Move XML functions to utility module #571
Conversation
|
I like the idea and recommend dropping "util" from the directory name, leaving it as just "xml". The word "utility" doesn't convey much useful information. It implies minor or miscellaneous functions but I think that's implied by it being an internal library. |
|
As I look more at what @markstos is saying, it seems we might also be able to consolidate some stuff from |
|
@cjbarth Yes, true, I did see them then forgot to mention them. I was not 100% sure I should move them, at least one of them (signXmlResponse) seems to be SAML logic to me (it's about a Response element) I think there is actually a nice factorization opportunity with |
|
(after digging a bit more |
|
@cjbarth a @markstos Added one commit to move the signXml function to xml module. The change in this commit is slightly more involved than previous commits in this PRs, so review it carefully :) In particular, I probably fixed or broke something, see my comment in the code ;) I have not touched to the function calling signXml yet, I think their destiny could be decided later, in order not to make that PR bigger that it is already ;) |
There was a problem hiding this comment.
I really like where you are going with this, but your last commit on this branch is a step too far and breaks stuff. I'd like to get a test written that catches this. It should be an easy test. If we take "should sign a simple saml request" and "should place the Signature element after the Issuer element" and compare the signatures generated with the same settings, they shouldn't be equal.
|
I improved the existing tests, I don't see any reason to resort to regexp parsing xml if everything is deterministic and we can check the full result. I confirmed the tests failed with the previous version and fixed. |
test/saml-post-signing-tests.spec.ts
Outdated
| result.should.match(/<DigestValue>[A-Za-z0-9/+=]+<\/DigestValue>/); | ||
| result.should.match(/<SignatureValue>[A-Za-z0-9/+=]+<\/SignatureValue>/); | ||
| const doc = await parseXml2JsFromString(result); | ||
| doc.should.be.deepEqual({ |
There was a problem hiding this comment.
This is certainly more robust than what we had before. I think this is why a lot of tests compare to a static file: this makes the individual test not fit on a single screen. I can't think of a great solution right now, so I'm not looking for a change, but am open to ideas, perhaps in a follow-on PR.
|
@markstos This looks good to me, but I wanted to leave it open to give you a chance to look in case you're interested. |
|
@forty If you're OK with it, I'd like to hold off on landing this until #574 lands. We have been trying to get #574 done for a while and I'd like to not complicate the already herculean efforts to split out I still want to work with you and #574 to make sure these both land before we release 3.x in a few weeks if you're up for it. |
cjbarth
added
semver-major
|
Haha, well I cannot say I'm overly enthusiastic to having to tackle that conflict that promises to be huge, but I'll trust you in choosing the order of merge and will do my best to rebase quickly if needed :) |
|
(and I have to add, I'm one of those that would be more then happy to get rid of the passport dependencies, so i know it's for a good cause :) ) |
|
@forty We've landed that big PR to start the separation of node-saml from the passport strategy parts. If you would like to revisit your changes here, I'll try to keep up with you in reviewing them. |
It adds better typings and already allowed to catch an incorrect type. It will also make the code safer since the returned type is checked at runtime.
|
@cjbarth Done for that one too! It was easier than expected 😅 |
Description
This PR moves most of the XML but non SAML logic to a dedicated file. It tries to improve some types when it's possible.
The idea is:
1- to isolate dependencies, which I think is always a good idea. Especially when those dependencies are non in TS, this allows to group the "typing danger zone"
2- shrink saml.ts by moving as much as possible non SAML related logic out.
This PR should not break anything and is done without updating any tests as a result.
Possible follow ups:
This PR is best reviewed commit per commit.
Let me know what you think.