auth: Exempt SAML ACS view from CSRF

62e112ea · Thomas Schneider · a551fe03 · 62e112ea · 62e112ea
Commit 62e112ea authored 7 months ago by Thomas Schneider
--- a/schilder2000/__init__.py
+++ b/schilder2000/__init__.py
@@ -33,6 +33,10 @@ def create_app():
    multipass.identity_handler(identity_handler)
    multipass.init_app(app)

+    for k, v in app.view_functions.items():
+        if k.startswith("_flaskmultipass_saml_acs_"):
+            csrf.exempt(v)
+
    app.config.update(
        {
            "WEBPACK_LOADER": {

--- a/schilder2000/helpers.py
+++ b/schilder2000/helpers.py
@@ -101,6 +101,7 @@ def identity_handler(identity_info: IdentityInfo):
        data=identity_info.data,
    )

+
 def require_login():
    if "identity" not in session:
        return redirect(url_for("login"))