Don't list old accounts as aliases in WebFinger

Per the XRD specification:

> 2.4. Element <Alias>
>
> The <Alias> element contains a URI value that is an additional
> identifier for the resource described by the XRD. This value
> MUST be an absolute URI. The <Alias> element does not identify
> additional resources the XRD is describing, **but rather provides
> additional identifiers for the same resource.**

(http://docs.oasis-open.org/xri/xrd/v1.0/os/xrd-1.0-os.html#element.alias, emphasis mine)

In other words, the alias list is expected to link to things which are
not just semantically the same, but exactly the same. Old user accounts
don't do that

This change should not pose a compatibility issue: Mastodon does not
list old accounts here (See e1fcb02867/app/serializers/webfinger_serializer.rb (L12))

The use of as:alsoKnownAs is also not quite semantically right here
(see https://www.w3.org/TR/did-core/#dfn-alsoknownas, which defines
it to be used to refer to identifiers which are interchangable) but
that's what DID get for reusing a property definition that Mastodon
already squatted long before they got to it
This commit is contained in:
Erin Shepherd 2024-02-29 20:56:32 +01:00
parent 2d439034ca
commit 464db9ea0b
2 changed files with 2 additions and 4 deletions

View file

@ -65,7 +65,7 @@ defp gather_links(%User{} = user) do
end
defp gather_aliases(%User{} = user) do
[user.ap_id | user.also_known_as]
[user.ap_id]
end
def represent_user(user, "JSON") do

View file

@ -46,8 +46,7 @@ test "Webfinger JRD" do
assert response["subject"] == "acct:#{user.nickname}@localhost"
assert response["aliases"] == [
"https://hyrule.world/users/zelda",
"https://mushroom.kingdom/users/toad"
"https://hyrule.world/users/zelda"
]
end
@ -104,7 +103,6 @@ test "Webfinger XML" do
|> response(200)
assert response =~ "<Alias>https://hyrule.world/users/zelda</Alias>"
assert response =~ "<Alias>https://mushroom.kingdom/users/toad</Alias>"
end
test "it returns 404 when user isn't found (XML)" do