about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--app/controllers/xrd_controller.rb11
-rw-r--r--app/views/api/v1/accounts/show.rabl2
-rw-r--r--spec/controllers/xrd_controller_spec.rb2
3 files changed, 9 insertions, 6 deletions
diff --git a/app/controllers/xrd_controller.rb b/app/controllers/xrd_controller.rb
index 9e0277860..6db87cefc 100644
--- a/app/controllers/xrd_controller.rb
+++ b/app/controllers/xrd_controller.rb
@@ -36,11 +36,14 @@ class XrdController < ApplicationController
   end
 
   def username_from_resource
-    if resource_param.start_with?('acct:') || resource_param.include?('@')
-      resource_param.split('@').first.gsub('acct:', '')
+    if resource_param =~ /\Ahttps?:\/\//
+      path_params = Rails.application.routes.recognize_path(resource_param)
+      raise ActiveRecord::RecordNotFound unless path_params[:controller] == 'users' && path_params[:action] == 'show'
+      path_params[:username]
     else
-      url = Addressable::URI.parse(resource_param)
-      url.path.gsub('/users/', '')
+      username, domain = resource_param.gsub(/\Aacct:/, '').split('@')
+      raise ActiveRecord::RecordNotFound unless TagManager.instance.local_domain?(domain)
+      username
     end
   end
 
diff --git a/app/views/api/v1/accounts/show.rabl b/app/views/api/v1/accounts/show.rabl
index 151a5080d..e21fe7941 100644
--- a/app/views/api/v1/accounts/show.rabl
+++ b/app/views/api/v1/accounts/show.rabl
@@ -1,6 +1,6 @@
 object @account
 
-attributes :id, :username, :acct, :display_name, :locked
+attributes :id, :username, :acct, :display_name, :locked, :created_at
 
 node(:note)            { |account| Formatter.instance.simplified_format(account) }
 node(:url)             { |account| TagManager.instance.url_for(account) }
diff --git a/spec/controllers/xrd_controller_spec.rb b/spec/controllers/xrd_controller_spec.rb
index eeaaaa786..e687cf9e0 100644
--- a/spec/controllers/xrd_controller_spec.rb
+++ b/spec/controllers/xrd_controller_spec.rb
@@ -14,7 +14,7 @@ RSpec.describe XrdController, type: :controller do
     let(:alice) { Fabricate(:account, username: 'alice') }
 
     it 'returns http success when account can be found' do
-      get :webfinger, params: { resource: "acct:#{alice.username}@anything.com" }
+      get :webfinger, params: { resource: "acct:#{alice.username}@#{Rails.configuration.x.local_domain}" }
       expect(response).to have_http_status(:success)
     end