Commit f8b6837b authored by Peter Loer's avatar Peter Loer
Browse files

Refactor HTTP-Post tests to be a branch in existing authnRequest tests, rather...

Refactor HTTP-Post tests to be a branch in existing authnRequest tests, rather than largely duplicated separate test.
parent 85cab613
......@@ -216,6 +216,32 @@ describe( 'passport-saml /', function() {
[ { _: 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport',
'$': { 'xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion' } } ] } ] } }
},
{ name: "Empty Config w/ HTTP-POST binding",
config: { authnRequestBinding: 'HTTP-POST' },
result: {
'samlp:AuthnRequest':
{ '$':
{ 'xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',
Version: '2.0',
ProtocolBinding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
AssertionConsumerServiceURL: 'http://localhost:3033/login',
Destination: 'https://wwwexampleIdp.com/saml'},
'saml:Issuer':
[ { _: 'onelogin_saml',
'$': { 'xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion' } } ],
'samlp:NameIDPolicy':
[ { '$':
{ 'xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',
Format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
AllowCreate: 'true' } } ],
'samlp:RequestedAuthnContext':
[ { '$':
{ 'xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',
Comparison: 'exact' },
'saml:AuthnContextClassRef':
[ { _: 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport',
'$': { 'xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion' } } ] } ] } }
},
{ name: "Config #2",
config: {
issuer: 'http://exampleSp.com/saml',
......@@ -387,111 +413,18 @@ describe( 'passport-saml /', function() {
request(requestOpts, function(err, response, body) {
should.not.exist(err);
var encodedSamlRequest;
if ( check.config.authnRequestBinding === "HTTP-POST" ) {
response.statusCode.should.equal(200);
body.should.match(/<!DOCTYPE html>[^]*<input.*name="SAMLRequest"[^]*<\/html>/);
encodedSamlRequest = body.match( /<input.*name="SAMLRequest" value="([^"]*)"/ )[1];
} else {
response.statusCode.should.equal(302);
var query = response.headers.location.match( /^[^\?]*\?(.*)$/ )[1];
var encodedSamlRequest = querystring.parse( query ).SAMLRequest;
var buffer = new Buffer(encodedSamlRequest, 'base64')
if (check.config.skipRequestCompression)
helper(null, buffer);
else
zlib.inflateRaw( buffer, helper );
function helper(err, samlRequest) {
should.not.exist( err );
parseString( samlRequest.toString(), function( err, doc ) {
should.not.exist( err );
delete doc['samlp:AuthnRequest']['$']["ID"];
delete doc['samlp:AuthnRequest']['$']["IssueInstant"];
doc.should.eql( check.result );
done();
});
}
});
});
};
encodedSamlRequest = querystring.parse( query ).SAMLRequest;
}
for( var i = 0; i < capturedChecks.length; i++ ) {
var check = capturedChecks[i];
it( check.name, testForCheck( check ) );
}
afterEach( function( done ) {
server.close( done );
});
});
describe( 'captured SAML HTTP-POST requests /', function() {
var capturedChecks = [
{ name: "Empty Config",
config: {},
result: {
'samlp:AuthnRequest':
{ '$':
{ 'xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',
Version: '2.0',
ProtocolBinding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
AssertionConsumerServiceURL: 'http://localhost:3033/login',
Destination: 'https://wwwexampleIdp.com/saml'},
'saml:Issuer':
[ { _: 'onelogin_saml',
'$': { 'xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion' } } ],
'samlp:NameIDPolicy':
[ { '$':
{ 'xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',
Format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
AllowCreate: 'true' } } ],
'samlp:RequestedAuthnContext':
[ { '$':
{ 'xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',
Comparison: 'exact' },
'saml:AuthnContextClassRef':
[ { _: 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport',
'$': { 'xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion' } } ] } ] } }
}
];
var server;
function testForCheck( check ) {
return function( done ) {
var app = express();
app.use( bodyParser.urlencoded({extended: false}) );
app.use( passport.initialize() );
var config = check.config;
config.callbackUrl = 'http://localhost:3033/login';
config.entryPoint = 'https://wwwexampleIdp.com/saml';
config.authnRequestBinding = 'HTTP-POST';
var profile = null;
passport.use( new SamlStrategy( config, function(_profile, done) {
profile = _profile;
done(null, { id: profile.nameID } );
})
);
app.get( '/login',
passport.authenticate( "saml", { samlFallback: 'login-request', session: false } ),
function(req, res) {
res.status(200).send("200 OK");
});
app.use( function( err, req, res, next ) {
console.log( err.stack );
res.status(500).send('500 Internal Server Error');
});
server = app.listen( 3033, function() {
var requestOpts = {
url: 'http://localhost:3033/login',
method: 'get',
followRedirect: false
};
request(requestOpts, function(err, response, body) {
should.not.exist(err);
response.statusCode.should.equal(200);
body.should.match(/<!DOCTYPE html>[^]*<input.*name="SAMLRequest"[^]*<\/html>/);
var encodedSamlRequest = body.match( /<input.*name="SAMLRequest" value="([^"]*)"/ )[1];
var buffer = new Buffer(encodedSamlRequest, 'base64')
if (check.config.skipRequestCompression)
helper(null, buffer);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment