From a4af0652b432d61296d63dbafbcf2ca4400dbd7d Mon Sep 17 00:00:00 2001 From: Glenn Rice Date: Mon, 2 Sep 2024 22:14:37 -0500 Subject: [PATCH] Make the saml2 ACS route POST only. Any route can now specify the methods that are allowed by adding a `methods` key to the route parameters. The value of the key should be a reference to an array containing the allowed methods. The ACS route is the only route that uses this at this point to restrict to the POST method only. --- lib/WeBWorK/Utils/Routes.pm | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/lib/WeBWorK/Utils/Routes.pm b/lib/WeBWorK/Utils/Routes.pm index b95b07ae05..39deece4f6 100644 --- a/lib/WeBWorK/Utils/Routes.pm +++ b/lib/WeBWorK/Utils/Routes.pm @@ -233,10 +233,11 @@ my %routeParameters = ( # This route also ends up at the login screen on failure, and the title is not used anywhere else. saml2_acs => { - title => x('Login'), - module => 'Saml2', - path => '/saml2/acs', - action => 'assertionConsumerService' + title => x('Login'), + module => 'Saml2', + path => '/saml2/acs', + action => 'assertionConsumerService', + methods => ['POST'] }, saml2_metadata => { title => 'metadata', @@ -609,12 +610,13 @@ sub setup_content_generator_routes_recursive { if ($routeParameters{$child}{children}) { my $child_route = $route->under($routeParameters{$child}{path}, [ problemID => qr/\d+/ ])->name($child); - $child_route->any('/')->to("$routeParameters{$child}{module}#$action")->name($child); + $child_route->any($routeParameters{$child}{methods} // (), '/')->to("$routeParameters{$child}{module}#$action") + ->name($child); for (@{ $routeParameters{$child}{children} }) { setup_content_generator_routes_recursive($child_route, $_); } } else { - $route->any($routeParameters{$child}{path}, [ problemID => qr/\d+/ ]) + $route->any($routeParameters{$child}{methods} // (), $routeParameters{$child}{path}, [ problemID => qr/\d+/ ]) ->to("$routeParameters{$child}{module}#$action")->name($child); }