Metadata secret check and remove fs in saml server, tried to add the …

…relayState stuff in the logic inside of the saml server
DevelopingSpace · Feb 23, 2023 · e322ff3 · e322ff3
1 parent 85a3416
commit e322ff3
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 9 deletions.
diff --git a/app/routes/login.tsx b/app/routes/login.tsx
@@ -23,10 +23,8 @@ export const action = async ({ request }: ActionArgs) => {
 
   // If not then create a login request to the IDP's redirect binding
   if (!user) {
-    const context = await createLoginRequest();
-    const url = new URL(request.url);
-    const returnTo = url.searchParams.get('redirectTo') || '/';
-    return redirect(context + '&RelayState=' + returnTo);
+    const samlRedirectURL = await createLoginRequest(new URL(request.url));
+    return redirect(samlRedirectURL);
   }
 
   return redirect('/');

diff --git a/app/routes/login/callback.tsx b/app/routes/login/callback.tsx
@@ -75,7 +75,6 @@ export const action = async ({ request }: ActionArgs) => {
     request: request,
     username: username,
     remember: false,
-    // redirectTo: '/',
     redirectTo: returnTo,
   });
 };
diff --git a/app/saml.server.ts b/app/saml.server.ts
@@ -2,11 +2,15 @@
 // https://github.com/remix-run/examples/pull/130/files/ec66b3060fac83eec2389eb0c96aad6d8ea4aed1#diff-02d2b71e481b2495b8a72af14f09fc28238298c7f1d19a540e37c9228985b0da
 import * as samlify from 'samlify';
 import * as validator from '@authenio/samlify-node-xmllint';
-import { readFileSync } from 'fs';
 import secrets from './lib/secrets.server';
 
 samlify.setSchemaValidator(validator);
 
+const { SAML_IDP_METADATA } = secrets;
+if (!SAML_IDP_METADATA) {
+  throw new Error('Missing SAML_IDP_METADATA secret');
+}
+
 // Here we configure the service provider: https://samlify.js.org/#/sp-configuration
 
 const sp = samlify.ServiceProvider({
@@ -29,16 +33,17 @@ const sp = samlify.ServiceProvider({
 
 // Take the metadata stood up by the IDP and use it as the metadata for our IDP object
 const idp = samlify.IdentityProvider({
-  metadata: readFileSync(secrets.SAML_IDP_METADATA_FILE),
+  metadata: SAML_IDP_METADATA,
 });
 
 export function metadata() {
   return sp.getMetadata();
 }
 
-export async function createLoginRequest() {
+export async function createLoginRequest(url: URL) {
   const { context } = sp.createLoginRequest(idp, 'redirect');
-  return context;
+  const returnTo = url.searchParams.get('redirectTo') || '/';
+  return context + '&RelayState=' + returnTo;
 }
 
 export async function createLogoutRequest(user: string) {

diff --git a/dev-secrets/SAML_IDP_METADATA_FILE → dev-secrets/SAML_IDP_METADATA b/dev-secrets/SAML_IDP_METADATA_FILE → dev-secrets/SAML_IDP_METADATA