|
|
@@ -611,41 +611,41 @@ class PassportService {
|
|
|
if (expr === null) {
|
|
|
return false;
|
|
|
}
|
|
|
- debug({"Parsed Rule": JSON.stringify(expr, null, 2)});
|
|
|
+ debug({ 'Parsed Rule': JSON.stringify(expr, null, 2) });
|
|
|
|
|
|
const attributes = this.extractAttributesFromSAMLResponse(response);
|
|
|
- debug({"Extracted Attributes": JSON.stringify(attributes, null, 2)});
|
|
|
-
|
|
|
- let evaluated_expr = false
|
|
|
- for (const or_op of expr) {
|
|
|
- let evaluated_or_op = true;
|
|
|
- for (const and_op of or_op) {
|
|
|
- if (attributes[and_op[0]] == null) {
|
|
|
- evaluated_or_op = false
|
|
|
+ debug({ 'Extracted Attributes': JSON.stringify(attributes, null, 2) });
|
|
|
+
|
|
|
+ let evaluatedExpr = false;
|
|
|
+ for (const orOp of expr) {
|
|
|
+ let evaluatedOrOp = true;
|
|
|
+ for (const andOp of orOp) {
|
|
|
+ if (attributes[andOp[0]] == null) {
|
|
|
+ evaluatedOrOp = false;
|
|
|
break;
|
|
|
}
|
|
|
- evaluated_or_op = evaluated_or_op && attributes[and_op[0]].includes(and_op[1])
|
|
|
+ evaluatedOrOp = evaluatedOrOp && attributes[andOp[0]].includes(andOp[1]);
|
|
|
}
|
|
|
- evaluated_expr = evaluated_expr || evaluated_or_op;
|
|
|
+ evaluatedExpr = evaluatedExpr || evaluatedOrOp;
|
|
|
}
|
|
|
|
|
|
- return evaluated_expr;
|
|
|
+ return evaluatedExpr;
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
* Parse a rule string for the attribute-based login control
|
|
|
- *
|
|
|
+ *
|
|
|
* The syntax rules are as follows.
|
|
|
* <attr> and <value> are any characters except "|", "&", "=".
|
|
|
- *
|
|
|
+ *
|
|
|
* ## Syntax
|
|
|
* <expr> ::= <or_op> | <or_op> "|" <expr>
|
|
|
* <or_op> ::= <and_op> | <and_op> "&" <or_op>
|
|
|
* <and_op> ::= <attr> "=" <value>
|
|
|
- *
|
|
|
+ *
|
|
|
* ## Example
|
|
|
* In: "Department = A | Department = B & Position = Leader"
|
|
|
- * Out:
|
|
|
+ * Out:
|
|
|
* [
|
|
|
* [
|
|
|
* ["Department", "A"]
|
|
|
@@ -655,18 +655,18 @@ class PassportService {
|
|
|
* ["Position","Leader"]
|
|
|
* ]
|
|
|
* ]
|
|
|
- *
|
|
|
+ *
|
|
|
* In: Invalid syntax string like a "This is a & bad & rule string."
|
|
|
* Out: null
|
|
|
*/
|
|
|
parseABLCRule(rule) {
|
|
|
- let expr = rule.split("|");
|
|
|
- expr = expr.map(or_op => or_op.trim().split("&"));
|
|
|
- expr = expr.map(or_op => or_op.map(and_op => and_op.trim().split("=")));
|
|
|
- expr = expr.map(or_op => or_op.map(and_op => and_op.map(v => v.trim())));
|
|
|
- for (const or_op of expr) {
|
|
|
- for (const and_op of or_op) {
|
|
|
- if (and_op.length !== 2) {
|
|
|
+ let expr = rule.split('|');
|
|
|
+ expr = expr.map(orOp => orOp.trim().split('&'));
|
|
|
+ expr = expr.map(orOp => orOp.map(andOp => andOp.trim().split('=')));
|
|
|
+ expr = expr.map(orOp => orOp.map(andOp => andOp.map(v => v.trim())));
|
|
|
+ for (const orOp of expr) {
|
|
|
+ for (const andOp of orOp) {
|
|
|
+ if (andOp.length !== 2) {
|
|
|
return null;
|
|
|
}
|
|
|
}
|
|
|
@@ -677,9 +677,9 @@ class PassportService {
|
|
|
|
|
|
/**
|
|
|
* Extract attributes from a SAML response
|
|
|
- *
|
|
|
+ *
|
|
|
* The format of extracted attributes is the following.
|
|
|
- *
|
|
|
+ *
|
|
|
* {
|
|
|
* "attribute_name1": ["value1", "value2", ...],
|
|
|
* "attribute_name2": ["value1", "value2", ...],
|
|
|
@@ -700,14 +700,15 @@ class PassportService {
|
|
|
const result = {};
|
|
|
for (const attribute of attributes) {
|
|
|
const name = attribute.$.Name;
|
|
|
- const attributeValues = attribute.AttributeValue.map(v => v._)
|
|
|
+ const attributeValues = attribute.AttributeValue.map(v => v._);
|
|
|
if (result[name] == null) {
|
|
|
result[name] = attributeValues;
|
|
|
- }else {
|
|
|
- result[name] = result[name].concat(attributeValues)
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ result[name] = result[name].concat(attributeValues);
|
|
|
}
|
|
|
}
|
|
|
-
|
|
|
+
|
|
|
return result;
|
|
|
}
|
|
|
|
utsushiiro