From b671b912113b8705729a44424946bb31ae445df5 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Tue, 17 Sep 2019 14:58:02 +0200
Subject: [PATCH] Fix webfinger response not returning 410 when account is
 suspended (#11869)

---
 .../well_known/webfinger_controller.rb        | 24 +++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/app/controllers/well_known/webfinger_controller.rb b/app/controllers/well_known/webfinger_controller.rb
index d60bf98ab..480e58f3f 100644
--- a/app/controllers/well_known/webfinger_controller.rb
+++ b/app/controllers/well_known/webfinger_controller.rb
@@ -5,18 +5,22 @@ module WellKnown
     include RoutingHelper
 
     before_action { response.headers['Vary'] = 'Accept' }
+    before_action :set_account
+    before_action :check_account_suspension
+
+    rescue_from ActiveRecord::RecordNotFound, ActionController::ParameterMissing, with: :not_found
 
     def show
-      @account = Account.find_local!(username_from_resource)
-
       expires_in 3.days, public: true
       render json: @account, serializer: WebfingerSerializer, content_type: 'application/jrd+json'
-    rescue ActiveRecord::RecordNotFound, ActionController::ParameterMissing
-      head 404
     end
 
     private
 
+    def set_account
+      @account = Account.find_local!(username_from_resource)
+    end
+
     def username_from_resource
       resource_user    = resource_param
       username, domain = resource_user.split('@')
@@ -28,5 +32,17 @@ module WellKnown
     def resource_param
       params.require(:resource)
     end
+
+    def check_account_suspension
+      expires_in(3.minutes, public: true) && gone if @account.suspended?
+    end
+
+    def not_found
+      head 404
+    end
+
+    def gone
+      head 410
+    end
   end
 end