From 112bec52252108de57e708ed47cf43abd9f3b2f1 Mon Sep 17 00:00:00 2001
From: lain <lain@soykaf.club>
Date: Tue, 25 Aug 2020 17:35:59 +0200
Subject: Webfinger: Handle bogus ids better.

---
 lib/pleroma/web/web_finger/web_finger.ex | 24 ++++++++++++++----------
 test/web/web_finger/web_finger_test.exs  |  5 +++++
 2 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/lib/pleroma/web/web_finger/web_finger.ex b/lib/pleroma/web/web_finger/web_finger.ex
index 71ccf251a..c4051e63e 100644
--- a/lib/pleroma/web/web_finger/web_finger.ex
+++ b/lib/pleroma/web/web_finger/web_finger.ex
@@ -149,6 +149,18 @@ def find_lrdd_template(domain) do
     end
   end
 
+  defp get_address_from_domain(domain, encoded_account) when is_binary(domain) do
+    case find_lrdd_template(domain) do
+      {:ok, template} ->
+        String.replace(template, "{uri}", encoded_account)
+
+      _ ->
+        "https://#{domain}/.well-known/webfinger?resource=#{encoded_account}"
+    end
+  end
+
+  defp get_address_from_domain(_, _), do: nil
+
   @spec finger(String.t()) :: {:ok, map()} | {:error, any()}
   def finger(account) do
     account = String.trim_leading(account, "@")
@@ -163,16 +175,8 @@ def finger(account) do
 
     encoded_account = URI.encode("acct:#{account}")
 
-    address =
-      case find_lrdd_template(domain) do
-        {:ok, template} ->
-          String.replace(template, "{uri}", encoded_account)
-
-        _ ->
-          "https://#{domain}/.well-known/webfinger?resource=#{encoded_account}"
-      end
-
-    with response <-
+    with address when is_binary(address) <- get_address_from_domain(domain, encoded_account),
+         response <-
            HTTP.get(
              address,
              [{"accept", "application/xrd+xml,application/jrd+json"}]
diff --git a/test/web/web_finger/web_finger_test.exs b/test/web/web_finger/web_finger_test.exs
index f4884e0a2..96fc0bbaa 100644
--- a/test/web/web_finger/web_finger_test.exs
+++ b/test/web/web_finger/web_finger_test.exs
@@ -40,6 +40,11 @@ test "works for ap_ids" do
   end
 
   describe "fingering" do
+    test "returns error for nonsensical input" do
+      assert {:error, _} = WebFinger.finger("bliblablu")
+      assert {:error, _} = WebFinger.finger("pleroma.social")
+    end
+
     test "returns error when fails parse xml or json" do
       user = "invalid_content@social.heldscal.la"
       assert {:error, %Jason.DecodeError{}} = WebFinger.finger(user)
-- 
cgit v1.2.3