From bafd22ecf487774c252a271d668716b0e1c84c6c Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Wed, 3 May 2017 17:02:18 +0200 Subject: Fix #2706 - Always respond with 200 to PuSH payloads (#2733) Fix #2196 - Respond with 201 when Salmon accepted, 400 when unverified Fix #2629 - Correctly handle confirm_domain? for local accounts Unify rules for extracting author acct from XML, prefer , fall back to + (see also #2017, #2172) --- app/services/fetch_remote_status_service.rb | 28 ++++++---------------------- 1 file changed, 6 insertions(+), 22 deletions(-) (limited to 'app/services/fetch_remote_status_service.rb') diff --git a/app/services/fetch_remote_status_service.rb b/app/services/fetch_remote_status_service.rb index 5a454808e..f414813ad 100644 --- a/app/services/fetch_remote_status_service.rb +++ b/app/services/fetch_remote_status_service.rb @@ -1,6 +1,8 @@ # frozen_string_literal: true class FetchRemoteStatusService < BaseService + include AuthorExtractor + def call(url, prefetched_body = nil) if prefetched_body.nil? atom_url, body = FetchAtomService.new.call(url) @@ -21,37 +23,19 @@ class FetchRemoteStatusService < BaseService xml = Nokogiri::XML(body) xml.encoding = 'utf-8' - account = extract_author(url, xml) + account = author_from_xml(xml.at_xpath('/xmlns:entry', xmlns: TagManager::XMLNS)) + domain = Addressable::URI.parse(url).normalize.host - return nil if account.nil? + return nil unless !account.nil? && confirmed_domain?(domain, account) statuses = ProcessFeedService.new.call(body, account) - statuses.first - end - - def extract_author(url, xml) - url_parts = Addressable::URI.parse(url).normalize - username = xml.at_xpath('//xmlns:author/xmlns:name').try(:content) - domain = url_parts.host - - return nil if username.nil? - - Rails.logger.debug "Going to webfinger #{username}@#{domain}" - - account = FollowRemoteAccountService.new.call("#{username}@#{domain}") - - # If the author's confirmed URLs do not match the domain of the URL - # we are reading this from, abort - return nil unless confirmed_domain?(domain, account) - - account rescue Nokogiri::XML::XPath::SyntaxError Rails.logger.debug 'Invalid XML or missing namespace' nil end def confirmed_domain?(domain, account) - domain.casecmp(account.domain).zero? || domain.casecmp(Addressable::URI.parse(account.remote_url).normalize.host).zero? + account.domain.nil? || domain.casecmp(account.domain).zero? || domain.casecmp(Addressable::URI.parse(account.remote_url).normalize.host).zero? end end -- cgit