Merge pull request 'webfinger: accept canoncial AP type in XML and don’t serve response for remote users' (#1045) from Oneric/akkoma:fix-webfinger-type into develop

Reviewed-on: #1045

lib/pleroma/web/web_finger.ex

@@ -45,7 +45,8 @@ defmodule Pleroma.Web.WebFinger do
       {:ok, represent_user(user, fmt)}
     else
       _e ->
-        with %User{} = user <- User.get_cached_by_ap_id(resource) do
+        with %User{} = user <- User.get_cached_by_ap_id(resource),
+             true <- user.local do
           {:ok, represent_user(user, fmt)}
         else
           _e ->
@@ -68,7 +69,7 @@ defmodule Pleroma.Web.WebFinger do
     [user.ap_id]
   end
 
-  def represent_user(user, "JSON") do
+  defp represent_user(user, "JSON") do
     %{
       "subject" => "acct:#{user.nickname}@#{domain()}",
       "aliases" => gather_aliases(user),
@@ -76,7 +77,7 @@ defmodule Pleroma.Web.WebFinger do
     }
   end
 
-  def represent_user(user, "XML") do
+  defp represent_user(user, "XML") do
     aliases =
       user
       |> gather_aliases()
@@ -109,14 +110,18 @@ defmodule Pleroma.Web.WebFinger do
         ~s{//Link[@rel="http://ostatus.org/schema/1.0/subscribe"]/@template}
         |> XML.string_from_xpath(doc)
 
-      ap_id =
+      ap_id_compat =
         ~s{//Link[@rel="self" and @type="application/activity+json"]/@href}
         |> XML.string_from_xpath(doc)
 
+      ap_id_spec =
+        ~s{//Link[@rel="self" and @type='application/ld+json; profile="https://www.w3.org/ns/activitystreams"']/@href}
+        |> XML.string_from_xpath(doc)
+
       data = %{
         "subject" => subject,
         "subscribe_address" => subscribe_address,
-        "ap_id" => ap_id
+        "ap_id" => ap_id_spec || ap_id_compat
       }
 
       {:ok, data}

test/pleroma/web/web_finger_test.exs

@@ -5,9 +5,13 @@
 defmodule Pleroma.Web.WebFingerTest do
   use Pleroma.DataCase
   alias Pleroma.Web.WebFinger
+  alias Pleroma.Web.XML
   import Pleroma.Factory
   import Tesla.Mock
 
+  @apt_canonical "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\""
+  @apt_mastodon "application/activity+json"
+
   setup do
     mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
     :ok
@@ -37,6 +41,43 @@ defmodule Pleroma.Web.WebFingerTest do
       {:ok, result} = WebFinger.webfinger(user.ap_id, "XML")
       assert is_binary(result)
     end
+
+    test "fails for remote ap_ids" do
+      user = insert(:user, local: false)
+
+      {:error, _} = WebFinger.webfinger(user.ap_id, "XML")
+      {:error, _} = WebFinger.webfinger(user.ap_id, "JSON")
+    end
+
+    test "exposes AP id with both canonical and Mastodon content type in JSON" do
+      user = insert(:user, local: true)
+      {:ok, data} = WebFinger.webfinger(user.ap_id, "JSON")
+
+      assert is_list(data["links"])
+
+      canonical = Enum.find(data["links"], &(&1["type"] == @apt_canonical))
+      mastodon = Enum.find(data["links"], &(&1["type"] == @apt_mastodon))
+
+      assert canonical
+      assert canonical["href"] == user.ap_id
+
+      assert mastodon
+      assert mastodon["href"] == user.ap_id
+    end
+
+    test "exposes AP id with both canonical and Mastodon content type in XML" do
+      user = insert(:user, local: true)
+      {:ok, binary_data} = WebFinger.webfinger(user.ap_id, "XML")
+
+      {:ok, data} = XML.parse_document(binary_data)
+      path = &(~s{//Link[@rel="self" and @type='} <> &1 <> ~s{']/@href})
+
+      canonical = XML.string_from_xpath(path.(@apt_canonical), data)
+      mastodon = XML.string_from_xpath(path.(@apt_mastodon), data)
+
+      assert canonical == user.ap_id
+      assert mastodon == user.ap_id
+    end
   end
 
   describe "fingering" do