Skip to content
This repository has been archived by the owner on Oct 4, 2022. It is now read-only.

Commit

Permalink
[ULP-3649][ULP-3712] Fix: URL fragments in SAML Sign in URLs (auth0#171)
Browse files Browse the repository at this point in the history
* fix: SAML request url construction with query and fragment

* fix: Add tests for SAML request URL construction

* fix: Change order of split for URL parsing and add tests

Co-authored-by: Ganesh Rajasekar <ganeshrajasekar@j0fpcv21p9.local.dev.auth0.com>
ganeshrajsekar and Ganesh Rajasekar authored Jun 29, 2022
1 parent 8caadc9 commit f0b7687
Showing 3 changed files with 41 additions and 2 deletions.
9 changes: 8 additions & 1 deletion lib/passport-wsfed-saml2/samlp.js
Original file line number Diff line number Diff line change
@@ -245,7 +245,10 @@ Samlp.prototype = {
if (err) return callback(err);

var parsedUrl = url.parse(options.identityProviderUrl, true);
var samlRequestUrl = options.identityProviderUrl.split('?')[0] + '?' + qs.encode(xtend(parsedUrl.query, params));
var samlRequestUrl = stripQueryAndFragmentFromURL(options.identityProviderUrl) + '?' + qs.encode(xtend(parsedUrl.query, params));
if (parsedUrl.hash !== null) {
samlRequestUrl += parsedUrl.hash;
}
return callback(null, samlRequestUrl);
});
},
@@ -501,3 +504,7 @@ function generateInstant() {
var date = new Date();
return date.getUTCFullYear() + '-' + ('0' + (date.getUTCMonth()+1)).slice(-2) + '-' + ('0' + date.getUTCDate()).slice(-2) + 'T' + ('0' + date.getUTCHours()).slice(-2) + ":" + ('0' + date.getUTCMinutes()).slice(-2) + ":" + ('0' + date.getUTCSeconds()).slice(-2) + "Z";
}

function stripQueryAndFragmentFromURL(url) {
return url.split("#")[0].split("?")[0];
}
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "passport-wsfed-saml2",
"version": "4.6.1",
"version": "4.6.2",
"description": "SAML2 Protocol and WS-Fed library",
"scripts": {
"test": "./node_modules/.bin/mocha --recursive",
32 changes: 32 additions & 0 deletions test/samlp.tests.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit f0b7687

Please sign in to comment.