From 302ff874cb6c2ee78cb5d19fd90a5ab00e29abb5 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Fri, 15 May 2020 16:10:42 -0600 Subject: [PATCH] Update webfinger logic, fixes #2180 --- app/Http/Controllers/FederationController.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/app/Http/Controllers/FederationController.php b/app/Http/Controllers/FederationController.php index 8b7292c07..182725adf 100644 --- a/app/Http/Controllers/FederationController.php +++ b/app/Http/Controllers/FederationController.php @@ -46,14 +46,14 @@ class FederationController extends Controller public function webfinger(Request $request) { - abort_if(!config('federation.webfinger.enabled'), 404); + abort_if(!config('federation.webfinger.enabled'), 400); - $this->validate($request, ['resource'=>'required|string|min:3|max:255']); + abort_if(!$request->filled('resource'), 400); $resource = $request->input('resource'); $parsed = Nickname::normalizeProfileUrl($resource); if($parsed['domain'] !== config('pixelfed.domain.app')) { - abort(404); + abort(400); } $username = $parsed['username']; $profile = Profile::whereNull('domain')->whereUsername($username)->firstOrFail(); @@ -108,7 +108,7 @@ class FederationController extends Controller return ProfileController::accountCheck($profile); } $body = $request->getContent(); - $bodyDecoded = json_decode($body, true, 8); + $bodyDecoded = json_decode($body, true, 12); if($this->verifySignature($request, $profile) == true) { InboxWorker::dispatch($request->headers->all(), $profile, $bodyDecoded); } else if($this->blindKeyRotation($request, $profile) == true) {