commit: 976094cd7bdeed740a3dce8b8aac029d06603ed3
parent: 361aa22e2862c1c914baf8257fdc8b20cbc7941d
Author: Haelwenn <contact+git.pleroma.social@hacktivis.me>
Date: Tue, 25 Aug 2020 20:01:43 +0000
Merge branch '2077-fix-bogus-webfinger-ids' into 'develop'
Webfinger: Handle bogus ids better.
Closes #2077
See merge request pleroma/pleroma!2919
Diffstat:
2 files changed, 19 insertions(+), 10 deletions(-)
diff --git a/lib/pleroma/web/web_finger/web_finger.ex b/lib/pleroma/web/web_finger/web_finger.ex
@@ -149,6 +149,18 @@ defmodule Pleroma.Web.WebFinger do
end
end
+ defp get_address_from_domain(domain, encoded_account) when is_binary(domain) do
+ case find_lrdd_template(domain) do
+ {:ok, template} ->
+ String.replace(template, "{uri}", encoded_account)
+
+ _ ->
+ "https://#{domain}/.well-known/webfinger?resource=#{encoded_account}"
+ end
+ end
+
+ defp get_address_from_domain(_, _), do: nil
+
@spec finger(String.t()) :: {:ok, map()} | {:error, any()}
def finger(account) do
account = String.trim_leading(account, "@")
@@ -163,16 +175,8 @@ defmodule Pleroma.Web.WebFinger do
encoded_account = URI.encode("acct:#{account}")
- address =
- case find_lrdd_template(domain) do
- {:ok, template} ->
- String.replace(template, "{uri}", encoded_account)
-
- _ ->
- "https://#{domain}/.well-known/webfinger?resource=#{encoded_account}"
- end
-
- with response <-
+ with address when is_binary(address) <- get_address_from_domain(domain, encoded_account),
+ response <-
HTTP.get(
address,
[{"accept", "application/xrd+xml,application/jrd+json"}]
diff --git a/test/web/web_finger/web_finger_test.exs b/test/web/web_finger/web_finger_test.exs
@@ -40,6 +40,11 @@ defmodule Pleroma.Web.WebFingerTest do
end
describe "fingering" do
+ test "returns error for nonsensical input" do
+ assert {:error, _} = WebFinger.finger("bliblablu")
+ assert {:error, _} = WebFinger.finger("pleroma.social")
+ end
+
test "returns error when fails parse xml or json" do
user = "invalid_content@social.heldscal.la"
assert {:error, %Jason.DecodeError{}} = WebFinger.finger(user)
