diff options
| -rw-r--r-- | AUTHORS | 1 | ||||
| -rw-r--r-- | lib/private/Accounts/AccountManager.php | 4 | ||||
| -rw-r--r-- | tests/lib/Accounts/AccountManagerTest.php | 4 |
3 files changed, 5 insertions, 4 deletions
@@ -620,6 +620,7 @@ - szaimen <szaimen@e.mail.de> - tbartenstein <tbartenstein@users.noreply.github.com> - tbelau666 <thomas.belau@gmx.de> + - TechnicalSuwako <suwako@076.moe> - tgrant <tom.grant760@gmail.com> - timm2k <timm2k@gmx.de> - tux-rampage <tux-rampage@users.noreply.github.com> diff --git a/lib/private/Accounts/AccountManager.php b/lib/private/Accounts/AccountManager.php index e8b67311636..57322620882 100644 --- a/lib/private/Accounts/AccountManager.php +++ b/lib/private/Accounts/AccountManager.php @@ -734,7 +734,7 @@ class AccountManager implements IAccountManager { try { // try the public account lookup API of mastodon - $response = $client->get("https://{$instance}/api/v1/accounts/lookup?acct={$username}@{$instance}"); + $response = $client->get("https://{$instance}/.well-known/webfinger?resource=acct:{$username}@{$instance}"); // should be a json response with account information $data = $response->getBody(); if (is_resource($data)) { @@ -743,7 +743,7 @@ class AccountManager implements IAccountManager { $decoded = json_decode($data, true); // ensure the username is the same the user passed // in this case we can assume this is a valid fediverse server and account - if (!is_array($decoded) || ($decoded['username'] ?? '') !== $username) { + if (!is_array($decoded) || ($decoded['subject'] ?? '') !== "acct:{$username}@{$instance}") { throw new InvalidArgumentException(); } } catch (InvalidArgumentException) { diff --git a/tests/lib/Accounts/AccountManagerTest.php b/tests/lib/Accounts/AccountManagerTest.php index 05c7efd08fb..7e28cbc9cd8 100644 --- a/tests/lib/Accounts/AccountManagerTest.php +++ b/tests/lib/Accounts/AccountManagerTest.php @@ -839,12 +839,12 @@ class AccountManagerTest extends TestCase { ->willReturn($serverResponse); $client->expects(self::once()) ->method('get') - ->with('https://example.com/api/v1/accounts/lookup?acct=foo@example.com') + ->with('https://example.com/.well-known/webfinger?resource=acct:foo@example.com') ->willReturn($response); } else { $client->expects(self::once()) ->method('get') - ->with('https://example.com/api/v1/accounts/lookup?acct=foo@example.com') + ->with('https://example.com/.well-known/webfinger?resource=acct:foo@example.com') ->willThrowException(new \Exception('404')); } |