From 536731f256e670ab11b76c3fe8d68b32fabcd65b Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Tue, 3 Sep 2019 19:38:52 +0100
Subject: [PATCH] Check that webfinger returns a valid actor url

---
 posts.py        | 6 +++++-
 webfinger.py    | 6 ++++--
 webinterface.py | 4 ++++
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/posts.py b/posts.py
index 172a93ee5..d4f1b5e03 100644
--- a/posts.py
+++ b/posts.py
@@ -115,7 +115,11 @@ def getUserUrl(wfRequest) -> str:
         for link in wfRequest['links']:
             if link.get('type') and link.get('href'):
                 if link['type'] == 'application/activity+json':
-                    return link['href']
+                    if '/users/' in link['href'] or '/profile/' in link['href']:
+                        return link['href']
+                    else:
+                        print('Webfinger activity+json does not contain a valid actor')
+                        print(link['href'])
     return None
 
 def parseUserFeed(session,feedUrl: str,asHeader: {}, \
diff --git a/webfinger.py b/webfinger.py
index 69cdd629b..972e0fcb5 100644
--- a/webfinger.py
+++ b/webfinger.py
@@ -51,14 +51,16 @@ def webfingerHandle(session,handle: str,httpPrefix: str,cachedWebfingers: {}, \
         wfDomain=wfDomain.split(':')[0]
     wf=getWebfingerFromCache(nickname+'@'+wfDomain,cachedWebfingers)
     if wf:
-        return wf
+        return wf    
     url = '{}://{}/.well-known/webfinger'.format(httpPrefix,domain)
     par = {'resource': 'acct:{}'.format(nickname+'@'+wfDomain)}
-    hdr = {'Accept': 'application/jrd+json'}
+    hdr = {'Accept': 'application/jrd+json'}    
     try:
         result = getJson(session, url, hdr, par,projectVersion,httpPrefix,fromDomain)
     except Exception as e:
         print("Unable to webfinger " + url)
+        print('nickname: '+str(nickname))
+        print('domain: '+str(wfDomain))
         print('headers: '+str(hdr))
         print('params: '+str(par))
         print(e)
diff --git a/webinterface.py b/webinterface.py
index 9789bc62b..6da96b736 100644
--- a/webinterface.py
+++ b/webinterface.py
@@ -2309,6 +2309,10 @@ def htmlProfileAfterSearch(baseDir: str,path: str,httpPrefix: str, \
             return None
         asHeader = {'Accept': 'application/activity+json; profile="https://www.w3.org/ns/activitystreams"'}
         personUrl = getUserUrl(wf)
+        if not personUrl:
+            if debug:
+                print('DEBUG: Webfinger did not return an actor url')
+            return None            
         profileJson = getJson(session,personUrl,asHeader,None,projectVersion,httpPrefix,domain)
         if not profileJson:
             if debug: