RACComparison - 'comparisonType' is too generic. - Also, document in the main README. --- README.md | 2 ++ docs/adfs/README.md | 2 +- lib/passport-saml/saml.js | 6 +++--- test/tests.js | 12 ++++++------ 4 files changed, 12 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 3eac41cf..af883dab 100644 --- a/README.md +++ b/README.md @@ -123,6 +123,8 @@ type Profile = { * `attributeConsumingServiceIndex`: optional `AttributeConsumingServiceIndex` attribute to add to AuthnRequest to instruct the IDP which attribute set to attach to the response ([link](http://blog.aniljohn.com/2014/01/data-minimization-front-channel-saml-attribute-requests.html)) * `disableRequestedAuthnContext`: if truthy, do not request a specific authentication context. This is [known to help when authenticating against Active Directory](https://github.com/bergie/passport-saml/issues/226) (AD FS) servers. * `authnContext`: if truthy, name identifier format to request auth context (default: `urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport`); array of values is also supported + * RACComparison: Requested Authentication Context comparison type. Possible values are 'exact','minimum','maximum','better'. Default is 'exact'. + * `forceAuthn`: if set to true, the initial SAML request from the service provider specifies that the IdP should force re-authentication of the user, even if they possess a valid session. * `providerName`: optional human-readable name of the requester for use by the presenter's user agent or the identity provider * `skipRequestCompression`: if set to true, the SAML request from the service provider won't be compressed. diff --git a/docs/adfs/README.md b/docs/adfs/README.md index c076d546..609d2659 100644 --- a/docs/adfs/README.md +++ b/docs/adfs/README.md @@ -57,7 +57,7 @@ passport.use(new SamlStrategy( identifierFormat: null, // this is configured under the Advanced tab in AD FS relying party signatureAlgorithm: 'sha256', - comparisonType: 'exact', // default to exact RequestedAuthnContext Comparison Type + RACComparison: 'exact', // default to exact RequestedAuthnContext Comparison Type }, function(profile, done) { return done(null, diff --git a/lib/passport-saml/saml.js b/lib/passport-saml/saml.js index f74cee2f..31b10703 100644 --- a/lib/passport-saml/saml.js +++ b/lib/passport-saml/saml.js @@ -87,8 +87,8 @@ SAML.prototype.initialize = function (options) { * - maximum: Assertion context must be no stronger than a context in the list * - better: Assertion context must be stronger than all contexts in the list */ - if (!options.comparisonType || ['exact','minimum','maximum','better'].indexOf(options.comparisonType) === -1){ - options.comparisonType = 'exact'; + if (!options.RACComparison || ['exact','minimum','maximum','better'].indexOf(options.RACComparison) === -1){ + options.RACComparison = 'exact'; } return options; @@ -213,7 +213,7 @@ SAML.prototype.generateAuthorizeRequest = function (req, isPassive, callback) { request['samlp:AuthnRequest']['samlp:RequestedAuthnContext'] = { '@xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol', - '@Comparison': self.options.comparisonType, + '@Comparison': self.options.RACComparison, 'saml:AuthnContextClassRef': authnContextClassRefs }; } diff --git a/test/tests.js b/test/tests.js index f697a078..eccb5dad 100644 --- a/test/tests.js +++ b/test/tests.js @@ -1406,14 +1406,14 @@ describe( 'passport-saml /', function() { done(); }); - it('should check the value of the option `comparisonType`', function(done) { - var samlObjBadComparisonType = new SAML({ comparisonType: 'bad_value' }); - should.equal(samlObjBadComparisonType.options.comparisonType, 'exact', ['the default value of the option `comparisonType` must be exact']); + it('should check the value of the option `RACComparison`', function(done) { + var samlObjBadComparisonType = new SAML({ RACComparison: 'bad_value' }); + should.equal(samlObjBadComparisonType.options.RACComparison, 'exact', ['the default value of the option `RACComparison` must be exact']); var validComparisonTypes = ['exact','minimum','maximum','better'], samlObjValidComparisonType; - validComparisonTypes.forEach(function(comparisonType) { - samlObjValidComparisonType = new SAML( {comparisonType: comparisonType} ); - should.equal(samlObjValidComparisonType.options.comparisonType, comparisonType); + validComparisonTypes.forEach(function(RACComparison) { + samlObjValidComparisonType = new SAML( {RACComparison: RACComparison} ); + should.equal(samlObjValidComparisonType.options.RACComparison, RACComparison); }); done(); }); From 3592f07f08f648349951231c2da69560aa760c74 Mon Sep 17 00:00:00 2001 From: Chris Barth Date: Fri, 26 Apr 2019 16:09:17 -0400 Subject: [PATCH 22/38] Fix broken tests --- lib/passport-saml/saml.js | 4 +- multiSamlStrategy.js | 2 +- test/multiSamlStrategy.js | 112 ++++-- test/samlTests.js | 162 +++++--- test/tests.js | 761 ++++++++++++++++++++++++-------------- 5 files changed, 679 insertions(+), 362 deletions(-) diff --git a/lib/passport-saml/saml.js b/lib/passport-saml/saml.js index 31b10703..dac0020d 100644 --- a/lib/passport-saml/saml.js +++ b/lib/passport-saml/saml.js @@ -756,7 +756,7 @@ SAML.prototype.validateRedirect = function(container, callback) { var dom = new xmldom.DOMParser().parseFromString(inflated.toString()); var parserConfig = { explicitRoot: true, - explicitCharKey: true, + explicitCharkey: true, tagNameProcessors: [xml2js.processors.stripPrefix] }; var parser = new xml2js.Parser(parserConfig); @@ -1154,7 +1154,7 @@ function processValidlySignedPostRequest(self, doc, callback) { } var sessionIndex = request.SessionIndex; if (sessionIndex) { - profile.sessionIndex = sessionIndex[0]; + profile.sessionIndex = sessionIndex[0]._; } callback(null, profile, true); diff --git a/multiSamlStrategy.js b/multiSamlStrategy.js index 123d84e4..46f8bdb1 100644 --- a/multiSamlStrategy.js +++ b/multiSamlStrategy.js @@ -52,7 +52,7 @@ MultiSamlStrategy.prototype.logout = function (req, options) { MultiSamlStrategy.prototype.generateServiceProviderMetadata = function( req, decryptionCert, signingCert, next ) { var self = this; - return this._getSamlOptions(req, function (err, samlOptions) { + return this._options.getSamlOptions(req, function (err, samlOptions) { if (err) { return next(err); } diff --git a/test/multiSamlStrategy.js b/test/multiSamlStrategy.js index 1acc0912..72939ded 100644 --- a/test/multiSamlStrategy.js +++ b/test/multiSamlStrategy.js @@ -32,9 +32,13 @@ describe('strategy#authenticate', function() { it('calls super with request and auth options', function(done) { var superAuthenticateStub = this.superAuthenticateStub; function getSamlOptions (req, fn) { - fn(); - sinon.assert.calledOnce(superAuthenticateStub); - done(); + try { + fn(); + sinon.assert.calledOnce(superAuthenticateStub); + done(); + } catch (err2) { + done(err2); + } }; var strategy = new MultiSamlStrategy({ @@ -48,10 +52,14 @@ describe('strategy#authenticate', function() { passReqToCallback: true, authnRequestBinding: 'HTTP-POST', getSamlOptions: function (req, fn) { - fn(); - strategy._passReqToCallback.should.eql(true); - strategy._authnRequestBinding.should.eql('HTTP-POST'); - done(); + try { + fn(); + strategy._passReqToCallback.should.eql(true); + strategy._authnRequestBinding.should.eql('HTTP-POST'); + done(); + } catch (err2) { + done(err2); + } } }; @@ -74,12 +82,16 @@ describe('strategy#authenticate', function() { }; function getSamlOptions (req, fn) { - fn(null, samlOptions); - strategy._saml.options.should.containEql(Object.assign({}, - { cacheProvider: 'mock cache provider' }, - samlOptions - )); - done(); + try { + fn(null, samlOptions); + strategy._saml.options.should.containEql(Object.assign({}, + { cacheProvider: 'mock cache provider' }, + samlOptions + )); + done(); + } catch (err2) { + done(err2); + } } var strategy = new MultiSamlStrategy( @@ -102,9 +114,13 @@ describe('strategy#logout', function() { it('calls super with request and auth options', function(done) { var superAuthenticateStub = this.superAuthenticateStub; function getSamlOptions (req, fn) { - fn(); - sinon.assert.calledOnce(superAuthenticateStub); - done(); + try { + fn(); + sinon.assert.calledOnce(superAuthenticateStub); + done(); + } catch (err2) { + done(err2); + } }; var strategy = new MultiSamlStrategy({ getSamlOptions: getSamlOptions }, verify); @@ -116,10 +132,14 @@ describe('strategy#logout', function() { passReqToCallback: true, authnRequestBinding: 'HTTP-POST', getSamlOptions: function (req, fn) { - fn(); - strategy._passReqToCallback.should.eql(true); - strategy._authnRequestBinding.should.eql('HTTP-POST'); - done(); + try { + fn(); + strategy._passReqToCallback.should.eql(true); + strategy._authnRequestBinding.should.eql('HTTP-POST'); + done(); + } catch (err2) { + done(err2); + } } }; @@ -142,9 +162,13 @@ describe('strategy#logout', function() { }; function getSamlOptions (req, fn) { - fn(null, samlOptions); - strategy._saml.options.should.containEql(samlOptions); - done(); + try { + fn(null, samlOptions); + strategy._saml.options.should.containEql(samlOptions); + done(); + } catch (err2) { + done(err2); + } } var strategy = new MultiSamlStrategy( @@ -167,11 +191,15 @@ describe('strategy#generateServiceProviderMetadata', function() { it('calls super with request and generateServiceProviderMetadata options', function(done) { var superGenerateServiceProviderMetadata = this.superGenerateServiceProviderMetadata; function getSamlOptions (req, fn) { - fn(); - sinon.assert.calledOnce(superGenerateServiceProviderMetadata); - superGenerateServiceProviderMetadata.calledWith('bar', 'baz'); - req.should.eql('foo'); - done(); + try { + fn(); + sinon.assert.calledOnce(superGenerateServiceProviderMetadata); + superGenerateServiceProviderMetadata.calledWith('bar', 'baz'); + req.should.eql('foo'); + done(); + } catch (err2) { + done(err2); + } }; @@ -184,10 +212,14 @@ describe('strategy#generateServiceProviderMetadata', function() { passReqToCallback: true, authnRequestBinding: 'HTTP-POST', getSamlOptions: function (req, fn) { - fn(); - strategy._passReqToCallback.should.eql(true); - strategy._authnRequestBinding.should.eql('HTTP-POST'); - done(); + try { + fn(); + strategy._passReqToCallback.should.eql(true); + strategy._authnRequestBinding.should.eql('HTTP-POST'); + done(); + } catch (err2) { + done(err2); + } } }; @@ -204,8 +236,12 @@ describe('strategy#generateServiceProviderMetadata', function() { var strategy = new MultiSamlStrategy(passportOptions, verify); strategy.generateServiceProviderMetadata('foo', 'bar', 'baz', function (error, result) { - should(error).equal('My error'); - done(); + try { + should(error).equal('My error'); + done(); + } catch (err2) { + done(err2); + } }); }); @@ -218,8 +254,12 @@ describe('strategy#generateServiceProviderMetadata', function() { var strategy = new MultiSamlStrategy(passportOptions, verify); strategy.generateServiceProviderMetadata('foo', 'bar', 'baz', function (error, result) { - should(result).equal('My Metadata Result'); - done(); + try { + should(result).equal('My Metadata Result'); + done(); + } catch (err2) { + done(err2); + } }); }); }); diff --git a/test/samlTests.js b/test/samlTests.js index 3a44cce6..8ea66ba7 100644 --- a/test/samlTests.js +++ b/test/samlTests.js @@ -35,42 +35,66 @@ describe('SAML.js', function () { describe('getAuthorizeUrl', function () { it('calls callback with right host', function (done) { saml.getAuthorizeUrl(req, {}, function (err, target) { - url.parse(target).host.should.equal('exampleidp.com'); - done(); + try { + url.parse(target).host.should.equal('exampleidp.com'); + done(); + } catch (err2) { + done(err2); + } }); }); it('calls callback with right protocol', function (done) { saml.getAuthorizeUrl(req, {}, function (err, target) { - url.parse(target).protocol.should.equal('https:'); - done(); + try { + url.parse(target).protocol.should.equal('https:'); + done(); + } catch (err2) { + done(err2); + } }); }); it('calls callback with right path', function (done) { saml.getAuthorizeUrl(req, {}, function (err, target) { - url.parse(target).pathname.should.equal('/path'); - done(); + try { + url.parse(target).pathname.should.equal('/path'); + done(); + } catch (err2) { + done(err2); + } }); }); it('calls callback with original query string', function (done) { saml.getAuthorizeUrl(req, {}, function (err, target) { - url.parse(target, true).query['key'].should.equal('value'); - done(); + try { + url.parse(target, true).query['key'].should.equal('value'); + done(); + } catch (err2) { + done(err2); + } }); }); it('calls callback with additional run-time params in query string', function (done) { saml.getAuthorizeUrl(req, options, function (err, target) { - Object.keys(url.parse(target, true).query).should.have.length(3); - url.parse(target, true).query['key'].should.equal('value'); - url.parse(target, true).query['SAMLRequest'].should.not.be.empty(); - url.parse(target, true).query['additionalKey'].should.equal('additionalValue'); - done(); + try { + Object.keys(url.parse(target, true).query).should.have.length(3); + url.parse(target, true).query['key'].should.equal('value'); + url.parse(target, true).query['SAMLRequest'].should.not.be.empty(); + url.parse(target, true).query['additionalKey'].should.equal('additionalValue'); + done(); + } catch (err2) { + done(err2); + } }); }); // NOTE: This test only tests existence of the assertion, not the correctness it('calls callback with saml request object', function (done) { saml.getAuthorizeUrl(req, {}, function (err, target) { - should(url.parse(target, true).query).have.property('SAMLRequest'); - done(); + try { + should(url.parse(target, true).query).have.property('SAMLRequest'); + done(); + } catch (err2) { + done(err2); + } }); }); }); @@ -78,42 +102,66 @@ describe('SAML.js', function () { describe('getLogoutUrl', function () { it('calls callback with right host', function (done) { saml.getLogoutUrl(req, {}, function (err, target) { - url.parse(target).host.should.equal('exampleidp.com'); - done(); + try { + url.parse(target).host.should.equal('exampleidp.com'); + done(); + } catch (err2) { + done(err2); + } }); }); it('calls callback with right protocol', function (done) { saml.getLogoutUrl(req, {}, function (err, target) { - url.parse(target).protocol.should.equal('https:'); - done(); + try { + url.parse(target).protocol.should.equal('https:'); + done(); + } catch(err2) { + done(err2); + } }); }); it('calls callback with right path', function (done) { saml.getLogoutUrl(req, {}, function (err, target) { - url.parse(target).pathname.should.equal('/path'); - done(); + try { + url.parse(target).pathname.should.equal('/path'); + done(); + } catch(err2) { + done(err2); + } }); }); it('calls callback with original query string', function (done) { saml.getLogoutUrl(req, {}, function (err, target) { - url.parse(target, true).query['key'].should.equal('value'); - done(); + try { + url.parse(target, true).query['key'].should.equal('value'); + done(); + } catch (err2) { + done(err2); + } }); }); it('calls callback with additional run-time params in query string', function (done) { saml.getLogoutUrl(req, options, function (err, target) { - Object.keys(url.parse(target, true).query).should.have.length(3); - url.parse(target, true).query['key'].should.equal('value'); - url.parse(target, true).query['SAMLRequest'].should.not.be.empty(); - url.parse(target, true).query['additionalKey'].should.equal('additionalValue'); - done(); + try { + Object.keys(url.parse(target, true).query).should.have.length(3); + url.parse(target, true).query['key'].should.equal('value'); + url.parse(target, true).query['SAMLRequest'].should.not.be.empty(); + url.parse(target, true).query['additionalKey'].should.equal('additionalValue'); + done(); + } catch (err2) { + done(err2); + } }); }); // NOTE: This test only tests existence of the assertion, not the correctness it('calls callback with saml request object', function (done) { saml.getLogoutUrl(req, {}, function (err, target) { - should(url.parse(target, true).query).have.property('SAMLRequest'); - done(); + try { + should(url.parse(target, true).query).have.property('SAMLRequest'); + done(); + } catch (err2) { + done(err2); + } }); }); }); @@ -121,42 +169,66 @@ describe('SAML.js', function () { describe('getLogoutResponseUrl', function () { it('calls callback with right host', function (done) { saml.getLogoutResponseUrl(req, {}, function (err, target) { - url.parse(target).host.should.equal('exampleidp.com'); - done(); + try { + url.parse(target).host.should.equal('exampleidp.com'); + done(); + } catch (err2) { + done(err2); + } }); }); it('calls callback with right protocol', function (done) { saml.getLogoutResponseUrl(req, {}, function (err, target) { - url.parse(target).protocol.should.equal('https:'); - done(); + try { + url.parse(target).protocol.should.equal('https:'); + done(); + } catch (err2) { + done(err2); + } }); }); it('calls callback with right path', function (done) { saml.getLogoutResponseUrl(req, {}, function (err, target) { - url.parse(target).pathname.should.equal('/path'); - done(); + try { + url.parse(target).pathname.should.equal('/path'); + done(); + } catch (err2) { + done(err2); + } }); }); it('calls callback with original query string', function (done) { saml.getLogoutResponseUrl(req, {}, function (err, target) { - url.parse(target, true).query['key'].should.equal('value'); - done(); + try { + url.parse(target, true).query['key'].should.equal('value'); + done(); + } catch (err2) { + done(err2); + } }); }); it('calls callback with additional run-time params in query string', function (done) { saml.getLogoutResponseUrl(req, options, function (err, target) { - Object.keys(url.parse(target, true).query).should.have.length(3); - url.parse(target, true).query['key'].should.equal('value'); - url.parse(target, true).query['SAMLResponse'].should.not.be.empty(); - url.parse(target, true).query['additionalKey'].should.equal('additionalValue'); - done(); + try { + Object.keys(url.parse(target, true).query).should.have.length(3); + url.parse(target, true).query['key'].should.equal('value'); + url.parse(target, true).query['SAMLResponse'].should.not.be.empty(); + url.parse(target, true).query['additionalKey'].should.equal('additionalValue'); + done(); + } catch (err2) { + done(err2); + } }); }); // NOTE: This test only tests existence of the assertion, not the correctness it('calls callback with saml response object', function (done) { saml.getLogoutResponseUrl(req, {}, function (err, target) { - should(url.parse(target, true).query).have.property('SAMLResponse'); - done(); + try { + should(url.parse(target, true).query).have.property('SAMLResponse'); + done(); + } catch (err2) { + done(err2); + } }); }); }); diff --git a/test/tests.js b/test/tests.js index eccb5dad..5c35abd2 100644 --- a/test/tests.js +++ b/test/tests.js @@ -129,14 +129,18 @@ describe( 'passport-saml /', function() { }; request(requestOpts, function (err, response, body) { - should.not.exist(err); - response.statusCode.should.equal(check.expectedStatusCode); - if (response.statusCode == 200) { - userSerialized.should.be.true; - if (check.expectedNameIDStartsWith) - profile.nameID.should.startWith(check.expectedNameIDStartsWith); + try { + should.not.exist(err); + response.statusCode.should.equal(check.expectedStatusCode); + if (response.statusCode == 200) { + userSerialized.should.be.true; + if (check.expectedNameIDStartsWith) + profile.nameID.should.startWith(check.expectedNameIDStartsWith); + } + done(); + } catch (err2) { + done(err2); } - done(); }); }); }; @@ -177,17 +181,21 @@ describe( 'passport-saml /', function() { form: check.samlResponse }; request(requestOpts, function (err, response, body) { - should.not.exist(err); - response.statusCode.should.equal(check.expectedStatusCode); - if (response.statusCode == 200) { - should.exist(passedRequest); - passedRequest.url.should.eql('/login'); - passedRequest.method.should.eql('POST'); - should(passedRequest.body).match(check.samlResponse); - } else { - should.not.exist(passedRequest); + try { + should.not.exist(err); + response.statusCode.should.equal(check.expectedStatusCode); + if (response.statusCode == 200) { + should.exist(passedRequest); + passedRequest.url.should.eql('/login'); + passedRequest.method.should.eql('POST'); + should(passedRequest.body).match(check.samlResponse); + } else { + should.not.exist(passedRequest); + } + done(); + } catch (err2) { + done(err2); } - done(); }); }); }; @@ -514,34 +522,46 @@ describe( 'passport-saml /', function() { }; request(requestOpts, function(err, response, body) { - should.not.exist(err); - - var encodedSamlRequest; - if ( check.config.authnRequestBinding === "HTTP-POST" ) { - response.statusCode.should.equal(200); - body.should.match(/[^]*/); - encodedSamlRequest = body.match( /[^]*/); + encodedSamlRequest = body.match( / Date: Mon, 29 Apr 2019 14:56:29 -0400 Subject: [PATCH 23/38] Improve code consistency; fix error handling bugs --- multiSamlStrategy.js | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/multiSamlStrategy.js b/multiSamlStrategy.js index 46f8bdb1..00f4ea75 100644 --- a/multiSamlStrategy.js +++ b/multiSamlStrategy.js @@ -36,29 +36,33 @@ MultiSamlStrategy.prototype.authenticate = function (req, options) { }); }; -MultiSamlStrategy.prototype.logout = function (req, options) { +MultiSamlStrategy.prototype.logout = function (req, callback) { var self = this; this._options.getSamlOptions(req, function (err, samlOptions) { if (err) { - return self.error(err); + return callback(err); } self._saml = new saml.SAML(Object.assign({}, self._options, samlOptions)); - self.constructor.super_.prototype.logout.call(self, req, options); + self.constructor.super_.prototype.logout.call(self, req, callback); }); }; -MultiSamlStrategy.prototype.generateServiceProviderMetadata = function( req, decryptionCert, signingCert, next ) { +MultiSamlStrategy.prototype.generateServiceProviderMetadata = function( req, decryptionCert, signingCert, callback ) { + if (typeof callback !