Access tokens no longer expire, case-insensitive local username validation, as well as case-insensitive Webfinger look-up
This commit is contained in:
Eugen Rochko
parent
786397e15d
commit
9cb690c706
3 changed files with 15 additions and 6 deletions
|
|
@ -6,7 +6,7 @@ class XrdController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def webfinger
|
def webfinger
|
||||||
@account = Account.find_by!(username: username_from_resource, domain: nil)
|
@account = Account.find_local!(username_from_resource)
|
||||||
@canonical_account_uri = "acct:#{@account.username}@#{Rails.configuration.x.local_domain}"
|
@canonical_account_uri = "acct:#{@account.username}@#{Rails.configuration.x.local_domain}"
|
||||||
@magic_key = pem_to_magic_key(@account.keypair.public_key)
|
@magic_key = pem_to_magic_key(@account.keypair.public_key)
|
||||||
rescue ActiveRecord::RecordNotFound
|
rescue ActiveRecord::RecordNotFound
|
||||||
|
|
@ -21,10 +21,10 @@ class XrdController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def username_from_resource
|
def username_from_resource
|
||||||
if params[:resource].start_with?('acct:')
|
if resource_param.start_with?('acct:')
|
||||||
params[:resource].split('@').first.gsub('acct:', '')
|
resource_param.split('@').first.gsub('acct:', '')
|
||||||
else
|
else
|
||||||
url = Addressable::URI.parse(params[:resource])
|
url = Addressable::URI.parse(resource_param)
|
||||||
url.path.gsub('/users/', '')
|
url.path.gsub('/users/', '')
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
@ -43,4 +43,8 @@ class XrdController < ApplicationController
|
||||||
|
|
||||||
(["RSA"] + [modulus, exponent].map { |n| Base64.urlsafe_encode64(n) }).join('.')
|
(["RSA"] + [modulus, exponent].map { |n| Base64.urlsafe_encode64(n) }).join('.')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def resource_param
|
||||||
|
params.require(:resource)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
class Account < ActiveRecord::Base
|
class Account < ActiveRecord::Base
|
||||||
# Local users
|
# Local users
|
||||||
has_one :user, inverse_of: :account
|
has_one :user, inverse_of: :account
|
||||||
validates :username, uniqueness: { scope: :domain }
|
validates :username, uniqueness: { scope: :domain, case_sensitive: false }
|
||||||
|
|
||||||
# Avatar upload
|
# Avatar upload
|
||||||
attr_reader :avatar_remote_url
|
attr_reader :avatar_remote_url
|
||||||
|
|
@ -97,6 +97,11 @@ class Account < ActiveRecord::Base
|
||||||
self.username
|
self.username
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def self.find_local!(username)
|
||||||
|
table = self.arel_table
|
||||||
|
self.where(table[:username].matches(username)).where(domain: nil).take!
|
||||||
|
end
|
||||||
|
|
||||||
before_create do
|
before_create do
|
||||||
if local?
|
if local?
|
||||||
keypair = OpenSSL::PKey::RSA.new(Rails.env.test? ? 1024 : 2048)
|
keypair = OpenSSL::PKey::RSA.new(Rails.env.test? ? 1024 : 2048)
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,7 @@ Doorkeeper.configure do
|
||||||
|
|
||||||
# Access token expiration time (default 2 hours).
|
# Access token expiration time (default 2 hours).
|
||||||
# If you want to disable expiration, set this to nil.
|
# If you want to disable expiration, set this to nil.
|
||||||
# access_token_expires_in nil
|
access_token_expires_in nil
|
||||||
|
|
||||||
# Assign a custom TTL for implicit grants.
|
# Assign a custom TTL for implicit grants.
|
||||||
# custom_access_token_expires_in do |oauth_client|
|
# custom_access_token_expires_in do |oauth_client|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue