Redesign forms, verify link ownership with rel="me" (#8703)

* Verify link ownership with rel="me" * Add explanation about verification to UI * Perform link verifications * Add click-to-copy widget for verification HTML * Redesign edit profile page * Redesign forms * Improve responsive design of settings pages * Restore landing page sign-up form * Fix typo * Support <link> tags, add spec * Fix links not being verified on first discovery and passive updates
2018-09-18 16:45:58 +02:00 · 2018-09-18 16:45:58 +02:00 · f4d549d300
commit f4d549d300
parent f8b54d229f
46 changed files with 764 additions and 313 deletions
--- a/app/services/activitypub/process_account_service.rb
+++ b/app/services/activitypub/process_account_service.rb
@ -34,6 +34,7 @@ class ActivityPub::ProcessAccountService < BaseService
    after_protocol_change! if protocol_changed?
    after_key_change! if key_changed? && !@options[:signed_with_known_key]
    check_featured_collection! if @account.featured_collection_url.present?
+    check_links! unless @account.fields.empty?

    @account
  rescue Oj::ParseError
@ -99,6 +100,10 @@ class ActivityPub::ProcessAccountService < BaseService
    ActivityPub::SynchronizeFeaturedCollectionWorker.perform_async(@account.id)
  end

+  def check_links!
+    VerifyAccountLinksWorker.perform_async(@account.id)
+  end
+
  def actor_type
    if @json['type'].is_a?(Array)
      @json['type'].find { |type| ActivityPub::FetchRemoteAccountService::SUPPORTED_TYPES.include?(type) }
--- a/app/services/fetch_link_card_service.rb
+++ b/app/services/fetch_link_card_service.rb
@ -29,7 +29,7 @@ class FetchLinkCardService < BaseService
    end

    attach_card if @card&.persisted?
-  rescue HTTP::Error, Addressable::URI::InvalidURIError, Mastodon::LengthValidationError => e
+  rescue HTTP::Error, Addressable::URI::InvalidURIError, Mastodon::HostValidationError, Mastodon::LengthValidationError => e
    Rails.logger.debug "Error fetching link #{@url}: #{e}"
    nil
  end
--- a/app/services/update_account_service.rb
+++ b/app/services/update_account_service.rb
@ -2,11 +2,14 @@

 class UpdateAccountService < BaseService
  def call(account, params, raise_error: false)
-    was_locked = account.locked
+    was_locked    = account.locked
    update_method = raise_error ? :update! : :update
+
    account.send(update_method, params).tap do |ret|
      next unless ret
+
      authorize_all_follow_requests(account) if was_locked && !account.locked
+      VerifyAccountLinksWorker.perform_async(@account.id) if account.fields_changed?
    end
  end

--- a/app/services/verify_link_service.rb
+++ b/app/services/verify_link_service.rb
@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+class VerifyLinkService < BaseService
+  def call(field)
+    @link_back = ActivityPub::TagManager.instance.url_for(field.account)
+    @url       = field.value
+
+    perform_request!
+
+    return unless link_back_present?
+
+    field.mark_verified!
+    field.account.save!
+  rescue HTTP::Error, Addressable::URI::InvalidURIError, Mastodon::HostValidationError, Mastodon::LengthValidationError => e
+    Rails.logger.debug "Error fetching link #{@url}: #{e}"
+    nil
+  end
+
+  private
+
+  def perform_request!
+    @body = Request.new(:get, @url).add_headers('Accept' => 'text/html').perform do |res|
+      res.code != 200 ? nil : res.body_with_limit
+    end
+  end
+
+  def link_back_present?
+    return false if @body.empty?
+
+    Nokogiri::HTML(@body).xpath('//a[@rel="me"]|//link[@rel="me"]').any? { |link| link['href'] == @link_back }
+  end
+end