From 62e112eaeb486e4f241012250075cfb7a1b1dd91 Mon Sep 17 00:00:00 2001
From: Thomas Schneider <thomas@fsmpi.rwth-aachen.de>
Date: Thu, 12 Sep 2024 16:52:06 +0200
Subject: [PATCH] auth: Exempt SAML ACS view from CSRF

---
 schilder2000/__init__.py | 4 ++++
 schilder2000/helpers.py  | 1 +
 2 files changed, 5 insertions(+)

diff --git a/schilder2000/__init__.py b/schilder2000/__init__.py
index 9460218..159073c 100644
--- a/schilder2000/__init__.py
+++ b/schilder2000/__init__.py
@@ -33,6 +33,10 @@ def create_app():
     multipass.identity_handler(identity_handler)
     multipass.init_app(app)
 
+    for k, v in app.view_functions.items():
+        if k.startswith("_flaskmultipass_saml_acs_"):
+            csrf.exempt(v)
+
     app.config.update(
         {
             "WEBPACK_LOADER": {
diff --git a/schilder2000/helpers.py b/schilder2000/helpers.py
index 653df7f..f4aaf9e 100644
--- a/schilder2000/helpers.py
+++ b/schilder2000/helpers.py
@@ -101,6 +101,7 @@ def identity_handler(identity_info: IdentityInfo):
         data=identity_info.data,
     )
 
+
 def require_login():
     if "identity" not in session:
         return redirect(url_for("login"))
-- 
GitLab