Add avatar image to webfinger responses (#26558)

main
Tyler Deitz 2023-08-31 04:46:27 -07:00 committed by GitHub
parent 40b69cc1cd
commit 336ec503c2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 89 additions and 12 deletions

View File

@ -18,18 +18,31 @@ class WebfingerSerializer < ActiveModel::Serializer
end
def links
if object.instance_actor?
[
{ rel: 'http://webfinger.net/rel/profile-page', type: 'text/html', href: about_more_url(instance_actor: true) },
{ rel: 'self', type: 'application/activity+json', href: instance_actor_url },
{ rel: 'http://ostatus.org/schema/1.0/subscribe', template: "#{authorize_interaction_url}?uri={uri}" },
]
else
[
{ rel: 'http://webfinger.net/rel/profile-page', type: 'text/html', href: short_account_url(object) },
{ rel: 'self', type: 'application/activity+json', href: account_url(object) },
{ rel: 'http://ostatus.org/schema/1.0/subscribe', template: "#{authorize_interaction_url}?uri={uri}" },
]
[
{ rel: 'http://webfinger.net/rel/profile-page', type: 'text/html', href: profile_page_href },
{ rel: 'self', type: 'application/activity+json', href: self_href },
{ rel: 'http://ostatus.org/schema/1.0/subscribe', template: "#{authorize_interaction_url}?uri={uri}" },
].tap do |x|
x << { rel: 'http://webfinger.net/rel/avatar', type: object.avatar.content_type, href: full_asset_url(object.avatar_original_url) } if show_avatar?
end
end
private
def show_avatar?
media_present = object.avatar.present? && object.avatar.content_type.present?
# Show avatar only if an instance shows profiles to logged out users
allowed_by_config = ENV['DISALLOW_UNAUTHENTICATED_API_ACCESS'] != 'true' && !Rails.configuration.x.limited_federation_mode
media_present && allowed_by_config
end
def profile_page_href
object.instance_actor? ? about_more_url(instance_actor: true) : short_account_url(object)
end
def self_href
object.instance_actor? ? instance_actor_url : account_url(object)
end
end

View File

@ -3,6 +3,8 @@
require 'rails_helper'
describe WellKnown::WebfingerController do
include RoutingHelper
render_views
describe 'GET #show' do
@ -167,5 +169,67 @@ describe WellKnown::WebfingerController do
expect(response).to have_http_status(400)
end
end
context 'when an account has an avatar' do
let(:alice) { Fabricate(:account, username: 'alice', avatar: attachment_fixture('attachment.jpg')) }
let(:resource) { alice.to_webfinger_s }
it 'returns avatar in response' do
perform_show!
avatar_link = get_avatar_link(body_as_json)
expect(avatar_link).to_not be_nil
expect(avatar_link[:type]).to eq alice.avatar.content_type
expect(avatar_link[:href]).to eq full_asset_url(alice.avatar)
end
context 'with limited federation mode' do
before do
allow(Rails.configuration.x).to receive(:limited_federation_mode).and_return(true)
end
it 'does not return avatar in response' do
perform_show!
avatar_link = get_avatar_link(body_as_json)
expect(avatar_link).to be_nil
end
end
context 'when enabling DISALLOW_UNAUTHENTICATED_API_ACCESS' do
around do |example|
ClimateControl.modify DISALLOW_UNAUTHENTICATED_API_ACCESS: 'true' do
example.run
end
end
it 'does not return avatar in response' do
perform_show!
avatar_link = get_avatar_link(body_as_json)
expect(avatar_link).to be_nil
end
end
end
context 'when an account does not have an avatar' do
let(:alice) { Fabricate(:account, username: 'alice', avatar: nil) }
let(:resource) { alice.to_webfinger_s }
before do
perform_show!
end
it 'does not return avatar in response' do
avatar_link = get_avatar_link(body_as_json)
expect(avatar_link).to be_nil
end
end
end
private
def get_avatar_link(json)
json[:links].find { |link| link[:rel] == 'http://webfinger.net/rel/avatar' }
end
end