Fix validate_webfinger when running a different domain for Webfinger

Signed-off-by: marcin mikołajczak <git@mkljczk.pl>

lib/pleroma/application.ex

@@ -162,7 +162,8 @@ defp cachex_children do
         expiration: chat_message_id_idempotency_key_expiration(),
         limit: 500_000
       ),
-      build_cachex("rel_me", limit: 2500)
+      build_cachex("rel_me", limit: 2500),
+      build_cachex("host_meta", default_ttl: :timer.minutes(120), limit: 5000)
     ]
   end
 

lib/pleroma/web/web_finger.ex

@@ -155,7 +155,16 @@ def get_template_from_xml(body) do
     end
   end
 
+  @cachex Pleroma.Config.get([:cachex, :provider], Cachex)
   def find_lrdd_template(domain) do
+    @cachex.fetch!(:host_meta_cache, domain, fn _ ->
+      {:commit, fetch_lrdd_template(domain)}
+    end)
+  rescue
+    e -> {:error, "Cachex error: #{inspect(e)}"}
+  end
+
+  defp fetch_lrdd_template(domain) do
     # WebFinger is restricted to HTTPS - https://tools.ietf.org/html/rfc7033#section-9.1
     meta_url = "https://#{domain}/.well-known/host-meta"
 
@@ -168,7 +177,7 @@ def find_lrdd_template(domain) do
     end
   end
 
-  defp get_address_from_domain(domain, encoded_account) when is_binary(domain) do
+  defp get_address_from_domain(domain, "acct:" <> _ = encoded_account) when is_binary(domain) do
     case find_lrdd_template(domain) do
       {:ok, template} ->
         String.replace(template, "{uri}", encoded_account)
@@ -178,6 +187,11 @@ defp get_address_from_domain(domain, encoded_account) when is_binary(domain) do
     end
   end
 
+  defp get_address_from_domain(domain, account) when is_binary(domain) do
+    encoded_account = URI.encode("acct:#{account}")
+    get_address_from_domain(domain, encoded_account)
+  end
+
   defp get_address_from_domain(_, _), do: {:error, :webfinger_no_domain}
 
   @spec finger(String.t()) :: {:ok, map()} | {:error, any()}
@@ -192,9 +206,7 @@ def finger(account) do
           URI.parse(account).host
       end
 
-    encoded_account = URI.encode("acct:#{account}")
-
-    with address when is_binary(address) <- get_address_from_domain(domain, encoded_account),
+    with address when is_binary(address) <- get_address_from_domain(domain, account),
          {:ok, %{status: status, body: body, headers: headers}} when status in 200..299 <-
            HTTP.get(
              address,
@@ -227,13 +239,15 @@ def finger(account) do
     end
   end
 
-  defp validate_webfinger(url, %{"subject" => "acct:" <> acct} = data) do
-    with %URI{host: request_host} <- URI.parse(url),
-         [_name, acct_host] <- String.split(acct, "@"),
+  defp validate_webfinger(request_url, %{"subject" => "acct:" <> acct = subject} = data) do
+    with [_name, acct_host] <- String.split(acct, "@"),
+         {_, url} <- {:address, get_address_from_domain(acct_host, subject)},
+         %URI{host: request_host} <- URI.parse(request_url),
+         %URI{host: acct_host} <- URI.parse(url),
          {_, true} <- {:hosts_match, acct_host == request_host} do
       {:ok, data}
     else
-      _ -> {:error, {:webfinger_invalid, url, data}}
+      _ -> {:error, {:webfinger_invalid, request_url, data}}
     end
   end
 

test/pleroma/user_test.exs

@@ -877,7 +877,7 @@ test "gets an existing user by nickname starting with http" do
     setup do: clear_config([Pleroma.Web.WebFinger, :update_nickname_on_user_fetch], true)
 
     test "for mastodon" do
-      Tesla.Mock.mock(fn
+      Tesla.Mock.mock_global(fn
         %{url: "https://example.com/.well-known/host-meta"} ->
           %Tesla.Env{
             status: 302,
@@ -935,7 +935,7 @@ test "for mastodon" do
     end
 
     test "for pleroma" do
-      Tesla.Mock.mock(fn
+      Tesla.Mock.mock_global(fn
         %{url: "https://example.com/.well-known/host-meta"} ->
           %Tesla.Env{
             status: 302,