== 'function') { + throw new Error("Metadata can't be provided synchronously for MultiSamlStrategy."); + } + var self = this; return this._options.getSamlOptions(req, function (err, samlOptions) { if (err) { - return next(err); + return callback(err); } - self._saml = new saml.SAML(samlOptions); - return next(null, self.constructor.super_.prototype.generateServiceProviderMetadata.call(self, decryptionCert, signingCert )); + self._saml = new saml.SAML(Object.assign({}, self._options, samlOptions)); + return callback(null, self.constructor.super_.prototype.generateServiceProviderMetadata.call(self, decryptionCert, signingCert )); }); }; From 16fb6599061de8106bed3fb76b5f77c6ba56bb94 Mon Sep 17 00:00:00 2001 From: Mark Stosberg Date: Fri, 10 May 2019 17:14:58 -0400 Subject: [PATCH 24/38] v1.1.0: bump for release --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index ae20ad77..70596001 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "passport-saml", - "version": "1.0.0", + "version": "1.1.0", "license": "MIT", "keywords": [ "saml", From 5cdf341ae2a081eb995ab59aec0c81d732ca2758 Mon Sep 17 00:00:00 2001 From: Archinowsk Date: Thu, 24 Jan 2019 13:53:29 +0200 Subject: [PATCH 25/38] Remove InResponseTo value if response validation fails Merge branch 'master' into remove-inresponseto-if-response-validation-fails Update Update --- lib/passport-saml/saml.js | 9 +++++++- test/tests.js | 47 ++++++++++++++++++++++++++++++++++----- 2 files changed, 50 insertions(+), 6 deletions(-) diff --git a/lib/passport-saml/saml.js b/lib/passport-saml/saml.js index dac0020d..7873023a 100644 --- a/lib/passport-saml/saml.js +++ b/lib/passport-saml/saml.js @@ -721,7 +721,14 @@ SAML.prototype.validatePostResponse = function (container, callback) { }) .fail(function(err) { debug('validatePostResponse resulted in an error: %s', err); - callback(err); + if (self.options.validateInResponseTo) { + Q.ninvoke(self.cacheProvider, 'remove', inResponseTo) + .then(function() { + callback(err); + }); + } else { + callback(err); + } }) .done(); }; diff --git a/test/tests.js b/test/tests.js index 5c35abd2..6bbe761d 100644 --- a/test/tests.js +++ b/test/tests.js @@ -535,13 +535,13 @@ describe( 'passport-saml /', function() { var query = response.headers.location.match( /^[^\?]*\?(.*)$/ )[1]; encodedSamlRequest = querystring.parse( query ).SAMLRequest; } - + var buffer = Buffer.from(encodedSamlRequest, 'base64'); if (check.config.skipRequestCompression) helper(null, buffer); else zlib.inflateRaw( buffer, helper ); - + function helper(err, samlRequest) { try { should.not.exist( err ); @@ -772,7 +772,7 @@ describe( 'passport-saml /', function() { try { var id = doc['samlp:LogoutRequest']['$']["ID"]; var issueInstant = doc['samlp:LogoutRequest']['$']["IssueInstant"]; - + id.should.be.an.instanceOf(String); issueInstant.should.be.an.instanceOf(String); cacheSaveSpy.called.should.eql(true); @@ -968,9 +968,9 @@ describe( 'passport-saml /', function() { should(profile).have.property("evil-corp.egroupid").eql("vincent.vega@evil-corp.com"); // attributes without attributeValue child should be ignored should(profile).not.have.property("evilcorp.roles"); - + fakeClock.restore(); - + done(); } catch (err2) { done(err2); @@ -978,6 +978,42 @@ describe( 'passport-saml /', function() { }); }); + it('removes InResponseTo value if response validation fails', function(done) { + var requestId = '_a6fc46be84e1e3cf3c50'; + var xml = 'https://app.onelogin.com/saml/metadata/371755' + + 'https://app.onelogin.com/saml/metadata/371755DCnPTQYBb1hKspbe6fg1U3q8xn4=e0+aFomA0+JAY0f9tKqzIuqIVSSw7LiFUsneEDKPBWdiTz1sMdgr/2y1e9+rjaS2mRmCi/vSQLY3zTYz0hp6nJNU19+TWoXo9kHQyWT4KkeQL4Xs/gZ/AoKC20iHVKtpPps0IQ0Ml/qRoouSitt6Sf/WDz2LV/pWcH2hx5tv3xSw36hK2NQc7qw7r1mEXnvcjXReYo8rrVf7XHGGxNoRIEICUIi110uvsWemSXf0Z0dyb0FVYOWuSsQMDlzNpheADBifFO4UTfSEhFZvn8kVCGZUIwrbOhZ2d/+YEtgyuTg+qtslgfy4dwd4TvEcfuRzQTazeefprSFyiQckAXOjcw=='+TEST_CERT+'ben@subspacesw.com{audience}urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' + + ''; + var base64xml = Buffer.from( xml ).toString('base64'); + var container = { SAMLResponse: base64xml }; + var samlConfig = { + entryPoint: 'https://app.onelogin.com/trust/saml2/http-post/sso/371755', + cert: TEST_CERT, + validateInResponseTo: true + }; + var samlObj = new SAML( samlConfig ); + + // Mock the SAML request being passed through Passport-SAML + samlObj.cacheProvider.save(requestId, new Date().toISOString(), function(){}); + + samlObj.validatePostResponse( container, function( err, profile, logout ) { + try { + should.exist(err); + err.message.should.match("Invalid signature"); + } catch (err2) { + done(err2); + } + samlObj.validatePostResponse( container, function( err, profile, logout ) { + try { + should.exist(err); + err.message.should.match("InResponseTo is not valid"); + done(); + } catch (err2) { + done(err2); + } + }); + }); + }); + describe( 'validatePostResponse xml signature checks /', function() { var fakeClock; @@ -2283,6 +2319,7 @@ describe( 'passport-saml /', function() { } }); }); + it('returns true for valid signature', function(done) { samlObj.cacheProvider.save('_79db1e7ad12ca1d63e5b', new Date().toISOString(), function(){}); samlObj.validateRedirect(this.request, function(err, _data, success) { From 6f0876ed77815235d7d846ea145da733c3fa6b04 Mon Sep 17 00:00:00 2001 From: Oleksandr Date: Fri, 26 Jul 2019 08:28:17 -0700 Subject: [PATCH 26/38] NameIDFormat fix (#375) Added a conditional statement to set NameIDFormat only if identifierFormat is specified in options. This should prevent an error in AD FS when identifierFormat set to null: https://github.com/bergie/passport-saml/issues/338 --- lib/passport-saml/saml.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/passport-saml/saml.js b/lib/passport-saml/saml.js index 7873023a..9e5c4e5e 100644 --- a/lib/passport-saml/saml.js +++ b/lib/passport-saml/saml.js @@ -1249,7 +1249,10 @@ SAML.prototype.generateServiceProviderMetadata = function( decryptionCert, signi }; } - metadata.EntityDescriptor.SPSSODescriptor.NameIDFormat = this.options.identifierFormat; + if (this.options.identifierFormat) { + metadata.EntityDescriptor.SPSSODescriptor.NameIDFormat = this.options.identifierFormat; + } + metadata.EntityDescriptor.SPSSODescriptor.AssertionConsumerService = { '@index': '1', '@isDefault': 'true', From 91bac34977dec9a0ff3e9af3dda9dd2c8402b969 Mon Sep 17 00:00:00 2001 From: Stavros Soleas Date: Mon, 1 Jul 2019 15:51:44 +0300 Subject: [PATCH 27/38] Validate signatures on original query string Before this commit: signature validation on GET (Redirect binding) requests was done using `encodeURIComponent` on the already parsed params After: the original query params are used to validate the request's signature The reason for doing this is that Azure ADFS is using lowercase for url encoding resulting in something like: `SAMLRequest=dead%2fbeef` The old processing logic would try to validate against: `SAMLRequest=dead%2Fbeef` and failed --- lib/passport-saml/saml.js | 26 ++++++++++++++---------- lib/passport-saml/strategy.js | 4 +++- test/static/idp_slo_redirect.json | 3 ++- test/static/sp_slo_redirect.json | 3 ++- test/static/sp_slo_redirect_failure.json | 3 ++- test/tests.js | 22 ++++++++++---------- 6 files changed, 35 insertions(+), 26 deletions(-) diff --git a/lib/passport-saml/saml.js b/lib/passport-saml/saml.js index 9e5c4e5e..6e5b25c5 100644 --- a/lib/passport-saml/saml.js +++ b/lib/passport-saml/saml.js @@ -750,7 +750,7 @@ SAML.prototype.validateInResponseTo = function (inResponseTo) { } }; -SAML.prototype.validateRedirect = function(container, callback) { +SAML.prototype.validateRedirect = function(container, originalQuery, callback) { var self = this; var samlMessageType = container.SAMLRequest ? 'SAMLRequest' : 'SAMLResponse'; @@ -777,7 +777,7 @@ SAML.prototype.validateRedirect = function(container, callback) { self.verifyLogoutResponse(doc) : self.verifyLogoutRequest(doc); }) .then(function() { - return self.hasValidSignatureForRedirect(samlMessageType, container); + return self.hasValidSignatureForRedirect(container, originalQuery); }) .then(function () { processValidlySignedSamlLogout(self, doc, callback); @@ -802,23 +802,27 @@ function processValidlySignedSamlLogout(self, doc, callback) { } } -SAML.prototype.hasValidSignatureForRedirect = function (samlMessageType, container) { - var signature = container.Signature; - if (signature && this.options.cert) { - var urlString = samlMessageType + '=' + encodeURIComponent(container[samlMessageType]); +SAML.prototype.hasValidSignatureForRedirect = function (container, originalQuery) { + var tokens = originalQuery.split('&'); + var getParam = function (key) { + var exists = tokens.filter(function(t) { return new RegExp(key).test(t); }); + return exists[0]; + }; + + if (container.Signature && this.options.cert) { + var urlString = getParam('SAMLRequest') || getParam('SAMLResponse'); - if (container.RelayState) { - urlString += '&RelayState=' + - encodeURIComponent(container.RelayState); + if (getParam('RelayState')) { + urlString += '&' + getParam('RelayState'); } - urlString += '&SigAlg=' + encodeURIComponent(container.SigAlg); + urlString += '&' + getParam('SigAlg'); return this.certsToCheck() .then(function(certs) { var hasValidQuerySignature = certs.some(function (cert) { return validateSignatureForRedirect( - urlString, signature, container.SigAlg, cert + urlString, container.Signature, container.SigAlg, cert ); }); diff --git a/lib/passport-saml/strategy.js b/lib/passport-saml/strategy.js index adb48991..5461bff4 100644 --- a/lib/passport-saml/strategy.js +++ b/lib/passport-saml/strategy.js @@ -1,6 +1,7 @@ var passport = require('passport-strategy'); var util = require('util'); var saml = require('./saml'); +var url = require('url'); function Strategy (options, verify) { if (typeof options == 'function') { @@ -79,7 +80,8 @@ Strategy.prototype.authenticate = function (req, options) { } if (req.query && (req.query.SAMLResponse || req.query.SAMLRequest)) { - this._saml.validateRedirect(req.query, validateCallback); + var originalQuery = url.parse(req.url).query; + this._saml.validateRedirect(req.query, originalQuery, validateCallback); } else if (req.body && req.body.SAMLResponse) { this._saml.validatePostResponse(req.body, validateCallback); } else if (req.body && req.body.SAMLRequest) { diff --git a/test/static/idp_slo_redirect.json b/test/static/idp_slo_redirect.json index 5cf06c5c..67c870af 100644 --- a/test/static/idp_slo_redirect.json +++ b/test/static/idp_slo_redirect.json @@ -2,5 +2,6 @@ "SAMLRequest": "fVLbjpswEP0V5PeADQSIlaBGiipF2u62TdWHvkQDHhdUY1N72O7nF8iutL2+WeNzm6PZBxjMKO/cVzfRR/w+YaDoaTA2yPXnwCZvpYPQB2lhwCCplZfjuzuZxlyO3pFrnWGvKP9nQAjoqXeWRefTgV0rzVFrhRmvQOmmACy1wHTX5CLfbUvdZinX2yIrNIs+ow8z88BmoZkewoRnGwgszSMuqg3PN0J8ErnkmRTZFxad5m16C7SyOqJRJkmvxtg8dvGAcss5T2CiLlmCJ0AhIY+gAjmLC/AajGPRvaMH++CPmtD/4VStTvV+UZBrJl8/OxnXgulcIJnyxWmBpItsMiCBAoJ47MZ98pp607mfezufosv75fFhAtPrfvH++woseuv8APTv5kUs1kmvNnqFShygN0elPIbA6rnER+/Cmx/Of4PGYNy64TnXLcot1ygvM3wu82wVPtVXzhtdNqnaqp3K2l3JU1EitqgbIXZ5gzrLihQKUeFN7Df+y/CX46t/Ag==", "RelayState": "_a4653e9109c4639a2165159db4ca31e4f0ca505654", "SigAlg": "http://www.w3.org/2000/09/xmldsig#rsa-sha1", - "Signature": "HxvhXqy+UE8osj/i9PX76alvOeltoM7XaXwrYLDpOfNTcFruEhm2wMWUgqjw7XMpdDVGdEpuDwXxCByVmxwUKRBQOCORMQbzwRzPzu5jlPmYu9M0Q6oJK7S4Rlnpgxtfmbs0rlt56DCeb53JPJI1AvBdv9kfAghgVJbU0wrUDQTOkeQVwYYunJ6TaZAF4l2LqpKvwUIyReVML65UJR/T4GOGIr/QWnuRf1haq6AxhpbDdeWhgrv/CPNEmpzr/kvkDHK664Z0ruvLUlpyFUbfbYq/YQmctdr0WncyJzPnkzuw6t83pe333qLognwH8DzXS7A4ygUvZJ5/iTlr8CaYOg==" + "Signature": "HxvhXqy+UE8osj/i9PX76alvOeltoM7XaXwrYLDpOfNTcFruEhm2wMWUgqjw7XMpdDVGdEpuDwXxCByVmxwUKRBQOCORMQbzwRzPzu5jlPmYu9M0Q6oJK7S4Rlnpgxtfmbs0rlt56DCeb53JPJI1AvBdv9kfAghgVJbU0wrUDQTOkeQVwYYunJ6TaZAF4l2LqpKvwUIyReVML65UJR/T4GOGIr/QWnuRf1haq6AxhpbDdeWhgrv/CPNEmpzr/kvkDHK664Z0ruvLUlpyFUbfbYq/YQmctdr0WncyJzPnkzuw6t83pe333qLognwH8DzXS7A4ygUvZJ5/iTlr8CaYOg==", + "originalQuery": "SAMLRequest=fVLbjpswEP0V5PeADQSIlaBGiipF2u62TdWHvkQDHhdUY1N72O7nF8iutL2%2BWeNzm6PZBxjMKO%2FcVzfRR%2Fw%2BYaDoaTA2yPXnwCZvpYPQB2lhwCCplZfjuzuZxlyO3pFrnWGvKP9nQAjoqXeWRefTgV0rzVFrhRmvQOmmACy1wHTX5CLfbUvdZinX2yIrNIs%2Bow8z88BmoZkewoRnGwgszSMuqg3PN0J8ErnkmRTZFxad5m16C7SyOqJRJkmvxtg8dvGAcss5T2CiLlmCJ0AhIY%2BgAjmLC%2FAajGPRvaMH%2B%2BCPmtD%2F4VStTvV%2BUZBrJl8%2FOxnXgulcIJnyxWmBpItsMiCBAoJ47MZ98pp607mfezufosv75fFhAtPrfvH%2B%2Bwoseuv8APTv5kUs1kmvNnqFShygN0elPIbA6rnER%2B%2FCmx%2FOf4PGYNy64TnXLcot1ygvM3wu82wVPtVXzhtdNqnaqp3K2l3JU1EitqgbIXZ5gzrLihQKUeFN7Df%2By%2FCX46t%2FAg%3D%3D&RelayState=_a4653e9109c4639a2165159db4ca31e4f0ca505654&Signature=HxvhXqy%2BUE8osj%2Fi9PX76alvOeltoM7XaXwrYLDpOfNTcFruEhm2wMWUgqjw7XMpdDVGdEpuDwXxCByVmxwUKRBQOCORMQbzwRzPzu5jlPmYu9M0Q6oJK7S4Rlnpgxtfmbs0rlt56DCeb53JPJI1AvBdv9kfAghgVJbU0wrUDQTOkeQVwYYunJ6TaZAF4l2LqpKvwUIyReVML65UJR%2FT4GOGIr%2FQWnuRf1haq6AxhpbDdeWhgrv%2FCPNEmpzr%2FkvkDHK664Z0ruvLUlpyFUbfbYq%2FYQmctdr0WncyJzPnkzuw6t83pe333qLognwH8DzXS7A4ygUvZJ5%2FiTlr8CaYOg%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1" } diff --git a/test/static/sp_slo_redirect.json b/test/static/sp_slo_redirect.json index 57bae54b..6e34bc52 100644 --- a/test/static/sp_slo_redirect.json +++ b/test/static/sp_slo_redirect.json @@ -1,5 +1,6 @@ { "SAMLResponse": "fZHNasMwEIRfxeie6Mdx4ojEUJpLIL00IYdewtra1gZZMt516ePXTluaQgnoImm+mWF3Q9D6zh7iWxz4GamLgTD5aH0ge/3aiqEPNgI1ZAO0SJYre3x4OlgzV7brI8cqenGD3CeACHtuYhDJfrcVl6VS68Va5ZlbA5bG5SkqnSKkRhuzMtUKl/miVIivIjljTyO5FaPRiBMNuA/EEHh8UjqfqcVM65PObGrG8yKSHRI3AfhK1cydlbJx3dy/1/MWbaaUkjBwLafiEpgk9wiOOAachBfycUwKP5M5xbHyau1KjStw2lSg3TLFrBTFZrKw11J98R3lYwW+jsTWqClqkpjJV7bI4IBh3tXdRt6im6+NHBl4oL+3x+gwOYMf8P6M6aq2x6GqkEjI4ivh11T+t/XiEw==", "SigAlg": "http://www.w3.org/2000/09/xmldsig#rsa-sha1", - "Signature": "RRcmtS0Qku3Y5HfSQYKax07dZOnb+CvvtP72v6ws/kttG4DYaNkRy0YmgDjrSLiVNooJe69LMb3pnHsW2PN7pKKe1p/TroGfk/7BW/QRgl3jvnLeM19qvhb3WYgwmeEXWvuX2rhopGCF2bVuzz9UDPZEDTQ6Botq39QkNTYfn1EpTlGHGQ7k/f9l2rX8DoVOu+v9Ov+PIUd0wSYiT1Nw/Nv2/xoMP+jDQCfU/x+D01wcInwlceaIKkYNb/VX3e9E3GzhOljJiUEVA7t9CEDMOACgfhiof9m/70txwhxGWPzE0XrBIIpuGp8NPU9QaiVDymbd9wzDVtll6abpx2t14A==" + "Signature": "RRcmtS0Qku3Y5HfSQYKax07dZOnb+CvvtP72v6ws/kttG4DYaNkRy0YmgDjrSLiVNooJe69LMb3pnHsW2PN7pKKe1p/TroGfk/7BW/QRgl3jvnLeM19qvhb3WYgwmeEXWvuX2rhopGCF2bVuzz9UDPZEDTQ6Botq39QkNTYfn1EpTlGHGQ7k/f9l2rX8DoVOu+v9Ov+PIUd0wSYiT1Nw/Nv2/xoMP+jDQCfU/x+D01wcInwlceaIKkYNb/VX3e9E3GzhOljJiUEVA7t9CEDMOACgfhiof9m/70txwhxGWPzE0XrBIIpuGp8NPU9QaiVDymbd9wzDVtll6abpx2t14A==", + "originalQuery": "SAMLResponse=fZHNasMwEIRfxeie6Mdx4ojEUJpLIL00IYdewtra1gZZMt516ePXTluaQgnoImm%2BmWF3Q9D6zh7iWxz4GamLgTD5aH0ge%2F3aiqEPNgI1ZAO0SJYre3x4OlgzV7brI8cqenGD3CeACHtuYhDJfrcVl6VS68Va5ZlbA5bG5SkqnSKkRhuzMtUKl%2FmiVIivIjljTyO5FaPRiBMNuA%2FEEHh8UjqfqcVM65PObGrG8yKSHRI3AfhK1cydlbJx3dy%2F1%2FMWbaaUkjBwLafiEpgk9wiOOAachBfycUwKP5M5xbHyau1KjStw2lSg3TLFrBTFZrKw11J98R3lYwW%2BjsTWqClqkpjJV7bI4IBh3tXdRt6im6%2BNHBl4oL%2B3x%2BgwOYMf8P6M6aq2x6GqkEjI4ivh11T%2Bt%2FXiEw%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=RRcmtS0Qku3Y5HfSQYKax07dZOnb%2BCvvtP72v6ws%2FkttG4DYaNkRy0YmgDjrSLiVNooJe69LMb3pnHsW2PN7pKKe1p%2FTroGfk%2F7BW%2FQRgl3jvnLeM19qvhb3WYgwmeEXWvuX2rhopGCF2bVuzz9UDPZEDTQ6Botq39QkNTYfn1EpTlGHGQ7k%2Ff9l2rX8DoVOu%2Bv9Ov%2BPIUd0wSYiT1Nw%2FNv2%2FxoMP%2BjDQCfU%2Fx%2BD01wcInwlceaIKkYNb%2FVX3e9E3GzhOljJiUEVA7t9CEDMOACgfhiof9m%2F70txwhxGWPzE0XrBIIpuGp8NPU9QaiVDymbd9wzDVtll6abpx2t14A%3D%3D" } diff --git a/test/static/sp_slo_redirect_failure.json b/test/static/sp_slo_redirect_failure.json index 0eb5c20b..69bc3d49 100644 --- a/test/static/sp_slo_redirect_failure.json +++ b/test/static/sp_slo_redirect_failure.json @@ -2,5 +2,6 @@ "SAMLResponse": "fZHLasMwEEV/xWif6OG8LBxDaTaBdJOELLoJY2taG2zJ9YxLP7+229IUSkAbaebcezWTEjR1aw/hNfR8RGqDJ4w+mtqTnUpb0XfeBqCKrIcGyXJhTw9PB2vmyrZd4FCEWtwg9wkgwo6r4EW0323FdaVUskjUZukSwNy4TYxKxwix0casTbHG1WaRK8QXEV2wo4HcikFowIl63Hti8Dw8Kb2ZqcVM67Ne2tgM51lEOySuPPBElcytlbJy7bx+L+cN2qVSSkLPpRyDS2CS3CE44uBxbLxSHQYn/zOZcxgirxOXa1yD06YA7VYxLnORpaOEnUJ12bdVHQqoy0BsjRqtxhYz6soGGRwwzNuyTeUtmn5t5MTAPf29PQaH0QXqHu/PmKZue8S3fvg/dkJmXx6/svK/vWef", "SigAlg": "http://www.w3.org/2000/09/xmldsig#rsa-sha1", "Signature": "gS9wWeutxU9nUplBYaJdOkP3vxSyyyE6HlHGBBIbLYYJVzZMVHmpeR1c4z0EirUySg1XOrlWcJxwt9YpDQue2e/XExIokc9EcgiAKNAAshYeewLfM6VGxn48rpkU4rE35kiw1Jiydm/cx/JfatBYc1YT74TyjwckNZ/pj08+7ILI6rTESkkBRfACZZ7zzFL+K41OiiKcgs3TZNP4GfalzrXClQ5eELA1NG3JfxkzUTwApjkNCTVSBQcWRa/nyko+PDKPVG1U7dEe16csYfae2u9EkP81seQqgAPsqOyrASQtuNqf+vZhN9aCb25Q4X26soA0QDSzegNb82TdifhhDQ==", - "RelayState": "http://idp.lvh.me:5000" + "RelayState": "http://idp.lvh.me:5000", + "originalQuery": "SAMLResponse=fZHLasMwEEV%2FxWif6OG8LBxDaTaBdJOELLoJY2taG2zJ9YxLP7%2B229IUSkAbaebcezWTEjR1aw%2FhNfR8RGqDJ4w%2BmtqTnUpb0XfeBqCKrIcGyXJhTw9PB2vmyrZd4FCEWtwg9wkgwo6r4EW0323FdaVUskjUZukSwNy4TYxKxwix0casTbHG1WaRK8QXEV2wo4HcikFowIl63Hti8Dw8Kb2ZqcVM67Ne2tgM51lEOySuPPBElcytlbJy7bx%2BL%2BcN2qVSSkLPpRyDS2CS3CE44uBxbLxSHQYn%2FzOZcxgirxOXa1yD06YA7VYxLnORpaOEnUJ12bdVHQqoy0BsjRqtxhYz6soGGRwwzNuyTeUtmn5t5MTAPf29PQaH0QXqHu%2FPmKZue8S3fvg%2FdkJmXx6%2FsvK%2FvWef&RelayState=http%3A%2F%2Fidp.lvh.me%3A5000&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=gS9wWeutxU9nUplBYaJdOkP3vxSyyyE6HlHGBBIbLYYJVzZMVHmpeR1c4z0EirUySg1XOrlWcJxwt9YpDQue2e%2FXExIokc9EcgiAKNAAshYeewLfM6VGxn48rpkU4rE35kiw1Jiydm%2Fcx%2FJfatBYc1YT74TyjwckNZ%2Fpj08%2B7ILI6rTESkkBRfACZZ7zzFL%2BK41OiiKcgs3TZNP4GfalzrXClQ5eELA1NG3JfxkzUTwApjkNCTVSBQcWRa%2Fnyko%2BPDKPVG1U7dEe16csYfae2u9EkP81seQqgAPsqOyrASQtuNqf%2BvZhN9aCb25Q4X26soA0QDSzegNb82TdifhhDQ%3D%3D" } diff --git a/test/tests.js b/test/tests.js index 6bbe761d..5d604293 100644 --- a/test/tests.js +++ b/test/tests.js @@ -2174,7 +2174,7 @@ describe( 'passport-saml /', function() { var body = { SAMLRequest: "asdf" }; - samlObj.validateRedirect(body, function(err) { + samlObj.validateRedirect(body, this.request.originalQuery, function(err) { try { should.exist(err); done(); @@ -2185,7 +2185,7 @@ describe( 'passport-saml /', function() { }); it('errors if idpIssuer is set and issuer is wrong', function(done) { samlObj.options.idpIssuer = 'foo'; - samlObj.validateRedirect(this.request, function(err) { + samlObj.validateRedirect(this.request, this.request.originalQuery, function(err) { try { should.exist(err); err.should.eql( @@ -2199,7 +2199,7 @@ describe( 'passport-saml /', function() { }); it('errors if request has expired', function(done) { this.clock.restore(); - samlObj.validateRedirect(this.request, function(err) { + samlObj.validateRedirect(this.request, this.request.originalQuery, function(err) { try { should.exist(err); err.message.should.eql('SAML assertion expired'); @@ -2211,7 +2211,7 @@ describe( 'passport-saml /', function() { }); it('errors if request has a bad signature', function(done) { this.request.Signature = 'foo'; - samlObj.validateRedirect(this.request, function(err) { + samlObj.validateRedirect(this.request, this.request.originalQuery, function(err) { try { should.exist(err); err.should.eql('Invalid signature'); @@ -2222,7 +2222,7 @@ describe( 'passport-saml /', function() { }); }); it('returns profile for valid signature including session index', function(done) { - samlObj.validateRedirect(this.request, function(err, profile) { + samlObj.validateRedirect(this.request, this.request.originalQuery, function(err, profile) { try { should.not.exist(err); profile.should.eql({ @@ -2258,7 +2258,7 @@ describe( 'passport-saml /', function() { var body = { SAMLRequest: "asdf" }; - samlObj.validateRedirect(body, function(err) { + samlObj.validateRedirect(body, null, function(err) { try { should.exist(err); done(); @@ -2269,7 +2269,7 @@ describe( 'passport-saml /', function() { }); it('errors if idpIssuer is set and wrong issuer', function(done) { samlObj.options.idpIssuer = 'foo'; - samlObj.validateRedirect(this.request, function(err) { + samlObj.validateRedirect(this.request, this.request.originalQuery, function(err) { try { should.exist(err); err.should.eql( @@ -2283,7 +2283,7 @@ describe( 'passport-saml /', function() { }); it('errors if unsuccessful', function(done) { this.request = require('./static/sp_slo_redirect_failure'); - samlObj.validateRedirect(this.request, function(err) { + samlObj.validateRedirect(this.request, this.request.originalQuery, function(err) { try { should.exist(err); err.should.eql( @@ -2296,7 +2296,7 @@ describe( 'passport-saml /', function() { }); }); it('errors if InResponseTo is not found', function(done) { - samlObj.validateRedirect(this.request, function(err) { + samlObj.validateRedirect(this.request, this.request.originalQuery, function(err) { try { should.exist(err); err.message.should.eql('InResponseTo is not valid'); @@ -2309,7 +2309,7 @@ describe( 'passport-saml /', function() { it('errors if bad signature', function(done) { samlObj.cacheProvider.save('_79db1e7ad12ca1d63e5b', new Date().toISOString(), function(){}); this.request.Signature = 'foo'; - samlObj.validateRedirect(this.request, function(err) { + samlObj.validateRedirect(this.request, this.request.originalQuery, function(err) { try { should.exist(err); err.should.eql('Invalid signature'); @@ -2322,7 +2322,7 @@ describe( 'passport-saml /', function() { it('returns true for valid signature', function(done) { samlObj.cacheProvider.save('_79db1e7ad12ca1d63e5b', new Date().toISOString(), function(){}); - samlObj.validateRedirect(this.request, function(err, _data, success) { + samlObj.validateRedirect(this.request, this.request.originalQuery, function(err, _data, success) { try { should.not.exist(err); success.should.eql(true); From 403a18998c573b545a3baac4cb37d4bd5bb41111 Mon Sep 17 00:00:00 2001 From: Stavros Soleas Date: Mon, 1 Jul 2019 16:02:39 +0300 Subject: [PATCH 28/38] Use exact match to check for a compatible crypto algorithm. Before we were using a more vague substring match and choosing the last possible match. Now we extract the algorithm name from the expected URL format and test for an exact match on the algorithm name, case-insensitive. --- lib/passport-saml/saml.js | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/lib/passport-saml/saml.js b/lib/passport-saml/saml.js index 6e5b25c5..814da909 100644 --- a/lib/passport-saml/saml.js +++ b/lib/passport-saml/saml.js @@ -836,15 +836,23 @@ SAML.prototype.hasValidSignatureForRedirect = function (container, originalQuery }; function validateSignatureForRedirect (urlString, signature, alg, cert) { - var supportedAlgs = crypto.getHashes().filter( - function(h) { return new RegExp(h).test(alg); } - ); - - if (supportedAlgs.length === 0) { + // See if we support a matching algorithm, case-insensitive. Otherwise, throw error. + function hasMatch (ourAlgo) { + // The incoming algorithm is forwarded as a URL. + // We trim everything before the last # get something we can compare to the Node.js list + const algFromURI = alg.toLowerCase().replace(/.