port tootsuite#11869 to monsterfork: Fix webfinger response not retur…

…ning 410 when account is suspended
vulpineclub · Feb 21, 2020 · 1a9763b · 1a9763b
1 parent 085ae27
commit 1a9763b
Showing 1 changed file with 20 additions and 4 deletions.
diff --git a/app/controllers/well_known/webfinger_controller.rb b/app/controllers/well_known/webfinger_controller.rb
@@ -5,18 +5,22 @@ class WebfingerController < ActionController::Base
     include RoutingHelper
 
     before_action { response.headers['Vary'] = 'Accept' }
+    before_action :set_account
+    before_action :check_account_suspension
 
-    def show
-      @account = Account.find_local!(username_from_resource)
+    rescue_from ActiveRecord::RecordNotFound, ActionController::ParameterMissing, with: :not_found
 
+    def show
       expires_in 3.days, public: true
       render json: @account, serializer: WebfingerSerializer, content_type: 'application/jrd+json'
-    rescue ActiveRecord::RecordNotFound
-      head 404
     end
 
     private
 
+    def set_account
+      @account = Account.find_local!(username_from_resource)
+    end
+
     def username_from_resource
       resource_user    = resource_param
       username, domain = resource_user.split('@')
@@ -28,5 +32,17 @@ def username_from_resource
     def resource_param
       params.require(:resource)
     end
+
+    def check_account_suspension
+      expires_in(3.minutes, public: true) && gone if @account.suspended?
+    end
+
+    def not_found
+      head 404
+    end
+
+    def gone
+      head 410
+    end
   end
 end