From c9d468553bf086516e6dc8bd5b2ed62b0e225c6d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Sun, 17 Apr 2016 14:15:39 +0200
Subject: [PATCH] saml: return a 405 response if SOAP methods are not called
 with POST (#6782)

---
 src/authentic2/idp/saml/saml2_endpoints.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/authentic2/idp/saml/saml2_endpoints.py b/src/authentic2/idp/saml/saml2_endpoints.py
index 4890456..de51494 100644
--- a/src/authentic2/idp/saml/saml2_endpoints.py
+++ b/src/authentic2/idp/saml/saml2_endpoints.py
@@ -34,6 +34,7 @@ from django.http import HttpResponse, HttpResponseRedirect, \
 from django.utils.translation import ugettext as _, ugettext_noop as N_
 from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.cache import never_cache
+from django.views.decorators.http import require_POST
 from django.contrib.auth import BACKEND_SESSION_KEY, REDIRECT_FIELD_NAME
 from django.conf import settings
 from django.utils.encoding import smart_unicode
@@ -898,6 +899,7 @@ def reload_artifact(login):
         pass
 
 
+@require_POST
 @never_cache
 @csrf_exempt
 def artifact(request):
@@ -1204,6 +1206,7 @@ def set_session_dump_from_liberty_sessions(profile, lib_sessions):
         % profile.session.dump())
 
 
+@require_POST
 @never_cache
 @csrf_exempt
 def slo_soap(request):
-- 
2.8.0.rc3