*#(.*)$/,'$1') + return ourAlgo.toLowerCase() === algFromURI + } + let i = crypto.getHashes().findIndex(hasMatch); + let matchingAlgo; + if (i > -1) { + matchingAlgo = crypto.getHashes()[i] + } + else { throw alg + ' is not supported'; } - var verifier = crypto.createVerify(supportedAlgs[supportedAlgs.length-1]); + var verifier = crypto.createVerify(matchingAlgo); verifier.update(urlString); return verifier.verify(cert, signature, 'base64'); From 3ba244d2859dd80da9f4cfcfba656f00400ce6c1 Mon Sep 17 00:00:00 2001 From: Mark Stosberg Date: Thu, 12 Sep 2019 13:30:38 -0400 Subject: [PATCH 29/38] bump version to 1.2.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 70596001..b7f1aced 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "passport-saml", - "version": "1.1.0", + "version": "1.2.0", "license": "MIT", "keywords": [ "saml", From dd1699ac04ec3968f8a6c763138e6503e160eec4 Mon Sep 17 00:00:00 2001 From: Mark Stosberg Date: Tue, 1 Oct 2019 13:03:35 -0400 Subject: [PATCH 30/38] Drop support for Node 6. It has been EOL'ed. --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index b7f1aced..46c0785c 100644 --- a/package.json +++ b/package.json @@ -47,7 +47,7 @@ "sinon": "^7.2.7" }, "engines": { - "node": ">= 6" + "node": ">= 8" }, "scripts": { "test": "mocha", From 7d71fe21e84fd6becb63d93e0dad1906d39495fa Mon Sep 17 00:00:00 2001 From: Marko Wallin Date: Tue, 1 Oct 2019 19:03:16 +0300 Subject: [PATCH 31/38] Fix #392 Switching from jshint to eslint - Fix also Travis to run eslint instead of jshint - Upgrade eslint dep - fix lint violations --- .travis.yml | 2 +- lib/passport-saml/saml.js | 12 +- package.json | 25 +- yarn.lock | 1456 ++++++++++++++++++++++++++----------- 4 files changed, 1059 insertions(+), 436 deletions(-) diff --git a/.travis.yml b/.travis.yml index 637931ab..e2ea7526 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,4 +5,4 @@ node_js: script: - npm test - - ./node_modules/.bin/jshint lib + - ./node_modules/.bin/eslint lib diff --git a/lib/passport-saml/saml.js b/lib/passport-saml/saml.js index 814da909..8aa77c65 100644 --- a/lib/passport-saml/saml.js +++ b/lib/passport-saml/saml.js @@ -24,7 +24,7 @@ SAML.prototype.initialize = function (options) { options = {}; } - if (options.hasOwnProperty('cert') && !options.cert) { + if (Object.prototype.hasOwnProperty.call(options, 'cert') && !options.cert) { throw new Error('Invalid property: cert must not be empty'); } @@ -591,7 +591,7 @@ SAML.prototype.validatePostResponse = function (container, callback) { doc = new xmldom.DOMParser({ }).parseFromString(xml); - if (!doc.hasOwnProperty('documentElement')) + if (!Object.prototype.hasOwnProperty.call(doc, 'documentElement')) throw new Error('SAMLResponse is not valid base64-encoded XML'); inResponseTo = xpath(doc, "/*[local-name()='Response']/@InResponseTo"); @@ -840,13 +840,13 @@ function validateSignatureForRedirect (urlString, signature, alg, cert) { function hasMatch (ourAlgo) { // The incoming algorithm is forwarded as a URL. // We trim everything before the last # get something we can compare to the Node.js list - const algFromURI = alg.toLowerCase().replace(/.*#(.*)$/,'$1') - return ourAlgo.toLowerCase() === algFromURI + const algFromURI = alg.toLowerCase().replace(/.*#(.*)$/,'$1'); + return ourAlgo.toLowerCase() === algFromURI; } let i = crypto.getHashes().findIndex(hasMatch); let matchingAlgo; if (i > -1) { - matchingAlgo = crypto.getHashes()[i] + matchingAlgo = crypto.getHashes()[i]; } else { throw alg + ' is not supported'; @@ -1038,7 +1038,7 @@ SAML.prototype.processValidlySignedAssertion = function(xml, samlResponseXml, in if (attributes) { attributes.forEach(function (attribute) { - if(!attribute.hasOwnProperty('AttributeValue')) { + if(!Object.prototype.hasOwnProperty.call(attribute, 'AttributeValue')) { // if attributes has no AttributeValue child, continue return; } diff --git a/package.json b/package.json index 46c0785c..b75e6fb1 100644 --- a/package.json +++ b/package.json @@ -38,8 +38,8 @@ }, "devDependencies": { "body-parser": "^1.17.1", + "eslint": "^6.5.1", "express": "^4.16.2", - "jshint": "^2.10.1", "mocha": "^6.0.2", "passport": "0.4.x", "request": "^2.83.0", @@ -50,7 +50,26 @@ "node": ">= 8" }, "scripts": { - "test": "mocha", - "jshint": "./node_modules/.bin/jshint lib" + "test": "npm run lint && mocha", + "lint": "./node_modules/.bin/eslint lib", + "lint:fix": "./node_modules/.bin/eslint --fix lib" + }, + "eslintConfig": { + "env": { + "node": true, + "es6": false + }, + "extends": "eslint:recommended", + "parserOptions": { + "ecmaVersion": 6 + }, + "rules": { + "no-undefined": "off", + "no-unused-vars": "off", + "semi": [ + "error", + "always" + ] + } } } diff --git a/yarn.lock b/yarn.lock index febbd958..8bd3f8e7 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2,6 +2,51 @@ # yarn lockfile v1 +"@babel/code-frame@^7.0.0": + version "7.5.5" + resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.5.5.tgz#bc0782f6d69f7b7d49531219699b988f669a8f9d" + integrity sha512-27d4lZoomVyo51VegxI20xZPuSHusqbQag/ztrBC7wegWoQ1nLREPVSKSW8byhTlzTKyNE4ifaTA6lCp7JjpFw== + dependencies: + "@babel/highlight" "^7.0.0" + +"@babel/highlight@^7.0.0": + version "7.5.0" + resolved "https://registry.yarnpkg.com/@babel/highlight/-/highlight-7.5.0.tgz#56d11312bd9248fa619591d02472be6e8cb32540" + integrity sha512-7dV4eu9gBxoM0dAnj/BCFDW9LFU0zvTrkq0ugM7pnHEgguOEeOz1so2ZghEdzviYzQEED0r4EAgpsBChKy1TRQ== + dependencies: + chalk "^2.0.0" + esutils "^2.0.2" + js-tokens "^4.0.0" + +"@sinonjs/commons@^1", "@sinonjs/commons@^1.3.0", "@sinonjs/commons@^1.4.0": + version "1.6.0" + resolved "https://registry.yarnpkg.com/@sinonjs/commons/-/commons-1.6.0.tgz#ec7670432ae9c8eb710400d112c201a362d83393" + integrity sha512-w4/WHG7C4WWFyE5geCieFJF6MZkbW4VAriol5KlmQXpAQdxvV0p26sqNZOW6Qyw6Y0l9K4g+cHvvczR2sEEpqg== + dependencies: + type-detect "4.0.8" + +"@sinonjs/formatio@^3.2.1": + version "3.2.1" + resolved "https://registry.yarnpkg.com/@sinonjs/formatio/-/formatio-3.2.1.tgz#52310f2f9bcbc67bdac18c94ad4901b95fde267e" + integrity sha512-tsHvOB24rvyvV2+zKMmPkZ7dXX6LSLKZ7aOtXY6Edklp0uRcgGpOsQTTGTcWViFyx4uhWc6GV8QdnALbIbIdeQ== + dependencies: + "@sinonjs/commons" "^1" + "@sinonjs/samsam" "^3.1.0" + +"@sinonjs/samsam@^3.1.0", "@sinonjs/samsam@^3.3.3": + version "3.3.3" + resolved "https://registry.yarnpkg.com/@sinonjs/samsam/-/samsam-3.3.3.tgz#46682efd9967b259b81136b9f120fd54585feb4a" + integrity sha512-bKCMKZvWIjYD0BLGnNrxVuw4dkWCYsLqFOUWw8VgKF/+5Y+mE7LfHWPIYoDXowH+3a9LsWDMo0uAP8YDosPvHQ== + dependencies: + "@sinonjs/commons" "^1.3.0" + array-from "^2.1.1" + lodash "^4.17.15" + +"@sinonjs/text-encoding@^0.7.1": + version "0.7.1" + resolved "https://registry.yarnpkg.com/@sinonjs/text-encoding/-/text-encoding-0.7.1.tgz#8da5c6530915653f3a1f38fd5f101d8c3f8079c5" + integrity sha512-+iTbntw2IZPb/anVDbypzfQa+ay64MW0Zo8aJ8gZPWMMK6/OubMVb6lUPMagqjOPnmtauXnFCACVl3O7ogjeqQ== + accepts@~1.3.5: version "1.3.5" resolved "https://registry.yarnpkg.com/accepts/-/accepts-1.3.5.tgz#eb777df6011723a3b14e8a72c0805c8e86746bd2" @@ -10,6 +55,26 @@ accepts@~1.3.5: mime-types "~2.1.18" negotiator "0.6.1" +acorn-jsx@^5.0.2: + version "5.0.2" + resolved "https://registry.yarnpkg.com/acorn-jsx/-/acorn-jsx-5.0.2.tgz#84b68ea44b373c4f8686023a551f61a21b7c4a4f" + integrity sha512-tiNTrP1MP0QrChmD2DdupCr6HWSFeKVw5d/dHTu4Y7rkAkRhU/Dt7dphAfIUyxtHpl/eBVip5uTNSpQJHylpAw== + +acorn@^7.0.0: + version "7.1.0" + resolved "https://registry.yarnpkg.com/acorn/-/acorn-7.1.0.tgz#949d36f2c292535da602283586c2477c57eb2d6c" + integrity sha512-kL5CuoXA/dgxlBbVrflsflzQ3PAas7RYZB52NOm/6839iVYJgKMJ3cQJD+t2i5+qFa8h3MDpEOJiS64E8JLnSQ== + +ajv@^6.10.0, ajv@^6.10.2: + version "6.10.2" + resolved "https://registry.yarnpkg.com/ajv/-/ajv-6.10.2.tgz#d3cea04d6b017b2894ad69040fec8b623eb4bd52" + integrity sha512-TXtUUEYHuaTEbLZWIKUr5pmBuhDLy+8KYtPYdcV8qC+pOZL+NKqYwvWSRrVXHn+ZmRRAu8vJTAznH7Oag6RVRw== + dependencies: + fast-deep-equal "^2.0.1" + fast-json-stable-stringify "^2.0.0" + json-schema-traverse "^0.4.1" + uri-js "^4.2.2" + ajv@^6.5.5: version "6.6.1" resolved "https://registry.yarnpkg.com/ajv/-/ajv-6.6.1.tgz#6360f5ed0d80f232cc2b294c362d5dc2e538dd61" @@ -20,11 +85,50 @@ ajv@^6.5.5: json-schema-traverse "^0.4.1" uri-js "^4.2.2" +ansi-colors@3.2.3: + version "3.2.3" + resolved "https://registry.yarnpkg.com/ansi-colors/-/ansi-colors-3.2.3.tgz#57d35b8686e851e2cc04c403f1c00203976a1813" + integrity sha512-LEHHyuhlPY3TmuUYMh2oz89lTShfvgbmzaBcxve9t/9Wuy7Dwf4yoAKcND7KFT1HAQfqZ12qtc+DUrBMeKF9nw== + +ansi-escapes@^3.2.0: + version "3.2.0" + resolved "https://registry.yarnpkg.com/ansi-escapes/-/ansi-escapes-3.2.0.tgz#8780b98ff9dbf5638152d1f1fe5c1d7b4442976b" + integrity sha512-cBhpre4ma+U0T1oM5fXg7Dy1Jw7zzwv7lt/GoCpr+hDQJoYnKVPLL4dCvSEFMmQurOQvSrwT7SL/DAlhBI97RQ== + +ansi-regex@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-3.0.0.tgz#ed0317c322064f79466c02966bddb605ab37d998" + integrity sha1-7QMXwyIGT3lGbAKWa922Bas32Zg= + +ansi-regex@^4.1.0: + version "4.1.0" + resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-4.1.0.tgz#8b9f8f08cf1acb843756a839ca8c7e3168c51997" + integrity sha512-1apePfXM1UOSqw0o9IiFAovVz9M5S1Dg+4TrDwfMewQ6p/rmMueb7tWZjQ1rx4Loy1ArBggoqGpfqqdI4rondg== + +ansi-styles@^3.2.0, ansi-styles@^3.2.1: + version "3.2.1" + resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-3.2.1.tgz#41fbb20243e50b12be0f04b8dedbf07520ce841d" + integrity sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA== + dependencies: + color-convert "^1.9.0" + +argparse@^1.0.7: + version "1.0.10" + resolved "https://registry.yarnpkg.com/argparse/-/argparse-1.0.10.tgz#bcd6791ea5ae09725e17e5ad988134cd40b3d911" + integrity sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg== + dependencies: + sprintf-js "~1.0.2" + array-flatten@1.1.1: version "1.1.1" resolved "https://registry.yarnpkg.com/array-flatten/-/array-flatten-1.1.1.tgz#9a5f699051b1e7073328f2a008968b64ea2955d2" integrity sha1-ml9pkFGx5wczKPKgCJaLZOopVdI= +array-from@^2.1.1: + version "2.1.1" + resolved "https://registry.yarnpkg.com/array-from/-/array-from-2.1.1.tgz#cfe9d8c26628b9dc5aecc62a9f5d8f1f352c1195" + integrity sha1-z+nYwmYoudxa7MYqn12PHzUsEZU= + asn1@~0.2.3: version "0.2.4" resolved "https://registry.yarnpkg.com/asn1/-/asn1-0.2.4.tgz#8d2475dfab553bb33e77b54e59e880bb8ce23136" @@ -37,6 +141,11 @@ assert-plus@1.0.0, assert-plus@^1.0.0: resolved "https://registry.yarnpkg.com/assert-plus/-/assert-plus-1.0.0.tgz#f12e0f3c5d77b0b1cdd9146942e4e96c1e4dd525" integrity sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU= +astral-regex@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/astral-regex/-/astral-regex-1.0.0.tgz#6c8c3fb827dd43ee3918f27b82782ab7658a6fd9" + integrity sha512-+Ryf6g3BKoRc7jfp7ad8tM4TtMiaWvbF/1/sQcZPkkS7ag3D5nMBCe2UfOTONtAkaG0tO0ij3C5Lwmf1EiyjHg== + async@^2.1.5: version "2.6.1" resolved "https://registry.yarnpkg.com/async/-/async-2.6.1.tgz#b245a23ca71930044ec53fa46aa00a3e87c6a610" @@ -44,11 +153,6 @@ async@^2.1.5: dependencies: lodash "^4.17.10" -async@~1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/async/-/async-1.0.0.tgz#f8fc04ca3a13784ade9e1641af98578cfbd647a9" - integrity sha1-+PwEyjoTeErenhZBr5hXjPvWR6k= - asynckit@^0.4.0: version "0.4.0" resolved "https://registry.yarnpkg.com/asynckit/-/asynckit-0.4.0.tgz#c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79" @@ -105,33 +209,72 @@ browser-stdout@1.3.1: resolved "https://registry.yarnpkg.com/browser-stdout/-/browser-stdout-1.3.1.tgz#baa559ee14ced73452229bad7326467c61fabd60" integrity sha512-qhAVI1+Av2X7qelOfAIYwXONood6XlZE/fXaBSmW/T5SzLAmCgzi+eiWE7fUvbHaeNBQH13UftjpXxsfLkMpgw== -buffer-from@^1.0.0: - version "1.1.1" - resolved "https://registry.yarnpkg.com/buffer-from/-/buffer-from-1.1.1.tgz#32713bc028f75c02fdb710d7c7bcec1f2c6070ef" - integrity sha512-MQcXEUbCKtEo7bhqEs6560Hyd4XaovZlO/k9V3hjVUF/zwW7KBVdSK4gIt/bzwS9MbR5qob+F5jusZsb0YQK2A== - bytes@3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.0.0.tgz#d32815404d689699f85a4ea4fa8755dd13a96048" integrity sha1-0ygVQE1olpn4Wk6k+odV3ROpYEg= +callsites@^3.0.0: + version "3.1.0" + resolved "https://registry.yarnpkg.com/callsites/-/callsites-3.1.0.tgz#b3630abd8943432f54b3f0519238e33cd7df2f73" + integrity sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ== + +camelcase@^5.0.0: + version "5.3.1" + resolved "https://registry.yarnpkg.com/camelcase/-/camelcase-5.3.1.tgz#e3c9b31569e106811df242f715725a1f4c494320" + integrity sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg== + caseless@~0.12.0: version "0.12.0" resolved "https://registry.yarnpkg.com/caseless/-/caseless-0.12.0.tgz#1b681c21ff84033c826543090689420d187151dc" integrity sha1-G2gcIf+EAzyCZUMJBolCDRhxUdw= -cli@~1.0.0: - version "1.0.1" - resolved "https://registry.yarnpkg.com/cli/-/cli-1.0.1.tgz#22817534f24bfa4950c34d532d48ecbc621b8c14" - integrity sha1-IoF1NPJL+klQw01TLUjsvGIbjBQ= +chalk@^2.0.0, chalk@^2.0.1, chalk@^2.1.0, chalk@^2.4.2: + version "2.4.2" + resolved "https://registry.yarnpkg.com/chalk/-/chalk-2.4.2.tgz#cd42541677a54333cf541a49108c1432b44c9424" + integrity sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ== dependencies: - exit "0.1.2" - glob "^7.1.1" + ansi-styles "^3.2.1" + escape-string-regexp "^1.0.5" + supports-color "^5.3.0" -colors@1.0.x: - version "1.0.3" - resolved "https://registry.yarnpkg.com/colors/-/colors-1.0.3.tgz#0433f44d809680fdeb60ed260f1b0c262e82a40b" - integrity sha1-BDP0TYCWgP3rYO0mDxsMJi6CpAs= +chardet@^0.7.0: + version "0.7.0" + resolved "https://registry.yarnpkg.com/chardet/-/chardet-0.7.0.tgz#90094849f0937f2eedc2425d0d28a9e5f0cbad9e" + integrity sha512-mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA== + +cli-cursor@^2.1.0: + version "2.1.0" + resolved "https://registry.yarnpkg.com/cli-cursor/-/cli-cursor-2.1.0.tgz#b35dac376479facc3e94747d41d0d0f5238ffcb5" + integrity sha1-s12sN2R5+sw+lHR9QdDQ9SOP/LU= + dependencies: + restore-cursor "^2.0.0" + +cli-width@^2.0.0: + version "2.2.0" + resolved "https://registry.yarnpkg.com/cli-width/-/cli-width-2.2.0.tgz#ff19ede8a9a5e579324147b0c11f0fbcbabed639" + integrity sha1-/xnt6Kml5XkyQUewwR8PvLq+1jk= + +cliui@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/cliui/-/cliui-5.0.0.tgz#deefcfdb2e800784aa34f46fa08e06851c7bbbc5" + integrity sha512-PYeGSEmmHM6zvoef2w8TPzlrnNpXIjTipYK780YswmIP9vjxmd6Y2a3CB2Ks6/AU8NHjZugXvo8w3oWM2qnwXA== + dependencies: + string-width "^3.1.0" + strip-ansi "^5.2.0" + wrap-ansi "^5.1.0" + +color-convert@^1.9.0: + version "1.9.3" + resolved "https://registry.yarnpkg.com/color-convert/-/color-convert-1.9.3.tgz#bb71850690e1f136567de629d2d5471deda4c1e8" + integrity sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg== + dependencies: + color-name "1.1.3" + +color-name@1.1.3: + version "1.1.3" + resolved "https://registry.yarnpkg.com/color-name/-/color-name-1.1.3.tgz#a7d0558bd89c42f795dd42328f740831ca53bc25" + integrity sha1-p9BVi9icQveV3UIyj3QIMcpTvCU= combined-stream@^1.0.6, combined-stream@~1.0.6: version "1.0.7" @@ -140,33 +283,11 @@ combined-stream@^1.0.6, combined-stream@~1.0.6: dependencies: delayed-stream "~1.0.0" -commander@2.15.1: - version "2.15.1" - resolved "https://registry.yarnpkg.com/commander/-/commander-2.15.1.tgz#df46e867d0fc2aec66a34662b406a9ccafff5b0f" - integrity sha512-VlfT9F3V0v+jr4yxPc5gg9s62/fIVWsd2Bk2iD435um1NlGMYdVCq+MjcXnhYq2icNOizHr1kK+5TI6H0Hy0ag== - concat-map@0.0.1: version "0.0.1" resolved "https://registry.yarnpkg.com/concat-map/-/concat-map-0.0.1.tgz#d8a96bd77fd68df7793a73036a3ba0d5405d477b" integrity sha1-2Klr13/Wjfd5OnMDajug1UBdR3s= -concat-stream@1.6.2: - version "1.6.2" - resolved "https://registry.yarnpkg.com/concat-stream/-/concat-stream-1.6.2.tgz#904bdf194cd3122fc675c77fc4ac3d4ff0fd1a34" - integrity sha512-27HBghJxjiZtIk3Ycvn/4kbJk/1uZuJFfuPEns6LaEvpvG1f0hTea8lilrouyo9mVc2GWdcEZ8OLoGmSADlrCw== - dependencies: - buffer-from "^1.0.0" - inherits "^2.0.3" - readable-stream "^2.2.2" - typedarray "^0.0.6" - -console-browserify@1.1.x: - version "1.1.0" - resolved "https://registry.yarnpkg.com/console-browserify/-/console-browserify-1.1.0.tgz#f0241c45730a9fc6323b206dbf38edc741d0bb10" - integrity sha1-8CQcRXMKn8YyOyBtvzjtx0HQuxA= - dependencies: - date-now "^0.1.4" - content-disposition@0.5.2: version "0.5.2" resolved "https://registry.yarnpkg.com/content-disposition/-/content-disposition-0.5.2.tgz#0cf68bb9ddf5f2be7961c3a85178cb85dba78cb4" @@ -187,15 +308,21 @@ cookie@0.3.1: resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.3.1.tgz#e7e0a1f9ef43b4c8ba925c5c5a96e806d16873bb" integrity sha1-5+Ch+e9DtMi6klxcWpboBtFoc7s= -core-util-is@1.0.2, core-util-is@~1.0.0: +core-util-is@1.0.2: version "1.0.2" resolved "https://registry.yarnpkg.com/core-util-is/-/core-util-is-1.0.2.tgz#b5fd54220aa2bc5ab57aab7140c940754503c1a7" integrity sha1-tf1UIgqivFq1eqtxQMlAdUUDwac= -cycle@1.0.x: - version "1.0.3" - resolved "https://registry.yarnpkg.com/cycle/-/cycle-1.0.3.tgz#21e80b2be8580f98b468f379430662b046c34ad2" - integrity sha1-IegLK+hYD5i0aPN5QwZisEbDStI= +cross-spawn@^6.0.5: + version "6.0.5" + resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-6.0.5.tgz#4a5ec7c64dfae22c3a14124dbacdee846d80cbc4" + integrity sha512-eTVLrBSt7fjbDygz805pMnstIs2VTBNkRm0qxZd+M7A5XDdxVRWO5MxGBXZhjY4cqLYLdtrGqRf8mBPmzwSpWQ== + dependencies: + nice-try "^1.0.4" + path-key "^2.0.1" + semver "^5.5.0" + shebang-command "^1.2.0" + which "^1.2.9" dashdash@^1.12.0: version "1.14.1" @@ -204,11 +331,6 @@ dashdash@^1.12.0: dependencies: assert-plus "^1.0.0" -date-now@^0.1.4: - version "0.1.4" - resolved "https://registry.yarnpkg.com/date-now/-/date-now-0.1.4.tgz#eaf439fd4d4848ad74e5cc7dbef200672b9e345b" - integrity sha1-6vQ5/U1ISK105cx9vvIAZyueNFs= - debug@2.6.9: version "2.6.9" resolved "https://registry.yarnpkg.com/debug/-/debug-2.6.9.tgz#5d128515df134ff327e90a4c93f4e077a536341f" @@ -216,20 +338,37 @@ debug@2.6.9: dependencies: ms "2.0.0" -debug@3.1.0: - version "3.1.0" - resolved "https://registry.yarnpkg.com/debug/-/debug-3.1.0.tgz#5bb5a0672628b64149566ba16819e61518c67261" - integrity sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g== - dependencies: - ms "2.0.0" - -debug@^3.1.0: +debug@3.2.6, debug@^3.1.0: version "3.2.6" resolved "https://registry.yarnpkg.com/debug/-/debug-3.2.6.tgz#e83d17de16d8a7efb7717edbe5fb10135eee629b" integrity sha512-mel+jf7nrtEl5Pn1Qx46zARXKDpBbvzezse7p7LqINmdoIk8PYP5SySaxEmYv6TZ0JyEKA1hsCId6DIhgITtWQ== dependencies: ms "^2.1.1" +debug@^4.0.1: + version "4.1.1" + resolved "https://registry.yarnpkg.com/debug/-/debug-4.1.1.tgz#3b72260255109c6b589cee050f1d516139664791" + integrity sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw== + dependencies: + ms "^2.1.1" + +decamelize@^1.2.0: + version "1.2.0" + resolved "https://registry.yarnpkg.com/decamelize/-/decamelize-1.2.0.tgz#f6534d15148269b20352e7bee26f501f9a191290" + integrity sha1-9lNNFRSCabIDUue+4m9QH5oZEpA= + +deep-is@~0.1.3: + version "0.1.3" + resolved "https://registry.yarnpkg.com/deep-is/-/deep-is-0.1.3.tgz#b369d6fb5dbc13eecf524f91b070feedc357cf34" + integrity sha1-s2nW+128E+7PUk+RsHD+7cNXzzQ= + +define-properties@^1.1.2, define-properties@^1.1.3: + version "1.1.3" + resolved "https://registry.yarnpkg.com/define-properties/-/define-properties-1.1.3.tgz#cf88da6cbee26fe6db7094f61d870cbd84cee9f1" + integrity sha512-3MqfYKj2lLzdMSf8ZIZE/V+Zuy+BgD6f164e8K2w7dgnpKArBDerGYpM46IYYcjnkdPNMjPk9A6VFB8+3SKlXQ== + dependencies: + object-keys "^1.0.12" + delayed-stream@~1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/delayed-stream/-/delayed-stream-1.0.0.tgz#df3ae199acadfb7d440aaae0b29e2272b24ec619" @@ -245,43 +384,17 @@ destroy@~1.0.4: resolved "https://registry.yarnpkg.com/destroy/-/destroy-1.0.4.tgz#978857442c44749e4206613e37946205826abd80" integrity sha1-l4hXRCxEdJ5CBmE+N5RiBYJqvYA= -diff@3.5.0, diff@^3.1.0: +diff@3.5.0, diff@^3.5.0: version "3.5.0" resolved "https://registry.yarnpkg.com/diff/-/diff-3.5.0.tgz#800c0dd1e0a8bfbc95835c202ad220fe317e5a12" integrity sha512-A46qtFgd+g7pDZinpnwiRJtxbC1hpgf0uzP3iG89scHk0AUC7A1TGxf5OiiOUv/JMZR8GOt8hL900hV0bOy5xA== -dom-serializer@0: - version "0.1.0" - resolved "https://registry.yarnpkg.com/dom-serializer/-/dom-serializer-0.1.0.tgz#073c697546ce0780ce23be4a28e293e40bc30c82" - integrity sha1-BzxpdUbOB4DOI75KKOKT5AvDDII= - dependencies: - domelementtype "~1.1.1" - entities "~1.1.1" - -domelementtype@1: - version "1.2.1" - resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-1.2.1.tgz#578558ef23befac043a1abb0db07635509393479" - integrity sha512-SQVCLFS2E7G5CRCMdn6K9bIhRj1bS6QBWZfF0TUPh4V/BbqrQ619IdSS3/izn0FZ+9l+uODzaZjb08fjOfablA== - -domelementtype@~1.1.1: - version "1.1.3" - resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-1.1.3.tgz#bd28773e2642881aec51544924299c5cd822185b" - integrity sha1-vSh3PiZCiBrsUVRJJCmcXNgiGFs= - -domhandler@2.3: - version "2.3.0" - resolved "https://registry.yarnpkg.com/domhandler/-/domhandler-2.3.0.tgz#2de59a0822d5027fabff6f032c2b25a2a8abe738" - integrity sha1-LeWaCCLVAn+r/28DLCsloqir5zg= - dependencies: - domelementtype "1" - -domutils@1.5: - version "1.5.1" - resolved "https://registry.yarnpkg.com/domutils/-/domutils-1.5.1.tgz#dcd8488a26f563d61079e48c9f7b7e32373682cf" - integrity sha1-3NhIiib1Y9YQeeSMn3t+Mjc2gs8= +doctrine@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/doctrine/-/doctrine-3.0.0.tgz#addebead72a6574db783639dc87a121773973961" + integrity sha512-yS+Q5i3hBf7GBkd4KG8a7eBNNWNGLTaEwwYWUijIYM7zrlYDM0BFXHjjPWlWZ1Rg7UaddZeIDmi9jF3HmqiQ2w== dependencies: - dom-serializer "0" - domelementtype "1" + esutils "^2.0.2" ecc-jsbn@~0.1.1: version "0.1.2" @@ -301,46 +414,157 @@ ejs@^2.5.6: resolved "https://registry.yarnpkg.com/ejs/-/ejs-2.6.1.tgz#498ec0d495655abc6f23cd61868d926464071aa0" integrity sha512-0xy4A/twfrRCnkhfk8ErDi5DqdAsAqeGxht4xkCUrsvhhbQNs7E+4jV0CN7+NKIY0aHE72+XvqtBIXzD31ZbXQ== +emoji-regex@^7.0.1: + version "7.0.3" + resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-7.0.3.tgz#933a04052860c85e83c122479c4748a8e4c72156" + integrity sha512-CwBLREIQ7LvYFB0WyRvwhq5N5qPhc6PMjD6bYggFlI5YyDgl+0vxq5VHbMOFqLg7hfWzmu8T5Z1QofhmTIhItA== + encodeurl@~1.0.2: version "1.0.2" resolved "https://registry.yarnpkg.com/encodeurl/-/encodeurl-1.0.2.tgz#ad3ff4c86ec2d029322f5a02c3a9a606c95b3f59" integrity sha1-rT/0yG7C0CkyL1oCw6mmBslbP1k= -entities@1.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/entities/-/entities-1.0.0.tgz#b2987aa3821347fcde642b24fdfc9e4fb712bf26" - integrity sha1-sph6o4ITR/zeZCsk/fyeT7cSvyY= - -entities@~1.1.1: - version "1.1.2" - resolved "https://registry.yarnpkg.com/entities/-/entities-1.1.2.tgz#bdfa735299664dfafd34529ed4f8522a275fea56" - integrity sha512-f2LZMYl1Fzu7YSBKg+RoROelpOaNrcGmE9AZubeDfrCEia483oW4MI4VyFd5VNHIgQ/7qm1I0wUHK1eJnn2y2w== - -es6-promise@^4.0.3: - version "4.2.5" - resolved "https://registry.yarnpkg.com/es6-promise/-/es6-promise-4.2.5.tgz#da6d0d5692efb461e082c14817fe2427d8f5d054" - integrity sha512-n6wvpdE43VFtJq+lUDYDBFUwV8TZbuGXLV4D6wKafg13ldznKsyEvatubnmUe31zcvelSzOHF+XbaT+Bl9ObDg== +es-abstract@^1.5.1: + version "1.14.2" + resolved "https://registry.yarnpkg.com/es-abstract/-/es-abstract-1.14.2.tgz#7ce108fad83068c8783c3cdf62e504e084d8c497" + integrity sha512-DgoQmbpFNOofkjJtKwr87Ma5EW4Dc8fWhD0R+ndq7Oc456ivUfGOOP6oAZTTKl5/CcNMP+EN+e3/iUzgE0veZg== + dependencies: + es-to-primitive "^1.2.0" + function-bind "^1.1.1" + has "^1.0.3" + has-symbols "^1.0.0" + is-callable "^1.1.4" + is-regex "^1.0.4" + object-inspect "^1.6.0" + object-keys "^1.1.1" + string.prototype.trimleft "^2.0.0" + string.prototype.trimright "^2.0.0" + +es-to-primitive@^1.2.0: + version "1.2.0" + resolved "https://registry.yarnpkg.com/es-to-primitive/-/es-to-primitive-1.2.0.tgz#edf72478033456e8dda8ef09e00ad9650707f377" + integrity sha512-qZryBOJjV//LaxLTV6UC//WewneB3LcXOL9NP++ozKVXsIIIpm/2c13UDiD9Jp2eThsecw9m3jPqDwTyobcdbg== + dependencies: + is-callable "^1.1.4" + is-date-object "^1.0.1" + is-symbol "^1.0.2" escape-html@~1.0.3: version "1.0.3" resolved "https://registry.yarnpkg.com/escape-html/-/escape-html-1.0.3.tgz#0258eae4d3d0c0974de1c169188ef0051d1d1988" integrity sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg= -escape-string-regexp@1.0.5: +escape-string-regexp@1.0.5, escape-string-regexp@^1.0.5: version "1.0.5" resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz#1b61c0562190a8dff6ae3bb2cf0200ca130b86d4" integrity sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ= +eslint-scope@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/eslint-scope/-/eslint-scope-5.0.0.tgz#e87c8887c73e8d1ec84f1ca591645c358bfc8fb9" + integrity sha512-oYrhJW7S0bxAFDvWqzvMPRm6pcgcnWc4QnofCAqRTRfQC0JcwenzGglTtsLyIuuWFfkqDG9vz67cnttSd53djw== + dependencies: + esrecurse "^4.1.0" + estraverse "^4.1.1" + +eslint-utils@^1.4.2: + version "1.4.2" + resolved "https://registry.yarnpkg.com/eslint-utils/-/eslint-utils-1.4.2.tgz#166a5180ef6ab7eb462f162fd0e6f2463d7309ab" + integrity sha512-eAZS2sEUMlIeCjBeubdj45dmBHQwPHWyBcT1VSYB7o9x9WRRqKxyUoiXlRjyAwzN7YEzHJlYg0NmzDRWx6GP4Q== + dependencies: + eslint-visitor-keys "^1.0.0" + +eslint-visitor-keys@^1.0.0, eslint-visitor-keys@^1.1.0: + version "1.1.0" + resolved "https://registry.yarnpkg.com/eslint-visitor-keys/-/eslint-visitor-keys-1.1.0.tgz#e2a82cea84ff246ad6fb57f9bde5b46621459ec2" + integrity sha512-8y9YjtM1JBJU/A9Kc+SbaOV4y29sSWckBwMHa+FGtVj5gN/sbnKDf6xJUl+8g7FAij9LVaP8C24DUiH/f/2Z9A== + +eslint@^6.5.1: + version "6.5.1" + resolved "https://registry.yarnpkg.com/eslint/-/eslint-6.5.1.tgz#828e4c469697d43bb586144be152198b91e96ed6" + integrity sha512-32h99BoLYStT1iq1v2P9uwpyznQ4M2jRiFB6acitKz52Gqn+vPaMDUTB1bYi1WN4Nquj2w+t+bimYUG83DC55A== + dependencies: + "@babel/code-frame" "^7.0.0" + ajv "^6.10.0" + chalk "^2.1.0" + cross-spawn "^6.0.5" + debug "^4.0.1" + doctrine "^3.0.0" + eslint-scope "^5.0.0" + eslint-utils "^1.4.2" + eslint-visitor-keys "^1.1.0" + espree "^6.1.1" + esquery "^1.0.1" + esutils "^2.0.2" + file-entry-cache "^5.0.1" + functional-red-black-tree "^1.0.1" + glob-parent "^5.0.0" + globals "^11.7.0" + ignore "^4.0.6" + import-fresh "^3.0.0" + imurmurhash "^0.1.4" + inquirer "^6.4.1" + is-glob "^4.0.0" + js-yaml "^3.13.1" + json-stable-stringify-without-jsonify "^1.0.1" + levn "^0.3.0" + lodash "^4.17.14" + minimatch "^3.0.4" + mkdirp "^0.5.1" + natural-compare "^1.4.0" + optionator "^0.8.2" + progress "^2.0.0" + regexpp "^2.0.1" + semver "^6.1.2" + strip-ansi "^5.2.0" + strip-json-comments "^3.0.1" + table "^5.2.3" + text-table "^0.2.0" + v8-compile-cache "^2.0.3" + +espree@^6.1.1: + version "6.1.1" + resolved "https://registry.yarnpkg.com/espree/-/espree-6.1.1.tgz#7f80e5f7257fc47db450022d723e356daeb1e5de" + integrity sha512-EYbr8XZUhWbYCqQRW0duU5LxzL5bETN6AjKBGy1302qqzPaCH10QbRg3Wvco79Z8x9WbiE8HYB4e75xl6qUYvQ== + dependencies: + acorn "^7.0.0" + acorn-jsx "^5.0.2" + eslint-visitor-keys "^1.1.0" + +esprima@^4.0.0: + version "4.0.1" + resolved "https://registry.yarnpkg.com/esprima/-/esprima-4.0.1.tgz#13b04cdb3e6c5d19df91ab6987a8695619b0aa71" + integrity sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A== + +esquery@^1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/esquery/-/esquery-1.0.1.tgz#406c51658b1f5991a5f9b62b1dc25b00e3e5c708" + integrity sha512-SmiyZ5zIWH9VM+SRUReLS5Q8a7GxtRdxEBVZpm98rJM7Sb+A9DVCndXfkeFUd3byderg+EbDkfnevfCwynWaNA== + dependencies: + estraverse "^4.0.0" + +esrecurse@^4.1.0: + version "4.2.1" + resolved "https://registry.yarnpkg.com/esrecurse/-/esrecurse-4.2.1.tgz#007a3b9fdbc2b3bb87e4879ea19c92fdbd3942cf" + integrity sha512-64RBB++fIOAXPw3P9cy89qfMlvZEXZkqqJkjqqXIvzP5ezRZjW+lPWjw35UX/3EhUPFYbg5ER4JYgDw4007/DQ== + dependencies: + estraverse "^4.1.0" + +estraverse@^4.0.0, estraverse@^4.1.0, estraverse@^4.1.1: + version "4.3.0" + resolved "https://registry.yarnpkg.com/estraverse/-/estraverse-4.3.0.tgz#398ad3f3c5a24948be7725e83d11a7de28cdbd1d" + integrity sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw== + +esutils@^2.0.2: + version "2.0.3" + resolved "https://registry.yarnpkg.com/esutils/-/esutils-2.0.3.tgz#74d2eb4de0b8da1293711910d50775b9b710ef64" + integrity sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g== + etag@~1.8.1: version "1.8.1" resolved "https://registry.yarnpkg.com/etag/-/etag-1.8.1.tgz#41ae2eeb65efa62268aebfea83ac7d79299b0887" integrity sha1-Qa4u62XvpiJorr/qg6x9eSmbCIc= -exit@0.1.2, exit@0.1.x: - version "0.1.2" - resolved "https://registry.yarnpkg.com/exit/-/exit-0.1.2.tgz#0632638f8d877cc82107d30a0fff1a17cba1cd0c" - integrity sha1-BjJjj42HfMghB9MKD/8aF8uhzQw= - express@^4.16.2: version "4.16.4" resolved "https://registry.yarnpkg.com/express/-/express-4.16.4.tgz#fddef61926109e24c515ea97fd2f1bdbf62df12e" @@ -382,15 +606,14 @@ extend@~3.0.2: resolved "https://registry.yarnpkg.com/extend/-/extend-3.0.2.tgz#f8b1136b4071fbd8eb140aff858b1019ec2915fa" integrity sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g== -extract-zip@^1.6.5: - version "1.6.7" - resolved "https://registry.yarnpkg.com/extract-zip/-/extract-zip-1.6.7.tgz#a840b4b8af6403264c8db57f4f1a74333ef81fe9" - integrity sha1-qEC0uK9kAyZMjbV/Txp0Mz74H+k= +external-editor@^3.0.3: + version "3.1.0" + resolved "https://registry.yarnpkg.com/external-editor/-/external-editor-3.1.0.tgz#cb03f740befae03ea4d283caed2741a83f335495" + integrity sha512-hMQ4CX1p1izmuLYyZqLMO/qGNw10wSv9QDCPfzXfyFrOaCSSoRfqE1Kf1s5an66J5JZC62NewG+mK49jOCtQew== dependencies: - concat-stream "1.6.2" - debug "2.6.9" - mkdirp "0.5.1" - yauzl "2.4.1" + chardet "^0.7.0" + iconv-lite "^0.4.24" + tmp "^0.0.33" extsprintf@1.3.0: version "1.3.0" @@ -402,11 +625,6 @@ extsprintf@^1.2.0: resolved "https://registry.yarnpkg.com/extsprintf/-/extsprintf-1.4.0.tgz#e2689f8f356fad62cca65a3a91c5df5f9551692f" integrity sha1-4mifjzVvrWLMplo6kcXfX5VRaS8= -eyes@0.1.x: - version "0.1.8" - resolved "https://registry.yarnpkg.com/eyes/-/eyes-0.1.8.tgz#62cf120234c683785d902348a800ef3e0cc20bc0" - integrity sha1-Ys8SAjTGg3hdkCNIqADvPgzCC8A= - fast-deep-equal@^2.0.1: version "2.0.1" resolved "https://registry.yarnpkg.com/fast-deep-equal/-/fast-deep-equal-2.0.1.tgz#7b05218ddf9667bf7f370bf7fdb2cb15fdd0aa49" @@ -417,12 +635,24 @@ fast-json-stable-stringify@^2.0.0: resolved "https://registry.yarnpkg.com/fast-json-stable-stringify/-/fast-json-stable-stringify-2.0.0.tgz#d5142c0caee6b1189f87d3a76111064f86c8bbf2" integrity sha1-1RQsDK7msRifh9OnYREGT4bIu/I= -fd-slicer@~1.0.1: - version "1.0.1" - resolved "https://registry.yarnpkg.com/fd-slicer/-/fd-slicer-1.0.1.tgz#8b5bcbd9ec327c5041bf9ab023fd6750f1177e65" - integrity sha1-i1vL2ewyfFBBv5qwI/1nUPEXfmU= +fast-levenshtein@~2.0.4: + version "2.0.6" + resolved "https://registry.yarnpkg.com/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz#3d8a5c66883a16a30ca8643e851f19baa7797917" + integrity sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc= + +figures@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/figures/-/figures-2.0.0.tgz#3ab1a2d2a62c8bfb431a0c94cb797a2fce27c962" + integrity sha1-OrGi0qYsi/tDGgyUy3l6L84nyWI= dependencies: - pend "~1.2.0" + escape-string-regexp "^1.0.5" + +file-entry-cache@^5.0.1: + version "5.0.1" + resolved "https://registry.yarnpkg.com/file-entry-cache/-/file-entry-cache-5.0.1.tgz#ca0f6efa6dd3d561333fb14515065c2fafdf439c" + integrity sha512-bCg29ictuBaKUwwArK4ouCaqDgLZcysCFLmM/Yn/FDoqndh/9vNuQfXRDvTuXKLxfD/JtZQGKFT8MGcJBK644g== + dependencies: + flat-cache "^2.0.1" finalhandler@1.1.1: version "1.1.1" @@ -437,6 +667,34 @@ finalhandler@1.1.1: statuses "~1.4.0" unpipe "~1.0.0" +find-up@3.0.0, find-up@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/find-up/-/find-up-3.0.0.tgz#49169f1d7993430646da61ecc5ae355c21c97b73" + integrity sha512-1yD6RmLI1XBfxugvORwlck6f75tYL+iR0jqwsOrOxMZyGYqUuDhJ0l4AXdO1iX/FTs9cBAMEk1gWSEx1kSbylg== + dependencies: + locate-path "^3.0.0" + +flat-cache@^2.0.1: + version "2.0.1" + resolved "https://registry.yarnpkg.com/flat-cache/-/flat-cache-2.0.1.tgz#5d296d6f04bda44a4630a301413bdbc2ec085ec0" + integrity sha512-LoQe6yDuUMDzQAEH8sgmh4Md6oZnc/7PjtwjNFSzveXqSHt6ka9fPBuso7IGf9Rz4uqnSnWiFH2B/zj24a5ReA== + dependencies: + flatted "^2.0.0" + rimraf "2.6.3" + write "1.0.3" + +flat@^4.1.0: + version "4.1.0" + resolved "https://registry.yarnpkg.com/flat/-/flat-4.1.0.tgz#090bec8b05e39cba309747f1d588f04dbaf98db2" + integrity sha512-Px/TiLIznH7gEDlPXcUD4KnBusa6kR6ayRUVcnEAbreRIuhkqow/mun59BuRXwoYk7ZQOLW1ZM05ilIvK38hFw== + dependencies: + is-buffer "~2.0.3" + +flatted@^2.0.0: + version "2.0.1" + resolved "https://registry.yarnpkg.com/flatted/-/flatted-2.0.1.tgz#69e57caa8f0eacbc281d2e2cb458d46fdb449e08" + integrity sha512-a1hQMktqW9Nmqr5aktAux3JMNqaucxGcjtjWnZLHX7yyPCmlSV3M54nGYbqT8K+0GhF3NBgmJCc3ma+WOgX8Jg== + forever-agent@~0.6.1: version "0.6.1" resolved "https://registry.yarnpkg.com/forever-agent/-/forever-agent-0.6.1.tgz#fbc71f0c41adeb37f96c577ad1ed42d8fdacca91" @@ -451,13 +709,6 @@ form-data@~2.3.2: combined-stream "^1.0.6" mime-types "^2.1.12" -formatio@1.2.0: - version "1.2.0" - resolved "https://registry.yarnpkg.com/formatio/-/formatio-1.2.0.tgz#f3b2167d9068c4698a8d51f4f760a39a54d818eb" - integrity sha1-87IWfZBoxGmKjVH092CjmlTYGOs= - dependencies: - samsam "1.x" - forwarded@~0.1.2: version "0.1.2" resolved "https://registry.yarnpkg.com/forwarded/-/forwarded-0.1.2.tgz#98c23dab1175657b8c0573e8ceccd91b0ff18c84" @@ -468,20 +719,26 @@ fresh@0.5.2: resolved "https://registry.yarnpkg.com/fresh/-/fresh-0.5.2.tgz#3d8cadd90d976569fa835ab1f8e4b23a105605a7" integrity sha1-PYyt2Q2XZWn6g1qx+OSyOhBWBac= -fs-extra@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-1.0.0.tgz#cd3ce5f7e7cb6145883fcae3191e9877f8587950" - integrity sha1-zTzl9+fLYUWIP8rjGR6Yd/hYeVA= - dependencies: - graceful-fs "^4.1.2" - jsonfile "^2.1.0" - klaw "^1.0.0" - fs.realpath@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/fs.realpath/-/fs.realpath-1.0.0.tgz#1504ad2523158caa40db4a2787cb01411994ea4f" integrity sha1-FQStJSMVjKpA20onh8sBQRmU6k8= +function-bind@^1.1.1: + version "1.1.1" + resolved "https://registry.yarnpkg.com/function-bind/-/function-bind-1.1.1.tgz#a56899d3ea3c9bab874bb9773b7c5ede92f4895d" + integrity sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A== + +functional-red-black-tree@^1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz#1b0ab3bd553b2a0d6399d29c0e3ea0b252078327" + integrity sha1-GwqzvVU7Kg1jmdKcDj6gslIHgyc= + +get-caller-file@^2.0.1: + version "2.0.5" + resolved "https://registry.yarnpkg.com/get-caller-file/-/get-caller-file-2.0.5.tgz#4f94412a82db32f36e3b0b9741f8a97feb031f7e" + integrity sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg== + getpass@^0.1.1: version "0.1.7" resolved "https://registry.yarnpkg.com/getpass/-/getpass-0.1.7.tgz#5eff8e3e684d569ae4cb2b1282604e8ba62149fa" @@ -489,10 +746,17 @@ getpass@^0.1.1: dependencies: assert-plus "^1.0.0" -glob@7.1.2: - version "7.1.2" - resolved "https://registry.yarnpkg.com/glob/-/glob-7.1.2.tgz#c19c9df9a028702d678612384a6552404c636d15" - integrity sha512-MJTUg1kjuLeQCJ+ccE4Vpa6kKVXkPYJ2mOCQyUuKLcLQsdrMCpBPUi8qVE6+YuaJkozeA9NusTAw3hLr8Xe5EQ== +glob-parent@^5.0.0: + version "5.1.0" + resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-5.1.0.tgz#5f4c1d1e748d30cd73ad2944b3577a81b081e8c2" + integrity sha512-qjtRgnIVmOfnKUE3NJAQEdk+lKrxfw8t5ke7SXtfMTHcjsBfOfWXCQfdb30zfDoZQ2IRSIiidmjtbHZPZ++Ihw== + dependencies: + is-glob "^4.0.1" + +glob@7.1.3: + version "7.1.3" + resolved "https://registry.yarnpkg.com/glob/-/glob-7.1.3.tgz#3960832d3f1574108342dafd3a67b332c0969df1" + integrity sha512-vcfuiIxogLV4DlGBHIUOwI0IbrJ8HWPc4MU7HzviGeNho/UJDfi6B5p3sHeWIQ0KGIU0Jpxi5ZHxemQfLkkAwQ== dependencies: fs.realpath "^1.0.0" inflight "^1.0.4" @@ -501,10 +765,10 @@ glob@7.1.2: once "^1.3.0" path-is-absolute "^1.0.0" -glob@^7.1.1: - version "7.1.3" - resolved "https://registry.yarnpkg.com/glob/-/glob-7.1.3.tgz#3960832d3f1574108342dafd3a67b332c0969df1" - integrity sha512-vcfuiIxogLV4DlGBHIUOwI0IbrJ8HWPc4MU7HzviGeNho/UJDfi6B5p3sHeWIQ0KGIU0Jpxi5ZHxemQfLkkAwQ== +glob@^7.1.3: + version "7.1.4" + resolved "https://registry.yarnpkg.com/glob/-/glob-7.1.4.tgz#aa608a2f6c577ad357e1ae5a5c26d9a8d1969255" + integrity sha512-hkLPepehmnKk41pUGm3sYxoFs/umurYfYJCerbXEyFIWcAzvpipAgVkBqqT9RBKMGjnq6kMuyYwha6csxbiM1A== dependencies: fs.realpath "^1.0.0" inflight "^1.0.4" @@ -513,10 +777,10 @@ glob@^7.1.1: once "^1.3.0" path-is-absolute "^1.0.0" -graceful-fs@^4.1.2, graceful-fs@^4.1.6, graceful-fs@^4.1.9: - version "4.1.15" - resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.1.15.tgz#ffb703e1066e8a0eeaa4c8b80ba9253eeefbfb00" - integrity sha512-6uHUhOPEBgQ24HM+r6b/QwWfZq+yiFcipKFrOFiBEnWdy5sdzYoi+pJeQaPI5qOLRFqWmAXUPQNsielzdLoecA== +globals@^11.7.0: + version "11.12.0" + resolved "https://registry.yarnpkg.com/globals/-/globals-11.12.0.tgz#ab8795338868a0babd8525758018c2a7eb95c42e" + integrity sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA== growl@1.10.5: version "1.10.5" @@ -541,29 +805,22 @@ has-flag@^3.0.0: resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-3.0.0.tgz#b5d454dc2199ae225699f3467e5a07f3b955bafd" integrity sha1-tdRU3CGZriJWmfNGfloH87lVuv0= -hasha@^2.2.0: - version "2.2.0" - resolved "https://registry.yarnpkg.com/hasha/-/hasha-2.2.0.tgz#78d7cbfc1e6d66303fe79837365984517b2f6ee1" - integrity sha1-eNfL/B5tZjA/55g3NlmEUXsvbuE= - dependencies: - is-stream "^1.0.1" - pinkie-promise "^2.0.0" - -he@1.1.1: - version "1.1.1" - resolved "https://registry.yarnpkg.com/he/-/he-1.1.1.tgz#93410fd21b009735151f8868c2f271f3427e23fd" - integrity sha1-k0EP0hsAlzUVH4howvJx80J+I/0= +has-symbols@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/has-symbols/-/has-symbols-1.0.0.tgz#ba1a8f1af2a0fc39650f5c850367704122063b44" + integrity sha1-uhqPGvKg/DllD1yFA2dwQSIGO0Q= -htmlparser2@3.8.x: - version "3.8.3" - resolved "https://registry.yarnpkg.com/htmlparser2/-/htmlparser2-3.8.3.tgz#996c28b191516a8be86501a7d79757e5c70c1068" - integrity sha1-mWwosZFRaovoZQGn15dX5ccMEGg= +has@^1.0.1, has@^1.0.3: + version "1.0.3" + resolved "https://registry.yarnpkg.com/has/-/has-1.0.3.tgz#722d7cbfc1f6aa8241f16dd814e011e1f41e8796" + integrity sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw== dependencies: - domelementtype "1" - domhandler "2.3" - domutils "1.5" - entities "1.0" - readable-stream "1.1" + function-bind "^1.1.1" + +he@1.2.0: + version "1.2.0" + resolved "https://registry.yarnpkg.com/he/-/he-1.2.0.tgz#84ae65fa7eafb165fddb61566ae14baf05664f0f" + integrity sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw== http-errors@1.6.3, http-errors@~1.6.2, http-errors@~1.6.3: version "1.6.3" @@ -591,6 +848,31 @@ iconv-lite@0.4.23: dependencies: safer-buffer ">= 2.1.2 < 3" +iconv-lite@^0.4.24: + version "0.4.24" + resolved "https://registry.yarnpkg.com/iconv-lite/-/iconv-lite-0.4.24.tgz#2022b4b25fbddc21d2f524974a474aafe733908b" + integrity sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA== + dependencies: + safer-buffer ">= 2.1.2 < 3" + +ignore@^4.0.6: + version "4.0.6" + resolved "https://registry.yarnpkg.com/ignore/-/ignore-4.0.6.tgz#750e3db5862087b4737ebac8207ffd1ef27b25fc" + integrity sha512-cyFDKrqc/YdcWFniJhzI42+AzS+gNwmUzOSFcRCQYwySuBBBy/KjuxWLZ/FHEH6Moq1NizMOBWyTcv8O4OZIMg== + +import-fresh@^3.0.0: + version "3.1.0" + resolved "https://registry.yarnpkg.com/import-fresh/-/import-fresh-3.1.0.tgz#6d33fa1dcef6df930fae003446f33415af905118" + integrity