forked from treehouse/mastodon
Fix webfinger returning wrong status code on malformed or missing param (#13759)
Fixes #13757signup-info-prompt
parent
c9dcc2d39f
commit
71fce71c94
|
@ -8,7 +8,8 @@ module WellKnown
|
||||||
before_action :set_account
|
before_action :set_account
|
||||||
before_action :check_account_suspension
|
before_action :check_account_suspension
|
||||||
|
|
||||||
rescue_from ActiveRecord::RecordNotFound, ActionController::ParameterMissing, with: :not_found
|
rescue_from ActiveRecord::RecordNotFound, with: :not_found
|
||||||
|
rescue_from ActionController::ParameterMissing, WebfingerResource::InvalidRequest, with: :bad_request
|
||||||
|
|
||||||
def show
|
def show
|
||||||
expires_in 3.days, public: true
|
expires_in 3.days, public: true
|
||||||
|
@ -37,6 +38,10 @@ module WellKnown
|
||||||
expires_in(3.minutes, public: true) && gone if @account.suspended?
|
expires_in(3.minutes, public: true) && gone if @account.suspended?
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def bad_request
|
||||||
|
head 400
|
||||||
|
end
|
||||||
|
|
||||||
def not_found
|
def not_found
|
||||||
head 404
|
head 404
|
||||||
end
|
end
|
||||||
|
|
|
@ -3,6 +3,8 @@
|
||||||
class WebfingerResource
|
class WebfingerResource
|
||||||
attr_reader :resource
|
attr_reader :resource
|
||||||
|
|
||||||
|
class InvalidRequest < StandardError; end
|
||||||
|
|
||||||
def initialize(resource)
|
def initialize(resource)
|
||||||
@resource = resource
|
@resource = resource
|
||||||
end
|
end
|
||||||
|
@ -14,7 +16,7 @@ class WebfingerResource
|
||||||
when /\@/
|
when /\@/
|
||||||
username_from_acct
|
username_from_acct
|
||||||
else
|
else
|
||||||
raise(ActiveRecord::RecordNotFound)
|
raise InvalidRequest
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -84,5 +84,15 @@ PEM
|
||||||
|
|
||||||
expect(response).to have_http_status(:not_found)
|
expect(response).to have_http_status(:not_found)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'returns http bad request when not given a resource parameter' do
|
||||||
|
get :show, params: { }, format: :json
|
||||||
|
expect(response).to have_http_status(:bad_request)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'returns http bad request when given a nonsense parameter' do
|
||||||
|
get :show, params: { resource: 'df/:dfkj' }
|
||||||
|
expect(response).to have_http_status(:bad_request)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -39,7 +39,7 @@ describe WebfingerResource do
|
||||||
|
|
||||||
expect {
|
expect {
|
||||||
WebfingerResource.new(resource).username
|
WebfingerResource.new(resource).username
|
||||||
}.to raise_error(ActiveRecord::RecordNotFound)
|
}.to raise_error(WebfingerResource::InvalidRequest)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'finds the username in a valid https route' do
|
it 'finds the username in a valid https route' do
|
||||||
|
@ -123,5 +123,15 @@ describe WebfingerResource do
|
||||||
expect(result).to eq 'alice'
|
expect(result).to eq 'alice'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe 'with a nonsense resource' do
|
||||||
|
it 'raises InvalidRequest' do
|
||||||
|
resource = 'df/:dfkj'
|
||||||
|
|
||||||
|
expect {
|
||||||
|
WebfingerResource.new(resource).username
|
||||||
|
}.to raise_error(WebfingerResource::InvalidRequest)
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue