[ULP-3649][ULP-3712] Fix: URL fragments in SAML Sign in URLs (auth0#171)

* fix: SAML request url construction with query and fragment

* fix: Add tests for SAML request URL construction

* fix: Change order of split for URL parsing and add tests

Co-authored-by: Ganesh Rajasekar <[email protected]>

Author: ganeshrajsekar

lib/passport-wsfed-saml2/samlp.js

@@ -245,7 +245,10 @@ Samlp.prototype = {
       if (err) return callback(err);
 
       var parsedUrl = url.parse(options.identityProviderUrl, true);
-      var samlRequestUrl = options.identityProviderUrl.split('?')[0] + '?' + qs.encode(xtend(parsedUrl.query, params));
+      var samlRequestUrl = stripQueryAndFragmentFromURL(options.identityProviderUrl) + '?' + qs.encode(xtend(parsedUrl.query, params));
+      if (parsedUrl.hash !== null) {
+        samlRequestUrl += parsedUrl.hash;
+      }
       return callback(null, samlRequestUrl);
     });
   },
@@ -501,3 +504,7 @@ function generateInstant() {
   var date = new Date();
   return date.getUTCFullYear() + '-' + ('0' + (date.getUTCMonth()+1)).slice(-2) + '-' + ('0' + date.getUTCDate()).slice(-2) + 'T' + ('0' + date.getUTCHours()).slice(-2) + ":" + ('0' + date.getUTCMinutes()).slice(-2) + ":" + ('0' + date.getUTCSeconds()).slice(-2) + "Z";
 }
+
+function stripQueryAndFragmentFromURL(url) {
+  return url.split("#")[0].split("?")[0];
+}

package.json

@@ -1,6 +1,6 @@
 {
   "name": "passport-wsfed-saml2",
-  "version": "4.6.1",
+  "version": "4.6.2",
   "description": "SAML2 Protocol and WS-Fed library",
   "scripts": {
     "test": "./node_modules/.bin/mocha --recursive",