Select correct self link when parsing Webfinger response (#31110)

2024-07-23 16:42:31 +02:00 · 2024-07-23 16:42:31 +02:00 · 161aa0f8f6
commit 161aa0f8f6
parent fe92b241b2
10 changed files with 73 additions and 26 deletions
--- a/app/lib/webfinger.rb
+++ b/app/lib/webfinger.rb
@ -6,6 +6,8 @@ class Webfinger
  class RedirectError < Error; end

  class Response
+    ACTIVITYPUB_READY_TYPE = ['application/activity+json', 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'].freeze
+
    attr_reader :uri

    def initialize(uri, body)
@ -20,17 +22,28 @@ class Webfinger
    end

    def link(rel, attribute)
-      links.dig(rel, attribute)
+      links.dig(rel, 0, attribute)
+    end
+
+    def self_link_href
+      self_link.fetch('href')
    end

    private

    def links
-      @links ||= @json['links'].index_by { |link| link['rel'] }
+      @links ||= @json.fetch('links', []).group_by { |link| link['rel'] }
+    end
+
+    def self_link
+      links.fetch('self', []).find do |link|
+        ACTIVITYPUB_READY_TYPE.include?(link['type'])
+      end
    end

    def validate_response!
      raise Webfinger::Error, "Missing subject in response for #{@uri}" if subject.blank?
+      raise Webfinger::Error, "Missing self link in response for #{@uri}" if self_link.blank?
    end
  end

--- a/app/services/activitypub/fetch_remote_actor_service.rb
+++ b/app/services/activitypub/fetch_remote_actor_service.rb
@ -49,7 +49,7 @@ class ActivityPub::FetchRemoteActorService < BaseService
    confirmed_username, confirmed_domain = split_acct(webfinger.subject)

    if @username.casecmp(confirmed_username).zero? && @domain.casecmp(confirmed_domain).zero?
-      raise Error, "Webfinger response for #{@username}@#{@domain} does not loop back to #{@uri}" if webfinger.link('self', 'href') != @uri
+      raise Error, "Webfinger response for #{@username}@#{@domain} does not loop back to #{@uri}" if webfinger.self_link_href != @uri

      return
    end
@ -58,8 +58,7 @@ class ActivityPub::FetchRemoteActorService < BaseService
    @username, @domain                   = split_acct(webfinger.subject)

    raise Webfinger::RedirectError, "Too many webfinger redirects for URI #{@uri} (stopped at #{@username}@#{@domain})" unless confirmed_username.casecmp(@username).zero? && confirmed_domain.casecmp(@domain).zero?
-
-    raise Error, "Webfinger response for #{@username}@#{@domain} does not loop back to #{@uri}" if webfinger.link('self', 'href') != @uri
+    raise Error, "Webfinger response for #{@username}@#{@domain} does not loop back to #{@uri}" if webfinger.self_link_href != @uri
  rescue Webfinger::RedirectError => e
    raise Error, e.message
  rescue Webfinger::Error => e
--- a/app/services/resolve_account_service.rb
+++ b/app/services/resolve_account_service.rb
@ -104,8 +104,6 @@ class ResolveAccountService < BaseService
  end

  def fetch_account!
-    return unless activitypub_ready?
-
    with_redis_lock("resolve:#{@username}@#{@domain}") do
      @account = ActivityPub::FetchRemoteAccountService.new.call(actor_url, suppress_errors: @options[:suppress_errors])
    end
@ -120,12 +118,8 @@ class ResolveAccountService < BaseService
    @options[:skip_cache] || @account.nil? || @account.possibly_stale?
  end

-  def activitypub_ready?
-    ['application/activity+json', 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'].include?(@webfinger.link('self', 'type'))
-  end
-
  def actor_url
-    @actor_url ||= @webfinger.link('self', 'href')
+    @actor_url ||= @webfinger.self_link_href
  end

  def gone_from_origin?