forked from AkkomaGang/akkoma
Remove webfinger support, these are not properly formatted URIs, more consideration of syntax needs to be done
strip userinfo from URI, if present
This commit is contained in:
parent
44cc0966a0
commit
0f2c707ad1
GPG key ID:
1DDD22F13552A07A
2 changed files with 18 additions and 37 deletions
|
|
@ -38,19 +38,12 @@ def handle(%{assigns: %{user: user}} = conn, %{"target" => "web+ap://" <> identi
|
|||
|
||||
def handle(conn, _), do: conn |> json_response(:bad_request, "Could not handle protocol URL")
|
||||
|
||||
# Should webfinger handles even be accepted? They are not ActivityPub URLs
|
||||
defp find_and_redirect(conn, "@" <> identifier) do
|
||||
with {:error, _err} <- User.get_or_fetch(identifier) do
|
||||
conn |> json_response(:not_found, "Not Found - @#{identifier}")
|
||||
else
|
||||
{:ok, %User{} = found_user} -> conn |> redirect(to: "/users/#{found_user.id}")
|
||||
end
|
||||
end
|
||||
|
||||
defp find_and_redirect(%{assigns: %{user: user}} = conn, identifier) do
|
||||
with {:error, _err} <- User.get_or_fetch("https://" <> identifier),
|
||||
[] <- DatabaseSearch.maybe_fetch([], user, "https://" <> identifier) do
|
||||
conn |> json_response(:not_found, "Not Found - #{identifier}")
|
||||
# Remove userinfo if present (username:password@)
|
||||
cleaned = String.replace(identifier, ~r/^[^\/]*?@/, "")
|
||||
with {:error, _err} <- User.get_or_fetch("https://" <> cleaned),
|
||||
[] <- DatabaseSearch.maybe_fetch([], user, "https://" <> cleaned) do
|
||||
conn |> json_response(:not_found, "Not Found - #{cleaned}")
|
||||
else
|
||||
{:ok, %User{} = found_user} -> conn |> redirect(to: "/users/#{found_user.id}")
|
||||
|
||||
|
|
|
|||
|
|
@ -42,18 +42,6 @@ test "should return bad_request when target prefix has unknown protocol" do
|
|||
assert resp =~ "Could not handle protocol URL"
|
||||
end
|
||||
|
||||
test "should return forbidden for unauthed user when target is webfinger handle" do
|
||||
clear_config([Pleroma.Web.Endpoint, :url, :host], "sub.example.com")
|
||||
%{conn: conn} = oauth_access([])
|
||||
|
||||
resp =
|
||||
conn
|
||||
|> get("/api/v1/akkoma/protocol-handler?target=web%2Bap%3A%2F%2F%40akkoma%40ihatebeinga.live")
|
||||
|> json_response(403)
|
||||
|
||||
assert resp =~ "Invalid credentials."
|
||||
end
|
||||
|
||||
test "should return forbidden for unauthed user when target is remote" do
|
||||
clear_config([Pleroma.Web.Endpoint, :url, :host], "sub.example.com")
|
||||
%{conn: conn} = oauth_access([])
|
||||
|
|
@ -118,19 +106,6 @@ test "should return redirect for unauthed user when target is local AP ID for no
|
|||
assert resp =~ "<a href=\"/notice/#{activity.id}\">"
|
||||
end
|
||||
|
||||
test "should return redirect for authed user when target is webfinger handle" do
|
||||
%{conn: conn} = oauth_access(["read:search"])
|
||||
remote_user = insert(:user, %{nickname: "akkoma@ihatebeinga.live", local: false})
|
||||
|
||||
resp =
|
||||
conn
|
||||
|> get("/api/v1/akkoma/protocol-handler?target=web%2Bap%3A%2F%2F%40akkoma%40ihatebeinga.live")
|
||||
|> html_response(302)
|
||||
|
||||
assert resp =~ "You are being"
|
||||
assert resp =~ "<a href=\"/users/#{remote_user.id}\">"
|
||||
end
|
||||
|
||||
test "should return redirect for authed user when target is AP ID for user" do
|
||||
%{conn: conn} = oauth_access(["read:search"])
|
||||
remote_user = insert(:user, %{nickname: "akkoma@ihatebeinga.live", local: false, ap_id: "https://ihatebeinga.live/users/akkoma"})
|
||||
|
|
@ -144,6 +119,19 @@ test "should return redirect for authed user when target is AP ID for user" do
|
|||
assert resp =~ "<a href=\"/users/#{remote_user.id}\">"
|
||||
end
|
||||
|
||||
test "should return redirect for authed user when target is AP ID for user, stripping userinfo" do
|
||||
%{conn: conn} = oauth_access(["read:search"])
|
||||
remote_user = insert(:user, %{nickname: "akkoma@ihatebeinga.live", local: false, ap_id: "https://ihatebeinga.live/users/akkoma"})
|
||||
|
||||
resp =
|
||||
conn
|
||||
|> get("/api/v1/akkoma/protocol-handler?target=web%2Bap%3A%2F%2Fusername%3Apassword%40ihatebeinga.live/users/akkoma")
|
||||
|> html_response(302)
|
||||
|
||||
assert resp =~ "You are being"
|
||||
assert resp =~ "<a href=\"/users/#{remote_user.id}\">"
|
||||
end
|
||||
|
||||
test "should return redirect for authed user when target is AP ID for note activity" do
|
||||
Tesla.Mock.mock(fn
|
||||
%{method: :get, url: "https://mastodon.social/users/emelie/statuses/101849165031453009"} ->
|
||||
|
|
|
|||
Loading…
Reference in a new issue