Enable custom acceptedClockSkewMs using an environment variable (#241)

francescopersico · gunzip · commit 804989b26fc6 · 2018-07-17T13:12:42.000+02:00
diff --git a/.env.example b/.env.example
@@ -9,6 +9,7 @@ REDIS_PASSWORD=put_the_azure_redis_password_here
 TOKEN_DURATION_IN_SECONDS=3600
 SAML_CALLBACK_URL="https://italia-backend/assertionConsumerService"
 SAML_ISSUER="http://italia-backend"
+SAML_ACCEPTED_CLOCK_SKEW_MS=0
 SAML_ATTRIBUTE_CONSUMING_SERVICE_INDEX=1
 PRE_SHARED_KEY="12345"
 ALLOW_NOTIFY_IP_SOURCE_RANGE="::ffff:ac13:1/112"
diff --git a/src/container.ts b/src/container.ts
@@ -94,7 +94,14 @@ const SAML_ATTRIBUTE_CONSUMING_SERVICE_INDEX: number = parseInt(
     DEFAULT_SAML_ATTRIBUTE_CONSUMING_SERVICE_INDEX,
   10
 );
+const DEFAULT_SAML_ACCEPTED_CLOCK_SKEW_MS = "-1";
+const SAML_ACCEPTED_CLOCK_SKEW_MS = parseInt(
+  process.env.SAML_ACCEPTED_CLOCK_SKEW_MS ||
+    DEFAULT_SAML_ACCEPTED_CLOCK_SKEW_MS,
+  10
+);
 container.register({
+  samlAcceptedClockSkewMs: awilix.asValue(SAML_ACCEPTED_CLOCK_SKEW_MS),
   samlAttributeConsumingServiceIndex: awilix.asValue(
     SAML_ATTRIBUTE_CONSUMING_SERVICE_INDEX
   ),
diff --git a/src/controllers/__tests__/authenticationController.test.ts b/src/controllers/__tests__/authenticationController.test.ts
@@ -76,6 +76,7 @@ nCnxP/vK5rgVHU3nQfq+e/B6FVWZ
 `;
 const samlCallbackUrl = "http://italia-backend/assertionConsumerService";
 const samlIssuer = "http://italia-backend";
+const samlAcceptedClockSkewMs = -1;
 const samlAttributeConsumingServiceIndex = 0;
 
 // user constant
@@ -184,6 +185,7 @@ const spidStrategyInstance = spidStrategy(
   samlKey,
   samlCallbackUrl,
   samlIssuer,
+  samlAcceptedClockSkewMs,
   samlAttributeConsumingServiceIndex
 );
 spidStrategyInstance.logout = jest.fn();
diff --git a/src/strategies/spidStrategy.ts b/src/strategies/spidStrategy.ts
@@ -11,6 +11,7 @@ const spidStrategy = (
   samlKey: string,
   samlCallbackUrl: string,
   samlIssuer: string,
+  samlAcceptedClockSkewMs: number,
   samlAttributeConsumingServiceIndex: number
 ) => {
   return new SpidStrategy(
@@ -70,6 +71,7 @@ const spidStrategy = (
         }
       },
       sp: {
+        acceptedClockSkewMs: samlAcceptedClockSkewMs,
         attributeConsumingServiceIndex: samlAttributeConsumingServiceIndex,
         attributes: {
           attributes: ["fiscalNumber", "name", "familyName", "email"],
