CoreID/app/routing/middleware/SAMLRequest.middleware.js
2020-05-03 20:16:54 -05:00

46 lines
1.6 KiB
JavaScript

const { Middleware } = require('libflitter')
const samlp = require('samlp')
class SAMLRequestMiddleware extends Middleware {
static get services() {
return [...super.services, 'output', 'models']
}
async test(req, res, next, args = null) {
const ServiceProvider = this.models.get('saml:ServiceProvider')
samlp.parseRequest(req, async (err, data) => {
if ( err )
return res.error(400, { message: 'Unable to parse SAML request data.' })
if ( data ) {
// Verify that the issuer is known
const sp = await ServiceProvider.findOne({entity_id: data.issuer, active: true})
if (!sp)
return res.error(401, 'Unable to continue. The SAML issuer is unknown.')
req.saml_request = {
relay_state: req.query.RelayState || req.body.RelayState,
id: data.id,
issuer: data.issuer,
destination: data.destination,
acs_url: data.assertionConsumerServiceURL,
force_authn: data.forceAuthn === 'true',
service_provider: sp,
}
req.session.auth.message = `Please sign-in to continue to ${sp.name}.`
this.output.info('Parsed SAML request')
this.output.debug(req.saml_request)
} else {
this.output.info(`Incoming request does not have an associated SAMLRequest`)
}
return next()
})
}
}
module.exports = exports = SAMLRequestMiddleware