Access tokens no longer expire, case-insensitive local username validation, as well as case-insensitive Webfinger look-up
This commit is contained in:
		| @@ -6,7 +6,7 @@ class XrdController < ApplicationController | |||||||
|   end |   end | ||||||
|  |  | ||||||
|   def webfinger |   def webfinger | ||||||
|     @account = Account.find_by!(username: username_from_resource, domain: nil) |     @account = Account.find_local!(username_from_resource) | ||||||
|     @canonical_account_uri = "acct:#{@account.username}@#{Rails.configuration.x.local_domain}" |     @canonical_account_uri = "acct:#{@account.username}@#{Rails.configuration.x.local_domain}" | ||||||
|     @magic_key = pem_to_magic_key(@account.keypair.public_key) |     @magic_key = pem_to_magic_key(@account.keypair.public_key) | ||||||
|   rescue ActiveRecord::RecordNotFound |   rescue ActiveRecord::RecordNotFound | ||||||
| @@ -21,10 +21,10 @@ class XrdController < ApplicationController | |||||||
|   end |   end | ||||||
|  |  | ||||||
|   def username_from_resource |   def username_from_resource | ||||||
|     if params[:resource].start_with?('acct:') |     if resource_param.start_with?('acct:') | ||||||
|       params[:resource].split('@').first.gsub('acct:', '') |       resource_param.split('@').first.gsub('acct:', '') | ||||||
|     else |     else | ||||||
|       url = Addressable::URI.parse(params[:resource]) |       url = Addressable::URI.parse(resource_param) | ||||||
|       url.path.gsub('/users/', '') |       url.path.gsub('/users/', '') | ||||||
|     end |     end | ||||||
|   end |   end | ||||||
| @@ -43,4 +43,8 @@ class XrdController < ApplicationController | |||||||
|  |  | ||||||
|     (["RSA"] + [modulus, exponent].map { |n| Base64.urlsafe_encode64(n) }).join('.') |     (["RSA"] + [modulus, exponent].map { |n| Base64.urlsafe_encode64(n) }).join('.') | ||||||
|   end |   end | ||||||
|  |  | ||||||
|  |   def resource_param | ||||||
|  |     params.require(:resource) | ||||||
|  |   end | ||||||
| end | end | ||||||
|   | |||||||
| @@ -1,7 +1,7 @@ | |||||||
| class Account < ActiveRecord::Base | class Account < ActiveRecord::Base | ||||||
|   # Local users |   # Local users | ||||||
|   has_one :user, inverse_of: :account |   has_one :user, inverse_of: :account | ||||||
|   validates :username, uniqueness: { scope: :domain } |   validates :username, uniqueness: { scope: :domain, case_sensitive: false } | ||||||
|  |  | ||||||
|   # Avatar upload |   # Avatar upload | ||||||
|   attr_reader :avatar_remote_url |   attr_reader :avatar_remote_url | ||||||
| @@ -97,6 +97,11 @@ class Account < ActiveRecord::Base | |||||||
|     self.username |     self.username | ||||||
|   end |   end | ||||||
|  |  | ||||||
|  |   def self.find_local!(username) | ||||||
|  |     table = self.arel_table | ||||||
|  |     self.where(table[:username].matches(username)).where(domain: nil).take! | ||||||
|  |   end | ||||||
|  |  | ||||||
|   before_create do |   before_create do | ||||||
|     if local? |     if local? | ||||||
|       keypair = OpenSSL::PKey::RSA.new(Rails.env.test? ? 1024 : 2048) |       keypair = OpenSSL::PKey::RSA.new(Rails.env.test? ? 1024 : 2048) | ||||||
|   | |||||||
| @@ -23,7 +23,7 @@ Doorkeeper.configure do | |||||||
|  |  | ||||||
|   # Access token expiration time (default 2 hours). |   # Access token expiration time (default 2 hours). | ||||||
|   # If you want to disable expiration, set this to nil. |   # If you want to disable expiration, set this to nil. | ||||||
|   # access_token_expires_in nil |   access_token_expires_in nil | ||||||
|  |  | ||||||
|   # Assign a custom TTL for implicit grants. |   # Assign a custom TTL for implicit grants. | ||||||
|   # custom_access_token_expires_in do |oauth_client| |   # custom_access_token_expires_in do |oauth_client| | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user