Fix validate_webfinger when running a different domain for Webfinger
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
This commit is contained in:
parent
50ffbd980e
commit
b245a5c8c2
@ -210,7 +210,8 @@ defmodule Pleroma.Application do
|
|||||||
expiration: chat_message_id_idempotency_key_expiration(),
|
expiration: chat_message_id_idempotency_key_expiration(),
|
||||||
limit: 500_000
|
limit: 500_000
|
||||||
),
|
),
|
||||||
build_cachex("rel_me", limit: 2500)
|
build_cachex("rel_me", limit: 2500),
|
||||||
|
build_cachex("host_meta", default_ttl: :timer.minutes(120), limit: 5000)
|
||||||
]
|
]
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -155,7 +155,16 @@ defmodule Pleroma.Web.WebFinger do
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@cachex Pleroma.Config.get([:cachex, :provider], Cachex)
|
||||||
def find_lrdd_template(domain) do
|
def find_lrdd_template(domain) do
|
||||||
|
@cachex.fetch!(:host_meta_cache, domain, fn _ ->
|
||||||
|
{:commit, fetch_lrdd_template(domain)}
|
||||||
|
end)
|
||||||
|
rescue
|
||||||
|
e -> {:error, "Cachex error: #{inspect(e)}"}
|
||||||
|
end
|
||||||
|
|
||||||
|
defp fetch_lrdd_template(domain) do
|
||||||
# WebFinger is restricted to HTTPS - https://tools.ietf.org/html/rfc7033#section-9.1
|
# WebFinger is restricted to HTTPS - https://tools.ietf.org/html/rfc7033#section-9.1
|
||||||
meta_url = "https://#{domain}/.well-known/host-meta"
|
meta_url = "https://#{domain}/.well-known/host-meta"
|
||||||
|
|
||||||
@ -168,7 +177,7 @@ defmodule Pleroma.Web.WebFinger do
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
defp get_address_from_domain(domain, encoded_account) when is_binary(domain) do
|
defp get_address_from_domain(domain, "acct:" <> _ = encoded_account) when is_binary(domain) do
|
||||||
case find_lrdd_template(domain) do
|
case find_lrdd_template(domain) do
|
||||||
{:ok, template} ->
|
{:ok, template} ->
|
||||||
String.replace(template, "{uri}", encoded_account)
|
String.replace(template, "{uri}", encoded_account)
|
||||||
@ -178,6 +187,11 @@ defmodule Pleroma.Web.WebFinger do
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
defp get_address_from_domain(domain, account) when is_binary(domain) do
|
||||||
|
encoded_account = URI.encode("acct:#{account}")
|
||||||
|
get_address_from_domain(domain, encoded_account)
|
||||||
|
end
|
||||||
|
|
||||||
defp get_address_from_domain(_, _), do: {:error, :webfinger_no_domain}
|
defp get_address_from_domain(_, _), do: {:error, :webfinger_no_domain}
|
||||||
|
|
||||||
@spec finger(String.t()) :: {:ok, map()} | {:error, any()}
|
@spec finger(String.t()) :: {:ok, map()} | {:error, any()}
|
||||||
@ -192,9 +206,7 @@ defmodule Pleroma.Web.WebFinger do
|
|||||||
URI.parse(account).host
|
URI.parse(account).host
|
||||||
end
|
end
|
||||||
|
|
||||||
encoded_account = URI.encode("acct:#{account}")
|
with address when is_binary(address) <- get_address_from_domain(domain, account),
|
||||||
|
|
||||||
with address when is_binary(address) <- get_address_from_domain(domain, encoded_account),
|
|
||||||
{:ok, %{status: status, body: body, headers: headers}} when status in 200..299 <-
|
{:ok, %{status: status, body: body, headers: headers}} when status in 200..299 <-
|
||||||
HTTP.get(
|
HTTP.get(
|
||||||
address,
|
address,
|
||||||
@ -227,13 +239,15 @@ defmodule Pleroma.Web.WebFinger do
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
defp validate_webfinger(url, %{"subject" => "acct:" <> acct} = data) do
|
defp validate_webfinger(request_url, %{"subject" => "acct:" <> acct = subject} = data) do
|
||||||
with %URI{host: request_host} <- URI.parse(url),
|
with [_name, acct_host] <- String.split(acct, "@"),
|
||||||
[_name, acct_host] <- String.split(acct, "@"),
|
{_, url} <- {:address, get_address_from_domain(acct_host, subject)},
|
||||||
|
%URI{host: request_host} <- URI.parse(request_url),
|
||||||
|
%URI{host: acct_host} <- URI.parse(url),
|
||||||
{_, true} <- {:hosts_match, acct_host == request_host} do
|
{_, true} <- {:hosts_match, acct_host == request_host} do
|
||||||
{:ok, data}
|
{:ok, data}
|
||||||
else
|
else
|
||||||
_ -> {:error, {:webfinger_invalid, url, data}}
|
_ -> {:error, {:webfinger_invalid, request_url, data}}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -872,7 +872,7 @@ defmodule Pleroma.UserTest do
|
|||||||
setup do: clear_config([Pleroma.Web.WebFinger, :update_nickname_on_user_fetch], true)
|
setup do: clear_config([Pleroma.Web.WebFinger, :update_nickname_on_user_fetch], true)
|
||||||
|
|
||||||
test "for mastodon" do
|
test "for mastodon" do
|
||||||
Tesla.Mock.mock(fn
|
Tesla.Mock.mock_global(fn
|
||||||
%{url: "https://example.com/.well-known/host-meta"} ->
|
%{url: "https://example.com/.well-known/host-meta"} ->
|
||||||
%Tesla.Env{
|
%Tesla.Env{
|
||||||
status: 302,
|
status: 302,
|
||||||
@ -930,7 +930,7 @@ defmodule Pleroma.UserTest do
|
|||||||
end
|
end
|
||||||
|
|
||||||
test "for pleroma" do
|
test "for pleroma" do
|
||||||
Tesla.Mock.mock(fn
|
Tesla.Mock.mock_global(fn
|
||||||
%{url: "https://example.com/.well-known/host-meta"} ->
|
%{url: "https://example.com/.well-known/host-meta"} ->
|
||||||
%Tesla.Env{
|
%Tesla.Env{
|
||||||
status: 302,
|
status: 302,
|
||||||
|
Loading…
Reference in New Issue
Block a user