From 85aa9df4f81ddc6eb6ec12b6283440b1fc8f46f0 Mon Sep 17 00:00:00 2001 From: Thomas Citharel Date: Wed, 21 Oct 2020 10:42:04 +0200 Subject: [PATCH] Fix webfinger not following redirections by using a custom dedicated Tesla client Signed-off-by: Thomas Citharel --- lib/federation/web_finger/web_finger.ex | 22 ++------- lib/service/http/rich_media_preview_client.ex | 3 +- lib/service/http/webfinger_client.ex | 34 ++++++++++++++ .../vcr_cassettes/webfinger/mastodon.json | 45 ++++++++++++++++--- 4 files changed, 78 insertions(+), 26 deletions(-) create mode 100644 lib/service/http/webfinger_client.ex diff --git a/lib/federation/web_finger/web_finger.ex b/lib/federation/web_finger/web_finger.ex index 60163ec4..c0b44e6c 100644 --- a/lib/federation/web_finger/web_finger.ex +++ b/lib/federation/web_finger/web_finger.ex @@ -12,18 +12,12 @@ defmodule Mobilizon.Federation.WebFinger do alias Mobilizon.Actors.Actor alias Mobilizon.Federation.ActivityPub alias Mobilizon.Federation.WebFinger.XmlBuilder + alias Mobilizon.Service.HTTP.WebfingerClient alias Mobilizon.Web.Endpoint alias Mobilizon.Web.Router.Helpers, as: Routes require Jason require Logger - @http_options [ - adapter: [ - follow_redirect: true, - ssl: [{:versions, [:"tlsv1.2"]}] - ] - ] - def host_meta do base_url = Endpoint.url() @@ -120,17 +114,9 @@ defmodule Mobilizon.Federation.WebFinger do Logger.debug(inspect(address)) with false <- is_nil(domain), - {:ok, %{} = response} <- - Tesla.get( - address, - headers: [ - {"accept", "application/json, application/activity+json, application/jrd+json"} - ], - opts: @http_options - ), - %{status: status, body: body} when status in 200..299 <- response, - {:ok, doc} <- Jason.decode(body) do - webfinger_from_json(doc) + {:ok, %{body: body, status: code}} when code in 200..299 <- + WebfingerClient.get(address) do + webfinger_from_json(body) else e -> Logger.debug(fn -> "Couldn't finger #{actor}" end) diff --git a/lib/service/http/rich_media_preview_client.ex b/lib/service/http/rich_media_preview_client.ex index edd19081..8f398354 100644 --- a/lib/service/http/rich_media_preview_client.ex +++ b/lib/service/http/rich_media_preview_client.ex @@ -1,7 +1,6 @@ defmodule Mobilizon.Service.HTTP.RichMediaPreviewClient do @moduledoc """ - Tesla HTTP Basic Client - with JSON middleware + Tesla HTTP Basic Client that fetches HTML to extract metadata preview """ use Tesla diff --git a/lib/service/http/webfinger_client.ex b/lib/service/http/webfinger_client.ex new file mode 100644 index 00000000..13b578a0 --- /dev/null +++ b/lib/service/http/webfinger_client.ex @@ -0,0 +1,34 @@ +defmodule Mobilizon.Service.HTTP.WebfingerClient do + @moduledoc """ + Tesla HTTP Basic Client + with JSON middleware + """ + + use Tesla + alias Mobilizon.Config + + @default_opts [ + recv_timeout: 20_000 + ] + + adapter(Tesla.Adapter.Hackney, @default_opts) + + @user_agent Config.instance_user_agent() + + plug(Tesla.Middleware.FollowRedirects) + + plug(Tesla.Middleware.Timeout, timeout: 10_000) + + plug(Tesla.Middleware.Headers, [ + {"User-Agent", @user_agent}, + {"Accept", "application/json, application/activity+json, application/jrd+json"} + ]) + + plug(Tesla.Middleware.JSON, + decode_content_types: [ + "application/jrd+json", + "application/json", + "application/activity+json" + ] + ) +end diff --git a/test/fixtures/vcr_cassettes/webfinger/mastodon.json b/test/fixtures/vcr_cassettes/webfinger/mastodon.json index 8f15f85d..a9d77ba2 100644 --- a/test/fixtures/vcr_cassettes/webfinger/mastodon.json +++ b/test/fixtures/vcr_cassettes/webfinger/mastodon.json @@ -3,20 +3,50 @@ "request": { "body": "", "headers": { + "User-Agent": "localhost - Mobilizon 