WIP: fix: webfinger before loading search results for /explore/users/ #10

Draft
realaravinth wants to merge 11 commits from task-600 into forgejo
2 changed files with 26 additions and 0 deletions
Showing only changes of commit f42c458782 - Show all commits

View file

@ -64,6 +64,19 @@ func WebfingerQuery(ctx *context.Context) {
if u != nil && u.KeepEmailPrivate {
err = user_model.ErrUserNotExist{}
}
case "https", "http":
if resource.Host != appURL.Host {
ctx.Error(http.StatusBadRequest)
return
}
parts := strings.Split(resource.Path, "/")
if len(parts) < 2 { // fragment[0] is empty space, fragment[1] may be username
ctx.Error(http.StatusBadRequest)
return
}
u, err = user_model.GetUserByName(ctx, parts[1])
default:
ctx.Error(http.StatusBadRequest)
return

View file

@ -65,4 +65,17 @@ func TestWebfinger(t *testing.T) {
req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=mailto:%s", user.Email))
MakeRequest(t, req, http.StatusNotFound)
req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=http://%s/%s/foo", appURL.Host, user.Name))
session.MakeRequest(t, req, http.StatusOK)
req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=https://%s/%s", appURL.Host, user.Name))
session.MakeRequest(t, req, http.StatusOK)
req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=http://%s", appURL.Host))
MakeRequest(t, req, http.StatusBadRequest)
req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=http://%s/%s/foo", "example.com", user.Name))
MakeRequest(t, req, http.StatusBadRequest)
}