WebFinger is HTTPS-only protocol

author: Vitaly Takmazov 2019-03-18 22:33:48 +0300
committer: Vitaly Takmazov 2019-03-18 22:33:48 +0300
commit: ecdaf52bac011cdd0f17c94abf1174fc722331fa (patch)
tree: 6e3b61917a6cc5071f68fd0344f7d73cb4ecac51 /src
parent: 477ed00317dbef73604e1175bc547f7cd0869075 (diff)
2 files changed, 28 insertions, 16 deletions
diff --git a/src/main/java/com/juick/server/SignatureManager.java b/src/main/java/com/juick/server/SignatureManager.java
index 755575ce..904f89af 100644
--- a/src/main/java/com/juick/server/SignatureManager.java
+++ b/src/main/java/com/juick/server/SignatureManager.java
@@ -9,11 +9,11 @@ import com.juick.server.api.webfinger.model.Account;
 import com.juick.server.api.webfinger.model.Link;
 import com.juick.service.UserService;
 import com.juick.util.DateFormattersHolder;
-import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Component;
 import org.springframework.web.client.RestTemplate;
@@ -130,17 +130,23 @@ public class SignatureManager {
         return Optional.empty();
     }
     public Optional<Context> discoverPerson(String acct) {
-        String[] accountParts = acct.split(":", 2);
-        String account = accountParts[0];
-        int port = accountParts.length > 1 ? Integer.valueOf(accountParts[1]) : 80;
-        Jid acctId = Jid.of(account);
-        URI resourceUri = UriComponentsBuilder.fromUriString(
-                String.format("http://%s:%d/.well-known/webfinger?resource=acct:%s", acctId.getDomain(), port, account)).build().toUri();
-        Account acctData = apClient.getForEntity(resourceUri, Account.class).getBody();
-        if (acctData != null) {
-            for (Link l : acctData.getLinks()) {
-                if (l.getRel().equals("self") && l.getType().equals(ACTIVITY_MEDIA_TYPE)) {
-                    return getContext(URI.create(l.getHref()));
+        Jid acctId = Jid.of(acct);
+        URI resourceUri = UriComponentsBuilder.fromPath("/.well-known/webfinger")
+                .host(acctId.getDomain())
+                .scheme("https")
+                .queryParam("resource", String.format("%s", acctId.toEscapedString())).build().toUri();
+        HttpHeaders headers = new HttpHeaders();
+        headers.add("Accept", "application/jrd+json");
+        HttpEntity<Void> webfingerRequest = new HttpEntity<>(headers);
+        ResponseEntity<Account> response = apClient.exchange(
+                resourceUri, HttpMethod.GET, webfingerRequest, Account.class);
+        if (response.getStatusCode().is2xxSuccessful()) {
+            Account acctData = response.getBody();
+            if (acctData != null) {
+                for (Link l : acctData.getLinks()) {
+                    if (l.getRel().equals("self") && l.getType().equals(ACTIVITY_MEDIA_TYPE)) {
+                        return getContext(URI.create(l.getHref()));
+                    }
                 }
             }
         }
diff --git a/src/test/java/com/juick/server/tests/ServerTests.java b/src/test/java/com/juick/server/tests/ServerTests.java
index 7f46968f..ea99fac3 100644
--- a/src/test/java/com/juick/server/tests/ServerTests.java
+++ b/src/test/java/com/juick/server/tests/ServerTests.java
@@ -33,6 +33,7 @@ import com.juick.model.CommandResult;
 import com.juick.model.PrivateChats;
 import com.juick.model.TagStats;
 import com.juick.server.*;
+import com.juick.server.api.activity.Profile;
 import com.juick.server.api.activity.model.Context;
 import com.juick.server.api.activity.model.activities.*;
 import com.juick.server.api.activity.model.objects.Note;
@@ -198,6 +199,8 @@ public class ServerTests {
     private WebApp webApp;
     @Inject
     private RestTemplate apClient;
+    @Inject
+    private Profile profileController;
 
     @Value("classpath:mocks/activity/testuser.json")
     private Resource testuserResponse;
@@ -1408,8 +1411,6 @@ public class ServerTests {
                 .andExpect(jsonPath("$.links[0].href", is("http://localhost:8080/u/ugnich")));
         mockMvc.perform(get("/.well-known/webfinger?resource=acct:durov@localhost"))
                 .andExpect(status().isNotFound());
-        Person ugnich = (Person) signatureManager.discoverPerson("ugnich@juick.com").get();
-        assertThat(ugnich.getName(), is(ugnichName));
     }
     @Test
     public void userProfileAndBlogShouldBeExposedAsActivityStream() throws Exception {
@@ -1747,10 +1748,15 @@ public class ServerTests {
     @Test
     public void serviceSignatureAuth() throws Exception {
         String meUri = "/api/me";
-        String testHost = "localhost:8080";
-        Person ugnichPerson = (Person) signatureManager.discoverPerson("ugnich@localhost:8080").get();
         Instant now = Instant.now();
         String requestDate = DateFormattersHolder.getHttpDateFormatter().format(now);
+        mockMvc.perform(get("/api/me")
+                .header("Date", requestDate))
+                .andExpect(status().isUnauthorized());
+        String testHost = "localhost";
+        Person ugnichPerson = profileController.getUser("ugnich");
+        now = Instant.now();
+        requestDate = DateFormattersHolder.getHttpDateFormatter().format(now);
         String signatureString = signatureManager.addSignature(ugnichPerson, testHost, "GET", meUri, requestDate);
         MvcResult me = mockMvc.perform(get("/api/me")
                 .header("Host", testHost)
author	Vitaly Takmazov	2019-03-18 22:33:48 +0300
committer	Vitaly Takmazov	2019-03-18 22:33:48 +0300
commit	ecdaf52bac011cdd0f17c94abf1174fc722331fa (patch)
tree	6e3b61917a6cc5071f68fd0344f7d73cb4ecac51 /src
parent	477ed00317dbef73604e1175bc547f7cd0869075 (diff)