Merge pull request #32 from ziluvatar/wsfed-add-fault-support

Add fault check support
mcastany · Jun 8, 2016 · ec31177 · ec31177
2 parents 7af3a16 + 3ad0121
commit ec31177
Show file tree

Hide file tree

Showing 5 changed files with 156 additions and 23 deletions.
diff --git a/lib/passport-wsfed-saml2/strategy.js b/lib/passport-wsfed-saml2/strategy.js
@@ -56,36 +56,32 @@ util.inherits(WsFedSaml2Strategy, Strategy);
 WsFedSaml2Strategy.prototype._authenticate_saml = function (req, state) {
   var self = this;
 
-  if (req.body.wresult.indexOf('<') === -1) {
-    return self.fail('wresult should be a valid xml', 400);
-  }
-
-  var token = self._wsfed.extractToken(req);
-  if (!token) {
-    return self.fail('missing RequestedSecurityToken element', 400);
-  }
-
-  self._saml.validateSamlAssertion(token, function (err, profile) {
-    if (err) {
-      return self.error(err);
-    }
-
-    var verified = function (err, user, info) {
+  self._wsfed.retrieveToken(req, function(err, token) {
+    if (err) return self.fail(err, err.status || 400);
+
+    self._saml.validateSamlAssertion(token, function (err, profile) {
       if (err) {
         return self.error(err);
       }
 
-      if (!user) {
-        return self.fail(info);
-      }
+      var verified = function (err, user, info) {
+        if (err) {
+          return self.error(err);
+        }
 
-      info = info || {};
-      if (state) { info.state = state; }
-      self.success(user, info);
-    };
+        if (!user) {
+          return self.fail(info);
+        }
 
-    self._verify(profile, verified);
+        info = info || {};
+        if (state) { info.state = state; }
+        self.success(user, info);
+      };
+
+      self._verify(profile, verified);
+    });    
   });
+
 };
 
 WsFedSaml2Strategy.prototype._authenticate_jwt = function (req, state) {

diff --git a/lib/passport-wsfed-saml2/wsfederation.js b/lib/passport-wsfed-saml2/wsfederation.js
@@ -1,6 +1,9 @@
 var xmldom = require('xmldom');
 var xtend = require('xtend');
 var qs = require('querystring');
+var xpath = require('xpath');
+
+var AuthenticationFailedError = require('./errors/AuthenticationFailedError');
 
 var WsFederation = module.exports = function WsFederation (realm, homerealm, identityProviderUrl, wreply) {
   this.realm = realm;
@@ -39,6 +42,56 @@ WsFederation.prototype = {
     }
 
     return token && token.firstChild;
+  },
+
+  retrieveToken: function(req, callback) {
+    if (req.body.wresult.indexOf('<') === -1) {
+      return callback(new Error('wresult should be a valid xml'));
+    }
+
+    var fault = this.extractFault(req);
+    if (fault) {
+      return callback(new AuthenticationFailedError(fault.message, fault.detail));
+    }
+
+    var token = this.extractToken(req);
+    if (!token) {
+      return callback(new Error('missing RequestedSecurityToken element'));
+    }
+
+    callback(null, token);
+  },
+
+  extractFault: function(req) {
+    var fault = {};
+    var doc = new xmldom.DOMParser().parseFromString(req.body['wresult']);
+
+    var isFault = xpath.select("//*[local-name(.)='Fault']", doc)[0];
+    if (!isFault) {
+      return null;
+    }
+
+    var codeXml = xpath.select("//*[local-name(.)='Fault']/*[local-name(.)='Code']/*[local-name(.)='Value']", doc)[0];
+    if (codeXml) {
+      fault.code = codeXml.textContent;
+    }
+
+    var subCodeXml = xpath.select("//*[local-name(.)='Fault']/*[local-name(.)='Code']/*[local-name(.)='Subcode']/*[local-name(.)='Value']", doc)[0];
+    if (subCodeXml) {
+      fault.subCode = subCodeXml.textContent;
+    }
+
+    var messageXml = xpath.select("//*[local-name(.)='Fault']/*[local-name(.)='Reason']/*[local-name(.)='Text']", doc)[0];
+    if (messageXml) {
+      fault.message = messageXml.textContent;
+    }
+
+    var detailXml = xpath.select("//*[local-name(.)='Fault']/*[local-name(.)='Detail']", doc)[0];
+    if (detailXml) {
+      fault.detail = detailXml.textContent;
+    }
+
+    return fault;
   }
 };
 

diff --git a/test/interop.tests.js b/test/interop.tests.js
diff --git a/test/soap-fault-no-info.xml b/test/soap-fault-no-info.xml
@@ -0,0 +1,5 @@
+<env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope" xmlns:fed="http://schemas.xmlsoap.org/ws/2006/12/federation">
+    <env:Body>
+        <env:Fault />
+    </env:Body>
+</env:Envelope>
diff --git a/test/soap-fault.xml b/test/soap-fault.xml
@@ -0,0 +1,16 @@
+<env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope" xmlns:fed="http://schemas.xmlsoap.org/ws/2006/12/federation">
+    <env:Body>
+        <env:Fault>
+            <env:Code>
+                <env:Value>env:Sender</env:Value>
+                <env:Subcode>
+                    <env:Value>fed:BadRequest</env:Value>
+                </env:Subcode>
+            </env:Code>
+            <env:Reason>
+                <env:Text xml:lang="en">User cancelled</env:Text>
+            </env:Reason>
+            <env:Detail>USER_CANCEL</env:Detail>
+        </env:Fault>
+    </env:Body>
+</env:Envelope>