From 464db9ea0bf51c065a0db8d6f64eedd73b125f1e Mon Sep 17 00:00:00 2001 From: Erin Shepherd Date: Thu, 29 Feb 2024 20:56:32 +0100 Subject: [PATCH] Don't list old accounts as aliases in WebFinger Per the XRD specification: > 2.4. Element > > The element contains a URI value that is an additional > identifier for the resource described by the XRD. This value > MUST be an absolute URI. The element does not identify > additional resources the XRD is describing, **but rather provides > additional identifiers for the same resource.** (http://docs.oasis-open.org/xri/xrd/v1.0/os/xrd-1.0-os.html#element.alias, emphasis mine) In other words, the alias list is expected to link to things which are not just semantically the same, but exactly the same. Old user accounts don't do that This change should not pose a compatibility issue: Mastodon does not list old accounts here (See https://github.com/mastodon/mastodon/blob/e1fcb02867a0103977062ae11b86f80c5e3fd74f/app/serializers/webfinger_serializer.rb#L12) The use of as:alsoKnownAs is also not quite semantically right here (see https://www.w3.org/TR/did-core/#dfn-alsoknownas, which defines it to be used to refer to identifiers which are interchangable) but that's what DID get for reusing a property definition that Mastodon already squatted long before they got to it --- lib/pleroma/web/web_finger.ex | 2 +- test/pleroma/web/web_finger/web_finger_controller_test.exs | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/lib/pleroma/web/web_finger.ex b/lib/pleroma/web/web_finger.ex index 9be8ef50e..9d5efbb3e 100644 --- a/lib/pleroma/web/web_finger.ex +++ b/lib/pleroma/web/web_finger.ex @@ -65,7 +65,7 @@ defmodule Pleroma.Web.WebFinger do end defp gather_aliases(%User{} = user) do - [user.ap_id | user.also_known_as] + [user.ap_id] end def represent_user(user, "JSON") do diff --git a/test/pleroma/web/web_finger/web_finger_controller_test.exs b/test/pleroma/web/web_finger/web_finger_controller_test.exs index fe8301fa4..f792f20e6 100644 --- a/test/pleroma/web/web_finger/web_finger_controller_test.exs +++ b/test/pleroma/web/web_finger/web_finger_controller_test.exs @@ -46,8 +46,7 @@ defmodule Pleroma.Web.WebFinger.WebFingerControllerTest do assert response["subject"] == "acct:#{user.nickname}@localhost" assert response["aliases"] == [ - "https://hyrule.world/users/zelda", - "https://mushroom.kingdom/users/toad" + "https://hyrule.world/users/zelda" ] end @@ -104,7 +103,6 @@ defmodule Pleroma.Web.WebFinger.WebFingerControllerTest do |> response(200) assert response =~ "https://hyrule.world/users/zelda" - assert response =~ "https://mushroom.kingdom/users/toad" end test "it returns 404 when user isn't found (XML)" do