From c67b89e56bf0f90730a9e22beca7e1bd41fc26c3 Mon Sep 17 00:00:00 2001 From: Mikael Nordfeldth Date: Sun, 21 Feb 2016 20:05:32 +0100 Subject: [PATCH] Make WebFinger fancyurlfix configurable --- plugins/WebFinger/WebFingerPlugin.php | 37 ++++++++------ plugins/WebFinger/lib/webfingerresource.php | 54 ++++++++++----------- 2 files changed, 50 insertions(+), 41 deletions(-) diff --git a/plugins/WebFinger/WebFingerPlugin.php b/plugins/WebFinger/WebFingerPlugin.php index 5eec98ea69..fd25482c7a 100644 --- a/plugins/WebFinger/WebFingerPlugin.php +++ b/plugins/WebFinger/WebFingerPlugin.php @@ -36,10 +36,12 @@ class WebFingerPlugin extends Plugin const OAUTH_AUTHORIZE_REL = 'http://apinamespace.org/oauth/authorize'; public $http_alias = false; + public $fancyurlfix = true; // adds + interprets some extra aliases related to 'index.php/' URLs public function initialize() { common_config_set('webfinger', 'http_alias', $this->http_alias); + common_config_set('webfinger', 'fancyurlfix', $this->fancyurlfix); } public function onRouterInitialized($m) @@ -104,25 +106,32 @@ class WebFingerPlugin extends Plugin $user = User::getByUri($resource); $profile = $user->getProfile(); } catch (NoResultException $e) { - try { - try { // if it's a /index.php/ url - // common_fake_local_fancy_url can throw an exception - $alt_url = common_fake_local_fancy_url($resource); - } catch (Exception $e) { // let's try to create a fake local /index.php/ url - // this too if it can't do anything about the URL - $alt_url = common_fake_local_nonfancy_url($resource); - } + if (common_config('webfinger', 'fancyurlfix')) { + try { + try { // if it's a /index.php/ url + // common_fake_local_fancy_url can throw an exception + $alt_url = common_fake_local_fancy_url($resource); + } catch (Exception $e) { // let's try to create a fake local /index.php/ url + // this too if it can't do anything about the URL + $alt_url = common_fake_local_nonfancy_url($resource); + } - // and this will throw a NoResultException if not found - $user = User::getByUri($alt_url); - $profile = $user->getProfile(); - } catch (Exception $e) { - // if our rewrite hack didn't work, try to get something by profile URL - $profile = Profile::getKV('profileurl', $resource); + // and this will throw a NoResultException if not found + $user = User::getByUri($alt_url); + $profile = $user->getProfile(); + } catch (Exception $e) { + // apparently we didn't get any matches with that, so continue... + } } } } + // if we still haven't found a match... + if (!$profile instanceof Profile) { + // if our rewrite hack didn't work, try to get something by profile URL + $profile = Profile::getKV('profileurl', $resource); + } + if ($profile instanceof Profile) { $target = new WebFingerResource_Profile($profile); return false; // We got our target, stop handler execution diff --git a/plugins/WebFinger/lib/webfingerresource.php b/plugins/WebFinger/lib/webfingerresource.php index 51308c32d4..e04d3b407f 100644 --- a/plugins/WebFinger/lib/webfingerresource.php +++ b/plugins/WebFinger/lib/webfingerresource.php @@ -47,33 +47,33 @@ abstract class WebFingerResource // getUrl failed because no valid URL could be returned, just ignore it } - /** - * Here we add some hacky hotfixes for remote lookups that have been taught the - * (at least now) wrong URI but it's still obviously the same user. Such as: - * - https://site.example/user/1 even if the client requests https://site.example/index.php/user/1 - * - https://site.example/user/1 even if the client requests https://site.example//index.php/user/1 - * - https://site.example/index.php/user/1 even if the client requests https://site.example/user/1 - * - https://site.example/index.php/user/1 even if the client requests https://site.example///index.php/user/1 - */ - - - foreach(array_keys($aliases) as $alias) { - try { - // get a "fancy url" version of the alias, even without index.php/ - $alt_url = common_fake_local_fancy_url($alias); - // store this as well so remote sites can be sure we really are the same profile - $aliases[$alt_url] = true; - } catch (Exception $e) { - // Apparently we couldn't rewrite that, the $alias was as the function wanted it to be - } - - try { - // get a non-"fancy url" version of the alias, i.e. add index.php/ - $alt_url = common_fake_local_nonfancy_url($alias); - // store this as well so remote sites can be sure we really are the same profile - $aliases[$alt_url] = true; - } catch (Exception $e) { - // Apparently we couldn't rewrite that, the $alias was as the function wanted it to be + if (common_config('webfinger', 'fancyurlfix')) { + /** + * Here we add some hacky hotfixes for remote lookups that have been taught the + * (at least now) wrong URI but it's still obviously the same user. Such as: + * - https://site.example/user/1 even if the client requests https://site.example/index.php/user/1 + * - https://site.example/user/1 even if the client requests https://site.example//index.php/user/1 + * - https://site.example/index.php/user/1 even if the client requests https://site.example/user/1 + * - https://site.example/index.php/user/1 even if the client requests https://site.example///index.php/user/1 + */ + foreach(array_keys($aliases) as $alias) { + try { + // get a "fancy url" version of the alias, even without index.php/ + $alt_url = common_fake_local_fancy_url($alias); + // store this as well so remote sites can be sure we really are the same profile + $aliases[$alt_url] = true; + } catch (Exception $e) { + // Apparently we couldn't rewrite that, the $alias was as the function wanted it to be + } + + try { + // get a non-"fancy url" version of the alias, i.e. add index.php/ + $alt_url = common_fake_local_nonfancy_url($alias); + // store this as well so remote sites can be sure we really are the same profile + $aliases[$alt_url] = true; + } catch (Exception $e) { + // Apparently we couldn't rewrite that, the $alias was as the function wanted it to be + } } }