From e322ff3e9551a67aeb13efa7229a2c58a8c8baa5 Mon Sep 17 00:00:00 2001
From: stefanaz2 <sfrunza@seneca.ca>
Date: Wed, 22 Feb 2023 21:53:45 -0500
Subject: [PATCH] Metadata secret check and remove fs in saml server, tried to
 add the relayState stuff in the logic inside of the saml server

---
 app/routes/login.tsx                                |  6 ++----
 app/routes/login/callback.tsx                       |  1 -
 app/saml.server.ts                                  | 13 +++++++++----
 .../{SAML_IDP_METADATA_FILE => SAML_IDP_METADATA}   |  0
 4 files changed, 11 insertions(+), 9 deletions(-)
 rename dev-secrets/{SAML_IDP_METADATA_FILE => SAML_IDP_METADATA} (100%)

diff --git a/app/routes/login.tsx b/app/routes/login.tsx
index fb95cfe5..198bfc66 100644
--- a/app/routes/login.tsx
+++ b/app/routes/login.tsx
@@ -23,10 +23,8 @@ export const action = async ({ request }: ActionArgs) => {
 
   // If not then create a login request to the IDP's redirect binding
   if (!user) {
-    const context = await createLoginRequest();
-    const url = new URL(request.url);
-    const returnTo = url.searchParams.get('redirectTo') || '/';
-    return redirect(context + '&RelayState=' + returnTo);
+    const samlRedirectURL = await createLoginRequest(new URL(request.url));
+    return redirect(samlRedirectURL);
   }
 
   return redirect('/');
diff --git a/app/routes/login/callback.tsx b/app/routes/login/callback.tsx
index cf3a88ee..5aa14aa5 100644
--- a/app/routes/login/callback.tsx
+++ b/app/routes/login/callback.tsx
@@ -75,7 +75,6 @@ export const action = async ({ request }: ActionArgs) => {
     request: request,
     username: username,
     remember: false,
-    // redirectTo: '/',
     redirectTo: returnTo,
   });
 };
diff --git a/app/saml.server.ts b/app/saml.server.ts
index 22faac08..dd9f4cd0 100644
--- a/app/saml.server.ts
+++ b/app/saml.server.ts
@@ -2,11 +2,15 @@
 // https://github.com/remix-run/examples/pull/130/files/ec66b3060fac83eec2389eb0c96aad6d8ea4aed1#diff-02d2b71e481b2495b8a72af14f09fc28238298c7f1d19a540e37c9228985b0da
 import * as samlify from 'samlify';
 import * as validator from '@authenio/samlify-node-xmllint';
-import { readFileSync } from 'fs';
 import secrets from './lib/secrets.server';
 
 samlify.setSchemaValidator(validator);
 
+const { SAML_IDP_METADATA } = secrets;
+if (!SAML_IDP_METADATA) {
+  throw new Error('Missing SAML_IDP_METADATA secret');
+}
+
 // Here we configure the service provider: https://samlify.js.org/#/sp-configuration
 
 const sp = samlify.ServiceProvider({
@@ -29,16 +33,17 @@ const sp = samlify.ServiceProvider({
 
 // Take the metadata stood up by the IDP and use it as the metadata for our IDP object
 const idp = samlify.IdentityProvider({
-  metadata: readFileSync(secrets.SAML_IDP_METADATA_FILE),
+  metadata: SAML_IDP_METADATA,
 });
 
 export function metadata() {
   return sp.getMetadata();
 }
 
-export async function createLoginRequest() {
+export async function createLoginRequest(url: URL) {
   const { context } = sp.createLoginRequest(idp, 'redirect');
-  return context;
+  const returnTo = url.searchParams.get('redirectTo') || '/';
+  return context + '&RelayState=' + returnTo;
 }
 
 export async function createLogoutRequest(user: string) {
diff --git a/dev-secrets/SAML_IDP_METADATA_FILE b/dev-secrets/SAML_IDP_METADATA
similarity index 100%
rename from dev-secrets/SAML_IDP_METADATA_FILE
rename to dev-secrets/SAML_IDP_METADATA