refactor: refactor code

2024-12-16 20:26:19 -05:00 · 2024-12-09 11:14:33 +08:00 · 2024-12-09 11:14:33 +08:00 · b5481df6f5
commit b5481df6f5
parent b8bb4e7177
3 changed files with 29 additions and 6 deletions
--- a/packages/core/src/saml-applications/libraries/consts.ts
+++ b/packages/core/src/saml-applications/libraries/consts.ts
@ -20,3 +20,17 @@ export const samlLogInResponseTemplate = `
    {AttributeStatement}
  </saml:Assertion>
 </samlp:Response>`;
+
+export const samlAttributeNameFormatBasic = 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic';
+
+const samlValueXmlnsXsiString = 'xs:string';
+const samlValueXmlnsXsiInteger = 'xsd:integer';
+const samlValueXmlnsXsiBoolean = 'xsd:boolean';
+const samlValueXmlnsXsiDatetime = 'xsd:dateTime';
+
+export const samlValueXmlnsXsi = {
+  string: samlValueXmlnsXsiString,
+  integer: samlValueXmlnsXsiInteger,
+  boolean: samlValueXmlnsXsiBoolean,
+  datetime: samlValueXmlnsXsiDatetime,
+};
--- a/packages/core/src/saml-applications/routes/anonymous.ts
+++ b/packages/core/src/saml-applications/routes/anonymous.ts
@ -9,7 +9,7 @@ import { fetchOidcConfig, getUserInfo } from '#src/sso/OidcConnector/utils.js';
 import { SsoConnectorError } from '#src/sso/types/error.js';
 import assertThat from '#src/utils/assert-that.js';

-import { samlLogInResponseTemplate } from '../libraries/consts.js';
+import { samlLogInResponseTemplate, samlAttributeNameFormatBasic,samlValueXmlnsXsi } from '../libraries/consts.js';

 import { exchangeAuthorizationCode, generateAutoSubmitForm, createSamlResponse } from './utils.js';

@ -129,14 +129,14 @@ export default function samlApplicationAnonymousRoutes<T extends AnonymousRouter
            {
              name: 'email',
              valueTag: 'email',
-              nameFormat: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
-              valueXsiType: 'xs:string',
+              nameFormat: samlAttributeNameFormatBasic,
+              valueXsiType: samlValueXmlnsXsi['string'],
            },
            {
              name: 'name',
              valueTag: 'name',
-              nameFormat: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
-              valueXsiType: 'xs:string',
+              nameFormat: samlAttributeNameFormatBasic,
+              valueXsiType: samlValueXmlnsXsi['string'],
            },
          ],
        },
--- a/packages/core/src/saml-applications/routes/utils.ts
+++ b/packages/core/src/saml-applications/routes/utils.ts
@ -35,13 +35,22 @@ const createSamlTemplateCallback =
      Issuer: idp.entityMeta.getEntityID(),
      IssueInstant: now.toISOString(),
      AssertionConsumerServiceURL: assertionConsumerServiceUrl,
-      StatusCode: 'urn:oasis:names:tc:SAML:2.0:status:Success',
+      StatusCode: saml.Constants.StatusCode.Success,
      ConditionsNotBefore: now.toISOString(),
      ConditionsNotOnOrAfter: expireAt.toISOString(),
      SubjectConfirmationDataNotOnOrAfter: expireAt.toISOString(),
      NameIDFormat: selectedNameIDFormat,
      NameID: user.sub,
      InResponseTo: 'null',
+      /**
+       * User attributes for SAML response
+       *
+       * @todo Support custom attribute mapping
+       * @see {@link https://github.com/tngan/samlify/blob/master/src/libsaml.ts#L275-L300|samlify implementation}
+       *
+       * @remarks
+       * By examining the code provided in the link above, we can define all the attributes supported by the attribute mapping here. Only the attributes defined in the `loginResponseTemplate.attributes` added when creating the IdP instance will appear in the SAML response.
+       */
      attrEmail: user.email,
      attrName: user.name,
    };