From ef0729f23e538dd81ff201e32597082c1a0ceea1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=AB=8F=E8=A8=AA=E5=AD=90?= Date: Sun, 25 May 2025 22:12:35 +0900 Subject: [PATCH 1/3] fix(settings): change Mastodon only URI to webfinger MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 諏訪子 --- AUTHORS | 1 + lib/private/Accounts/AccountManager.php | 4 ++-- tests/lib/Accounts/AccountManagerTest.php | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/AUTHORS b/AUTHORS index bd861e1011f..8881c9ba26a 100644 --- a/AUTHORS +++ b/AUTHORS @@ -620,6 +620,7 @@ - szaimen - tbartenstein - tbelau666 + - TechnicalSuwako - tgrant - timm2k - tux-rampage diff --git a/lib/private/Accounts/AccountManager.php b/lib/private/Accounts/AccountManager.php index e8b67311636..57322620882 100644 --- a/lib/private/Accounts/AccountManager.php +++ b/lib/private/Accounts/AccountManager.php @@ -734,7 +734,7 @@ class AccountManager implements IAccountManager { try { // try the public account lookup API of mastodon - $response = $client->get("https://{$instance}/api/v1/accounts/lookup?acct={$username}@{$instance}"); + $response = $client->get("https://{$instance}/.well-known/webfinger?resource=acct:{$username}@{$instance}"); // should be a json response with account information $data = $response->getBody(); if (is_resource($data)) { @@ -743,7 +743,7 @@ class AccountManager implements IAccountManager { $decoded = json_decode($data, true); // ensure the username is the same the user passed // in this case we can assume this is a valid fediverse server and account - if (!is_array($decoded) || ($decoded['username'] ?? '') !== $username) { + if (!is_array($decoded) || ($decoded['subject'] ?? '') !== "acct:{$username}@{$instance}") { throw new InvalidArgumentException(); } } catch (InvalidArgumentException) { diff --git a/tests/lib/Accounts/AccountManagerTest.php b/tests/lib/Accounts/AccountManagerTest.php index 05c7efd08fb..7e28cbc9cd8 100644 --- a/tests/lib/Accounts/AccountManagerTest.php +++ b/tests/lib/Accounts/AccountManagerTest.php @@ -839,12 +839,12 @@ class AccountManagerTest extends TestCase { ->willReturn($serverResponse); $client->expects(self::once()) ->method('get') - ->with('https://example.com/api/v1/accounts/lookup?acct=foo@example.com') + ->with('https://example.com/.well-known/webfinger?resource=acct:foo@example.com') ->willReturn($response); } else { $client->expects(self::once()) ->method('get') - ->with('https://example.com/api/v1/accounts/lookup?acct=foo@example.com') + ->with('https://example.com/.well-known/webfinger?resource=acct:foo@example.com') ->willThrowException(new \Exception('404')); } From 30fc68008631269e90037be2310880d7e565a547 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=AB=8F=E8=A8=AA=E5=AD=90?= Date: Mon, 26 May 2025 09:58:50 +0900 Subject: [PATCH 2/3] fix(settings): add link check in webfinger MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 諏訪子 --- lib/private/Accounts/AccountManager.php | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/lib/private/Accounts/AccountManager.php b/lib/private/Accounts/AccountManager.php index 57322620882..0922f802068 100644 --- a/lib/private/Accounts/AccountManager.php +++ b/lib/private/Accounts/AccountManager.php @@ -746,6 +746,23 @@ class AccountManager implements IAccountManager { if (!is_array($decoded) || ($decoded['subject'] ?? '') !== "acct:{$username}@{$instance}") { throw new InvalidArgumentException(); } + // check for activitypub link + if (is_array($decoded['links']) && isset($decoded['links'])) { + $found = false; + foreach ($decoded['links'] as $link) { + // have application/activity+json or application/ld+json + if (isset($link['type']) && ( + $link['type'] === 'application/activity+json' || + $link['type'] === 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"' + )) { + $found = true; + break; + } + } + if (!$found) { + throw new InvalidArgumentException(); + } + } } catch (InvalidArgumentException) { throw new InvalidArgumentException(self::PROPERTY_FEDIVERSE); } catch (\Exception $error) { From e4897131970c716d493b982aabc59e36eb1221f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=AB=8F=E8=A8=AA=E5=AD=90?= Date: Tue, 27 May 2025 18:40:27 +0900 Subject: [PATCH 3/3] fix(settings): fix test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 諏訪子 --- tests/lib/Accounts/AccountManagerTest.php | 31 ++++++++++++++++++++--- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/tests/lib/Accounts/AccountManagerTest.php b/tests/lib/Accounts/AccountManagerTest.php index 7e28cbc9cd8..59adf7ede20 100644 --- a/tests/lib/Accounts/AccountManagerTest.php +++ b/tests/lib/Accounts/AccountManagerTest.php @@ -792,20 +792,41 @@ class AccountManagerTest extends TestCase { '@foo@example.com', 'foo@example.com', true, - json_encode(['username' => 'foo']), + json_encode([ + 'subject' => 'acct:foo@example.com', + 'links' => [ + [ + 'rel' => 'self', + 'type' => 'application/activity+json', + 'href' => 'https://example.com/users/foo', + ], + ], + ]), ], 'valid response - no at' => [ 'foo@example.com', 'foo@example.com', true, - json_encode(['username' => 'foo']), + json_encode([ + 'subject' => 'acct:foo@example.com', + 'links' => [ + [ + 'rel' => 'self', + 'type' => 'application/activity+json', + 'href' => 'https://example.com/users/foo', + ], + ], + ]), ], // failures 'invalid response' => [ '@foo@example.com', null, true, - json_encode(['not found']), + json_encode([ + 'subject' => 'acct:foo@example.com', + 'links' => [], + ]), ], 'no response' => [ '@foo@example.com', @@ -817,7 +838,9 @@ class AccountManagerTest extends TestCase { '@foo@example.com', null, true, - json_encode(['username' => 'foo@other.example.com']), + json_encode([ + 'links' => [], + ]), ], ]; }