[BUG] Cannot read property 'Strategy' of undefined

[ghost]

After updating to 1.4.0 (also tried 1.4.1 and 1.4.2) I get the following runtime error:

/workspaces/UWER/dist/backend/index.js:93
  _passport.default.use(new _passportSaml.default.Strategy({
                                                  ^

TypeError: Cannot read property 'Strategy' of undefined
    at Object.<anonymous> (/workspaces/UWER/dist/backend/index.js:93:51)
    at Module._compile (internal/modules/cjs/loader.js:1063:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1092:10)
    at Module.load (internal/modules/cjs/loader.js:928:32)
    at Function.Module._load (internal/modules/cjs/loader.js:769:14)
    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:72:12)
    at internal/main/run_main_module.js:17:47

You can view the code here.

Environment

• Node.js version: 14.13.1
• passport-saml version: 1.4.0, 1.4.1, 1.4.2

I don't usually develop in JS so my apologies in advance if this is my mistake.

[cjbarth]

@gugu Do you think this might be related to some TypeScript stuff you've been working on?

[markstos]

@aloswald Is your codebase written in JavaScript or TypeScript? Can you show how you import/require passport-saml? This would be the line where _passportSaml is defined.

Your code appears to referencing ` a "default" property on a "_passportSaml" object, but I don't see any properties by that name in our documentation.

[gugu]

@aloswald can you please provide more information?

1. Do you use typescript? If yes, how does code look like in original version
2. How does import look like?

Export in v1.3 looked like this, no defaults:

[ghost]

No TypeScript here. Babel, yes. The app is a single code base with an express backend and React frontend.

Import (click me)

import saml from 'passport-saml';

Use (click me)

  passport.use(
    new saml.Strategy(
      {
        callbackUrl: process.env.IDPCALLBACKURL,
        entryPoint: process.env.IDPENTRYPOINT,
        issuer: process.env.IDPISSUER,
        identifierFormat: 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
        privateKey: spPrivateKey
      },
      function(profile, done) {
        return done(null, {
          UWNetID: profile['urn:oid:0.9.2342.19200300.100.1.1'] || profile.nameID,
          DisplayName: profile['urn:oid:2.16.840.1.113730.3.1.241']
        });
      }
    )
  );

_default is from the Babel transformation I believe.

[gugu]

Can you please update import to import * as saml from 'passport-saml'?
Previously babel did this replacement automatically, but now we started to use es6 exports

I can add export default for compatibility with babel if it needed

[ghost]

@guru Thank you, that seemed to work. If adding export default helps not break others that use Babel it may be a good idea.

This solved my runtime issue, but I have another issue that is happening on login.

TypeError: parser.parseStringPromise is not a function
    at SAML.processValidlySignedAssertion (/www/node_modules/passport-saml/lib/passport-saml/saml.js:233:20)
    at /www/node_modules/passport-saml/lib/passport-saml/saml.js:769:29
    at _fulfilled (/www/node_modules/q/q.js:854:54)
    at /www/node_modules/q/q.js:883:30
    at Promise.promise.promiseDispatch (/www/node_modules/q/q.js:816:13)
    at /www/node_modules/q/q.js:624:44
    at runSingle (/www/node_modules/q/q.js:137:13)
    at flush (/www/node_modules/q/q.js:125:13)
    at processTicksAndRejections (internal/process/task_queues.js:75:11)

[ghost]

@guru Would you rather I open a new issue?

[markstos]

Are you sure you are using the latest release? The Q library is in the call stack, but we no longer use it.

[ghost]

Pretty sure. This is part of my package-lock.json:

    "passport-saml": {
      "version": "1.4.2",
      "resolved": "https://registry.npmjs.org/passport-saml/-/passport-saml-1.4.2.tgz",
      "integrity": "sha512-RJXtuiv4KWazi4zmZGVqN5pf3bV2aFbOygYzUCDEBDdeOD0yHFL4ymPOpLPXg35HvilFYTzB94JRWqwLdI2ecw==",
      "requires": {
        "debug": "^3.1.0",
        "passport-strategy": "*",
        "q": "^1.5.0",
        "xml-crypto": "^2.0.0",
        "xml-encryption": "1.2.1",
        "xml2js": "0.4.x",
        "xmlbuilder": "^11.0.0",
        "xmldom": "0.1.x"
      },

[ghost]

Looking at your history. The Q library was removed an hour after 1.4.2 was published.

[markstos]

Ah, correct. Please try 1.5.0 then, which removes the Q library.

[ghost]

Unfortunately, I have a new error that is happening on login. This ones a little odd, not sure if this may be a Babel issue or not.

internal/modules/cjs/loader.js:329
      throw err;
      ^

Error: Cannot find module '/www/node_modules/passport-saml/lib/passport-saml'. Please verify that the package.json has a valid "main" entry
    at tryPackage (internal/modules/cjs/loader.js:321:19)
    at Function.Module._findPath (internal/modules/cjs/loader.js:534:18)
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:880:27)
    at Function.Module._load (internal/modules/cjs/loader.js:743:27)
    at Module.require (internal/modules/cjs/loader.js:965:19)
    at require (internal/modules/cjs/helpers.js:88:18)
    at Object.<anonymous> (/www/dist/backend/index.js:36:36)
    at Module._compile (internal/modules/cjs/loader.js:1076:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1097:10)
    at Module.load (internal/modules/cjs/loader.js:941:32)
    at Function.Module._load (internal/modules/cjs/loader.js:782:14)
    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:72:12)
    at internal/main/run_main_module.js:17:47 {
  code: 'MODULE_NOT_FOUND',
  path: '/www/node_modules/passport-saml/package.json',
  requestPath: 'passport-saml'
}

[cjbarth]

Interesting... It does look like from this that we should probably be more specific with our main entry in package.json, but you're the first to report such a problem.

[mjknight50]

I have the same issue...
"passport": "^0.4.1",
"passport-saml": "1.5.0",

[capaj]

I am also getting this on same versions as @mjknight50, just tested.

[arelg]

on version 1.5.0 getting:
TypeError: parser.parseStringPromise is not a function
at SAML.processValidlySignedAssertion (/app/server/node_modules/passport-saml/src/passport-saml/saml.ts:970:12)
at /app/server/node_modules/passport-saml/src/passport-saml/saml.ts:708:21
at runMicrotasks ()
at processTicksAndRejections (internal/process/task_queues.js:97:5)

[gugu]

Added fix for parseStringPromise. parseStringPromise was added in the patch version of xml2js and older installations keep old version

[gugu]

@aloswald do you install the module from npm or via github? It can happen if module is installed directly from github

[mogadanez]

I also have error after upgrade:

 TypeError: parser.parseStringPromise is not a function     
at SAML.processValidlySignedAssertion (/var/app/node_modules/passport-saml/lib/passport-saml/saml.js:853:16)     
at then.then.certs (/var/app/node_modules/passport-saml/lib/passport-saml/saml.js:615:29)

[markstos]

@mogadanez We plan to fix this in a 2.0 release later today.

[thenengah]

 TypeError: parser.parseStringPromise is not a function     

Ah, this broke us too. We locked it to 1.4.0 until things are stable.

[cjbarth]

The 1.x branch isn't being actively maintained anymore. The 2.x branch has received several updates, even recently. The 3.x branch has just been released. You might try seeing if the newer branches work for you.

[thenengah]

@cjbarth Thanks for the tips. I'll check it out and report back.