Webfinger: Handle bogus ids better.

This commit is contained in:
lain 2020-08-25 17:35:59 +02:00
parent 361aa22e28
commit 112bec5225
2 changed files with 19 additions and 10 deletions

View file

@ -149,6 +149,18 @@ def find_lrdd_template(domain) do
end end
end end
defp get_address_from_domain(domain, encoded_account) when is_binary(domain) do
case find_lrdd_template(domain) do
{:ok, template} ->
String.replace(template, "{uri}", encoded_account)
_ ->
"https://#{domain}/.well-known/webfinger?resource=#{encoded_account}"
end
end
defp get_address_from_domain(_, _), do: nil
@spec finger(String.t()) :: {:ok, map()} | {:error, any()} @spec finger(String.t()) :: {:ok, map()} | {:error, any()}
def finger(account) do def finger(account) do
account = String.trim_leading(account, "@") account = String.trim_leading(account, "@")
@ -163,16 +175,8 @@ def finger(account) do
encoded_account = URI.encode("acct:#{account}") encoded_account = URI.encode("acct:#{account}")
address = with address when is_binary(address) <- get_address_from_domain(domain, encoded_account),
case find_lrdd_template(domain) do response <-
{:ok, template} ->
String.replace(template, "{uri}", encoded_account)
_ ->
"https://#{domain}/.well-known/webfinger?resource=#{encoded_account}"
end
with response <-
HTTP.get( HTTP.get(
address, address,
[{"accept", "application/xrd+xml,application/jrd+json"}] [{"accept", "application/xrd+xml,application/jrd+json"}]

View file

@ -40,6 +40,11 @@ test "works for ap_ids" do
end end
describe "fingering" do describe "fingering" do
test "returns error for nonsensical input" do
assert {:error, _} = WebFinger.finger("bliblablu")
assert {:error, _} = WebFinger.finger("pleroma.social")
end
test "returns error when fails parse xml or json" do test "returns error when fails parse xml or json" do
user = "invalid_content@social.heldscal.la" user = "invalid_content@social.heldscal.la"
assert {:error, %Jason.DecodeError{}} = WebFinger.finger(user) assert {:error, %Jason.DecodeError{}} = WebFinger.finger(user)