From 9cb690c70690bcebba69d3b66fb0b90e798d477d Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Wed, 16 Mar 2016 18:29:52 +0100 Subject: [PATCH] Access tokens no longer expire, case-insensitive local username validation, as well as case-insensitive Webfinger look-up --- app/controllers/xrd_controller.rb | 12 ++++++++---- app/models/account.rb | 7 ++++++- config/initializers/doorkeeper.rb | 2 +- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/app/controllers/xrd_controller.rb b/app/controllers/xrd_controller.rb index 2946e9999..fa67b2baa 100644 --- a/app/controllers/xrd_controller.rb +++ b/app/controllers/xrd_controller.rb @@ -6,7 +6,7 @@ class XrdController < ApplicationController end def webfinger - @account = Account.find_by!(username: username_from_resource, domain: nil) + @account = Account.find_local!(username_from_resource) @canonical_account_uri = "acct:#{@account.username}@#{Rails.configuration.x.local_domain}" @magic_key = pem_to_magic_key(@account.keypair.public_key) rescue ActiveRecord::RecordNotFound @@ -21,10 +21,10 @@ class XrdController < ApplicationController end def username_from_resource - if params[:resource].start_with?('acct:') - params[:resource].split('@').first.gsub('acct:', '') + if resource_param.start_with?('acct:') + resource_param.split('@').first.gsub('acct:', '') else - url = Addressable::URI.parse(params[:resource]) + url = Addressable::URI.parse(resource_param) url.path.gsub('/users/', '') end end @@ -43,4 +43,8 @@ class XrdController < ApplicationController (["RSA"] + [modulus, exponent].map { |n| Base64.urlsafe_encode64(n) }).join('.') end + + def resource_param + params.require(:resource) + end end diff --git a/app/models/account.rb b/app/models/account.rb index b3917e6e8..c92bb1574 100644 --- a/app/models/account.rb +++ b/app/models/account.rb @@ -1,7 +1,7 @@ class Account < ActiveRecord::Base # Local users has_one :user, inverse_of: :account - validates :username, uniqueness: { scope: :domain } + validates :username, uniqueness: { scope: :domain, case_sensitive: false } # Avatar upload attr_reader :avatar_remote_url @@ -97,6 +97,11 @@ class Account < ActiveRecord::Base self.username end + def self.find_local!(username) + table = self.arel_table + self.where(table[:username].matches(username)).where(domain: nil).take! + end + before_create do if local? keypair = OpenSSL::PKey::RSA.new(Rails.env.test? ? 1024 : 2048) diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb index f84f12378..f36445942 100644 --- a/config/initializers/doorkeeper.rb +++ b/config/initializers/doorkeeper.rb @@ -23,7 +23,7 @@ Doorkeeper.configure do # Access token expiration time (default 2 hours). # If you want to disable expiration, set this to nil. - # access_token_expires_in nil + access_token_expires_in nil # Assign a custom TTL for implicit grants. # custom_access_token_expires_in do |oauth_client|