sha512-PpuksHKGt8rXfWEr9m9EHIpgyyaltBy8+eF6GJM0QCAxMgxCfucMF3mjecK2QsJr0amJW7gTqh5/wht0z2UhEQ== + dependencies: + parent-module "^1.0.0" + resolve-from "^4.0.0" + +imurmurhash@^0.1.4: + version "0.1.4" + resolved "https://registry.yarnpkg.com/imurmurhash/-/imurmurhash-0.1.4.tgz#9218b9b2b928a238b13dc4fb6b6d576f231453ea" + integrity sha1-khi5srkoojixPcT7a21XbyMUU+o= + inflight@^1.0.4: version "1.0.6" resolved "https://registry.yarnpkg.com/inflight/-/inflight-1.0.6.tgz#49bd6331d7d02d0c09bc910a1075ba8165b56df9" @@ -599,20 +881,85 @@ inflight@^1.0.4: once "^1.3.0" wrappy "1" -inherits@2, inherits@2.0.3, inherits@^2.0.3, inherits@~2.0.1, inherits@~2.0.3: +inherits@2, inherits@2.0.3: version "2.0.3" resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.3.tgz#633c2c83e3da42a502f52466022480f4208261de" integrity sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4= +inquirer@^6.4.1: + version "6.5.2" + resolved "https://registry.yarnpkg.com/inquirer/-/inquirer-6.5.2.tgz#ad50942375d036d327ff528c08bd5fab089928ca" + integrity sha512-cntlB5ghuB0iuO65Ovoi8ogLHiWGs/5yNrtUcKjFhSSiVeAIVpD7koaSU9RM8mpXw5YDi9RdYXGQMaOURB7ycQ== + dependencies: + ansi-escapes "^3.2.0" + chalk "^2.4.2" + cli-cursor "^2.1.0" + cli-width "^2.0.0" + external-editor "^3.0.3" + figures "^2.0.0" + lodash "^4.17.12" + mute-stream "0.0.7" + run-async "^2.2.0" + rxjs "^6.4.0" + string-width "^2.1.0" + strip-ansi "^5.1.0" + through "^2.3.6" + ipaddr.js@1.8.0: version "1.8.0" resolved "https://registry.yarnpkg.com/ipaddr.js/-/ipaddr.js-1.8.0.tgz#eaa33d6ddd7ace8f7f6fe0c9ca0440e706738b1e" integrity sha1-6qM9bd16zo9/b+DJygRA5wZzix4= -is-stream@^1.0.1: - version "1.1.0" - resolved "https://registry.yarnpkg.com/is-stream/-/is-stream-1.1.0.tgz#12d4a3dd4e68e0b79ceb8dbc84173ae80d91ca44" - integrity sha1-EtSj3U5o4Lec6428hBc66A2RykQ= +is-buffer@~2.0.3: + version "2.0.4" + resolved "https://registry.yarnpkg.com/is-buffer/-/is-buffer-2.0.4.tgz#3e572f23c8411a5cfd9557c849e3665e0b290623" + integrity sha512-Kq1rokWXOPXWuaMAqZiJW4XxsmD9zGx9q4aePabbn3qCRGedtH7Cm+zV8WETitMfu1wdh+Rvd6w5egwSngUX2A== + +is-callable@^1.1.4: + version "1.1.4" + resolved "https://registry.yarnpkg.com/is-callable/-/is-callable-1.1.4.tgz#1e1adf219e1eeb684d691f9d6a05ff0d30a24d75" + integrity sha512-r5p9sxJjYnArLjObpjA4xu5EKI3CuKHkJXMhT7kwbpUyIFD1n5PMAsoPvWnvtZiNz7LjkYDRZhd7FlI0eMijEA== + +is-date-object@^1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/is-date-object/-/is-date-object-1.0.1.tgz#9aa20eb6aeebbff77fbd33e74ca01b33581d3a16" + integrity sha1-mqIOtq7rv/d/vTPnTKAbM1gdOhY= + +is-extglob@^2.1.1: + version "2.1.1" + resolved "https://registry.yarnpkg.com/is-extglob/-/is-extglob-2.1.1.tgz#a88c02535791f02ed37c76a1b9ea9773c833f8c2" + integrity sha1-qIwCU1eR8C7TfHahueqXc8gz+MI= + +is-fullwidth-code-point@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz#a3b30a5c4f199183167aaab93beefae3ddfb654f" + integrity sha1-o7MKXE8ZkYMWeqq5O+764937ZU8= + +is-glob@^4.0.0, is-glob@^4.0.1: + version "4.0.1" + resolved "https://registry.yarnpkg.com/is-glob/-/is-glob-4.0.1.tgz#7567dbe9f2f5e2467bc77ab83c4a29482407a5dc" + integrity sha512-5G0tKtBTFImOqDnLB2hG6Bp2qcKEFduo4tZu9MT/H6NQv/ghhy30o55ufafxJ/LdH79LLs2Kfrn85TLKyA7BUg== + dependencies: + is-extglob "^2.1.1" + +is-promise@^2.1.0: + version "2.1.0" + resolved "https://registry.yarnpkg.com/is-promise/-/is-promise-2.1.0.tgz#79a2a9ece7f096e80f36d2b2f3bc16c1ff4bf3fa" + integrity sha1-eaKp7OfwlugPNtKy87wWwf9L8/o= + +is-regex@^1.0.4: + version "1.0.4" + resolved "https://registry.yarnpkg.com/is-regex/-/is-regex-1.0.4.tgz#5517489b547091b0930e095654ced25ee97e9491" + integrity sha1-VRdIm1RwkbCTDglWVM7SXul+lJE= + dependencies: + has "^1.0.1" + +is-symbol@^1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/is-symbol/-/is-symbol-1.0.2.tgz#a055f6ae57192caee329e7a860118b497a950f38" + integrity sha512-HS8bZ9ox60yCJLH9snBpIwv9pYUAkcuLhSA1oero1UB5y9aiQpRA8y2ex945AOtCZL1lJDeIk3G5LthswI46Lw== + dependencies: + has-symbols "^1.0.0" is-typedarray@~1.0.0: version "1.0.0" @@ -624,44 +971,34 @@ isarray@0.0.1: resolved "https://registry.yarnpkg.com/isarray/-/isarray-0.0.1.tgz#8a18acfca9a8f4177e09abfc6038939b05d1eedf" integrity sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8= -isarray@~1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/isarray/-/isarray-1.0.0.tgz#bb935d48582cba168c06834957a54a3e07124f11" - integrity sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE= - isexe@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/isexe/-/isexe-2.0.0.tgz#e8fbf374dc556ff8947a10dcb0572d633f2cfa10" integrity sha1-6PvzdNxVb/iUehDcsFctYz8s+hA= -isstream@0.1.x, isstream@~0.1.2: +isstream@~0.1.2: version "0.1.2" resolved "https://registry.yarnpkg.com/isstream/-/isstream-0.1.2.tgz#47e63f7af55afa6f92e1500e690eb8b8529c099a" integrity sha1-R+Y/evVa+m+S4VAOaQ64uFKcCZo= +js-tokens@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/js-tokens/-/js-tokens-4.0.0.tgz#19203fb59991df98e3a287050d4647cdeaf32499" + integrity sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ== + +js-yaml@3.13.1, js-yaml@^3.13.1: + version "3.13.1" + resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-3.13.1.tgz#aff151b30bfdfa8e49e05da22e7415e9dfa37847" + integrity sha512-YfbcO7jXDdyj0DGxYVSlSeQNHbD7XPWvrVWeVUujrQEoZzWJIRrCPoyk6kL6IAjAG2IolMK4T0hNUe0HOUs5Jw== + dependencies: + argparse "^1.0.7" + esprima "^4.0.0" + jsbn@~0.1.0: version "0.1.1" resolved "https://registry.yarnpkg.com/jsbn/-/jsbn-0.1.1.tgz#a5e654c2e5a2deb5f201d96cefbca80c0ef2f513" integrity sha1-peZUwuWi3rXyAdls77yoDA7y9RM= -jshint@*: - version "2.9.6" - resolved "https://registry.yarnpkg.com/jshint/-/jshint-2.9.6.tgz#19b34e578095a34928fe006135a6cb70137b9c08" - integrity sha512-KO9SIAKTlJQOM4lE64GQUtGBRpTOuvbrRrSZw3AhUxMNG266nX9hK2cKA4SBhXOj0irJGyNyGSLT62HGOVDEOA== - dependencies: - cli "~1.0.0" - console-browserify "1.1.x" - exit "0.1.x" - htmlparser2 "3.8.x" - lodash "~4.17.10" - minimatch "~3.0.2" - shelljs "0.3.x" - strip-json-comments "1.0.x" - unicode-5.2.0 "^0.7.5" - optionalDependencies: - phantom "~4.0.1" - phantomjs-prebuilt "~2.1.7" - json-schema-traverse@^0.4.1: version "0.4.1" resolved "https://registry.yarnpkg.com/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz#69f6a87d9513ab8bb8fe63bdb0979c448e684660" @@ -672,18 +1009,16 @@ json-schema@0.2.3: resolved "https://registry.yarnpkg.com/json-schema/-/json-schema-0.2.3.tgz#b480c892e59a2f05954ce727bd3f2a4e882f9e13" integrity sha1-tIDIkuWaLwWVTOcnvT8qTogvnhM= +json-stable-stringify-without-jsonify@^1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz#9db7b59496ad3f3cfef30a75142d2d930ad72651" + integrity sha1-nbe1lJatPzz+8wp1FC0tkwrXJlE= + json-stringify-safe@~5.0.1: version "5.0.1" resolved "https://registry.yarnpkg.com/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz#1296a2d58fd45f19a0f6ce01d65701e2c735b6eb" integrity sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus= -jsonfile@^2.1.0: - version "2.4.0" - resolved "https://registry.yarnpkg.com/jsonfile/-/jsonfile-2.4.0.tgz#3736a2b428b87bbda0cc83b53fa3d633a35c2ae8" - integrity sha1-NzaitCi4e72gzIO1P6PWM6NcKug= - optionalDependencies: - graceful-fs "^4.1.6" - jsprim@^1.2.2: version "1.4.1" resolved "https://registry.yarnpkg.com/jsprim/-/jsprim-1.4.1.tgz#313e66bc1e5cc06e438bc1b7499c2e5c56acb6a2" @@ -694,27 +1029,48 @@ jsprim@^1.2.2: json-schema "0.2.3" verror "1.10.0" -kew@^0.7.0: - version "0.7.0" - resolved "https://registry.yarnpkg.com/kew/-/kew-0.7.0.tgz#79d93d2d33363d6fdd2970b335d9141ad591d79b" - integrity sha1-edk9LTM2PW/dKXCzNdkUGtWR15s= +just-extend@^4.0.2: + version "4.0.2" + resolved "https://registry.yarnpkg.com/just-extend/-/just-extend-4.0.2.tgz#f3f47f7dfca0f989c55410a7ebc8854b07108afc" + integrity sha512-FrLwOgm+iXrPV+5zDU6Jqu4gCRXbWEQg2O3SKONsWE4w7AXFRkryS53bpWdaL9cNol+AmR3AEYz6kn+o0fCPnw== -klaw@^1.0.0: - version "1.3.1" - resolved "https://registry.yarnpkg.com/klaw/-/klaw-1.3.1.tgz#4088433b46b3b1ba259d78785d8e96f73ba02439" - integrity sha1-QIhDO0azsbolnXh4XY6W9zugJDk= - optionalDependencies: - graceful-fs "^4.1.9" +levn@^0.3.0, levn@~0.3.0: + version "0.3.0" + resolved "https://registry.yarnpkg.com/levn/-/levn-0.3.0.tgz#3b09924edf9f083c0490fdd4c0bc4421e04764ee" + integrity sha1-OwmSTt+fCDwEkP3UwLxEIeBHZO4= + dependencies: + prelude-ls "~1.1.2" + type-check "~0.3.2" + +locate-path@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/locate-path/-/locate-path-3.0.0.tgz#dbec3b3ab759758071b58fe59fc41871af21400e" + integrity sha512-7AO748wWnIhNqAuaty2ZWHkQHRSNfPVIsPIfwEOWO22AmaoVrWavlOcMR5nzTLNYvp36X220/maaRsrec1G65A== + dependencies: + p-locate "^3.0.0" + path-exists "^3.0.0" -lodash@^4.17.10, lodash@~4.17.10: +lodash@^4.17.10: version "4.17.11" resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.11.tgz#b39ea6229ef607ecd89e2c8df12536891cac9b8d" integrity sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg== -lolex@^1.6.0: - version "1.6.0" - resolved "https://registry.yarnpkg.com/lolex/-/lolex-1.6.0.tgz#3a9a0283452a47d7439e72731b9e07d7386e49f6" - integrity sha1-OpoCg0UqR9dDnnJzG54H1zhuSfY= +lodash@^4.17.12, lodash@^4.17.14, lodash@^4.17.15: + version "4.17.15" + resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.15.tgz#b447f6670a0455bbfeedd11392eff330ea097548" + integrity sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A== + +log-symbols@2.2.0: + version "2.2.0" + resolved "https://registry.yarnpkg.com/log-symbols/-/log-symbols-2.2.0.tgz#5740e1c5d6f0dfda4ad9323b5332107ef6b4c40a" + integrity sha512-VeIAFslyIerEJLXHziedo2basKbMKtTw3vfn5IzG0XTjhAVEJyNHnL2p7vc+wBDSdQuUpNw3M2u6xb9QsAY5Eg== + dependencies: + chalk "^2.0.1" + +lolex@^4.1.0, lolex@^4.2.0: + version "4.2.0" + resolved "https://registry.yarnpkg.com/lolex/-/lolex-4.2.0.tgz#ddbd7f6213ca1ea5826901ab1222b65d714b3cd7" + integrity sha512-gKO5uExCXvSm6zbF562EvM+rd1kQDnB9AZBbiQVzf1ZmdDpxUSvpnAaVOP83N/31mRK8Ml8/VE8DMvsAZQ+7wg== media-typer@0.3.0: version "0.3.0" @@ -748,7 +1104,12 @@ mime@1.4.1: resolved "https://registry.yarnpkg.com/mime/-/mime-1.4.1.tgz#121f9ebc49e3766f311a76e1fa1c8003c4b03aa6" integrity sha512-KI1+qOZu5DcW6wayYHSzR/tXKCDC5Om4s1z2QJjDULzLcmf3DvzS7oluY4HCTrc+9FiKmWUgeNLg7W3uIQvxtQ== -minimatch@3.0.4, minimatch@^3.0.4, minimatch@~3.0.2: +mimic-fn@^1.0.0: + version "1.2.0" + resolved "https://registry.yarnpkg.com/mimic-fn/-/mimic-fn-1.2.0.tgz#820c86a39334640e99516928bd03fca88057d022" + integrity sha512-jf84uxzwiuiIVKiOLpfYk7N46TSy8ubTonmneY9vrpHNAnp0QBt2BxWV9dO3/j+BoVAb+a5G6YDPW3M5HOdMWQ== + +minimatch@3.0.4, minimatch@^3.0.4: version "3.0.4" resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.0.4.tgz#5166e286457f03306064be5497e8dbb0c3d32083" integrity sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA== @@ -760,50 +1121,91 @@ minimist@0.0.8: resolved "https://registry.yarnpkg.com/minimist/-/minimist-0.0.8.tgz#857fcabfc3397d2625b8228262e86aa7a011b05d" integrity sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0= -mkdirp@0.5.1: +mkdirp@0.5.1, mkdirp@^0.5.1: version "0.5.1" resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.1.tgz#30057438eac6cf7f8c4767f38648d6697d75c903" integrity sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM= dependencies: minimist "0.0.8" -mocha@*: - version "5.2.0" - resolved "https://registry.yarnpkg.com/mocha/-/mocha-5.2.0.tgz#6d8ae508f59167f940f2b5b3c4a612ae50c90ae6" - integrity sha512-2IUgKDhc3J7Uug+FxMXuqIyYzH7gJjXECKe/w43IGgQHTSj3InJi+yAA7T24L9bQMRKiUEHxEX37G5JpVUGLcQ== +mocha@^6.0.2: + version "6.2.1" + resolved "https://registry.yarnpkg.com/mocha/-/mocha-6.2.1.tgz#da941c99437da9bac412097859ff99543969f94c" + integrity sha512-VCcWkLHwk79NYQc8cxhkmI8IigTIhsCwZ6RTxQsqK6go4UvEhzJkYuHm8B2YtlSxcYq2fY+ucr4JBwoD6ci80A== dependencies: + ansi-colors "3.2.3" browser-stdout "1.3.1" - commander "2.15.1" - debug "3.1.0" + debug "3.2.6" diff "3.5.0" escape-string-regexp "1.0.5" - glob "7.1.2" + find-up "3.0.0" + glob "7.1.3" growl "1.10.5" - he "1.1.1" + he "1.2.0" + js-yaml "3.13.1" + log-symbols "2.2.0" minimatch "3.0.4" mkdirp "0.5.1" - supports-color "5.4.0" + ms "2.1.1" + node-environment-flags "1.0.5" + object.assign "4.1.0" + strip-json-comments "2.0.1" + supports-color "6.0.0" + which "1.3.1" + wide-align "1.1.3" + yargs "13.3.0" + yargs-parser "13.1.1" + yargs-unparser "1.6.0" ms@2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8" integrity sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g= -ms@^2.1.1: +ms@2.1.1, ms@^2.1.1: version "2.1.1" resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.1.tgz#30a5864eb3ebb0a66f2ebe6d727af06a09d86e0a" integrity sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg== -native-promise-only@^0.8.1: - version "0.8.1" - resolved "https://registry.yarnpkg.com/native-promise-only/-/native-promise-only-0.8.1.tgz#20a318c30cb45f71fe7adfbf7b21c99c1472ef11" - integrity sha1-IKMYwwy0X3H+et+/eyHJnBRy7xE= +mute-stream@0.0.7: + version "0.0.7" + resolved "https://registry.yarnpkg.com/mute-stream/-/mute-stream-0.0.7.tgz#3075ce93bc21b8fab43e1bc4da7e8115ed1e7bab" + integrity sha1-MHXOk7whuPq0PhvE2n6BFe0ee6s= + +natural-compare@^1.4.0: + version "1.4.0" + resolved "https://registry.yarnpkg.com/natural-compare/-/natural-compare-1.4.0.tgz#4abebfeed7541f2c27acfb29bdbbd15c8d5ba4f7" + integrity sha1-Sr6/7tdUHywnrPspvbvRXI1bpPc= negotiator@0.6.1: version "0.6.1" resolved "https://registry.yarnpkg.com/negotiator/-/negotiator-0.6.1.tgz#2b327184e8992101177b28563fb5e7102acd0ca9" integrity sha1-KzJxhOiZIQEXeyhWP7XnECrNDKk= +nice-try@^1.0.4: + version "1.0.5" + resolved "https://registry.yarnpkg.com/nice-try/-/nice-try-1.0.5.tgz#a3378a7696ce7d223e88fc9b764bd7ef1089e366" + integrity sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ== + +nise@^1.5.2: + version "1.5.2" + resolved "https://registry.yarnpkg.com/nise/-/nise-1.5.2.tgz#b6d29af10e48b321b307e10e065199338eeb2652" + integrity sha512-/6RhOUlicRCbE9s+94qCUsyE+pKlVJ5AhIv+jEE7ESKwnbXqulKZ1FYU+XAtHHWE9TinYvAxDUJAb912PwPoWA== + dependencies: + "@sinonjs/formatio" "^3.2.1" + "@sinonjs/text-encoding" "^0.7.1" + just-extend "^4.0.2" + lolex "^4.1.0" + path-to-regexp "^1.7.0" + +node-environment-flags@1.0.5: + version "1.0.5" + resolved "https://registry.yarnpkg.com/node-environment-flags/-/node-environment-flags-1.0.5.tgz#fa930275f5bf5dae188d6192b24b4c8bbac3d76a" + integrity sha512-VNYPRfGfmZLx0Ye20jWzHUjyTW/c+6Wq+iLhDzUI4XmhrDd9l/FozXV3F2xOaXjvp0co0+v1YSR3CMP6g+VvLQ== + dependencies: + object.getownpropertydescriptors "^2.0.3" + semver "^5.7.0" + node-forge@^0.7.0: version "0.7.6" resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.7.6.tgz#fdf3b418aee1f94f0ef642cd63486c77ca9724ac" @@ -814,6 +1216,34 @@ oauth-sign@~0.9.0: resolved "https://registry.yarnpkg.com/oauth-sign/-/oauth-sign-0.9.0.tgz#47a7b016baa68b5fa0ecf3dee08a85c679ac6455" integrity sha512-fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ== +object-inspect@^1.6.0: + version "1.6.0" + resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.6.0.tgz#c70b6cbf72f274aab4c34c0c82f5167bf82cf15b" + integrity sha512-GJzfBZ6DgDAmnuaM3104jR4s1Myxr3Y3zfIyN4z3UdqN69oSRacNK8UhnobDdC+7J2AHCjGwxQubNJfE70SXXQ== + +object-keys@^1.0.11, object-keys@^1.0.12, object-keys@^1.1.1: + version "1.1.1" + resolved "https://registry.yarnpkg.com/object-keys/-/object-keys-1.1.1.tgz#1c47f272df277f3b1daf061677d9c82e2322c60e" + integrity sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA== + +object.assign@4.1.0: + version "4.1.0" + resolved "https://registry.yarnpkg.com/object.assign/-/object.assign-4.1.0.tgz#968bf1100d7956bb3ca086f006f846b3bc4008da" + integrity sha512-exHJeq6kBKj58mqGyTQ9DFvrZC/eR6OwxzoM9YRoGBqrXYonaFyGiFMuc9VZrXf7DarreEwMpurG3dd+CNyW5w== + dependencies: + define-properties "^1.1.2" + function-bind "^1.1.1" + has-symbols "^1.0.0" + object-keys "^1.0.11" + +object.getownpropertydescriptors@^2.0.3: + version "2.0.3" + resolved "https://registry.yarnpkg.com/object.getownpropertydescriptors/-/object.getownpropertydescriptors-2.0.3.tgz#8758c846f5b407adab0f236e0986f14b051caa16" + integrity sha1-h1jIRvW0B62rDyNuCYbxSwUcqhY= + dependencies: + define-properties "^1.1.2" + es-abstract "^1.5.1" + on-finished@~2.3.0: version "2.3.0" resolved "https://registry.yarnpkg.com/on-finished/-/on-finished-2.3.0.tgz#20f1336481b083cd75337992a16971aa2d906947" @@ -828,6 +1258,56 @@ once@^1.3.0: dependencies: wrappy "1" +onetime@^2.0.0: + version "2.0.1" + resolved "https://registry.yarnpkg.com/onetime/-/onetime-2.0.1.tgz#067428230fd67443b2794b22bba528b6867962d4" + integrity sha1-BnQoIw/WdEOyeUsiu6UotoZ5YtQ= + dependencies: + mimic-fn "^1.0.0" + +optionator@^0.8.2: + version "0.8.2" + resolved "https://registry.yarnpkg.com/optionator/-/optionator-0.8.2.tgz#364c5e409d3f4d6301d6c0b4c05bba50180aeb64" + integrity sha1-NkxeQJ0/TWMB1sC0wFu6UBgK62Q= + dependencies: + deep-is "~0.1.3" + fast-levenshtein "~2.0.4" + levn "~0.3.0" + prelude-ls "~1.1.2" + type-check "~0.3.2" + wordwrap "~1.0.0" + +os-tmpdir@~1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/os-tmpdir/-/os-tmpdir-1.0.2.tgz#bbe67406c79aa85c5cfec766fe5734555dfa1274" + integrity sha1-u+Z0BseaqFxc/sdm/lc0VV36EnQ= + +p-limit@^2.0.0: + version "2.2.1" + resolved "https://registry.yarnpkg.com/p-limit/-/p-limit-2.2.1.tgz#aa07a788cc3151c939b5131f63570f0dd2009537" + integrity sha512-85Tk+90UCVWvbDavCLKPOLC9vvY8OwEX/RtKF+/1OADJMVlFfEHOiMTPVyxg7mk/dKa+ipdHm0OUkTvCpMTuwg== + dependencies: + p-try "^2.0.0" + +p-locate@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/p-locate/-/p-locate-3.0.0.tgz#322d69a05c0264b25997d9f40cd8a891ab0064a4" + integrity sha512-x+12w/To+4GFfgJhBEpiDcLozRJGegY+Ei7/z0tSLkMmxGZNybVMSfWj9aJn8Z5Fc7dBUNJOOVgPv2H7IwulSQ== + dependencies: + p-limit "^2.0.0" + +p-try@^2.0.0: + version "2.2.0" + resolved "https://registry.yarnpkg.com/p-try/-/p-try-2.2.0.tgz#cb2868540e313d61de58fafbe35ce9004d5540e6" + integrity sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ== + +parent-module@^1.0.0: + version "1.0.1" + resolved "https://registry.yarnpkg.com/parent-module/-/parent-module-1.0.1.tgz#691d2709e78c79fae3a156622452d00762caaaa2" + integrity sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g== + dependencies: + callsites "^3.0.0" + parseurl@~1.3.2: version "1.3.2" resolved "https://registry.yarnpkg.com/parseurl/-/parseurl-1.3.2.tgz#fc289d4ed8993119460c156253262cdc8de65bf3" @@ -846,11 +1326,21 @@ passport@0.4.x: passport-strategy "1.x.x" pause "0.0.1" +path-exists@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/path-exists/-/path-exists-3.0.0.tgz#ce0ebeaa5f78cb18925ea7d810d7b59b010fd515" + integrity sha1-zg6+ql94yxiSXqfYENe1mwEP1RU= + path-is-absolute@^1.0.0: version "1.0.1" resolved "https://registry.yarnpkg.com/path-is-absolute/-/path-is-absolute-1.0.1.tgz#174b9268735534ffbc7ace6bf53a5a9e1b5c5f5f" integrity sha1-F0uSaHNVNP+8es5r9TpanhtcX18= +path-key@^2.0.1: + version "2.0.1" + resolved "https://registry.yarnpkg.com/path-key/-/path-key-2.0.1.tgz#411cadb574c5a140d3a4b1910d40d80cc9f40b40" + integrity sha1-QRyttXTFoUDTpLGRDUDYDMn0C0A= + path-to-regexp@0.1.7: version "0.1.7" resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-0.1.7.tgz#df604178005f522f15eb4490e7247a1bfaa67f8c" @@ -868,61 +1358,20 @@ pause@0.0.1: resolved "https://registry.yarnpkg.com/pause/-/pause-0.0.1.tgz#1d408b3fdb76923b9543d96fb4c9dfd535d9cb5d" integrity sha1-HUCLP9t2kjuVQ9lvtMnf1TXZy10= -pend@~1.2.0: - version "1.2.0" - resolved "https://registry.yarnpkg.com/pend/-/pend-1.2.0.tgz#7a57eb550a6783f9115331fcf4663d5c8e007a50" - integrity sha1-elfrVQpng/kRUzH89GY9XI4AelA= - performance-now@^2.1.0: version "2.1.0" resolved "https://registry.yarnpkg.com/performance-now/-/performance-now-2.1.0.tgz#6309f4e0e5fa913ec1c69307ae364b4b377c9e7b" integrity sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns= -phantom@~4.0.1: - version "4.0.12" - resolved "https://registry.yarnpkg.com/phantom/-/phantom-4.0.12.tgz#78d18cf3f2a76fea4909f6160fcabf2742d7dbf0" - integrity sha512-Tz82XhtPmwCk1FFPmecy7yRGZG2btpzY2KI9fcoPT7zT9det0CcMyfBFPp1S8DqzsnQnm8ZYEfdy528mwVtksA== - dependencies: - phantomjs-prebuilt "^2.1.16" - split "^1.0.1" - winston "^2.4.0" - -phantomjs-prebuilt@^2.1.16, phantomjs-prebuilt@~2.1.7: - version "2.1.16" - resolved "https://registry.yarnpkg.com/phantomjs-prebuilt/-/phantomjs-prebuilt-2.1.16.tgz#efd212a4a3966d3647684ea8ba788549be2aefef" - integrity sha1-79ISpKOWbTZHaE6ouniFSb4q7+8= - dependencies: - es6-promise "^4.0.3" - extract-zip "^1.6.5" - fs-extra "^1.0.0" - hasha "^2.2.0" - kew "^0.7.0" - progress "^1.1.8" - request "^2.81.0" - request-progress "^2.0.1" - which "^1.2.10" - -pinkie-promise@^2.0.0: - version "2.0.1" - resolved "https://registry.yarnpkg.com/pinkie-promise/-/pinkie-promise-2.0.1.tgz#2135d6dfa7a358c069ac9b178776288228450ffa" - integrity sha1-ITXW36ejWMBprJsXh3YogihFD/o= - dependencies: - pinkie "^2.0.0" - -pinkie@^2.0.0: - version "2.0.4" - resolved "https://registry.yarnpkg.com/pinkie/-/pinkie-2.0.4.tgz#72556b80cfa0d48a974e80e77248e80ed4f7f870" - integrity sha1-clVrgM+g1IqXToDnckjoDtT3+HA= - -process-nextick-args@~2.0.0: - version "2.0.0" - resolved "https://registry.yarnpkg.com/process-nextick-args/-/process-nextick-args-2.0.0.tgz#a37d732f4271b4ab1ad070d35508e8290788ffaa" - integrity sha512-MtEC1TqN0EU5nephaJ4rAtThHtC86dNN9qCuEhtshvpVBkAW5ZO7BASN9REnF9eoXGcRub+pFuKEpOHE+HbEMw== +prelude-ls@~1.1.2: + version "1.1.2" + resolved "https://registry.yarnpkg.com/prelude-ls/-/prelude-ls-1.1.2.tgz#21932a549f5e52ffd9a827f570e04be62a97da54" + integrity sha1-IZMqVJ9eUv/ZqCf1cOBL5iqX2lQ= -progress@^1.1.8: - version "1.1.8" - resolved "https://registry.yarnpkg.com/progress/-/progress-1.1.8.tgz#e260c78f6161cdd9b0e56cc3e0a85de17c7a57be" - integrity sha1-4mDHj2Fhzdmw5WzD4Khd4Xx6V74= +progress@^2.0.0: + version "2.0.3" + resolved "https://registry.yarnpkg.com/progress/-/progress-2.0.3.tgz#7e8cf8d8f5b8f239c1bc68beb4eb78567d572ef8" + integrity sha512-7PiHtLll5LdnKIMw100I+8xJXR5gW2QwWYkT6iJva0bXitZKa/XMrSbdmg3r2Xnaidz9Qumd0VPaMrZlF9V9sA== proxy-addr@~2.0.4: version "2.0.4" @@ -972,37 +1421,12 @@ raw-body@2.3.3: iconv-lite "0.4.23" unpipe "1.0.0" -readable-stream@1.1: - version "1.1.13" - resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-1.1.13.tgz#f6eef764f514c89e2b9e23146a75ba106756d23e" - integrity sha1-9u73ZPUUyJ4rniMUanW6EGdW0j4= - dependencies: - core-util-is "~1.0.0" - inherits "~2.0.1" - isarray "0.0.1" - string_decoder "~0.10.x" - -readable-stream@^2.2.2: - version "2.3.6" - resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-2.3.6.tgz#b11c27d88b8ff1fbe070643cf94b0c79ae1b0aaf" - integrity sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw== - dependencies: - core-util-is "~1.0.0" - inherits "~2.0.3" - isarray "~1.0.0" - process-nextick-args "~2.0.0" - safe-buffer "~5.1.1" - string_decoder "~1.1.1" - util-deprecate "~1.0.1" - -request-progress@^2.0.1: +regexpp@^2.0.1: version "2.0.1" - resolved "https://registry.yarnpkg.com/request-progress/-/request-progress-2.0.1.tgz#5d36bb57961c673aa5b788dbc8141fdf23b44e08" - integrity sha1-XTa7V5YcZzqlt4jbyBQf3yO0Tgg= - dependencies: - throttleit "^1.0.0" + resolved "https://registry.yarnpkg.com/regexpp/-/regexpp-2.0.1.tgz#8d19d31cf632482b589049f8281f93dbcba4d07f" + integrity sha512-lv0M6+TkDVniA3aD1Eg0DVpfU/booSu7Eev3TDO/mZKHBfVjgCGTV4t4buppESEYDtkArYFOxTJWv6S5C+iaNw== -request@^2.81.0, request@^2.83.0: +request@^2.83.0: version "2.88.0" resolved "https://registry.yarnpkg.com/request/-/request-2.88.0.tgz#9c2fca4f7d35b592efe57c7f0a55e81052124fef" integrity sha512-NAqBSrijGLZdM0WZNsInLJpkJokL72XYjUpnB0iwsRgxh7dB6COrHnTBNwN0E+lHDAJzu7kLAkDeY08z2/A0hg== @@ -1028,7 +1452,51 @@ request@^2.81.0, request@^2.83.0: tunnel-agent "^0.6.0" uuid "^3.3.2" -safe-buffer@5.1.2, safe-buffer@^5.0.1, safe-buffer@^5.1.2, safe-buffer@~5.1.0, safe-buffer@~5.1.1: +require-directory@^2.1.1: + version "2.1.1" + resolved "https://registry.yarnpkg.com/require-directory/-/require-directory-2.1.1.tgz#8c64ad5fd30dab1c976e2344ffe7f792a6a6df42" + integrity sha1-jGStX9MNqxyXbiNE/+f3kqam30I= + +require-main-filename@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/require-main-filename/-/require-main-filename-2.0.0.tgz#d0b329ecc7cc0f61649f62215be69af54aa8989b" + integrity sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg== + +resolve-from@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/resolve-from/-/resolve-from-4.0.0.tgz#4abcd852ad32dd7baabfe9b40e00a36db5f392e6" + integrity sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g== + +restore-cursor@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/restore-cursor/-/restore-cursor-2.0.0.tgz#9f7ee287f82fd326d4fd162923d62129eee0dfaf" + integrity sha1-n37ih/gv0ybU/RYpI9YhKe7g368= + dependencies: + onetime "^2.0.0" + signal-exit "^3.0.2" + +rimraf@2.6.3: + version "2.6.3" + resolved "https://registry.yarnpkg.com/rimraf/-/rimraf-2.6.3.tgz#b2d104fe0d8fb27cf9e0a1cda8262dd3833c6cab" + integrity sha512-mwqeW5XsA2qAejG46gYdENaxXjx9onRNCfn7L0duuP4hCuTIi/QO7PDK07KJfp1d+izWPrzEJDcSqBa0OZQriA== + dependencies: + glob "^7.1.3" + +run-async@^2.2.0: + version "2.3.0" + resolved "https://registry.yarnpkg.com/run-async/-/run-async-2.3.0.tgz#0371ab4ae0bdd720d4166d7dfda64ff7a445a6c0" + integrity sha1-A3GrSuC91yDUFm19/aZP96RFpsA= + dependencies: + is-promise "^2.1.0" + +rxjs@^6.4.0: + version "6.5.3" + resolved "https://registry.yarnpkg.com/rxjs/-/rxjs-6.5.3.tgz#510e26317f4db91a7eb1de77d9dd9ba0a4899a3a" + integrity sha512-wuYsAYYFdWTAnAaPoKGNhfpWwKZbJW+HgAJ+mImp+Epl7BG8oNWBCTyRM8gba9k4lk8BgWdoYm21Mo/RYhhbgA== + dependencies: + tslib "^1.9.0" + +safe-buffer@5.1.2, safe-buffer@^5.0.1, safe-buffer@^5.1.2: version "5.1.2" resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.2.tgz#991ec69d296e0313747d59bdfd2b745c35f8828d" integrity sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g== @@ -1038,16 +1506,21 @@ safe-buffer@5.1.2, safe-buffer@^5.0.1, safe-buffer@^5.1.2, safe-buffer@~5.1.0, s resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a" integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg== -samsam@1.x, samsam@^1.1.3: - version "1.3.0" - resolved "https://registry.yarnpkg.com/samsam/-/samsam-1.3.0.tgz#8d1d9350e25622da30de3e44ba692b5221ab7c50" - integrity sha512-1HwIYD/8UlOtFS3QO3w7ey+SdSDFE4HRNLZoZRYVQefrOY3l17epswImeB1ijgJFQJodIaHcwkp3r/myBjFVbg== - sax@>=0.6.0: version "1.2.4" resolved "https://registry.yarnpkg.com/sax/-/sax-1.2.4.tgz#2816234e2378bddc4e5354fab5caa895df7100d9" integrity sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw== +semver@^5.5.0, semver@^5.7.0: + version "5.7.1" + resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.1.tgz#a954f931aeba508d307bbf069eff0c01c96116f7" + integrity sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ== + +semver@^6.1.2: + version "6.3.0" + resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.0.tgz#ee0a64c8af5e8ceea67687b133761e1becbd1d3d" + integrity sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw== + send@0.16.2: version "0.16.2" resolved "https://registry.yarnpkg.com/send/-/send-0.16.2.tgz#6ecca1e0f8c156d141597559848df64730a6bbc1" @@ -1077,15 +1550,27 @@ serve-static@1.13.2: parseurl "~1.3.2" send "0.16.2" +set-blocking@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/set-blocking/-/set-blocking-2.0.0.tgz#045f9782d011ae9a6803ddd382b24392b3d890f7" + integrity sha1-BF+XgtARrppoA93TgrJDkrPYkPc= + setprototypeof@1.1.0: version "1.1.0" resolved "https://registry.yarnpkg.com/setprototypeof/-/setprototypeof-1.1.0.tgz#d0bd85536887b6fe7c0d818cb962d9d91c54e656" integrity sha512-BvE/TwpZX4FXExxOxZyRGQQv651MSwmWKZGqvmPcRIjDqWub67kTKuIMx43cZZrS/cBBzwBcNDWoFxt2XEFIpQ== -shelljs@0.3.x: - version "0.3.0" - resolved "https://registry.yarnpkg.com/shelljs/-/shelljs-0.3.0.tgz#3596e6307a781544f591f37da618360f31db57b1" - integrity sha1-NZbmMHp4FUT1kfN9phg2DzHbV7E= +shebang-command@^1.2.0: + version "1.2.0" + resolved "https://registry.yarnpkg.com/shebang-command/-/shebang-command-1.2.0.tgz#44aac65b695b03398968c39f363fee5deafdf1ea" + integrity sha1-RKrGW2lbAzmJaMOfNj/uXer98eo= + dependencies: + shebang-regex "^1.0.0" + +shebang-regex@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/shebang-regex/-/shebang-regex-1.0.0.tgz#da42f49740c0b42db2ca9728571cb190c98efea3" + integrity sha1-2kL0l0DAtC2yypcoVxyxkMmO/qM= should-equal@^2.0.0: version "2.0.0" @@ -1131,26 +1616,37 @@ should@*: should-type-adaptors "^1.0.1" should-util "^1.0.0" -sinon@^2.1.0: - version "2.4.1" - resolved "https://registry.yarnpkg.com/sinon/-/sinon-2.4.1.tgz#021fd64b54cb77d9d2fb0d43cdedfae7629c3a36" - integrity sha512-vFTrO9Wt0ECffDYIPSP/E5bBugt0UjcBQOfQUMh66xzkyPEnhl/vM2LRZi2ajuTdkH07sA6DzrM6KvdvGIH8xw== +signal-exit@^3.0.2: + version "3.0.2" + resolved "https://registry.yarnpkg.com/signal-exit/-/signal-exit-3.0.2.tgz#b5fdc08f1287ea1178628e415e25132b73646c6d" + integrity sha1-tf3AjxKH6hF4Yo5BXiUTK3NkbG0= + +sinon@^7.2.7: + version "7.5.0" + resolved "https://registry.yarnpkg.com/sinon/-/sinon-7.5.0.tgz#e9488ea466070ea908fd44a3d6478fd4923c67ec" + integrity sha512-AoD0oJWerp0/rY9czP/D6hDTTUYGpObhZjMpd7Cl/A6+j0xBE+ayL/ldfggkBXUs0IkvIiM1ljM8+WkOc5k78Q== + dependencies: + "@sinonjs/commons" "^1.4.0" + "@sinonjs/formatio" "^3.2.1" + "@sinonjs/samsam" "^3.3.3" + diff "^3.5.0" + lolex "^4.2.0" + nise "^1.5.2" + supports-color "^5.5.0" + +slice-ansi@^2.1.0: + version "2.1.0" + resolved "https://registry.yarnpkg.com/slice-ansi/-/slice-ansi-2.1.0.tgz#cacd7693461a637a5788d92a7dd4fba068e81636" + integrity sha512-Qu+VC3EwYLldKa1fCxuuvULvSJOKEgk9pi8dZeCVK7TqBfUNTH4sFkk4joj8afVSfAYgJoSOetjx9QWOJ5mYoQ== dependencies: - diff "^3.1.0" - formatio "1.2.0" - lolex "^1.6.0" - native-promise-only "^0.8.1" - path-to-regexp "^1.7.0" - samsam "^1.1.3" - text-encoding "0.6.4" - type-detect "^4.0.0" + ansi-styles "^3.2.0" + astral-regex "^1.0.0" + is-fullwidth-code-point "^2.0.0" -split@^1.0.1: - version "1.0.1" - resolved "https://registry.yarnpkg.com/split/-/split-1.0.1.tgz#605bd9be303aa59fb35f9229fbea0ddec9ea07d9" - integrity sha512-mTyOoPbrivtXnwnIxZRFYRrPNtEFKlpB2fvjSnCQUiAA6qAZzqwna5envK4uk6OIeP17CsdF3rSBGYVBsU0Tkg== - dependencies: - through "2" +sprintf-js@~1.0.2: + version "1.0.3" + resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.0.3.tgz#04e6926f662895354f3dd015203633b857297e2c" + integrity sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw= sshpk@^1.7.0: version "1.15.2" @@ -1167,11 +1663,6 @@ sshpk@^1.7.0: safer-buffer "^2.0.2" tweetnacl "~0.14.0" -stack-trace@0.0.x: - version "0.0.10" - resolved "https://registry.yarnpkg.com/stack-trace/-/stack-trace-0.0.10.tgz#547c70b347e8d32b4e108ea1a2a159e5fdde19c0" - integrity sha1-VHxws0fo0ytOEI6hoqFZ5f3eGcA= - "statuses@>= 1.4.0 < 2": version "1.5.0" resolved "https://registry.yarnpkg.com/statuses/-/statuses-1.5.0.tgz#161c7dac177659fd9811f43771fa99381478628c" @@ -1182,45 +1673,104 @@ statuses@~1.4.0: resolved "https://registry.yarnpkg.com/statuses/-/statuses-1.4.0.tgz#bb73d446da2796106efcc1b601a253d6c46bd087" integrity sha512-zhSCtt8v2NDrRlPQpCNtw/heZLtfUDqxBM1udqikb/Hbk52LK4nQSwr10u77iopCW5LsyHpuXS0GnEc48mLeew== -string_decoder@~0.10.x: - version "0.10.31" - resolved "https://registry.yarnpkg.com/string_decoder/-/string_decoder-0.10.31.tgz#62e203bc41766c6c28c9fc84301dab1c5310fa94" - integrity sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ= +"string-width@^1.0.2 || 2", string-width@^2.1.0: + version "2.1.1" + resolved "https://registry.yarnpkg.com/string-width/-/string-width-2.1.1.tgz#ab93f27a8dc13d28cac815c462143a6d9012ae9e" + integrity sha512-nOqH59deCq9SRHlxq1Aw85Jnt4w6KvLKqWVik6oA9ZklXLNIOlqg4F2yrT1MVaTjAqvVwdfeZ7w7aCvJD7ugkw== + dependencies: + is-fullwidth-code-point "^2.0.0" + strip-ansi "^4.0.0" -string_decoder@~1.1.1: - version "1.1.1" - resolved "https://registry.yarnpkg.com/string_decoder/-/string_decoder-1.1.1.tgz#9cf1611ba62685d7030ae9e4ba34149c3af03fc8" - integrity sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg== +string-width@^3.0.0, string-width@^3.1.0: + version "3.1.0" + resolved "https://registry.yarnpkg.com/string-width/-/string-width-3.1.0.tgz#22767be21b62af1081574306f69ac51b62203961" + integrity sha512-vafcv6KjVZKSgz06oM/H6GDBrAtz8vdhQakGjFIvNrHA6y3HCF1CInLy+QLq8dTJPQ1b+KDUqDFctkdRW44e1w== dependencies: - safe-buffer "~5.1.0" + emoji-regex "^7.0.1" + is-fullwidth-code-point "^2.0.0" + strip-ansi "^5.1.0" -strip-json-comments@1.0.x: - version "1.0.4" - resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-1.0.4.tgz#1e15fbcac97d3ee99bf2d73b4c656b082bbafb91" - integrity sha1-HhX7ysl9Pumb8tc7TGVrCCu6+5E= +string.prototype.trimleft@^2.0.0: + version "2.1.0" + resolved "https://registry.yarnpkg.com/string.prototype.trimleft/-/string.prototype.trimleft-2.1.0.tgz#6cc47f0d7eb8d62b0f3701611715a3954591d634" + integrity sha512-FJ6b7EgdKxxbDxc79cOlok6Afd++TTs5szo+zJTUyow3ycrRfJVE2pq3vcN53XexvKZu/DJMDfeI/qMiZTrjTw== + dependencies: + define-properties "^1.1.3" + function-bind "^1.1.1" -supports-color@5.4.0: - version "5.4.0" - resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-5.4.0.tgz#1c6b337402c2137605efe19f10fec390f6faab54" - integrity sha512-zjaXglF5nnWpsq470jSv6P9DwPvgLkuapYmfDm3JWOm0vkNTVF2tI4UrN2r6jH1qM/uc/WtxYY1hYoA2dOKj5w== +string.prototype.trimright@^2.0.0: + version "2.1.0" + resolved "https://registry.yarnpkg.com/string.prototype.trimright/-/string.prototype.trimright-2.1.0.tgz#669d164be9df9b6f7559fa8e89945b168a5a6c58" + integrity sha512-fXZTSV55dNBwv16uw+hh5jkghxSnc5oHq+5K/gXgizHwAvMetdAJlHqqoFC1FSDVPYWLkAKl2cxpUT41sV7nSg== + dependencies: + define-properties "^1.1.3" + function-bind "^1.1.1" + +strip-ansi@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-4.0.0.tgz#a8479022eb1ac368a871389b635262c505ee368f" + integrity sha1-qEeQIusaw2iocTibY1JixQXuNo8= + dependencies: + ansi-regex "^3.0.0" + +strip-ansi@^5.0.0, strip-ansi@^5.1.0, strip-ansi@^5.2.0: + version "5.2.0" + resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-5.2.0.tgz#8c9a536feb6afc962bdfa5b104a5091c1ad9c0ae" + integrity sha512-DuRs1gKbBqsMKIZlrffwlug8MHkcnpjs5VPmL1PAh+mA30U0DTotfDZ0d2UUsXpPmPmMMJ6W773MaA3J+lbiWA== + dependencies: + ansi-regex "^4.1.0" + +strip-json-comments@2.0.1: + version "2.0.1" + resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-2.0.1.tgz#3c531942e908c2697c0ec344858c286c7ca0a60a" + integrity sha1-PFMZQukIwml8DsNEhYwobHygpgo= + +strip-json-comments@^3.0.1: + version "3.0.1" + resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-3.0.1.tgz#85713975a91fb87bf1b305cca77395e40d2a64a7" + integrity sha512-VTyMAUfdm047mwKl+u79WIdrZxtFtn+nBxHeb844XBQ9uMNTuTHdx2hc5RiAJYqwTj3wc/xe5HLSdJSkJ+WfZw== + +supports-color@6.0.0: + version "6.0.0" + resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-6.0.0.tgz#76cfe742cf1f41bb9b1c29ad03068c05b4c0e40a" + integrity sha512-on9Kwidc1IUQo+bQdhi8+Tijpo0e1SS6RoGo2guUwn5vdaxw8RXOF9Vb2ws+ihWOmh4JnCJOvaziZWP1VABaLg== dependencies: has-flag "^3.0.0" -text-encoding@0.6.4: - version "0.6.4" - resolved "https://registry.yarnpkg.com/text-encoding/-/text-encoding-0.6.4.tgz#e399a982257a276dae428bb92845cb71bdc26d19" - integrity sha1-45mpgiV6J22uQou5KEXLcb3CbRk= +supports-color@^5.3.0, supports-color@^5.5.0: + version "5.5.0" + resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-5.5.0.tgz#e2e69a44ac8772f78a1ec0b35b689df6530efc8f" + integrity sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow== + dependencies: + has-flag "^3.0.0" -throttleit@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/throttleit/-/throttleit-1.0.0.tgz#9e785836daf46743145a5984b6268d828528ac6c" - integrity sha1-nnhYNtr0Z0MUWlmEtiaNgoUorGw= +table@^5.2.3: + version "5.4.6" + resolved "https://registry.yarnpkg.com/table/-/table-5.4.6.tgz#1292d19500ce3f86053b05f0e8e7e4a3bb21079e" + integrity sha512-wmEc8m4fjnob4gt5riFRtTu/6+4rSe12TpAELNSqHMfF3IqnA+CH37USM6/YR3qRZv7e56kAEAtd6nKZaxe0Ug== + dependencies: + ajv "^6.10.2" + lodash "^4.17.14" + slice-ansi "^2.1.0" + string-width "^3.0.0" -through@2: +text-table@^0.2.0: + version "0.2.0" + resolved "https://registry.yarnpkg.com/text-table/-/text-table-0.2.0.tgz#7f5ee823ae805207c00af2df4a84ec3fcfa570b4" + integrity sha1-f17oI66AUgfACvLfSoTsP8+lcLQ= + +through@^2.3.6: version "2.3.8" resolved "https://registry.yarnpkg.com/through/-/through-2.3.8.tgz#0dd4c9ffaabc357960b1b724115d7e0e86a2e1f5" integrity sha1-DdTJ/6q8NXlgsbckEV1+Doai4fU= +tmp@^0.0.33: + version "0.0.33" + resolved "https://registry.yarnpkg.com/tmp/-/tmp-0.0.33.tgz#6d34335889768d21b2bcda0aa277ced3b1bfadf9" + integrity sha512-jRCJlojKnZ3addtTOjdIqoRuPEKBvNXcGYqzO6zWZX8KfKEpnGY5jfggJQ3EjKuu8D4bJRr0y+cYJFmYbImXGw== + dependencies: + os-tmpdir "~1.0.2" + tough-cookie@~2.4.3: version "2.4.3" resolved "https://registry.yarnpkg.com/tough-cookie/-/tough-cookie-2.4.3.tgz#53f36da3f47783b0925afa06ff9f3b165280f781" @@ -1229,6 +1779,11 @@ tough-cookie@~2.4.3: psl "^1.1.24" punycode "^1.4.1" +tslib@^1.9.0: + version "1.10.0" + resolved "https://registry.yarnpkg.com/tslib/-/tslib-1.10.0.tgz#c3c19f95973fb0a62973fb09d90d961ee43e5c8a" + integrity sha512-qOebF53frne81cf0S9B41ByenJ3/IuH8yJKngAX35CmiZySA0khhkovshKK+jGCaMnVomla7gVlIcc3EvKPbTQ== + tunnel-agent@^0.6.0: version "0.6.0" resolved "https://registry.yarnpkg.com/tunnel-agent/-/tunnel-agent-0.6.0.tgz#27a5dea06b36b04a0a9966774b290868f0fc40fd" @@ -1241,7 +1796,14 @@ tweetnacl@^0.14.3, tweetnacl@~0.14.0: resolved "https://registry.yarnpkg.com/tweetnacl/-/tweetnacl-0.14.5.tgz#5ae68177f192d4456269d108afa93ff8743f4f64" integrity sha1-WuaBd/GS1EViadEIr6k/+HQ/T2Q= -type-detect@^4.0.0: +type-check@~0.3.2: + version "0.3.2" + resolved "https://registry.yarnpkg.com/type-check/-/type-check-0.3.2.tgz#5884cab512cf1d355e3fb784f30804b2b520db72" + integrity sha1-WITKtRLPHTVeP7eE8wgEsrUg23I= + dependencies: + prelude-ls "~1.1.2" + +type-detect@4.0.8: version "4.0.8" resolved "https://registry.yarnpkg.com/type-detect/-/type-detect-4.0.8.tgz#7646fb5f18871cfbb7749e69bd39a6388eb7450c" integrity sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g== @@ -1254,16 +1816,6 @@ type-is@~1.6.16: media-typer "0.3.0" mime-types "~2.1.18" -typedarray@^0.0.6: - version "0.0.6" - resolved "https://registry.yarnpkg.com/typedarray/-/typedarray-0.0.6.tgz#867ac74e3864187b1d3d47d996a78ec5c8830777" - integrity sha1-hnrHTjhkGHsdPUfZlqeOxciDB3c= - -unicode-5.2.0@^0.7.5: - version "0.7.5" - resolved "https://registry.yarnpkg.com/unicode-5.2.0/-/unicode-5.2.0-0.7.5.tgz#e0df129431a28a95263d8c480fb5e9ab2b0973f0" - integrity sha512-KVGLW1Bri30x00yv4HNM8kBxoqFXr0Sbo55735nvrlsx4PYBZol3UtoWgO492fSwmsetzPEZzy73rbU8OGXJcA== - unpipe@1.0.0, unpipe@~1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/unpipe/-/unpipe-1.0.0.tgz#b2bf4ee8514aae6165b4817829d21b2ef49904ec" @@ -1276,11 +1828,6 @@ uri-js@^4.2.2: dependencies: punycode "^2.1.0" -util-deprecate@~1.0.1: - version "1.0.2" - resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf" - integrity sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8= - utils-merge@1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/utils-merge/-/utils-merge-1.0.1.tgz#9f95710f50a267947b2ccc124741c1028427e713" @@ -1291,6 +1838,11 @@ uuid@^3.3.2: resolved "https://registry.yarnpkg.com/uuid/-/uuid-3.3.2.tgz#1b4af4955eb3077c501c23872fc6513811587131" integrity sha512-yXJmeNaw3DnnKAOKJE51sL/ZaYfWJRl1pK9dr19YFCu0ObS231AB1/LbqTKRAQ5kw8A90rA6fr4riOUpTZvQZA== +v8-compile-cache@^2.0.3: + version "2.1.0" + resolved "https://registry.yarnpkg.com/v8-compile-cache/-/v8-compile-cache-2.1.0.tgz#e14de37b31a6d194f5690d67efc4e7f6fc6ab30e" + integrity sha512-usZBT3PW+LOjM25wbqIlZwPeJV+3OSz3M1k1Ws8snlW39dZyYL9lOGC5FgPVHfk0jKmjiDV8Z0mIbVQPiwFs7g== + vary@~1.1.2: version "1.1.2" resolved "https://registry.yarnpkg.com/vary/-/vary-1.1.2.tgz#2299f02c6ded30d4a5961b0b9f74524a18f634fc" @@ -1305,37 +1857,58 @@ verror@1.10.0: core-util-is "1.0.2" extsprintf "^1.2.0" -which@^1.2.10: +which-module@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/which-module/-/which-module-2.0.0.tgz#d9ef07dce77b9902b8a3a8fa4b31c3e3f7e6e87a" + integrity sha1-2e8H3Od7mQK4o6j6SzHD4/fm6Ho= + +which@1.3.1, which@^1.2.9: version "1.3.1" resolved "https://registry.yarnpkg.com/which/-/which-1.3.1.tgz#a45043d54f5805316da8d62f9f50918d3da70b0a" integrity sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ== dependencies: isexe "^2.0.0" -winston@^2.4.0: - version "2.4.4" - resolved "https://registry.yarnpkg.com/winston/-/winston-2.4.4.tgz#a01e4d1d0a103cf4eada6fc1f886b3110d71c34b" - integrity sha512-NBo2Pepn4hK4V01UfcWcDlmiVTs7VTB1h7bgnB0rgP146bYhMxX0ypCz3lBOfNxCO4Zuek7yeT+y/zM1OfMw4Q== +wide-align@1.1.3: + version "1.1.3" + resolved "https://registry.yarnpkg.com/wide-align/-/wide-align-1.1.3.tgz#ae074e6bdc0c14a431e804e624549c633b000457" + integrity sha512-QGkOQc8XL6Bt5PwnsExKBPuMKBxnGxWWW3fU55Xt4feHozMUhdUMaBCk290qpm/wG5u/RSKzwdAC4i51YigihA== dependencies: - async "~1.0.0" - colors "1.0.x" - cycle "1.0.x" - eyes "0.1.x" - isstream "0.1.x" - stack-trace "0.0.x" + string-width "^1.0.2 || 2" + +wordwrap@~1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/wordwrap/-/wordwrap-1.0.0.tgz#27584810891456a4171c8d0226441ade90cbcaeb" + integrity sha1-J1hIEIkUVqQXHI0CJkQa3pDLyus= + +wrap-ansi@^5.1.0: + version "5.1.0" + resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-5.1.0.tgz#1fd1f67235d5b6d0fee781056001bfb694c03b09" + integrity sha512-QC1/iN/2/RPVJ5jYK8BGttj5z83LmSKmvbvrXPNCLZSEb32KKVDJDl/MOt2N01qU2H/FkzEa9PKto1BqDjtd7Q== + dependencies: + ansi-styles "^3.2.0" + string-width "^3.0.0" + strip-ansi "^5.0.0" wrappy@1: version "1.0.2" resolved "https://registry.yarnpkg.com/wrappy/-/wrappy-1.0.2.tgz#b5243d8f3ec1aa35f1364605bc0d1036e30ab69f" integrity sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8= -xml-crypto@^1.0.2: - version "1.0.2" - resolved "https://registry.yarnpkg.com/xml-crypto/-/xml-crypto-1.0.2.tgz#248df860b1e3f7326e61bcbd00c234886b0d6e3b" - integrity sha512-bDQkgu1yuwl+QoJbi4GBP9MWxpmYkXc8a9iSHbZ7lKqcxzGlDqMRugcl7qK7TsMI0ydU66GG8/eLNvRUk5T2fw== +write@1.0.3: + version "1.0.3" + resolved "https://registry.yarnpkg.com/write/-/write-1.0.3.tgz#0800e14523b923a387e415123c865616aae0f5c3" + integrity sha512-/lg70HAjtkUgWPVZhZcm+T4hkL8Zbtp1nFNOn3lRrxnlv50SRBv7cR7RqR+GMsd3hUXy9hWBo4CHTbFTcOYwig== + dependencies: + mkdirp "^0.5.1" + +xml-crypto@^1.1.4: + version "1.4.0" + resolved "https://registry.yarnpkg.com/xml-crypto/-/xml-crypto-1.4.0.tgz#de1cec8cd31cbd689cd90d3d6e8a27d4ae807de7" + integrity sha512-K8FRdRxICVulK4WhiTUcJrRyAIJFPVOqxfurA3x/JlmXBTxy+SkEENF6GeRt7p/rB6WSOUS9g0gXNQw5n+407g== dependencies: xmldom "0.1.27" - xpath.js ">=0.0.3" + xpath "0.0.27" xml-encryption@^0.11.0: version "0.11.2" @@ -1356,7 +1929,12 @@ xml2js@0.4.x: sax ">=0.6.0" xmlbuilder "~9.0.1" -xmlbuilder@^9.0.4, xmlbuilder@~9.0.1: +xmlbuilder@^11.0.0: + version "11.0.1" + resolved "https://registry.yarnpkg.com/xmlbuilder/-/xmlbuilder-11.0.1.tgz#be9bae1c8a046e76b31127726347d0ad7002beb3" + integrity sha512-fDlsI/kFEx7gLvbecc0/ohLG50fugQp8ryHzMTuW9vSa1GJ0XYWKnhsUx7oie3G98+r56aTQIUB4kht42R3JvA== + +xmlbuilder@~9.0.1: version "9.0.7" resolved "https://registry.yarnpkg.com/xmlbuilder/-/xmlbuilder-9.0.7.tgz#132ee63d2ec5565c557e20f4c22df9aca686b10d" integrity sha1-Ey7mPS7FVlxVfiD0wi35rKaGsQ0= @@ -1366,19 +1944,45 @@ xmldom@0.1.27, xmldom@0.1.x, xmldom@~0.1.15: resolved "https://registry.yarnpkg.com/xmldom/-/xmldom-0.1.27.tgz#d501f97b3bdb403af8ef9ecc20573187aadac0e9" integrity sha1-1QH5ezvbQDr4757MIFcxh6rawOk= -xpath.js@>=0.0.3: - version "1.1.0" - resolved "https://registry.yarnpkg.com/xpath.js/-/xpath.js-1.1.0.tgz#3816a44ed4bb352091083d002a383dd5104a5ff1" - integrity sha512-jg+qkfS4K8E7965sqaUl8mRngXiKb3WZGfONgE18pr03FUQiuSV6G+Ej4tS55B+rIQSFEIw3phdVAQ4pPqNWfQ== - xpath@0.0.27: version "0.0.27" resolved "https://registry.yarnpkg.com/xpath/-/xpath-0.0.27.tgz#dd3421fbdcc5646ac32c48531b4d7e9d0c2cfa92" integrity sha512-fg03WRxtkCV6ohClePNAECYsmpKKTv5L8y/X3Dn1hQrec3POx2jHZ/0P2qQ6HvsrU1BmeqXcof3NGGueG6LxwQ== -yauzl@2.4.1: - version "2.4.1" - resolved "https://registry.yarnpkg.com/yauzl/-/yauzl-2.4.1.tgz#9528f442dab1b2284e58b4379bb194e22e0c4005" - integrity sha1-lSj0QtqxsihOWLQ3m7GU4i4MQAU= +y18n@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/y18n/-/y18n-4.0.0.tgz#95ef94f85ecc81d007c264e190a120f0a3c8566b" + integrity sha512-r9S/ZyXu/Xu9q1tYlpsLIsa3EeLXXk0VwlxqTcFRfg9EhMW+17kbt9G0NrgCmhGb5vT2hyhJZLfDGx+7+5Uj/w== + +yargs-parser@13.1.1, yargs-parser@^13.1.1: + version "13.1.1" + resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-13.1.1.tgz#d26058532aa06d365fe091f6a1fc06b2f7e5eca0" + integrity sha512-oVAVsHz6uFrg3XQheFII8ESO2ssAf9luWuAd6Wexsu4F3OtIW0o8IribPXYrD4WC24LWtPrJlGy87y5udK+dxQ== dependencies: - fd-slicer "~1.0.1" + camelcase "^5.0.0" + decamelize "^1.2.0" + +yargs-unparser@1.6.0: + version "1.6.0" + resolved "https://registry.yarnpkg.com/yargs-unparser/-/yargs-unparser-1.6.0.tgz#ef25c2c769ff6bd09e4b0f9d7c605fb27846ea9f" + integrity sha512-W9tKgmSn0DpSatfri0nx52Joq5hVXgeLiqR/5G0sZNDoLZFOr/xjBUDcShCOGNsBnEMNo1KAMBkTej1Hm62HTw== + dependencies: + flat "^4.1.0" + lodash "^4.17.15" + yargs "^13.3.0" + +yargs@13.3.0, yargs@^13.3.0: + version "13.3.0" + resolved "https://registry.yarnpkg.com/yargs/-/yargs-13.3.0.tgz#4c657a55e07e5f2cf947f8a366567c04a0dedc83" + integrity sha512-2eehun/8ALW8TLoIl7MVaRUrg+yCnenu8B4kBlRxj3GJGDKU1Og7sMXPNm1BYyM1DOJmTZ4YeN/Nwxv+8XJsUA== + dependencies: + cliui "^5.0.0" + find-up "^3.0.0" + get-caller-file "^2.0.1" + require-directory "^2.1.1" + require-main-filename "^2.0.0" + set-blocking "^2.0.0" + string-width "^3.0.0" + which-module "^2.0.0" + y18n "^4.0.0" + yargs-parser "^13.1.1" From da64d889a9d5af780297ed5f4c0aeaac8607f925 Mon Sep 17 00:00:00 2001 From: Marko Wallin Date: Tue, 1 Oct 2019 19:36:21 +0300 Subject: [PATCH 32/38] Add .editorconfig as suggested in #373 Using the same rules as nodejs. --- .editorconfig | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .editorconfig diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 00000000..cef38a07 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,13 @@ +root = true + +[*] +charset = utf-8 +end_of_line = lf +indent_size = 2 +indent_style = space +insert_final_newline = true +trim_trailing_whitespace = true + +[*.md] +indent_size = 4 +trim_trailing_whitespace = false From 571bf42d3191a0b0f4003785f85e13e61a74e4c5 Mon Sep 17 00:00:00 2001 From: Marko Wallin Date: Tue, 1 Oct 2019 22:31:59 +0300 Subject: [PATCH 33/38] Fix #355 missing parts: tests. Note: self = this is needed and tests fail if using arrow function as suggested in the PR review. --- lib/passport-saml/saml.js | 9 +++++---- .../acme_tools_com_without_header_and_footer.cert | 15 +++++++++++++++ test/tests.js | 10 ++++++++++ 3 files changed, 30 insertions(+), 4 deletions(-) create mode 100644 test/static/acme_tools_com_without_header_and_footer.cert diff --git a/lib/passport-saml/saml.js b/lib/passport-saml/saml.js index 8aa77c65..27434348 100644 --- a/lib/passport-saml/saml.js +++ b/lib/passport-saml/saml.js @@ -803,6 +803,7 @@ function processValidlySignedSamlLogout(self, doc, callback) { } SAML.prototype.hasValidSignatureForRedirect = function (container, originalQuery) { + var self = this; var tokens = originalQuery.split('&'); var getParam = function (key) { var exists = tokens.filter(function(t) { return new RegExp(key).test(t); }); @@ -821,7 +822,7 @@ SAML.prototype.hasValidSignatureForRedirect = function (container, originalQuery return this.certsToCheck() .then(function(certs) { var hasValidQuerySignature = certs.some(function (cert) { - return validateSignatureForRedirect( + return self.validateSignatureForRedirect( urlString, container.Signature, container.SigAlg, cert ); }); @@ -835,7 +836,7 @@ SAML.prototype.hasValidSignatureForRedirect = function (container, originalQuery } }; -function validateSignatureForRedirect (urlString, signature, alg, cert) { +SAML.prototype.validateSignatureForRedirect = function (urlString, signature, alg, cert) { // See if we support a matching algorithm, case-insensitive. Otherwise, throw error. function hasMatch (ourAlgo) { // The incoming algorithm is forwarded as a URL. @@ -855,8 +856,8 @@ function validateSignatureForRedirect (urlString, signature, alg, cert) { var verifier = crypto.createVerify(matchingAlgo); verifier.update(urlString); - return verifier.verify(cert, signature, 'base64'); -} + return verifier.verify(this.certToPEM(cert), signature, 'base64'); +}; SAML.prototype.verifyLogoutRequest = function (doc) { this.verifyIssuer(doc.LogoutRequest); diff --git a/test/static/acme_tools_com_without_header_and_footer.cert b/test/static/acme_tools_com_without_header_and_footer.cert new file mode 100644 index 00000000..1046b270 --- /dev/null +++ b/test/static/acme_tools_com_without_header_and_footer.cert @@ -0,0 +1,15 @@ +MIICrjCCAZYCCQDWybyUsLVkXzANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDFA5h +Y21lX3Rvb2xzLmNvbTAeFw0xNTA4MTgwODQ3MzZaFw0yNTA4MTcwODQ3MzZaMBkx +FzAVBgNVBAMUDmFjbWVfdG9vbHMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAlyT+OzEymhaZFNfx4+HFxZbBP3egvcUgPvGa7wWCV7vyuCauLBqw +O1FQqzaRDxkEihkHqmUz63D25v2QixLxXyqaFQ8TxDFKwYATtSL7x5G2Gww56H0L +1XGgYdNW1akPx90P+USmVn1Wb//7AwU+TV+u4jIgKZyTaIFWdFlwBhlp4OBEHCyY +wngFgMyVoCBsSmwb4if7Mi5T746J9ZMQpC+ts+kfzley59Nz55pa5fRLwu4qxFUv +2oRdXAf2ZLuxB7DPQbRH82/ewZZ8N4BUGiQyAwOsHgp0sb9JJ8uEM/qhyS1dXXxj +o+kxsI5HXhxp4P5R9VADuOquaLIo8ptIrQIDAQABMA0GCSqGSIb3DQEBCwUAA4IB +AQBW/Y7leJnV76+6bzeqqi+buTLyWc1mASi5LVH68mdailg2WmGfKlSMLGzFkNtg +8fJnfaRZ/GtxmSxhpQRHn63ZlyzqVrFcJa0qzPG21PXPHG/ny8pN+BV8fk74CIb/ ++YN7NvDUrV7jlsPxNT2rQk8G2fM7jsTMYvtz0MBkrZZsUzTv4rZkF/v44J/ACDir +KJiE+TYArm70yQPweX6RvYHNZLSzgg4o+hoyBXo5BGQetAjmcIhC6ZOwN3iVhGjp +0YpWM0pkqStPy3sIR0//LZbskWWlSRb0fX1c4632Xb+zikfec4DniYV6CxkB2U+p +lHpOX1rt1R+UiTEIhTSXPNt/ diff --git a/test/tests.js b/test/tests.js index 5d604293..078b43d7 100644 --- a/test/tests.js +++ b/test/tests.js @@ -2332,6 +2332,16 @@ describe( 'passport-saml /', function() { } }); }); + + it('accepts cert without header and footer line', function(done) { + samlObj.options.cert = fs.readFileSync(__dirname + '/static/acme_tools_com_without_header_and_footer.cert', 'ascii') + samlObj.cacheProvider.save('_79db1e7ad12ca1d63e5b', new Date().toISOString(), function(){}); + samlObj.validateRedirect(this.request, this.request.originalQuery, function(err, _data, success) { + should.not.exist(err); + success.should.eql(true); + done(); + }); + }); }); }); }); From 75ad459ba57a1e974b9ad8278ddfbc964c19705b Mon Sep 17 00:00:00 2001 From: Marko Wallin Date: Thu, 17 Oct 2019 23:02:28 +0300 Subject: [PATCH 34/38] Fix minimum version of Node.js in Travis (#399) * Fix minimum version of Node.js in Travis Support for Node 6 was dropped in dd1699ac04ec3968f8a6c763138e6503e160eec4 --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index e2ea7526..6189bef6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,6 +1,6 @@ language: node_js node_js: - - "6.0" + - "8.10" - "stable" script: From 53e7363567123f9099ecc6163f148df3a79b1314 Mon Sep 17 00:00:00 2001 From: Mark Stosberg Date: Wed, 23 Oct 2019 20:33:45 -0400 Subject: [PATCH 35/38] refactor: replace 'self = this' with arrow functions Just modernizing the code some. --- lib/passport-saml/saml.js | 396 ++++++++++++++++++-------------------- 1 file changed, 183 insertions(+), 213 deletions(-) diff --git a/lib/passport-saml/saml.js b/lib/passport-saml/saml.js index 27434348..e047c138 100644 --- a/lib/passport-saml/saml.js +++ b/lib/passport-saml/saml.js @@ -13,8 +13,6 @@ var InMemoryCacheProvider = require('./inmemory-cache-provider.js').CacheProvide var Q = require('q'); var SAML = function (options) { - var self = this; - this.options = this.initialize(options); this.cacheProvider = this.options.cacheProvider; }; @@ -155,19 +153,18 @@ SAML.prototype.signRequest = function (samlMessage) { }; SAML.prototype.generateAuthorizeRequest = function (req, isPassive, callback) { - var self = this; - var id = "_" + self.generateUniqueID(); - var instant = self.generateInstant(); - var forceAuthn = self.options.forceAuthn || false; - - Q.fcall(function() { - if(self.options.validateInResponseTo) { - return Q.ninvoke(self.cacheProvider, 'save', id, instant); + var id = "_" + this.generateUniqueID(); + var instant = this.generateInstant(); + var forceAuthn = this.options.forceAuthn || false; + + Q.fcall(() => { + if(this.options.validateInResponseTo) { + return Q.ninvoke(this.cacheProvider, 'save', id, instant); } else { return Q(); } }) - .then(function(){ + .then(() => { var request = { 'samlp:AuthnRequest': { '@xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol', @@ -175,10 +172,10 @@ SAML.prototype.generateAuthorizeRequest = function (req, isPassive, callback) { '@Version': '2.0', '@IssueInstant': instant, '@ProtocolBinding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', - '@Destination': self.options.entryPoint, + '@Destination': this.options.entryPoint, 'saml:Issuer' : { '@xmlns:saml' : 'urn:oasis:names:tc:SAML:2.0:assertion', - '#text': self.options.issuer + '#text': this.options.issuer } } }; @@ -190,21 +187,21 @@ SAML.prototype.generateAuthorizeRequest = function (req, isPassive, callback) { request['samlp:AuthnRequest']['@ForceAuthn'] = true; } - if (!self.options.disableRequestACSUrl) { - request['samlp:AuthnRequest']['@AssertionConsumerServiceURL'] = self.getCallbackUrl(req); + if (!this.options.disableRequestACSUrl) { + request['samlp:AuthnRequest']['@AssertionConsumerServiceURL'] = this.getCallbackUrl(req); } - if (self.options.identifierFormat) { + if (this.options.identifierFormat) { request['samlp:AuthnRequest']['samlp:NameIDPolicy'] = { '@xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol', - '@Format': self.options.identifierFormat, + '@Format': this.options.identifierFormat, '@AllowCreate': 'true' }; } - if (!self.options.disableRequestedAuthnContext) { + if (!this.options.disableRequestedAuthnContext) { var authnContextClassRefs = []; - self.options.authnContext.forEach(function(value) { + this.options.authnContext.forEach(function(value) { authnContextClassRefs.push({ '@xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion', '#text': value @@ -213,17 +210,17 @@ SAML.prototype.generateAuthorizeRequest = function (req, isPassive, callback) { request['samlp:AuthnRequest']['samlp:RequestedAuthnContext'] = { '@xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol', - '@Comparison': self.options.RACComparison, + '@Comparison': this.options.RACComparison, 'saml:AuthnContextClassRef': authnContextClassRefs }; } - if (self.options.attributeConsumingServiceIndex) { - request['samlp:AuthnRequest']['@AttributeConsumingServiceIndex'] = self.options.attributeConsumingServiceIndex; + if (this.options.attributeConsumingServiceIndex) { + request['samlp:AuthnRequest']['@AttributeConsumingServiceIndex'] = this.options.attributeConsumingServiceIndex; } - if (self.options.providerName) { - request['samlp:AuthnRequest']['@ProviderName'] = self.options.providerName; + if (this.options.providerName) { + request['samlp:AuthnRequest']['@ProviderName'] = this.options.providerName; } callback(null, xmlbuilder.create(request).end()); @@ -306,23 +303,18 @@ SAML.prototype.generateLogoutResponse = function (req, logoutRequest) { }; SAML.prototype.requestToUrl = function (request, response, operation, additionalParameters, callback) { - var self = this; - if (self.options.skipRequestCompression) - requestToUrlHelper(null, Buffer.from(request || response, 'utf8')); - else - zlib.deflateRaw(request || response, requestToUrlHelper); - - function requestToUrlHelper(err, buffer) { + + const requestToUrlHelper = (err, buffer) => { if (err) { return callback(err); } var base64 = buffer.toString('base64'); - var target = url.parse(self.options.entryPoint, true); + var target = url.parse(this.options.entryPoint, true); if (operation === 'logout') { - if (self.options.logoutUrl) { - target = url.parse(self.options.logoutUrl, true); + if (this.options.logoutUrl) { + target = url.parse(this.options.logoutUrl, true); } } else if (operation !== 'authorize') { return callback(new Error("Unknown operation: "+operation)); @@ -333,24 +325,24 @@ SAML.prototype.requestToUrl = function (request, response, operation, additional } : { SAMLResponse: base64 }; - Object.keys(additionalParameters).forEach(function(k) { + Object.keys(additionalParameters).forEach(k => { samlMessage[k] = additionalParameters[k]; }); - if (self.options.privateCert) { + if (this.options.privateCert) { try { - if (!self.options.entryPoint) { + if (!this.options.entryPoint) { throw new Error('"entryPoint" config parameter is required for signed messages'); } // sets .SigAlg and .Signature - self.signRequest(samlMessage); + this.signRequest(samlMessage); } catch (ex) { return callback(ex); } } - Object.keys(samlMessage).forEach(function(k) { + Object.keys(samlMessage).forEach(k => { target.query[k] = samlMessage[k]; }); @@ -359,6 +351,13 @@ SAML.prototype.requestToUrl = function (request, response, operation, additional delete target.search; callback(null, url.format(target)); + }; + + if (this.options.skipRequestCompression) { + requestToUrlHelper(null, Buffer.from(request || response, 'utf8')); + } + else { + zlib.deflateRaw(request || response, requestToUrlHelper); } }; @@ -396,19 +395,16 @@ SAML.prototype.getAdditionalParams = function (req, operation, overrideParams) { }; SAML.prototype.getAuthorizeUrl = function (req, options, callback) { - var self = this; - self.generateAuthorizeRequest(req, self.options.passive, function(err, request){ + this.generateAuthorizeRequest(req, this.options.passive, (err, request) => { if (err) return callback(err); var operation = 'authorize'; var overrideParams = options ? options.additionalParams || {} : {}; - self.requestToUrl(request, null, operation, self.getAdditionalParams(req, operation, overrideParams), callback); + this.requestToUrl(request, null, operation, this.getAdditionalParams(req, operation, overrideParams), callback); }); }; SAML.prototype.getAuthorizeForm = function (req, callback) { - var self = this; - // The quoteattr() function is used in a context, where the result will not be evaluated by javascript // but must be interpreted by an XML or HTML parser, and it must absolutely avoid breaking the syntax // of an element attribute. @@ -426,22 +422,22 @@ SAML.prototype.getAuthorizeForm = function (req, callback) { .replace(/[\r\n]/g, preserveCR); }; - var getAuthorizeFormHelper = function(err, buffer) { + const getAuthorizeFormHelper = (err, buffer) => { if (err) { return callback(err); } var operation = 'authorize'; - var additionalParameters = self.getAdditionalParams(req, operation); + var additionalParameters = this.getAdditionalParams(req, operation); var samlMessage = { SAMLRequest: buffer.toString('base64') }; - Object.keys(additionalParameters).forEach(function(k) { + Object.keys(additionalParameters).forEach(k => { samlMessage[k] = additionalParameters[k] || ''; }); - var formInputs = Object.keys(samlMessage).map(function(k) { + var formInputs = Object.keys(samlMessage).map(k => { return ''; }).join('\r\n'); @@ -456,7 +452,7 @@ SAML.prototype.getAuthorizeForm = function (req, callback) { '', - '
', + '', formInputs, '', '
', @@ -466,12 +462,12 @@ SAML.prototype.getAuthorizeForm = function (req, callback) { ].join('\r\n')); }; - self.generateAuthorizeRequest(req, self.options.passive, function(err, request) { + this.generateAuthorizeRequest(req, this.options.passive, (err, request) => { if (err) { return callback(err); } - if (self.options.skipRequestCompression) { + if (this.options.skipRequestCompression) { getAuthorizeFormHelper(null, Buffer.from(request, 'utf8')); } else { zlib.deflateRaw(request, getAuthorizeFormHelper); @@ -481,12 +477,11 @@ SAML.prototype.getAuthorizeForm = function (req, callback) { }; SAML.prototype.getLogoutUrl = function(req, options, callback) { - var self = this; - return self.generateLogoutRequest(req) - .then(function(request) { - var operation = 'logout'; - var overrideParams = options ? options.additionalParams || {} : {}; - return self.requestToUrl(request, null, operation, self.getAdditionalParams(req, operation, overrideParams), callback); + return this.generateLogoutRequest(req) + .then(request => { + const operation = 'logout'; + const overrideParams = options ? options.additionalParams || {} : {}; + return this.requestToUrl(request, null, operation, this.getAdditionalParams(req, operation, overrideParams), callback); }); }; @@ -509,20 +504,19 @@ SAML.prototype.certToPEM = function (cert) { }; SAML.prototype.certsToCheck = function () { - var self = this; - if (!self.options.cert) { + if (!this.options.cert) { return Q(); } - if (typeof(self.options.cert) === 'function') { - return Q.nfcall(self.options.cert) - .then(function(certs) { + if (typeof(this.options.cert) === 'function') { + return Q.nfcall(this.options.cert) + .then(certs => { if (!Array.isArray(certs)) { certs = [certs]; } return Q(certs); }); } - var certs = self.options.cert; + var certs = this.options.cert; if (!Array.isArray(certs)) { certs = [certs]; } @@ -535,31 +529,27 @@ SAML.prototype.certsToCheck = function () { // See https://github.com/bergie/passport-saml/issues/19 for references to some of the attack // vectors against SAML signature verification. SAML.prototype.validateSignature = function (fullXml, currentNode, certs) { - var self = this; - var xpathSigQuery = ".//*[local-name(.)='Signature' and " + + const xpathSigQuery = ".//*[local-name(.)