Don't list old accounts as aliases in WebFinger
Some checks failed
ci/woodpecker/pr/lint Pipeline was successful
ci/woodpecker/pr/test Pipeline failed
ci/woodpecker/pr/build-arm64 unknown status
ci/woodpecker/pr/build-amd64 unknown status
ci/woodpecker/pr/docs unknown status

Per the XRD specification:

> 2.4. Element <Alias>
>
> The <Alias> element contains a URI value that is an additional
> identifier for the resource described by the XRD. This value
> MUST be an absolute URI. The <Alias> element does not identify
> additional resources the XRD is describing, **but rather provides
> additional identifiers for the same resource.**

(http://docs.oasis-open.org/xri/xrd/v1.0/os/xrd-1.0-os.html#element.alias, emphasis mine)

In other words, the alias list is expected to link to things which are
not just semantically the same, but exactly the same. Old user accounts
don't do that

This change should not pose a compatibility issue: Mastodon does not
list old accounts here (See e1fcb02867/app/serializers/webfinger_serializer.rb (L12))

The use of as:alsoKnownAs is also not quite semantically right here
(see https://www.w3.org/TR/did-core/#dfn-alsoknownas, which defines
it to be used to refer to identifiers which are interchangable) but
that's what DID get for reusing a property definition that Mastodon
already squatted long before they got to it
This commit is contained in:
Erin Shepherd 2024-02-29 20:56:32 +01:00
parent 2d439034ca
commit 464db9ea0b
2 changed files with 2 additions and 4 deletions

View file

@ -65,7 +65,7 @@ defp gather_links(%User{} = user) do
end end
defp gather_aliases(%User{} = user) do defp gather_aliases(%User{} = user) do
[user.ap_id | user.also_known_as] [user.ap_id]
end end
def represent_user(user, "JSON") do def represent_user(user, "JSON") do

View file

@ -46,8 +46,7 @@ test "Webfinger JRD" do
assert response["subject"] == "acct:#{user.nickname}@localhost" assert response["subject"] == "acct:#{user.nickname}@localhost"
assert response["aliases"] == [ assert response["aliases"] == [
"https://hyrule.world/users/zelda", "https://hyrule.world/users/zelda"
"https://mushroom.kingdom/users/toad"
] ]
end end
@ -104,7 +103,6 @@ test "Webfinger XML" do
|> response(200) |> response(200)
assert response =~ "<Alias>https://hyrule.world/users/zelda</Alias>" assert response =~ "<Alias>https://hyrule.world/users/zelda</Alias>"
assert response =~ "<Alias>https://mushroom.kingdom/users/toad</Alias>"
end end
test "it returns 404 when user isn't found (XML)" do test "it returns 404 when user isn't found (XML)" do