Access tokens no longer expire, case-insensitive local username validation, as well as case-insensitive Webfinger look-up

This commit is contained in:
Eugen Rochko 2016-03-16 18:29:52 +01:00
parent 786397e15d
commit 9cb690c706
3 changed files with 15 additions and 6 deletions

View file

@ -6,7 +6,7 @@ class XrdController < ApplicationController
end end
def webfinger def webfinger
@account = Account.find_by!(username: username_from_resource, domain: nil) @account = Account.find_local!(username_from_resource)
@canonical_account_uri = "acct:#{@account.username}@#{Rails.configuration.x.local_domain}" @canonical_account_uri = "acct:#{@account.username}@#{Rails.configuration.x.local_domain}"
@magic_key = pem_to_magic_key(@account.keypair.public_key) @magic_key = pem_to_magic_key(@account.keypair.public_key)
rescue ActiveRecord::RecordNotFound rescue ActiveRecord::RecordNotFound
@ -21,10 +21,10 @@ class XrdController < ApplicationController
end end
def username_from_resource def username_from_resource
if params[:resource].start_with?('acct:') if resource_param.start_with?('acct:')
params[:resource].split('@').first.gsub('acct:', '') resource_param.split('@').first.gsub('acct:', '')
else else
url = Addressable::URI.parse(params[:resource]) url = Addressable::URI.parse(resource_param)
url.path.gsub('/users/', '') url.path.gsub('/users/', '')
end end
end end
@ -43,4 +43,8 @@ class XrdController < ApplicationController
(["RSA"] + [modulus, exponent].map { |n| Base64.urlsafe_encode64(n) }).join('.') (["RSA"] + [modulus, exponent].map { |n| Base64.urlsafe_encode64(n) }).join('.')
end end
def resource_param
params.require(:resource)
end
end end

View file

@ -1,7 +1,7 @@
class Account < ActiveRecord::Base class Account < ActiveRecord::Base
# Local users # Local users
has_one :user, inverse_of: :account has_one :user, inverse_of: :account
validates :username, uniqueness: { scope: :domain } validates :username, uniqueness: { scope: :domain, case_sensitive: false }
# Avatar upload # Avatar upload
attr_reader :avatar_remote_url attr_reader :avatar_remote_url
@ -97,6 +97,11 @@ class Account < ActiveRecord::Base
self.username self.username
end end
def self.find_local!(username)
table = self.arel_table
self.where(table[:username].matches(username)).where(domain: nil).take!
end
before_create do before_create do
if local? if local?
keypair = OpenSSL::PKey::RSA.new(Rails.env.test? ? 1024 : 2048) keypair = OpenSSL::PKey::RSA.new(Rails.env.test? ? 1024 : 2048)

View file

@ -23,7 +23,7 @@ Doorkeeper.configure do
# Access token expiration time (default 2 hours). # Access token expiration time (default 2 hours).
# If you want to disable expiration, set this to nil. # If you want to disable expiration, set this to nil.
# access_token_expires_in nil access_token_expires_in nil
# Assign a custom TTL for implicit grants. # Assign a custom TTL for implicit grants.
# custom_access_token_expires_in do |oauth_client| # custom_access_token_expires_in do |oauth_client|