Leatherface/mastodon
0
0
Fork 0
mirror of https://github.com/glitch-soc/mastodon.git synced 2026-03-29 03:00:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix Webfinger endpoint not handling new AP ID scheme (#38391)

Browse Source
This commit is contained in:
Claire
2026-03-26 10:58:47 +01:00
committed by GitHub
parent 19806be8ec
commit 806e2a993a
3 changed files with 90 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

158
spec/lib/webfinger_resource_spec.rb
View File

@@ -11,133 +11,127 @@ RSpec.describe WebfingerResource do
Rails.configuration.x.web_domain = before_web
end
describe '#username' do
describe '#account' do
subject { described_class.new(resource).account }
describe 'with a URL value' do
it 'raises with a route whose controller is not AccountsController' do
resource = 'https://example.com/users/alice/other'
context 'with a route whose controller is not AccountsController' do
let(:resource) { 'https://example.com/users/alice/other' }
expect do
described_class.new(resource).username
end.to raise_error(ActiveRecord::RecordNotFound)
it 'raises an error' do
expect { subject }.to raise_error(ActiveRecord::RecordNotFound)
end
end
it 'raises with a route whose action is not show' do
resource = 'https://example.com/users/alice'
context 'with a string that does not start with an URL' do
let(:resource) { 'website for http://example.com/users/alice.other' }
recognized = Rails.application.routes.recognize_path(resource)
allow(recognized).to receive(:[]).with(:controller).and_return('accounts')
allow(recognized).to receive(:[]).with(:username).and_return('alice')
allow(recognized).to receive(:[]).with(:action).and_return('create')
allow(Rails.application.routes).to receive(:recognize_path).with(resource).and_return(recognized)
expect do
described_class.new(resource).username
end.to raise_error(ActiveRecord::RecordNotFound)
expect(recognized).to have_received(:[]).exactly(3).times
expect(Rails.application.routes).to have_received(:recognize_path)
.with(resource)
.at_least(:once)
it 'raises an error' do
expect { subject }.to raise_error(described_class::InvalidRequest)
end
end
it 'raises with a string that doesnt start with URL' do
resource = 'website for http://example.com/users/alice/other'
context 'with a valid HTTPS route to an existing user' do
let(:account) { Fabricate(:account) }
let(:resource) { "https://example.com/users/#{account.username}" }
expect do
described_class.new(resource).username
end.to raise_error(described_class::InvalidRequest)
it { is_expected.to eq(account) }
end
it 'finds the username in a valid https route' do
resource = 'https://example.com/users/alice'
context 'with a valid HTTPS route to an existing user using the new API scheme' do
let(:account) { Fabricate(:account) }
let(:resource) { "https://example.com/ap/users/#{account.id}" }
result = described_class.new(resource).username
expect(result).to eq 'alice'
it { is_expected.to eq(account) }
end
it 'finds the username in a mixed case http route' do
resource = 'HTTp://exAMPLe.com/users/alice'
context 'with a valid HTTPS route to a non-existing user' do
let(:account) { Fabricate(:account) }
let(:resource) { 'https://example.com/users/alice' }
result = described_class.new(resource).username
expect(result).to eq 'alice'
it 'raises an error' do
expect { subject }.to raise_error(ActiveRecord::RecordNotFound)
end
end
it 'finds the username in a valid http route' do
resource = 'http://example.com/users/alice'
context 'with a mixed case HTTP but valid route to an existing user' do
let(:account) { Fabricate(:account) }
let(:resource) { "HTTp://example.com/users/#{account.username}" }
result = described_class.new(resource).username
expect(result).to eq 'alice'
it { is_expected.to eq(account) }
end
context 'with a valid HTTP route to an existing user' do
let(:account) { Fabricate(:account) }
let(:resource) { "http://example.com/users/#{account.username}" }
it { is_expected.to eq(account) }
end
end
describe 'with a username and hostname value' do
it 'raises on a non-local domain' do
resource = 'user@remote-host.com'
context 'with a non-local domain' do
let(:account) { Fabricate(:account) }
let(:resource) { "#{account.username}@remote-host.com" }
expect do
described_class.new(resource).username
end.to raise_error(ActiveRecord::RecordNotFound)
it 'raises an error' do
expect { subject }.to raise_error(ActiveRecord::RecordNotFound)
end
end
it 'finds username for a local domain' do
Rails.configuration.x.local_domain = 'example.com'
resource = 'alice@example.com'
context 'with a valid handle for a local user with local domain' do
let(:account) { Fabricate(:account) }
let(:resource) { "#{account.username}@example.com" }
result = described_class.new(resource).username
expect(result).to eq 'alice'
before { Rails.configuration.x.local_domain = 'example.com' }
it { is_expected.to eq(account) }
end
it 'finds username for a web domain' do
Rails.configuration.x.web_domain = 'example.com'
resource = 'alice@example.com'
context 'with a valid handle for a local user with web domain' do
let(:account) { Fabricate(:account) }
let(:resource) { "#{account.username}@example.com" }
result = described_class.new(resource).username
expect(result).to eq 'alice'
before { Rails.configuration.x.web_domain = 'example.com' }
it { is_expected.to eq(account) }
end
end
describe 'with an acct value' do
it 'raises on a non-local domain' do
resource = 'acct:user@remote-host.com'
context 'with a non-local domain' do
let(:account) { Fabricate(:account) }
let(:resource) { "acct:#{account.username}@remote-host.com" }
expect do
described_class.new(resource).username
end.to raise_error(ActiveRecord::RecordNotFound)
it 'raises an error' do
expect { subject }.to raise_error(ActiveRecord::RecordNotFound)
end
end
it 'raises on a nonsense domain' do
resource = 'acct:user@remote-host@remote-hostess.remote.local@remote'
context 'with a valid handle for a local user with local domain' do
let(:account) { Fabricate(:account) }
let(:resource) { "acct:#{account.username}@example.com" }
expect do
described_class.new(resource).username
end.to raise_error(ActiveRecord::RecordNotFound)
before { Rails.configuration.x.local_domain = 'example.com' }
it { is_expected.to eq(account) }
end
it 'finds the username for a local account if the domain is the local one' do
Rails.configuration.x.local_domain = 'example.com'
resource = 'acct:alice@example.com'
context 'with a valid handle for a local user with web domain' do
let(:account) { Fabricate(:account) }
let(:resource) { "acct:#{account.username}@example.com" }
result = described_class.new(resource).username
expect(result).to eq 'alice'
end
before { Rails.configuration.x.web_domain = 'example.com' }
it 'finds the username for a local account if the domain is the Web one' do
Rails.configuration.x.web_domain = 'example.com'
resource = 'acct:alice@example.com'
result = described_class.new(resource).username
expect(result).to eq 'alice'
it { is_expected.to eq(account) }
end
end
describe 'with a nonsense resource' do
it 'raises InvalidRequest' do
resource = 'df/:dfkj'
let(:resource) { 'df/:dfkj' }
expect do
described_class.new(resource).username
end.to raise_error(described_class::InvalidRequest)
it 'raises an error' do
expect { subject }.to raise_error(described_class::InvalidRequest)
end
end
end