upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25

Merge pull request #53844 from nextcloud/backport/53109/stable30

Browse source
This commit is contained in:
Kate 2025-07-11 09:08:27 +02:00 committed by GitHub
commit f3855a1aa9
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 49 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
AUTHORS
View file

@ -619,6 +619,7 @@
- szaimen <szaimen@e.mail.de>
- tbartenstein <tbartenstein@users.noreply.github.com>
- tbelau666 <thomas.belau@gmx.de>
- TechnicalSuwako <suwako@076.moe>
- tgrant <tom.grant760@gmail.com>
- timm2k <timm2k@gmx.de>
- tux-rampage <tux-rampage@users.noreply.github.com>

21
lib/private/Accounts/AccountManager.php
View file

@ -729,7 +729,7 @@ class AccountManager implements IAccountManager {
try {
// try the public account lookup API of mastodon
$response = $client->get("https://{$instance}/api/v1/accounts/lookup?acct={$username}@{$instance}");
$response = $client->get("https://{$instance}/.well-known/webfinger?resource=acct:{$username}@{$instance}");
// should be a json response with account information
$data = $response->getBody();
if (is_resource($data)) {
@ -738,9 +738,26 @@ class AccountManager implements IAccountManager {
$decoded = json_decode($data, true);
// ensure the username is the same the user passed
// in this case we can assume this is a valid fediverse server and account
if (!is_array($decoded) || ($decoded['username'] ?? '') !== $username) {
if (!is_array($decoded) || ($decoded['subject'] ?? '') !== "acct:{$username}@{$instance}") {
throw new InvalidArgumentException();
}
// check for activitypub link
if (is_array($decoded['links']) && isset($decoded['links'])) {
$found = false;
foreach ($decoded['links'] as $link) {
// have application/activity+json or application/ld+json
if (isset($link['type']) && (
$link['type'] === 'application/activity+json' ||
$link['type'] === 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'
)) {
$found = true;
break;
}
}
if (!$found) {
throw new InvalidArgumentException();
}
}
} catch (InvalidArgumentException) {
throw new InvalidArgumentException(self::PROPERTY_FEDIVERSE);
} catch (\Exception $error) {

35
tests/lib/Accounts/AccountManagerTest.php
View file

@ -786,20 +786,41 @@ class AccountManagerTest extends TestCase {
'@foo@example.com',
'foo@example.com',
true,
json_encode(['username' => 'foo']),
json_encode([
'subject' => 'acct:foo@example.com',
'links' => [
[
'rel' => 'self',
'type' => 'application/activity+json',
'href' => 'https://example.com/users/foo',
],
],
]),
],
'valid response - no at' => [
'foo@example.com',
'foo@example.com',
true,
json_encode(['username' => 'foo']),
json_encode([
'subject' => 'acct:foo@example.com',
'links' => [
[
'rel' => 'self',
'type' => 'application/activity+json',
'href' => 'https://example.com/users/foo',
],
],
]),
],
// failures
'invalid response' => [
'@foo@example.com',
null,
true,
json_encode(['not found']),
json_encode([
'subject' => 'acct:foo@example.com',
'links' => [],
]),
],
'no response' => [
'@foo@example.com',
@ -811,7 +832,9 @@ class AccountManagerTest extends TestCase {
'@foo@example.com',
null,
true,
json_encode(['username' => 'foo@other.example.com']),
json_encode([
'links' => [],
]),
],
];
}
@ -833,12 +856,12 @@ class AccountManagerTest extends TestCase {
->willReturn($serverResponse);
$client->expects(self::once())
->method('get')
->with('https://example.com/api/v1/accounts/lookup?acct=foo@example.com')
->with('https://example.com/.well-known/webfinger?resource=acct:foo@example.com')
->willReturn($response);
} else {
$client->expects(self::once())
->method('get')
->with('https://example.com/api/v1/accounts/lookup?acct=foo@example.com')
->with('https://example.com/.well-known/webfinger?resource=acct:foo@example.com')
->willThrowException(new \Exception('404'));
}