aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Accounts/AccountManager.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/private/Accounts/AccountManager.php')
-rw-r--r--lib/private/Accounts/AccountManager.php25
1 files changed, 20 insertions, 5 deletions
diff --git a/lib/private/Accounts/AccountManager.php b/lib/private/Accounts/AccountManager.php
index d69e72a29de..9c7c35d4a6b 100644
--- a/lib/private/Accounts/AccountManager.php
+++ b/lib/private/Accounts/AccountManager.php
@@ -131,9 +131,7 @@ class AccountManager implements IAccountManager {
$property->setScope(self::SCOPE_LOCAL);
}
} else {
- // migrate scope values to the new format
- // invalid scopes are mapped to a default value
- $property->setScope(AccountProperty::mapScopeToV2($property->getScope()));
+ $property->setScope($property->getScope());
}
}
@@ -736,7 +734,7 @@ class AccountManager implements IAccountManager {
try {
// try the public account lookup API of mastodon
- $response = $client->get("https://{$instance}/api/v1/accounts/lookup?acct={$username}@{$instance}");
+ $response = $client->get("https://{$instance}/.well-known/webfinger?resource=acct:{$username}@{$instance}");
// should be a json response with account information
$data = $response->getBody();
if (is_resource($data)) {
@@ -745,9 +743,26 @@ class AccountManager implements IAccountManager {
$decoded = json_decode($data, true);
// ensure the username is the same the user passed
// in this case we can assume this is a valid fediverse server and account
- if (!is_array($decoded) || ($decoded['username'] ?? '') !== $username) {
+ if (!is_array($decoded) || ($decoded['subject'] ?? '') !== "acct:{$username}@{$instance}") {
throw new InvalidArgumentException();
}
+ // check for activitypub link
+ if (is_array($decoded['links']) && isset($decoded['links'])) {
+ $found = false;
+ foreach ($decoded['links'] as $link) {
+ // have application/activity+json or application/ld+json
+ if (isset($link['type']) && (
+ $link['type'] === 'application/activity+json'
+ || $link['type'] === 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'
+ )) {
+ $found = true;
+ break;
+ }
+ }
+ if (!$found) {
+ throw new InvalidArgumentException();
+ }
+ }
} catch (InvalidArgumentException) {
throw new InvalidArgumentException(self::PROPERTY_FEDIVERSE);
} catch (\Exception $error) {
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-12 02:30:00 +0000