Check Webfinger-returned author URI even when not redirected (#5213)
The whole point of verified_webfinger? is to check the WebFinger-discoverable URI maps back to the known author URI. This was not actually verified if the first Webfinger request was not a redirection.remotes/1727458204337373841/tmp_refs/heads/signup-info-prompt
parent
468523f4ad
commit
0e1b0f2747
|
@ -31,7 +31,7 @@ class ActivityPub::FetchRemoteAccountService < BaseService
|
||||||
webfinger = Goldfinger.finger("acct:#{@username}@#{@domain}")
|
webfinger = Goldfinger.finger("acct:#{@username}@#{@domain}")
|
||||||
confirmed_username, confirmed_domain = split_acct(webfinger.subject)
|
confirmed_username, confirmed_domain = split_acct(webfinger.subject)
|
||||||
|
|
||||||
return true if @username.casecmp(confirmed_username).zero? && @domain.casecmp(confirmed_domain).zero?
|
return webfinger.link('self')&.href == @uri if @username.casecmp(confirmed_username).zero? && @domain.casecmp(confirmed_domain).zero?
|
||||||
|
|
||||||
webfinger = Goldfinger.finger("acct:#{confirmed_username}@#{confirmed_domain}")
|
webfinger = Goldfinger.finger("acct:#{confirmed_username}@#{confirmed_domain}")
|
||||||
@username, @domain = split_acct(webfinger.subject)
|
@username, @domain = split_acct(webfinger.subject)
|
||||||
|
|
Loading…
Reference in New Issue