From 2bcf877b5cb4bacafb0b3d43738ac3b83bc785f4 Mon Sep 17 00:00:00 2001
From: Benjamin Neff <benjamin@coding4coffee.ch>
Date: Sat, 20 Jun 2015 23:33:03 +0200
Subject: [PATCH] use webfinger xml generator

- fix: encode rsa key with base64
---
 .../webfinger_controller.rb                   |  8 +++---
 .../webfinger/webfinger.erb                   | 14 ----------
 lib/diaspora_federation.rb                    |  9 +------
 .../web_finger/web_finger.rb                  | 12 ++++-----
 .../webfinger_controller_spec.rb              | 16 +++++++++---
 spec/lib/web_finger/web_finger_spec.rb        | 15 ++++++-----
 test/dummy/app/models/person.rb               | 26 +++++++++----------
 7 files changed, 44 insertions(+), 56 deletions(-)
 delete mode 100644 app/views/diaspora_federation/webfinger/webfinger.erb

diff --git a/app/controllers/diaspora_federation/webfinger_controller.rb b/app/controllers/diaspora_federation/webfinger_controller.rb
index 8c57620..e387b3b 100644
--- a/app/controllers/diaspora_federation/webfinger_controller.rb
+++ b/app/controllers/diaspora_federation/webfinger_controller.rb
@@ -23,12 +23,12 @@ module DiasporaFederation
     #
     # GET /webfinger?q=<uri>
     def legacy_webfinger
-      @person = find_person(params[:q]) if params[:q]
+      person = find_person(params[:q]) if params[:q]
 
-      return render nothing: true, status: 404 if @person.nil?
+      return render nothing: true, status: 404 if person.nil?
 
-      logger.info "webfinger profile request for: #{@person.diaspora_handle}"
-      render "webfinger", content_type: "application/xrd+xml"
+      logger.info "webfinger profile request for: #{person.diaspora_handle}"
+      render body: WebFinger::WebFinger.from_person(person.webfinger_hash).to_xml, content_type: "application/xrd+xml"
     end
 
     private
diff --git a/app/views/diaspora_federation/webfinger/webfinger.erb b/app/views/diaspora_federation/webfinger/webfinger.erb
deleted file mode 100644
index eaf5a4d..0000000
--- a/app/views/diaspora_federation/webfinger/webfinger.erb
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0">
-  <Subject>acct:<%=@person.diaspora_handle%></Subject>
-  <Alias>"<%= @person.url %>"</Alias>
-  <Link rel="http://microformats.org/profile/hcard" type="text/html" href="<%=@person.hcard_url%>"/>
-  <Link rel="http://joindiaspora.com/seed_location" type="text/html" href="<%=@person.url%>"/>
-  <Link rel="http://joindiaspora.com/guid" type="text/html" href="<%=@person.guid%>"/>
-
-  <Link rel="http://webfinger.net/rel/profile-page" type="text/html" href="<%=@person.profile_url%>"/>
-  <Link rel="http://schemas.google.com/g/2010#updates-from" type="application/atom+xml" href="<%=@person.atom_url%>"/>
-  <Link rel="salmon" href="<%=@person.salmon_url%>"/>
-
-  <Link rel="diaspora-public-key" type="RSA" href="<%=Base64.strict_encode64(@person.serialized_public_key)%>"/>
-</XRD>
diff --git a/lib/diaspora_federation.rb b/lib/diaspora_federation.rb
index e576e7c..f6fcbf8 100644
--- a/lib/diaspora_federation.rb
+++ b/lib/diaspora_federation.rb
@@ -46,14 +46,7 @@ module DiasporaFederation
       raise ConfigurationError, "missing server_uri" unless @server_uri.respond_to? :host
       validate_class(@person_class, "person_class", %i(
         find_local_by_diaspora_handle
-        guid
-        url
-        diaspora_handle
-        serialized_public_key
-        salmon_url
-        atom_url
-        profile_url
-        hcard_url
+        webfinger_hash
       ))
       logger.info "successfully configured the federation engine"
     end
diff --git a/lib/diaspora_federation/web_finger/web_finger.rb b/lib/diaspora_federation/web_finger/web_finger.rb
index f8c4571..724d494 100644
--- a/lib/diaspora_federation/web_finger/web_finger.rb
+++ b/lib/diaspora_federation/web_finger/web_finger.rb
@@ -10,7 +10,7 @@ module DiasporaFederation
     # serve as a base for all future changes of this implementation.
     #
     # @example Creating a WebFinger document from account data
-    #   wf = WebFinger.from_account({
+    #   wf = WebFinger.from_person({
     #     acct_uri:    "acct:user@server.example",
     #     alias_url:   "https://server.example/people/0123456789abcdef",
     #     hcard_url:   "https://server.example/hcard/users/user",
@@ -19,7 +19,7 @@ module DiasporaFederation
     #     atom_url:    "https://server.example/public/user.atom",
     #     salmon_url:  "https://server.example/receive/users/0123456789abcdef",
     #     guid:        "0123456789abcdef",
-    #     pubkey:      "ABCDEF=="
+    #     pubkey:      "-----BEGIN PUBLIC KEY-----\nABCDEF==\n-----END PUBLIC KEY-----"
     #   })
     #   xml_string = wf.to_xml
     #
@@ -88,8 +88,8 @@ module DiasporaFederation
       # @param [Hash] data account data
       # @return [WebFinger] WebFinger instance
       # @raise [InvalidData] if the given data Hash is invalid or incomplete
-      def self.from_account(data)
-        raise InvalidData, "account data incomplete" unless account_data_complete?(data)
+      def self.from_person(data)
+        raise InvalidData, "person data incomplete" unless account_data_complete?(data)
 
