auth0 / node-samlp

SAML Protocol support for node (only IdP for now)
MIT License
136 stars 117 forks source link

fix: catch possible SAML response signing error #112

Closed forrest-ua closed 3 years ago

forrest-ua commented 3 years ago

Description

This PR allows to catch an error that might happen due to invalid signing key (badly formatted) during SAML response signing.

Testing

forrest-ua commented 3 years ago

I found that the same error happens in master branch, after some investigation it turns out the issue is caused by the new release of cheerio-select package. node-samlp is using cheerio@~0.10.7 to extract data from html page in the tests, the problem is that cheerio@~0.10.7 was using cheerio-select@* as dependency. And that made npm to load latest available cheerio-select@1.1.0 (MAJOR update released just recently) instead of previously used cheerio-select@0.0.3

Screen Shot 2021-01-21 at 12 54 33

I've pinned previosly used cheerio-select@0.0.3, as it's a dev dependency, and not to introduce more changes to this patch change.