Handle scenario when webfinger response `subject` is missing host value (#28088)

shrike
Matt Jankowski 2023-11-28 13:37:54 -05:00 committed by GitHub
parent b9492d84a0
commit 6b46bf9953
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 1 deletions

View File

@ -100,7 +100,9 @@ class ResolveAccountService < BaseService
end
def split_acct(acct)
acct.delete_prefix('acct:').split('@')
acct.delete_prefix('acct:').split('@').tap do |parts|
raise Webfinger::Error, 'Webfinger response is missing user or host value' unless parts.size == 2
end
end
def fetch_account!

View File

@ -144,6 +144,19 @@ RSpec.describe ResolveAccountService, type: :service do
end
end
context 'with webfinger response subject missing a host value' do
let(:body) { Oj.dump({ subject: 'user@' }) }
let(:url) { 'https://host.example/.well-known/webfinger?resource=acct:user@host.example' }
before do
stub_request(:get, url).to_return(status: 200, body: body)
end
it 'returns nil with incomplete subject in response' do
expect(subject.call('user@host.example')).to be_nil
end
end
context 'with an ActivityPub account' do
it 'returns new remote account' do
account = subject.call('foo@ap.example.com')