mirror of
https://framagit.org/tykayn/mastodon.git
synced 2023-08-25 08:33:12 +02:00
Fix handling of webfinger redirects in ResolveAccountService (#11279)
This commit is contained in:
parent
27ad4c1501
commit
85eb418e1f
@ -30,7 +30,7 @@ class ResolveAccountService < BaseService
|
|||||||
# At this point we are in need of a Webfinger query, which may
|
# At this point we are in need of a Webfinger query, which may
|
||||||
# yield us a different username/domain through a redirect
|
# yield us a different username/domain through a redirect
|
||||||
|
|
||||||
process_webfinger!
|
process_webfinger!(@uri)
|
||||||
|
|
||||||
# Because the username/domain pair may be different than what
|
# Because the username/domain pair may be different than what
|
||||||
# we already checked, we need to check if we've already got
|
# we already checked, we need to check if we've already got
|
||||||
@ -69,15 +69,16 @@ class ResolveAccountService < BaseService
|
|||||||
@domain = nil if TagManager.instance.local_domain?(@domain)
|
@domain = nil if TagManager.instance.local_domain?(@domain)
|
||||||
end
|
end
|
||||||
|
|
||||||
def process_webfinger!
|
def process_webfinger!(uri, redirected = false)
|
||||||
@webfinger = Goldfinger.finger("acct:#{@uri}")
|
@webfinger = Goldfinger.finger("acct:#{@uri}")
|
||||||
confirmed_username, confirmed_domain = @webfinger.subject.gsub(/\Aacct:/, '').split('@')
|
confirmed_username, confirmed_domain = @webfinger.subject.gsub(/\Aacct:/, '').split('@')
|
||||||
|
|
||||||
if confirmed_username.casecmp(@username).zero? && confirmed_domain.casecmp(@domain).zero?
|
if confirmed_username.casecmp(@username).zero? && confirmed_domain.casecmp(@domain).zero?
|
||||||
@username = confirmed_username
|
@username = confirmed_username
|
||||||
@domain = confirmed_domain
|
@domain = confirmed_domain
|
||||||
elsif @options[:redirected].nil?
|
@uri = uri
|
||||||
@account = ResolveAccountService.new.call("#{confirmed_username}@#{confirmed_domain}", @options.merge(redirected: true))
|
elsif !redirected
|
||||||
|
return process_webfinger!("#{confirmed_username}@#{confirmed_domain}", true)
|
||||||
else
|
else
|
||||||
raise WebfingerRedirectError, "The URI #{uri} tries to hijack #{@username}@#{@domain}"
|
raise WebfingerRedirectError, "The URI #{uri} tries to hijack #{@username}@#{@domain}"
|
||||||
end
|
end
|
||||||
|
Loading…
Reference in New Issue
Block a user