feat: wrap inflation errors

`pako` has a tendency to throw obscure error strings e.g. "too many length or distance symbols", which can make gracefully handling bad input difficult when an error is thrown from `parseLoginRequest`.
This wraps the inflation step to allow throwing a dedicated error with a static message for inflation issues, while still making the original error available.

Author: mastermatt

src/flow.ts

@@ -1,4 +1,4 @@
-import { inflateString, base64Decode, isNonEmptyArray } from './utility';
+import { inflateString, base64Decode, WrappedError } from './utility';
 import { verifyTime } from './validator';
 import libsaml from './libsaml';
 import {
@@ -68,7 +68,13 @@ async function redirectFlow(options): Promise<FlowResult>  {
     return Promise.reject('ERR_REDIRECT_FLOW_BAD_ARGS');
   }
 
-  const xmlString = inflateString(decodeURIComponent(content));
+  let xmlString: string
+
+  try {
+    xmlString = inflateString(decodeURIComponent(content));
+  } catch (e) {
+    throw new WrappedError('ERR_FAILED_INFLATION', e)
+  }
 
   // validate the xml
   try {

src/libsaml.ts

@@ -175,8 +175,8 @@ const libSaml = () => {
     context: '<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="{ID}" Version="2.0" IssueInstant="{IssueInstant}" Destination="{Destination}" InResponseTo="{InResponseTo}"><saml:Issuer>{Issuer}</saml:Issuer><samlp:Status><samlp:StatusCode Value="{StatusCode}"/></samlp:Status><saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="{AssertionID}" Version="2.0" IssueInstant="{IssueInstant}"><saml:Issuer>{Issuer}</saml:Issuer><saml:Subject><saml:NameID Format="{NameIDFormat}">{NameID}</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="{SubjectConfirmationDataNotOnOrAfter}" Recipient="{SubjectRecipient}" InResponseTo="{InResponseTo}"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="{ConditionsNotBefore}" NotOnOrAfter="{ConditionsNotOnOrAfter}"><saml:AudienceRestriction><saml:Audience>{Audience}</saml:Audience></saml:AudienceRestriction></saml:Conditions>{AuthnStatement}{AttributeStatement}</saml:Assertion></samlp:Response>',
     attributes: [],
     additionalTemplates: {
-      "attributeStatementTemplate": defaultAttributeStatementTemplate,
-      "attributeTemplate": defaultAttributeTemplate
+      'attributeStatementTemplate': defaultAttributeStatementTemplate,
+      'attributeTemplate': defaultAttributeTemplate
     }
   };
   /**

src/utility.ts

@@ -8,14 +8,20 @@ import { inflate, deflate } from 'pako';
 
 const BASE64_STR = 'base64';
 
+export class WrappedError extends Error {
+  constructor(message: string, public readonly originalErr: unknown) {
+    super(message);
+  }
+}
+
 /**
  * @desc Mimic lodash.zipObject
  * @param arr1 {string[]}
  * @param arr2 {[]}
  */
 export function zipObject(arr1: string[], arr2: any[], skipDuplicated = true) {
   return arr1.reduce((res, l, i) => {
-    
+
     if (skipDuplicated) {
       res[l] = arr2[i];
       return res;
@@ -61,19 +67,19 @@ export function uniq(input: string[]) {
   return [... set];
 }
 /**
- * @desc Alternative to lodash.get 
+ * @desc Alternative to lodash.get
  * @reference https://github.com/you-dont-need/You-Dont-Need-Lodash-Underscore#_get
- * @param obj 
- * @param path 
- * @param defaultValue 
+ * @param obj
+ * @param path
+ * @param defaultValue
  */
 export function get(obj, path, defaultValue) {
   return path.split('.')
   .reduce((a, c) => (a && a[c] ? a[c] : (defaultValue || null)), obj);
 }
 /**
- * @desc Check if the input is string 
- * @param {any} input 
+ * @desc Check if the input is string
+ * @param {any} input
  */
 export function isString(input: any) {
   return typeof input === 'string';