npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

node-ews-ssrf-fixed

v3.2.6

Published

A simple JSON wrapper for the Exchange Web Services (EWS) SOAP API

Downloads

36

Readme

node-ews

A simple JSON wrapper for the Exchange Web Services (EWS) SOAP API
npm install node-ews

Updates in 3.2.0 (new)

  • Reverted back to official soap library to address workaround in issue #17
  • Added Notifications from PR #50 (See example 5)
  • Code cleanup

About

A extension of node-soap with httpntlm to make queries to Microsoft's Exchange Web Service API work. Utilize node-soap for json to xml query processing and returns responses as json objects.

Features:
  • Supports NTLM, Basic, or Bearer Authentication.
  • Connects to configured EWS Host and downloads it's WSDL file so it might be concluded that this is "fairly" version agnostic
  • After downloading the WSDL file, the wrapper dynamically exposes all EWS SOAP functions
  • Attempts to standardize Microsoft's WSDL by modifying the file to include missing service name, port, and bindings
  • This DOES NOT work with anything Microsoft Documents as using the EWS Managed API.

Example 1: Get Exchange Distribution List Members Using ExpandDL

https://msdn.microsoft.com/EN-US/library/office/aa564755.aspx
const EWS = require('node-ews');

// exchange server connection info
const ewsConfig = {
  username: '[email protected]',
  password: 'mypassword',
  host: 'https://ews.domain.com'
};

// initialize node-ews
const ews = new EWS(ewsConfig);

// define ews api function
const ewsFunction = 'ExpandDL';

// define ews api function args
const ewsArgs = {
  'Mailbox': {
    'EmailAddress':'[email protected]'
  }
};

// query EWS and print resulting JSON to console
ews.run(ewsFunction, ewsArgs)
  .then(result => {
    console.log(JSON.stringify(result));
  })
  .catch(err => {
    console.log(err.message);
  });

Example 2: Setting OOO Using SetUserOofSettings

https://msdn.microsoft.com/en-us/library/office/aa580294.aspx
const EWS = require('node-ews');

// exchange server connection info
const ewsConfig = {
  username: '[email protected]',
  password: 'mypassword',
  host: 'https://ews.domain.com'
};

// initialize node-ews
const ews = new EWS(ewsConfig);

// define ews api function
const ewsFunction = 'SetUserOofSettings';

// define ews api function args
const ewsArgs = {
  'Mailbox': {
    'Address':'[email protected]'
  },
  'UserOofSettings': {
    'OofState':'Enabled',
    'ExternalAudience':'All',
    'Duration': {
      'StartTime':'2016-08-22T00:00:00',
      'EndTime':'2016-08-23T00:00:00'
    },
    'InternalReply': {
      'Message':'I am out of office.  This is my internal reply.'
    },
    'ExternalReply': {
      'Message':'I am out of office. This is my external reply.'
    }
  }
};

// query ews, print resulting JSON to console
ews.run(ewsFunction, ewsArgs)
  .then(result => {
    console.log(JSON.stringify(result));
  })
  .catch(err => {
    console.log(err.stack);
  });

Example 3: Getting OOO Using GetUserOofSettings

https://msdn.microsoft.com/en-us/library/office/aa563465.aspx
const EWS = require('node-ews');

// exchange server connection info
const ewsConfig = {
  username: '[email protected]',
  password: 'mypassword',
  host: 'https://ews.domain.com'
};

// initialize node-ews
const ews = new EWS(ewsConfig);

// define ews api function
const ewsFunction = 'GetUserOofSettings';

// define ews api function args
const ewsArgs = {
  'Mailbox': {
    'Address':'[email protected]'
  }
};

// query ews, print resulting JSON to console
ews.run(ewsFunction, ewsArgs)
  .then(result => {
    console.log(JSON.stringify(result));
  })
  .catch(err => {
    console.log(err.stack);
  });

Example 4: Sending Email (version 3.0.1 required to avoid issue #17)

https://msdn.microsoft.com/en-us/library/office/aa566468
const EWS = require('node-ews');

