[IMPROVE] SAML implementation (#17742)

app/meteor-accounts-saml/server/definition/IAttributeMapping.ts

@@ -0,0 +1,17 @@
+export interface IAttributeMapping {
+	fieldName: string | Array<string>;
+	regex?: string;
+	template?: string;
+}
+
+export interface IUserDataMap {
+	customFields: Map<string, IAttributeMapping>;
+	attributeList: Set<string>;
+	identifier: {
+		type: string;
+		attribute?: string;
+	};
+	email: IAttributeMapping;
+	username: IAttributeMapping;
+	name: IAttributeMapping;
+}

app/meteor-accounts-saml/server/definition/IAuthorizeRequestVariables.ts

@@ -0,0 +1,10 @@
+export interface IAuthorizeRequestVariables extends Record<string, string> {
+	newId: string;
+	instant: string;
+	callbackUrl: string;
+	entryPoint: string;
+	issuer: string;
+	identifierFormat: string;
+	authnContextComparison: string;
+	authnContext: string;
+}

app/meteor-accounts-saml/server/definition/ILogoutRequestVariables.ts

@@ -0,0 +1,9 @@
+export interface ILogoutRequestVariables extends Record<string, string> {
+	newId: string;
+	instant: string;
+	idpSLORedirectURL: string;
+	issuer: string;
+	identifierFormat: string;
+	nameID: string;
+	sessionIndex: string;
+}

app/meteor-accounts-saml/server/definition/ILogoutResponse.ts

@@ -0,0 +1,5 @@
+export interface ILogoutResponse {
+	id: string;
+	response: string;
+	inResponseToId: string;
+}

app/meteor-accounts-saml/server/definition/ILogoutResponseVariables.ts

@@ -0,0 +1,10 @@
+export interface ILogoutResponseVariables extends Record<string, string> {
+	newId: string;
+	instant: string;
+	idpSLORedirectURL: string;
+	issuer: string;
+	identifierFormat: string;
+	nameID: string;
+	sessionIndex: string;
+	inResponseToId: string;
+}

app/meteor-accounts-saml/server/definition/IMetadataVariables.ts

@@ -0,0 +1,7 @@
+export interface IMetadataVariables extends Record<string, string> {
+	issuer: string;
+	certificate: string;
+	identifierFormat: string;
+	callbackUrl: string;
+	sloLocation: string;
+}

app/meteor-accounts-saml/server/definition/ISAMLAction.ts

@@ -0,0 +1,5 @@
+export interface ISAMLAction {
+	actionName: string;
+	serviceName: string;
+	credentialToken: string;
+}

app/meteor-accounts-saml/server/definition/ISAMLAssertion.ts

@@ -0,0 +1,4 @@
+export interface ISAMLAssertion {
+	assertion: Element | Document;
+	xml: string;
+}

app/meteor-accounts-saml/server/definition/ISAMLGlobalSettings.ts

@@ -0,0 +1,11 @@
+export interface ISAMLGlobalSettings {
+	generateUsername: boolean;
+	nameOverwrite: boolean;
+	mailOverwrite: boolean;
+	immutableProperty: string;
+	defaultUserRole: string;
+	roleAttributeName: string;
+	roleAttributeSync: boolean;
+	userDataFieldMap: string;
+	usernameNormalize: string;
+}

app/meteor-accounts-saml/server/definition/ISAMLRequest.ts

@@ -0,0 +1,4 @@
+export interface ISAMLRequest {
+	id: string;
+	request: string;
+}

app/meteor-accounts-saml/server/definition/ISAMLUser.ts

@@ -0,0 +1,23 @@
+export interface ISAMLUser {
+	customFields: Map<string, any>;
+	emailList: Array<string>;
+	fullName: string | null;
+	roles: Array<string>;
+	eppn: string | null;
+
+	username?: string;
+	language?: string;
+	channels?: Array<string>;
+	samlLogin: {
+		provider: string | null;
+		idp: string;
+		idpSession: string;
+		nameID: string;
+	};
+
+	attributeList: Map<string, any>;
+	identifier: {
+		type: string;
+		attribute?: string;
+	};
+}

app/meteor-accounts-saml/server/definition/IServiceProviderOptions.ts

@@ -0,0 +1,28 @@
+export interface IServiceProviderOptions {
+	provider: string;
+	entryPoint: string;
+	idpSLORedirectURL: string;
+	issuer: string;
+	cert: string;
+	privateCert: string;
+	privateKey: string;
+	customAuthnContext: string;
+	authnContextComparison: string;
+	defaultUserRole: string;
+	roleAttributeName: string;
+	roleAttributeSync: boolean;
+	allowedClockDrift: number;
+	signatureValidationType: string;
+	identifierFormat: string;
+	nameIDPolicyTemplate: string;
+	authnContextTemplate: string;
+	authRequestTemplate: string;
+	logoutResponseTemplate: string;
+	logoutRequestTemplate: string;
+	metadataCertificateTemplate: string;
+	metadataTemplate: string;
+	callbackUrl: string;
+
+	// The id attribute is filled midway through some operations
+	id?: string;
+}

app/meteor-accounts-saml/server/definition/callbacks.ts

@@ -0,0 +1,11 @@
+export interface ILogoutRequestValidateCallback {
+	(err: string | object | null, data?: Record<string, string | null> | null): void;
+}
+
+export interface ILogoutResponseValidateCallback {
+	(err: string | object | null, inResponseTo?: string | null): void;
+}
+
+export interface IResponseValidateCallback {
+	(err: string | object | null, profile?: Record<string, any> | null, loggedOut?: boolean): void;
+}

app/meteor-accounts-saml/server/index.js

@@ -1,2 +1,5 @@
-import './saml_rocketchat';
-import './saml_server';
+import './startup';
+import './loginHandler';
+import './listener';
+import './methods/samlLogout';
+import './methods/addSamlService';