diff --git a/lib/noosfero/api/api.rb b/lib/noosfero/api/api.rb index 86eb4a0..4966f0b 100644 --- a/lib/noosfero/api/api.rb +++ b/lib/noosfero/api/api.rb @@ -6,6 +6,7 @@ module Noosfero module API class NoosferoFederation < Grape::API + helpers APIHelpers before { detect_stuff_by_domain } format :json content_type :json, "application/jrd+json" diff --git a/lib/noosfero/api/federation/webfinger.rb b/lib/noosfero/api/federation/webfinger.rb index 01b1a87..8dc4bd0 100644 --- a/lib/noosfero/api/federation/webfinger.rb +++ b/lib/noosfero/api/federation/webfinger.rb @@ -3,9 +3,9 @@ module Noosfero module API module Federation class Webfinger < Grape::API - get "webfinger" do + get 'webfinger' do result = generate_jrd - present result, :with => Grape::Presenters::Presenter + present result, with: Grape::Presenters::Presenter end end end @@ -13,62 +13,79 @@ module Noosfero end def generate_jrd - result = {} - if valid_domain? && request_acct? - result = acct_hash - elsif valid_domain? && valid_uri?(params[:resource]) - result = uri_hash + unless valid_domain? + not_found! + Rails.logger.error 'Domain Not Found' + end + if request_acct? + acct_hash + elsif valid_uri?(params[:resource]) + uri_hash end end -def valid_domain? - #validate domain if resource have acct +def domain if request_acct? - domain = params[:resource].split("@")[1] - environment.domains.map(&:name).include? domain + params[:resource].split('@')[1] else - domain = params[:resource].split("/")[2] - environment.domains.map(&:name).include? domain + params[:resource].split('/')[2] end end +def valid_domain? + environment.domains.map(&:name).include? domain +end + def request_acct? - params[:resource].include? "acct:" + params[:resource].include? 'acct:' end def acct_hash acct = {} acct[:subject] = params[:resource] acct[:properties] = Person.find_by_identifier(extract_person_identifier) + if acct[:properties].nil? + Rails.logger.error 'Person not found' + not_found! + end acct end def extract_person_identifier - params[:resource].split("@")[0].split(":")[1] + params[:resource].split('@')[0].split(':')[1] end def valid_uri?(url) uri = URI.parse(url) - uri.kind_of?(URI::HTTP) - rescue URI::BadURIError => ex - Rails.logger.error "Bad URI Error: #{ex}" - rescue URI::InvalidURIError => ex - Rails.logger.error "Invalid URI Error: #{ex}" + if uri.is_a?(URI::HTTP) + true + else + Rails.logger.error 'Bad URI Error' + not_found! + end end def uri_hash uri = {} uri[:subject] = params[:resource] - entity = entity_exists?(params[:resource]) + entity = find_entity(params[:resource]) id = params[:resource].split('/').last.to_i - uri[:properties] = entity.classify.constantize.find(id) + begin + uri[:properties] = entity.classify.constantize.find(id) + rescue ActiveRecord::RecordNotFound + Rails.logger.error "Entity: #{entity} with id: #{id} not found" + not_found! + end uri end -def entity_exists?(uri) +def find_entity(uri) possible_entity = uri.split('/') - possible_entity.map! {|entity| "#{entity}s"} - ( ActiveRecord::Base.connection.tables & possible_entity ).first - rescue ActiveRecord::RecordNotFound => ex - Rails.logger.error "Entity not found on records: #{ex}" + possible_entity.map! { |entity| "#{entity}s" } + entity = (ActiveRecord::Base.connection.tables & possible_entity).first + unless entity + Rails.logger.error 'Entity not found on records' + not_found! + end + entity end diff --git a/test/api/federation/webfinger_test.rb b/test/api/federation/webfinger_test.rb index e24c56b..f6e3784 100644 --- a/test/api/federation/webfinger_test.rb +++ b/test/api/federation/webfinger_test.rb @@ -1,8 +1,9 @@ require_relative '../test_helper' class WebfingerTest < ActiveSupport::TestCase - def setup + Domain.create(name: 'example.com') + Environment.default.domains << Domain.last login_api end @@ -13,10 +14,40 @@ class WebfingerTest < ActiveSupport::TestCase assert_equal webfinger['subject'], 'acct:ze@example.com' end + should 'not return json when user not found' do + invalid_user = 'invalid_user_in_url' + get ".well-known/webfinger?resource=acct%3A#{invalid_user}%40example.com" + assert_equal 404, last_response.status + end + should 'return correct article via webfinger url' do - get '.well-known/webfinger?resource=http://example.com/article/id/1' + a = fast_create(Article, name: 'my article', profile_id: 1) + a.save + get ".well-known/webfinger?resource=http://example.com/article/id/#{a.id}" webfinger = JSON.parse(last_response.body) assert_equal 200, last_response.status - assert_equal webfinger['subject'], 'http://example.com/article/id/1' + assert_equal webfinger['subject'], "http://example.com/article/id/#{a.id}" + end + + should 'not return json when domain is invalid' do + invalid_domain = 'doest_not_exist.com' + get ".well-known/webfinger?resource=http://#{invalid_domain}/article/id/1" + assert_equal 404, last_response.status + end + + should 'not return json when entity is not found' do + get '.well-known/webfinger?resource=http://example.com/article/id/999999' + assert_equal 404, last_response.status + end + + should 'not return json when entity does not exist' do + get '.well-known/webfinger?resource=http://example.com/doest_not_exist/id/1' + assert_equal 404, last_response.status + end + + should 'not return json when request is not http' do + not_http_url = 'kkttc://example.com/article/id/1' + get ".well-known/webfinger?resource=#{not_http_url}" + assert_equal 404, last_response.status end end -- libgit2 0.21.2