Fix webfinger response not returning 410 when account is suspended (#11869)

rebase/4.0.0rc2
Eugen Rochko 2019-09-17 14:58:02 +02:00 committed by GitHub
parent 0e5b9e3ba0
commit b671b91211
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 4 deletions

View File

@ -5,18 +5,22 @@ module WellKnown
include RoutingHelper include RoutingHelper
before_action { response.headers['Vary'] = 'Accept' } before_action { response.headers['Vary'] = 'Accept' }
before_action :set_account
before_action :check_account_suspension
rescue_from ActiveRecord::RecordNotFound, ActionController::ParameterMissing, with: :not_found
def show def show
@account = Account.find_local!(username_from_resource)
expires_in 3.days, public: true expires_in 3.days, public: true
render json: @account, serializer: WebfingerSerializer, content_type: 'application/jrd+json' render json: @account, serializer: WebfingerSerializer, content_type: 'application/jrd+json'
rescue ActiveRecord::RecordNotFound, ActionController::ParameterMissing
head 404
end end
private private
def set_account
@account = Account.find_local!(username_from_resource)
end
def username_from_resource def username_from_resource
resource_user = resource_param resource_user = resource_param
username, domain = resource_user.split('@') username, domain = resource_user.split('@')
@ -28,5 +32,17 @@ module WellKnown
def resource_param def resource_param
params.require(:resource) params.require(:resource)
end end
def check_account_suspension
expires_in(3.minutes, public: true) && gone if @account.suspended?
end
def not_found
head 404
end
def gone
head 410
end
end end
end end