='Signature' and " + "namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']"; - var signatures = xpath(currentNode, xpathSigQuery); + const signatures = xpath(currentNode, xpathSigQuery); // This function is expecting to validate exactly one signature, so if we find more or fewer // than that, reject. - if (signatures.length != 1) + if (signatures.length != 1) { return false; - var signature = signatures[0]; - return certs.some(function (certToCheck) { - return self.validateSignatureForCert(signature, certToCheck, fullXml, currentNode); + } + + const signature = signatures[0]; + return certs.some(certToCheck => { + return this.validateSignatureForCert(signature, certToCheck, fullXml, currentNode); }); }; // This function checks that the |signature| is signed with a given |cert|. SAML.prototype.validateSignatureForCert = function (signature, cert, fullXml, currentNode) { - var self = this; - var sig = new xmlCrypto.SignedXml(); + const sig = new xmlCrypto.SignedXml(); sig.keyInfoProvider = { - getKeyInfo: function (key) { - return ""; - }, - getKey: function (keyInfo) { - return self.certToPEM(cert); - } + getKeyInfo: key => "", + getKey: keyInfo => this.certToPEM(cert), }; sig.loadSignature(signature); // We expect each signature to contain exactly one reference to the top level of the xml we @@ -576,17 +566,17 @@ SAML.prototype.validateSignatureForCert = function (signature, cert, fullXml, cu // multiple candidate references is bad news) var totalReferencedNodes = xpath(currentNode.ownerDocument, "//*[@" + idAttribute + "='" + refId + "']"); - if (totalReferencedNodes.length > 1) + + if (totalReferencedNodes.length > 1) { return false; + } return sig.checkSignature(fullXml); }; SAML.prototype.validatePostResponse = function (container, callback) { - var self = this; - var xml, doc, inResponseTo; - Q.fcall(function(){ + Q.fcall(() => { xml = Buffer.from(container.SAMLResponse, 'base64').toString('utf8'); doc = new xmldom.DOMParser({ }).parseFromString(xml); @@ -599,22 +589,20 @@ SAML.prototype.validatePostResponse = function (container, callback) { if (inResponseTo) { inResponseTo = inResponseTo.length ? inResponseTo[0].nodeValue : null; - return self.validateInResponseTo(inResponseTo); + return this.validateInResponseTo(inResponseTo); } }) - .then(function() { - return self.certsToCheck(); - }) - .then(function(certs) { + .then(() => this.certsToCheck()) + .then(certs => { // Check if this document has a valid top-level signature var validSignature = false; - if (self.options.cert && self.validateSignature(xml, doc.documentElement, certs)) { + if (this.options.cert && this.validateSignature(xml, doc.documentElement, certs)) { validSignature = true; } var assertions = xpath(doc, "/*[local-name()='Response']/*[local-name()='Assertion']"); var encryptedAssertions = xpath(doc, - "/*[local-name()='Response']/*[local-name()='EncryptedAssertion']"); + "/*[local-name()='Response']/*[local-name()='EncryptedAssertion']"); if (assertions.length + encryptedAssertions.length > 1) { // There's no reason I know of that we want to handle multiple assertions, and it seems like a @@ -623,35 +611,35 @@ SAML.prototype.validatePostResponse = function (container, callback) { } if (assertions.length == 1) { - if (self.options.cert && + if (this.options.cert && !validSignature && - !self.validateSignature(xml, assertions[0], certs)) { + !this.validateSignature(xml, assertions[0], certs)) { throw new Error('Invalid signature'); } - return self.processValidlySignedAssertion(assertions[0].toString(), xml, inResponseTo, callback); + return this.processValidlySignedAssertion(assertions[0].toString(), xml, inResponseTo, callback); } if (encryptedAssertions.length == 1) { - if (!self.options.decryptionPvk) + if (!this.options.decryptionPvk) throw new Error('No decryption key for encrypted SAML response'); var encryptedAssertionXml = encryptedAssertions[0].toString(); - var xmlencOptions = { key: self.options.decryptionPvk }; + var xmlencOptions = { key: this.options.decryptionPvk }; return Q.ninvoke(xmlenc, 'decrypt', encryptedAssertionXml, xmlencOptions) - .then(function(decryptedXml) { - var decryptedDoc = new xmldom.DOMParser().parseFromString(decryptedXml); - var decryptedAssertions = xpath(decryptedDoc, "/*[local-name()='Assertion']"); - if (decryptedAssertions.length != 1) - throw new Error('Invalid EncryptedAssertion content'); - - if (self.options.cert && - !validSignature && - !self.validateSignature(decryptedXml, decryptedAssertions[0], certs)) - throw new Error('Invalid signature from encrypted assertion'); - - self.processValidlySignedAssertion(decryptedAssertions[0].toString(), xml, inResponseTo, callback); - }); + .then(decryptedXml => { + var decryptedDoc = new xmldom.DOMParser().parseFromString(decryptedXml); + var decryptedAssertions = xpath(decryptedDoc, "/*[local-name()='Assertion']"); + if (decryptedAssertions.length != 1) + throw new Error('Invalid EncryptedAssertion content'); + + if (this.options.cert && + !validSignature && + !this.validateSignature(decryptedXml, decryptedAssertions[0], certs)) + throw new Error('Invalid signature from encrypted assertion'); + + this.processValidlySignedAssertion(decryptedAssertions[0].toString(), xml, inResponseTo, callback); + }); } // If there's no assertion, fall back on xml2js response parsing for the status & @@ -664,30 +652,30 @@ SAML.prototype.validatePostResponse = function (container, callback) { }; var parser = new xml2js.Parser(parserConfig); return Q.ninvoke( parser, 'parseString', xml) - .then(function(doc) { - var response = doc.Response; - if (response) { - var assertion = response.Assertion; - if (!assertion) { - var status = response.Status; - if (status) { - var statusCode = status[0].StatusCode; - if (statusCode && statusCode[0].$.Value === "urn:oasis:names:tc:SAML:2.0:status:Responder") { - var nestedStatusCode = statusCode[0].StatusCode; - if (nestedStatusCode && nestedStatusCode[0].$.Value === "urn:oasis:names:tc:SAML:2.0:status:NoPassive") { - if (self.options.cert && !validSignature) { - throw new Error('Invalid signature: NoPassive'); - } - return callback(null, null, false); + .then(doc => { + var response = doc.Response; + if (response) { + var assertion = response.Assertion; + if (!assertion) { + var status = response.Status; + if (status) { + var statusCode = status[0].StatusCode; + if (statusCode && statusCode[0].$.Value === "urn:oasis:names:tc:SAML:2.0:status:Responder") { + var nestedStatusCode = statusCode[0].StatusCode; + if (nestedStatusCode && nestedStatusCode[0].$.Value === "urn:oasis:names:tc:SAML:2.0:status:NoPassive") { + if (this.options.cert && !validSignature) { + throw new Error('Invalid signature: NoPassive'); } + return callback(null, null, false); } + } - // Note that we're not requiring a valid signature before this logic -- since we are - // throwing an error in any case, and some providers don't sign error results, - // let's go ahead and give the potentially more helpful error. - if (statusCode && statusCode[0].$.Value) { - var msgType = statusCode[0].$.Value.match(/[^:]*$/)[0]; - if (msgType != 'Success') { + // Note that we're not requiring a valid signature before this logic -- since we are + // throwing an error in any case, and some providers don't sign error results, + // let's go ahead and give the potentially more helpful error. + if (statusCode && statusCode[0].$.Value) { + var msgType = statusCode[0].$.Value.match(/[^:]*$/)[0]; + if (msgType != 'Success') { var msg = 'unspecified'; if (status[0].StatusMessage) { msg = status[0].StatusMessage[0]._; @@ -707,7 +695,7 @@ SAML.prototype.validatePostResponse = function (container, callback) { throw new Error('Missing SAML assertion'); } } else { - if (self.options.cert && !validSignature) { + if (this.options.cert && !validSignature) { throw new Error('Invalid signature: No response found'); } var logoutResponse = doc.LogoutResponse; @@ -719,10 +707,10 @@ SAML.prototype.validatePostResponse = function (container, callback) { } }); }) - .fail(function(err) { + .fail(err => { debug('validatePostResponse resulted in an error: %s', err); - if (self.options.validateInResponseTo) { - Q.ninvoke(self.cacheProvider, 'remove', inResponseTo) + if (this.options.validateInResponseTo) { + Q.ninvoke(this.cacheProvider, 'remove', inResponseTo) .then(function() { callback(err); }); @@ -737,7 +725,7 @@ SAML.prototype.validateInResponseTo = function (inResponseTo) { if (this.options.validateInResponseTo) { if (inResponseTo) { return Q.ninvoke(this.cacheProvider, 'get', inResponseTo) - .then(function(result) { + .then(result => { if (!result) throw new Error('InResponseTo is not valid'); return Q(); @@ -751,40 +739,33 @@ SAML.prototype.validateInResponseTo = function (inResponseTo) { }; SAML.prototype.validateRedirect = function(container, originalQuery, callback) { - var self = this; - var samlMessageType = container.SAMLRequest ? 'SAMLRequest' : 'SAMLResponse'; + const samlMessageType = container.SAMLRequest ? 'SAMLRequest' : 'SAMLResponse'; - var data = Buffer.from(container[samlMessageType], "base64"); - zlib.inflateRaw(data, function(err, inflated) { + const data = Buffer.from(container[samlMessageType], "base64"); + zlib.inflateRaw(data, (err, inflated) => { if (err) { return callback(err); } - var dom = new xmldom.DOMParser().parseFromString(inflated.toString()); - var parserConfig = { + const dom = new xmldom.DOMParser().parseFromString(inflated.toString()); + const parserConfig = { explicitRoot: true, explicitCharkey: true, tagNameProcessors: [xml2js.processors.stripPrefix] }; - var parser = new xml2js.Parser(parserConfig); - parser.parseString(inflated, function (err, doc) { + const parser = new xml2js.Parser(parserConfig); + parser.parseString(inflated, (err, doc) => { if (err) { return callback(err); } - Q.fcall(function () { + Q.fcall(() => { return samlMessageType === 'SAMLResponse' ? - self.verifyLogoutResponse(doc) : self.verifyLogoutRequest(doc); - }) - .then(function() { - return self.hasValidSignatureForRedirect(container, originalQuery); - }) - .then(function () { - processValidlySignedSamlLogout(self, doc, callback); + this.verifyLogoutResponse(doc) : this.verifyLogoutRequest(doc); }) - .fail(function(err) { - callback(err); - }); + .then(() => this.hasValidSignatureForRedirect(container, originalQuery)) + .then(() => processValidlySignedSamlLogout(this, doc, callback)) + .fail(err => callback(err)); }); }); }; @@ -803,10 +784,9 @@ function processValidlySignedSamlLogout(self, doc, callback) { } SAML.prototype.hasValidSignatureForRedirect = function (container, originalQuery) { - var self = this; - var tokens = originalQuery.split('&'); - var getParam = function (key) { - var exists = tokens.filter(function(t) { return new RegExp(key).test(t); }); + const tokens = originalQuery.split('&'); + var getParam = key => { + var exists = tokens.filter(t => { return new RegExp(key).test(t); }); return exists[0]; }; @@ -820,9 +800,9 @@ SAML.prototype.hasValidSignatureForRedirect = function (container, originalQuery urlString += '&' + getParam('SigAlg'); return this.certsToCheck() - .then(function(certs) { - var hasValidQuerySignature = certs.some(function (cert) { - return self.validateSignatureForRedirect( + .then(certs => { + var hasValidQuerySignature = certs.some(cert => { + return this.validateSignatureForRedirect( urlString, container.Signature, container.SigAlg, cert ); }); @@ -872,17 +852,15 @@ SAML.prototype.verifyLogoutRequest = function (doc) { }; SAML.prototype.verifyLogoutResponse = function (doc) { - var self = this; - - return Q.fcall(function() { + return Q.fcall(() => { var statusCode = doc.LogoutResponse.Status[0].StatusCode[0].$.Value; if (statusCode !== "urn:oasis:names:tc:SAML:2.0:status:Success") throw 'Bad status code: ' + statusCode; - self.verifyIssuer(doc.LogoutResponse); + this.verifyIssuer(doc.LogoutResponse); var inResponseTo = doc.LogoutResponse.$.InResponseTo; if (inResponseTo) { - return self.validateInResponseTo(inResponseTo); + return this.validateInResponseTo(inResponseTo); } return Q(true); @@ -902,7 +880,6 @@ SAML.prototype.verifyIssuer = function (samlMessage) { }; SAML.prototype.processValidlySignedAssertion = function(xml, samlResponseXml, inResponseTo, callback) { - var self = this; var msg; var parserConfig = { explicitRoot: true, @@ -915,8 +892,8 @@ SAML.prototype.processValidlySignedAssertion = function(xml, samlResponseXml, in var parsedAssertion; var parser = new xml2js.Parser(parserConfig); Q.ninvoke(parser, 'parseString', xml) - .then(function(doc) { - parsedAssertion = doc; + .then(doc => { + parsedAssertion = doc; assertion = doc.Assertion; var issuer = assertion.Issuer; @@ -959,7 +936,7 @@ SAML.prototype.processValidlySignedAssertion = function(xml, samlResponseXml, in var subjectNotBefore = confirmData.$.NotBefore; var subjectNotOnOrAfter = confirmData.$.NotOnOrAfter; - var subjErr = self.checkTimestampsValidityError( + var subjErr = this.checkTimestampsValidityError( nowMs, subjectNotBefore, subjectNotOnOrAfter); if (subjErr) { throw subjErr; @@ -970,27 +947,27 @@ SAML.prototype.processValidlySignedAssertion = function(xml, samlResponseXml, in // Test to see that if we have a SubjectConfirmation InResponseTo that it matches // the 'InResponseTo' attribute set in the Response - if (self.options.validateInResponseTo) { + if (this.options.validateInResponseTo) { if (subjectConfirmation) { if (confirmData && confirmData.$) { var subjectInResponseTo = confirmData.$.InResponseTo; if (inResponseTo && subjectInResponseTo && subjectInResponseTo != inResponseTo) { - return Q.ninvoke(self.cacheProvider, 'remove', inResponseTo) - .then(function(){ + return Q.ninvoke(this.cacheProvider, 'remove', inResponseTo) + .then(() => { throw new Error('InResponseTo is not valid'); }); } else if (subjectInResponseTo) { var foundValidInResponseTo = false; - return Q.ninvoke(self.cacheProvider, 'get', subjectInResponseTo) - .then(function(result){ + return Q.ninvoke(this.cacheProvider, 'get', subjectInResponseTo) + .then(result => { if (result) { var createdAt = new Date(result); - if (nowMs < createdAt.getTime() + self.options.requestIdExpirationPeriodMs) + if (nowMs < createdAt.getTime() + this.options.requestIdExpirationPeriodMs) foundValidInResponseTo = true; } - return Q.ninvoke(self.cacheProvider, 'remove', inResponseTo ); + return Q.ninvoke(this.cacheProvider, 'remove', inResponseTo ); }) - .then(function(){ + .then(() => { if (!foundValidInResponseTo) { throw new Error('InResponseTo is not valid'); } @@ -999,46 +976,46 @@ SAML.prototype.processValidlySignedAssertion = function(xml, samlResponseXml, in } } } else { - return Q.ninvoke(self.cacheProvider, 'remove', inResponseTo); + return Q.ninvoke(this.cacheProvider, 'remove', inResponseTo); } } else { return Q(); } }) - .then(function(){ + .then(() => { var conditions = assertion.Conditions ? assertion.Conditions[0] : null; if (assertion.Conditions && assertion.Conditions.length > 1) { msg = 'Unable to process multiple conditions in SAML assertion'; throw new Error(msg); } if(conditions && conditions.$) { - var conErr = self.checkTimestampsValidityError( + var conErr = this.checkTimestampsValidityError( nowMs, conditions.$.NotBefore, conditions.$.NotOnOrAfter); if(conErr) throw conErr; } - if (self.options.audience) { - var audienceErr = self.checkAudienceValidityError( - self.options.audience, conditions.AudienceRestriction); + if (this.options.audience) { + var audienceErr = this.checkAudienceValidityError( + this.options.audience, conditions.AudienceRestriction); if(audienceErr) throw audienceErr; } var attributeStatement = assertion.AttributeStatement; if (attributeStatement) { - var attributes = [].concat.apply([], attributeStatement.filter(function (attr) { - return Array.isArray(attr.Attribute); - }).map(function (attr) { - return attr.Attribute; - })); + var attributes = [].concat + .apply([], + attributeStatement.filter(attr => Array.isArray(attr.Attribute)) + .map(attr => attr.Attribute) + ); var attrValueMapper = function(value) { return typeof value === 'string' ? value : value._; }; if (attributes) { - attributes.forEach(function (attribute) { + attributes.forEach(attribute => { if(!Object.prototype.hasOwnProperty.call(attribute, 'AttributeValue')) { // if attributes has no AttributeValue child, continue return; @@ -1063,31 +1040,28 @@ SAML.prototype.processValidlySignedAssertion = function(xml, samlResponseXml, in profile.email = profile.mail; } - profile.getAssertionXml = function() { return xml; }; - profile.getAssertion = function() { return parsedAssertion; }; - profile.getSamlResponseXml = function() { return samlResponseXml; }; + profile.getAssertionXml = () => xml; + profile.getAssertion = () => parsedAssertion; + profile.getSamlResponseXml = () => samlResponseXml; callback(null, profile, false); }) - .fail(function(err) { - callback(err); - }) + .fail(err => callback(err)) .done(); }; SAML.prototype.checkTimestampsValidityError = function(nowMs, notBefore, notOnOrAfter) { - var self = this; - if (self.options.acceptedClockSkewMs == -1) + if (this.options.acceptedClockSkewMs == -1) return null; if (notBefore) { var notBeforeMs = Date.parse(notBefore); - if (nowMs + self.options.acceptedClockSkewMs < notBeforeMs) + if (nowMs + this.options.acceptedClockSkewMs < notBeforeMs) return new Error('SAML assertion not yet valid'); } if (notOnOrAfter) { var notOnOrAfterMs = Date.parse(notOnOrAfter); - if (nowMs - self.options.acceptedClockSkewMs >= notOnOrAfterMs) + if (nowMs - this.options.acceptedClockSkewMs >= notOnOrAfterMs) return new Error('SAML assertion expired'); } @@ -1095,7 +1069,6 @@ SAML.prototype.checkTimestampsValidityError = function(nowMs, notBefore, notOnOr }; SAML.prototype.checkAudienceValidityError = function(expectedAudience, audienceRestrictions) { - var self = this; if (!audienceRestrictions || audienceRestrictions.length < 1) { return new Error('SAML assertion has no AudienceRestriction'); } @@ -1107,7 +1080,7 @@ SAML.prototype.checkAudienceValidityError = function(expectedAudience, audienceR return new Error('SAML assertion audience mismatch'); } return null; - }).filter(function(result) { + }).filter(result => { return result !== null; }); if (errors.length > 0) { @@ -1117,32 +1090,29 @@ SAML.prototype.checkAudienceValidityError = function(expectedAudience, audienceR }; SAML.prototype.validatePostRequest = function (container, callback) { - var self = this; - var xml = Buffer.from(container.SAMLRequest, 'base64').toString('utf8'); - var dom = new xmldom.DOMParser().parseFromString(xml); - var parserConfig = { + const xml = Buffer.from(container.SAMLRequest, 'base64').toString('utf8'); + const dom = new xmldom.DOMParser().parseFromString(xml); + const parserConfig = { explicitRoot: true, explicitCharkey: true, tagNameProcessors: [xml2js.processors.stripPrefix] }; - var parser = new xml2js.Parser(parserConfig); - parser.parseString(xml, function (err, doc) { + const parser = new xml2js.Parser(parserConfig); + parser.parseString(xml, (err, doc) => { if (err) { return callback(err); } - self.certsToCheck() - .then(function(certs) { + this.certsToCheck() + .then(certs => { // Check if this document has a valid top-level signature - if (self.options.cert && !self.validateSignature(xml, dom.documentElement, certs)) { + if (this.options.cert && !this.validateSignature(xml, dom.documentElement, certs)) { return callback(new Error('Invalid signature on documentElement')); } - processValidlySignedPostRequest(self, doc, callback); + processValidlySignedPostRequest(this, doc, callback); }) - .fail(function(err) { - callback(err); - }); + .fail(err => callback(err)); }); }; From 4ebfae0da47968f4c3d4459d4d174506ddcfa0e5 Mon Sep 17 00:00:00 2001 From: Mark Stosberg Date: Fri, 25 Oct 2019 13:51:32 -0400 Subject: [PATCH 36/38] add Node support policy to README --- README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/README.md b/README.md index af883dab..18130f0e 100644 --- a/README.md +++ b/README.md @@ -332,3 +332,15 @@ See [Releases](https://github.com/bergie/passport-saml/releases) to find the cha ### Is there an example I can look at? Gerard Braad has provided an example app at https://github.com/gbraad/passport-saml-example/ + +## Node Support Policy + +We only support [Long-Term Support](https://github.com/nodejs/Release) versions of Node. + +We specifically limit our support to LTS versions of Node, not because this package won't work on other versions, but because we have a limited amount of time, and supporting LTS offers the greatest return on that investment. + +It's possible this package will work correctly on newer versions of Node. It may even be possible to use this package on older versions of Node, though that's more unlikely as we'll make every effort to take advantage of features available in the oldest LTS version we support. + +As each Node LTS version reaches its end-of-life we will remove that version from the `node` `engines` property of our package's `package.json` file. Removing a Node version is considered a breaking change and will entail the publishing of a new major version of this package. We will not accept any requests to support an end-of-life version of Node. Any merge requests or issues supporting an end-of-life version of Node will be closed. + +We will accept code that allows this package to run on newer, non-LTS, versions of Node. From 7bffa5c3e518aeacfe7291fa424d21726d568116 Mon Sep 17 00:00:00 2001 From: Nishant Chaturvedi Date: Mon, 18 Nov 2019 22:14:55 +0530 Subject: [PATCH 37/38] fix #393 adding 'inResponseTo' in the profile (#404) * fix #393 adding 'inResponseTo' in the profile --- lib/passport-saml/saml.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/passport-saml/saml.js b/lib/passport-saml/saml.js index e047c138..4adcbc7e 100644 --- a/lib/passport-saml/saml.js +++ b/lib/passport-saml/saml.js @@ -901,6 +901,10 @@ SAML.prototype.processValidlySignedAssertion = function(xml, samlResponseXml, in profile.issuer = issuer[0]._; } + if (inResponseTo) { + profile.inResponseTo = inResponseTo; + } + var authnStatement = assertion.AuthnStatement; if (authnStatement) { if (authnStatement[0].$ && authnStatement[0].$.SessionIndex) { From c82149d2f8b5d3f90f973ab69812efb11e85569a Mon Sep 17 00:00:00 2001 From: LoneRifle Date: Tue, 19 Nov 2019 04:16:44 +0800 Subject: [PATCH 38/38] Bring-up xml-crypto to 1.4.0 (#400) This update will pick up the following changes: yaronn/xml-crypto#171 yaronn/xml-crypto#179 yaronn/xml-crypto#183 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index b75e6fb1..537d21dc 100644 --- a/package.json +++ b/package.json @@ -30,7 +30,7 @@ "debug": "^3.1.0", "passport-strategy": "*", "q": "^1.5.0", - "xml-crypto": "^1.1.4", + "xml-crypto": "^1.4.0", "xml-encryption": "^0.11.0", "xml2js": "0.4.x", "xmlbuilder": "^11.0.0",