From addf79cefe6d51ae3f8bda9e7f4921615d6cd028 Mon Sep 17 00:00:00 2001 From: Serhii Orlivskyi Date: Wed, 18 Dec 2024 11:23:25 +0100 Subject: [PATCH 1/2] fixed destructing LogoutResponse before error checking When the first argument indicating an error is passed to the callback of xml2js.parseString invoked from parseLogoutResponse, the second argument is undefined. However, second argument was being destructed before checking the first one, leading to an undefined dereferencing exception that ultimately overshadowed the original error. Relevant issue: #744 --- lib/logout.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/logout.ts b/lib/logout.ts index 34fb491d..e83483b2 100644 --- a/lib/logout.ts +++ b/lib/logout.ts @@ -15,11 +15,12 @@ const parseLogoutResponse = async ( xml2js.parseString( rawResponse, { tagNameProcessors: [xml2js.processors.stripPrefix] }, - (err: Error | null, { LogoutResponse }) => { + (err: Error | null, parsedData: { LogoutResponse: any }) => { if (err) { reject(err); return; } + const { LogoutResponse } = parsedData; resolve({ issuer: LogoutResponse.Issuer[0]._, From 3efd734b7e89e03cdfe3eb5dc5f4d9f9b7f97d2c Mon Sep 17 00:00:00 2001 From: Serhii Orlivskyi Date: Wed, 18 Dec 2024 11:39:55 +0100 Subject: [PATCH 2/2] added test case for invalid xml in parseLogoutResponse --- test/lib/logout.spec.ts | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/test/lib/logout.spec.ts b/test/lib/logout.spec.ts index 79d43c6c..e6e397b1 100644 --- a/test/lib/logout.spec.ts +++ b/test/lib/logout.spec.ts @@ -4,6 +4,7 @@ import { parseLogoutResponse, createLogoutRequest } from '../../lib/logout'; const response = fs.readFileSync('./test/assets/logout-response.xml').toString(); const responseFailed = fs.readFileSync('./test/assets/logout-response-failed.xml').toString(); +const responseInvalid = 'invalid_data'; describe('logout.ts', function () { it('response ok', async function () { @@ -34,4 +35,16 @@ describe('logout.ts', function () { assert.strictEqual(!!req.id, true); assert.strictEqual(!!req.xml, true); }); + + it('should throw an expected error for response containing invalid xml', async function () { + await assert.rejects( + async () => { + await parseLogoutResponse(responseInvalid); + }, + (error: any) => { + assert.strictEqual(error.message.includes('Non-whitespace before first tag'), true); + return true; + } + ); + }); });