// exchange server connection info
const ewsConfig = {
  username: '[email protected]',
  password: 'mypassword',
  host: 'https://ews.domain.com'
};

// initialize node-ews
const ews = new EWS(ewsConfig);

// define ews api function
const ewsFunction = 'CreateItem';

// define ews api function args
const ewsArgs = {
  "attributes" : {
    "MessageDisposition" : "SendAndSaveCopy"
  },
  "SavedItemFolderId": {
    "DistinguishedFolderId": {
      "attributes": {
        "Id": "sentitems"
      }
    }
  },
  "Items" : {
    "Message" : {
      "ItemClass": "IPM.Note",
      "Subject" : "Test EWS Email",
      "Body" : {
        "attributes": {
          "BodyType" : "Text"
        },
        "$value": "This is a test email"
      },
      "ToRecipients" : {
        "Mailbox" : {
          "EmailAddress" : "[email protected]"
        }
      },
      "IsRead": "false"
    }
  }
};

// query ews, print resulting JSON to console
ews.run(ewsFunction, ewsArgs)
  .then(result => {
    console.log(JSON.stringify(result));
  })
  .catch(err => {
    console.log(err.stack);
  });

Example 5: Creating a Push Notification Service Listener

// specify listener service options
const serviceOptions = {
  port: 8080, // defaults to port 8000
  path: '/', // defaults to '/notification'
  // If you do not have NotificationService.wsdl it can be found via a quick Google search
  xml:fs.readFileSync('NotificationService.wsdl', 'utf8') // the xml field is required
};

// create the listener service
ews.notificationService(serviceOptions, function(response) {
  console.log(new Date().toISOString(), '| Received EWS Push Notification');
  console.log(new Date().toISOString(), '| Response:', JSON.stringify(response));
  // Do something with response
  return {SendNotificationResult: { SubscriptionStatus: 'OK' } }; // respond with 'OK' to keep subscription alive
  // return {SendNotificationResult: { SubscriptionStatus: 'UNSUBSCRIBE' } }; // respond with 'UNSUBSCRIBE' to unsubscribe
});

// The soap.listen object is passed through the promise so you can optionally use the .log() functionality
// https://github.com/vpulim/node-soap#server-logging
.then(server => {
  server.log = function(type, data) {
    console.log(new Date().toISOString(), '| ', type, ':', data);
  };
});

// create a push notification subscription
// https://msdn.microsoft.com/en-us/library/office/aa566188
const ewsConfig = {
  PushSubscriptionRequest: {
    FolderIds: {
      DistinguishedFolderId: {
        attributes: {
          Id: 'inbox'
        }
      }
    },
    EventTypes: {
      EventType: ['CreatedEvent']
    },
    StatusFrequency: 1,
    // subscription notifications will be sent to our listener service
    URL: 'http://' + require('os').hostname() + ':' + serviceOptions.port + serviceOptions.path
  }
};
ews.run('Subscribe', ewsConfig);

Office 365

Below is a template that works with Office 365.

const EWS = require('node-ews');

// exchange server connection info
const ewsConfig = {
  username: '[email protected]',
  password: 'mypassword',
  host: 'https://outlook.office365.com',
  auth: 'basic'
};

// initialize node-ews
const ews = new EWS(ewsConfig);

// define ews api function
const ewsFunction = 'ExpandDL';

// define ews api function args
const ewsArgs = {
  'Mailbox': {
    'EmailAddress':'[email protected]'
  }
};

// query EWS and print resulting JSON to console
ews.run(ewsFunction, ewsArgs)
  .then(result => {
    console.log(JSON.stringify(result));
  })
  .catch(err => {
    console.log(err.message);
  });

Advanced Options

Adding Optional Soap Headers

To add an optional soap header to the Exchange Web Services request, you can pass an optional 3rd variable to the ews.run() function as demonstrated by the following:

const EWS = require('node-ews');

// exchange server connection info
const ewsConfig = {
  username: '[email protected]',
  password: 'mypassword',
  host: 'https://ews.domain.com'
};

// initialize node-ews
const ews = new EWS(ewsConfig);

// define ews api function
const ewsFunction = 'GetUserOofSettings';

// define ews api function args
const ewsArgs = {
  'Mailbox': {
    'Address':'[email protected]'
  }
};

// define custom soap header
const ewsSoapHeader = {
  't:RequestServerVersion': {
    attributes: {
      Version: "Exchange2013"
    }
  }
};

// query ews, print resulting JSON to console
ews.run(ewsFunction, ewsArgs, ewsSoapHeader)
  .then(result => {
    console.log(JSON.stringify(result));
  })
  .catch(err => {
    console.log(err.stack);
  });

Use Encrypted Credentials for NTLM:

This allows you to persist their password as separate hashes instead of as plain text. This utilizes the options available to the underlying NTLM lib. Here is an example from its README. Below is an example for this lib:

const NTLMAuth = require('httpntlm').ntlm;
const passwordPlainText = 'mypassword';

// store the ntHashedPassword and lmHashedPassword to reuse later for reconnecting
const ntHashedPassword = NTLMAuth.create_NT_hashed_password(passwordPlainText);
const lmHashedPassword = NTLMAuth.create_LM_hashed_password(passwordPlainText);

// exchange server connection info
const ewsConfig = {
    username: '[email protected]',
    nt_password: ntHashedPassword,
    lm_password: lmHashedPassword,
    host: 'https://ews.domain.com'
};

// initialize node-ews
const ews = new EWS(ewsConfig);

Enable Basic Auth instead of NTLM:

// exchange server connection info
const ewsConfig = {
  username: '[email protected]',
  password: 'mypassword',
  host: 'https://ews.domain.com',
  auth: 'basic'
};

// initialize node-ews
const ews = new EWS(ewsConfig);

Enable Bearer Auth instead of NTLM:

// exchange server connection info
const ewsConfig = {
  username: '[email protected]',
  token: 'oauth_token...',
  host: 'https://ews.domain.com',
  auth: 'bearer'
};

// initialize node-ews
const ews = new EWS(ewsConfig);

Disable SSL verification:

To disable SSL authentication modify the above examples with the following:

Basic and Bearer Auth

const options = {
 rejectUnauthorized: false,
 strictSSL: false
};
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';

const ews = new EWS(config, options);

NTLM

const options = {
 strictSSL: false
};
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';

const ews = new EWS(config, options);

Specify Temp Directory:

By default, node-ews creates a temp directory to store the xsd and wsdl file retrieved from the Exchange Web Service Server.

To override this behavior and use a persistent folder add the following to your config object.

// exchange server connection info
const ewsConfig = {
  username: '[email protected]',
  password: 'mypassword',
  host: 'https://ews.domain.com',
  temp: '/path/to/temp/folder'
};

// initialize node-ews
const ews = new EWS(ewsConfig);

Constructing the ewsArgs JSON Object

Take the example of "FindItem" that is referenced in the Microsoft EWS API Docs as follows:

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
               xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types">
  <soap:Body>
    <FindItem xmlns="http://schemas.microsoft.com/exchange/services/2006/messages"
               xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types"
              Traversal="Shallow">
      <ItemShape>
        <t:BaseShape>IdOnly</t:BaseShape>
      </ItemShape>
      <ParentFolderIds>
        <t:DistinguishedFolderId Id="deleteditems"/>
      </ParentFolderIds>
    </FindItem>
  </soap:Body>
</soap:Envelope>

The equivalent JSON Request for node-ews (ewsArgs) would be:

{
  'attributes': {
    'Traversal': 'Shallow'
  },
  'ItemShape': {
    'BaseShape': 'IdOnly'
  },
  'ParentFolderIds' : {
    'DistinguishedFolderId': {
      'attributes': {
        'Id': 'deleteditems'
      }
    }
  }
}

It is important to note the structure of the request. Items such as "BaseShape" are children of their parent element. In this case it is "ItemShape". In regards "BaseShape" it is enclosed between an opening and closing tag so it is defined as a direct clid of "ItemShape".

However, "DistinguishedFolderId" has no closing tag and you must specify an ID. Rather than a direct child object, you must use the JSON child object "attributes".

License

MIT License Copyright (c) 2016 Nicholas Marus

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.