1.0.0-rc.2-5-g6701e6a4", "Accept": "application/json, application/activity+json, application/jrd+json" }, "method": "get", "options": { - "follow_redirect": "true" + "recv_timeout": 20000 }, "request_body": "", "url": "http://social.tcit.fr/.well-known/webfinger?resource=acct:tcit@social.tcit.fr" }, "response": { "binary": false, - "body": "{\"subject\":\"acct:tcit@social.tcit.fr\",\"aliases\":[\"https://social.tcit.fr/@tcit\",\"https://social.tcit.fr/users/tcit\"],\"links\":[{\"rel\":\"http://webfinger.net/rel/profile-page\",\"type\":\"text/html\",\"href\":\"https://social.tcit.fr/@tcit\"},{\"rel\":\"http://schemas.google.com/g/2010#updates-from\",\"type\":\"application/atom+xml\",\"href\":\"https://social.tcit.fr/users/tcit.atom\"},{\"rel\":\"self\",\"type\":\"application/activity+json\",\"href\":\"https://social.tcit.fr/users/tcit\"},{\"rel\":\"salmon\",\"href\":\"https://social.tcit.fr/api/salmon/1\"},{\"rel\":\"magic-public-key\",\"href\":\"data:application/magic-public-key,RSA.pXwYMUdFg3XUd-bGsh8CyiMRGpRGAWuCdM5pDWx5uM4pW2pM3xbHbcI21j9h8BmlAiPg6hbZD73KGly2N8Rt5iIS0I-l6i8kA1JCCdlAaDTRd41RKMggZDoQvjVZQtsyE1VzMeU2kbqqTFN6ew7Hvbd6O0NhixoKoZ5f3jwuBDZoT0p1TAcaMdmG8oqHD97isizkDnRn8cOBA6wtI-xb5xP2zxZMsLpTDZLiKU8XcPKZCw4OfQfmDmKkHtrFb77jCAQj_s_FxjVnvxRwmfhNnWy0D-LUV_g63nHh_b5zXIeV92QZLvDYbgbezmzUzv9UeA1s70GGbaDqCIy85gw9-w==.AQAB\"},{\"rel\":\"http://ostatus.org/schema/1.0/subscribe\",\"template\":\"https://social.tcit.fr/authorize_interaction?uri={uri}\"}]}", + "body": "\r\n301 Moved Permanently\r\n\r\n

301 Moved Permanently

\r\n
nginx/1.19.3
\r\n\r\n\r\n", "headers": { - "Date": "Tue, 13 Nov 2018 11:11:10 GMT", + "Server": "nginx/1.19.3", + "Date": "Wed, 21 Oct 2020 09:07:41 GMT", + "Content-Type": "text/html", + "Content-Length": "169", + "Connection": "keep-alive", + "Location": "https://social.tcit.fr/.well-known/webfinger?resource=acct:tcit@social.tcit.fr" + }, + "status_code": 301, + "type": "ok" + } + }, + { + "request": { + "body": "", + "headers": { + "User-Agent": "localhost - Mobilizon 1.0.0-rc.2-5-g6701e6a4", + "Accept": "application/json, application/activity+json, application/jrd+json" + }, + "method": "get", + "options": { + "recv_timeout": 20000 + }, + "request_body": "", + "url": "https://social.tcit.fr/.well-known/webfinger?resource=acct:tcit@social.tcit.fr" + }, + "response": { + "binary": false, + "body": "{\"subject\":\"acct:tcit@social.tcit.fr\",\"aliases\":[\"https://social.tcit.fr/@tcit\",\"https://social.tcit.fr/users/tcit\"],\"links\":[{\"rel\":\"http://webfinger.net/rel/profile-page\",\"type\":\"text/html\",\"href\":\"https://social.tcit.fr/@tcit\"},{\"rel\":\"self\",\"type\":\"application/activity+json\",\"href\":\"https://social.tcit.fr/users/tcit\"},{\"rel\":\"http://ostatus.org/schema/1.0/subscribe\",\"template\":\"https://social.tcit.fr/authorize_interaction?uri={uri}\"}]}", + "headers": { + "Date": "Wed, 21 Oct 2020 09:07:41 GMT", "Content-Type": "application/jrd+json; charset=utf-8", "Transfer-Encoding": "chunked", "Connection": "keep-alive", @@ -24,11 +54,14 @@ "X-Frame-Options": "DENY", "X-Content-Type-Options": "nosniff", "X-XSS-Protection": "1; mode=block", + "Referrer-Policy": "same-origin", + "Strict-Transport-Security": "max-age=63072000; includeSubDomains; preload", + "X-Clacks-Overhead": "GNU Natalie Nguyen", "Vary": "Accept, Accept-Encoding, Origin", "Cache-Control": "max-age=259200, public", - "ETag": "W/\"33f6cc86f8f97d0ca930761c04e0db58\"", - "X-Request-Id": "b7f5ad84-5120-4275-aacf-dbb9654be181", - "X-Runtime": "0.015609", + "ETag": "W/\"37760e35c1537b8e02b6d4b4f9ebfe82\"", + "X-Request-Id": "429bb891-1033-498b-91bb-12835984223f", + "X-Runtime": "0.072046", "X-Cached": "MISS" }, "status_code": 200,