Merge branch '2077-fix-bogus-webfinger-ids' into 'develop'

Webfinger: Handle bogus ids better.

Closes #2077

See merge request pleroma/pleroma!2919
This commit is contained in:
Haelwenn 2020-08-25 20:01:43 +00:00
commit 976094cd7b
2 changed files with 19 additions and 10 deletions

View File

@ -149,6 +149,18 @@ defmodule Pleroma.Web.WebFinger do
end end
end end
defp get_address_from_domain(domain, encoded_account) when is_binary(domain) do
case find_lrdd_template(domain) do
{:ok, template} ->
String.replace(template, "{uri}", encoded_account)
_ ->
"https://#{domain}/.well-known/webfinger?resource=#{encoded_account}"
end
end
defp get_address_from_domain(_, _), do: nil
@spec finger(String.t()) :: {:ok, map()} | {:error, any()} @spec finger(String.t()) :: {:ok, map()} | {:error, any()}
def finger(account) do def finger(account) do
account = String.trim_leading(account, "@") account = String.trim_leading(account, "@")
@ -163,16 +175,8 @@ defmodule Pleroma.Web.WebFinger do
encoded_account = URI.encode("acct:#{account}") encoded_account = URI.encode("acct:#{account}")
address = with address when is_binary(address) <- get_address_from_domain(domain, encoded_account),
case find_lrdd_template(domain) do response <-
{:ok, template} ->
String.replace(template, "{uri}", encoded_account)
_ ->
"https://#{domain}/.well-known/webfinger?resource=#{encoded_account}"
end
with response <-
HTTP.get( HTTP.get(
address, address,
[{"accept", "application/xrd+xml,application/jrd+json"}] [{"accept", "application/xrd+xml,application/jrd+json"}]

View File

@ -40,6 +40,11 @@ defmodule Pleroma.Web.WebFingerTest do
end end
describe "fingering" do describe "fingering" do
test "returns error for nonsensical input" do
assert {:error, _} = WebFinger.finger("bliblablu")
assert {:error, _} = WebFinger.finger("pleroma.social")
end
test "returns error when fails parse xml or json" do test "returns error when fails parse xml or json" do
user = "invalid_content@social.heldscal.la" user = "invalid_content@social.heldscal.la"
assert {:error, %Jason.DecodeError{}} = WebFinger.finger(user) assert {:error, %Jason.DecodeError{}} = WebFinger.finger(user)