         wf = allocate
         wf.instance_eval {
@@ -130,7 +130,7 @@ module DiasporaFederation
 
           # TODO: change me!  ##########
           @guid        = guid
-          @pubkey      = pubkey
+          @pubkey      = Base64.strict_decode64(pubkey)
           ##############################
         }
         wf
@@ -189,7 +189,7 @@ module DiasporaFederation
         # TODO: change me!  ##############
         doc.links << {rel:  REL_PUBKEY,
                       type: "RSA",
-                      href: @pubkey}
+                      href: Base64.strict_encode64(@pubkey)}
         ##################################
       end
 
diff --git a/spec/controllers/diaspora_federation/webfinger_controller_spec.rb b/spec/controllers/diaspora_federation/webfinger_controller_spec.rb
index 582a00e..4046e6f 100644
--- a/spec/controllers/diaspora_federation/webfinger_controller_spec.rb
+++ b/spec/controllers/diaspora_federation/webfinger_controller_spec.rb
@@ -37,19 +37,29 @@ module DiasporaFederation
 
     describe "#legacy_webfinger" do
       it "succeeds when the person exists" do
-        post :legacy_webfinger, "q" => "alice@localhost:3000"
+        get :legacy_webfinger, "q" => "alice@localhost:3000"
         expect(response).to be_success
       end
 
       it "succeeds with 'acct:' in the query when the person exists" do
-        post :legacy_webfinger, "q" => "acct:alice@localhost:3000"
+        get :legacy_webfinger, "q" => "acct:alice@localhost:3000"
         expect(response).to be_success
       end
 
+      it "contains the diaspora handle" do
+        get :legacy_webfinger, "q" => "acct:alice@localhost:3000"
+        expect(response.body).to include "<Subject>acct:alice@localhost:3000</Subject>"
+      end
+
       it "404s when the person does not exist" do
-        post :legacy_webfinger, "q" => "me@mydiaspora.pod.com"
+        get :legacy_webfinger, "q" => "me@mydiaspora.pod.com"
         expect(response).to be_not_found
       end
+
+      it "calls WebFinger::WebFinger.from_person" do
+        expect(WebFinger::WebFinger).to receive(:from_person).and_call_original
+        get :legacy_webfinger, "q" => "acct:alice@localhost:3000"
+      end
     end
   end
 end
diff --git a/spec/lib/web_finger/web_finger_spec.rb b/spec/lib/web_finger/web_finger_spec.rb
index 2da8e16..c5e5971 100644
--- a/spec/lib/web_finger/web_finger_spec.rb
+++ b/spec/lib/web_finger/web_finger_spec.rb
@@ -8,7 +8,8 @@ module DiasporaFederation
     profile_url = "https://pod.example.tld/u/user"
     atom_url = "https://pod.example.tld/public/user.atom"
     salmon_url = "https://pod.example.tld/receive/users/abcdef0123456789"
-    pubkey = "AAAAAA=="
+    pubkey = "-----BEGIN PUBLIC KEY-----\nABCDEF==\n-----END PUBLIC KEY-----"
+    pubkey_base64 = Base64.strict_encode64(pubkey)
 
     xml = <<-XML
 <?xml version="1.0" encoding="UTF-8"?>
@@ -21,7 +22,7 @@ module DiasporaFederation
   <Link rel="http://webfinger.net/rel/profile-page" type="text/html" href="#{profile_url}"/>
   <Link rel="http://schemas.google.com/g/2010#updates-from" type="application/atom+xml" href="#{atom_url}"/>
   <Link rel="salmon" href="#{salmon_url}"/>
-  <Link rel="diaspora-public-key" type="RSA" href="#{pubkey}"/>
+  <Link rel="diaspora-public-key" type="RSA" href="#{pubkey_base64}"/>
 </XRD>
 XML
 
@@ -31,7 +32,7 @@ XML
 
     context "generation" do
       it "creates a nice XML document" do
-        wf = WebFinger::WebFinger.from_account(
+        wf = WebFinger::WebFinger.from_person(
           acct_uri:    acct,
           alias_url:   alias_url,
           hcard_url:   hcard_url,
@@ -47,7 +48,7 @@ XML
 
       it "fails if some params are missing" do
         expect {
-          WebFinger::WebFinger.from_account(
+          WebFinger::WebFinger.from_person(
             acct_uri:  acct,
             alias_url: alias_url,
             hcard_url: hcard_url
@@ -56,11 +57,11 @@ XML
       end
 
       it "fails if empty was given" do
-        expect { WebFinger::WebFinger.from_account({}) }.to raise_error(WebFinger::InvalidData)
+        expect { WebFinger::WebFinger.from_person({}) }.to raise_error(WebFinger::InvalidData)
       end
 
       it "fails if nil was given" do
-        expect { WebFinger::WebFinger.from_account(nil) }.to raise_error(WebFinger::InvalidData)
+        expect { WebFinger::WebFinger.from_person(nil) }.to raise_error(WebFinger::InvalidData)
       end
     end
 
@@ -93,7 +94,7 @@ XML
   <Link rel="http://schemas.google.com/g/2010#updates-from" type="application/atom+xml" href="#{atom_url}"/>
   <Link rel="salmon" href="#{salmon_url}"/>
 
-  <Link rel="diaspora-public-key" type = "RSA" href="#{pubkey}"/>
+  <Link rel="diaspora-public-key" type = "RSA" href="#{pubkey_base64}"/>
 </XRD>
 XML
 
diff --git a/test/dummy/app/models/person.rb b/test/dummy/app/models/person.rb
index 38b1a29..ff2557f 100644
--- a/test/dummy/app/models/person.rb
+++ b/test/dummy/app/models/person.rb
@@ -1,20 +1,18 @@
 class Person < ActiveRecord::Base
   include ::Diaspora::Guid
 
-  def salmon_url
-    "#{url}receive/users/#{guid}"
-  end
-
-  def atom_url
-    "#{url}public/#{diaspora_handle.split('@')[0]}.atom"
-  end
-
-  def profile_url
-    "#{url}u/#{diaspora_handle.split('@')[0]}"
-  end
-
-  def hcard_url
-    "#{url}hcard/users/#{guid}"
+  def webfinger_hash
+    {
+      acct_uri:    "acct:#{diaspora_handle}",
+      alias_url:   "#{url}people/#{guid}",
+      hcard_url:   "#{url}hcard/users/#{guid}",
+      seed_url:    url,
+      profile_url: "#{url}u/#{diaspora_handle.split('@')[0]}",
+      atom_url:    "#{url}public/#{diaspora_handle.split('@')[0]}.atom",
+      salmon_url:  "#{url}receive/users/#{guid}",
+      guid:        guid,
+      pubkey:      serialized_public_key
+    }
   end
 
   def self.find_by_diaspora_handle(identifier)