fix(settings): change Mastodon only URI to webfinger

TechnicalSuwako · TechnicalSuwako · commit ef0729f23e53 · 2025-05-25T23:52:16.000+09:00
Signed-off-by: 諏訪子 &lt;suwako@076.moe&gt;
diff --git a/AUTHORS b/AUTHORS
@@ -620,6 +620,7 @@
  - szaimen <szaimen@e.mail.de>
  - tbartenstein <tbartenstein@users.noreply.github.com>
  - tbelau666 <thomas.belau@gmx.de>
+ - TechnicalSuwako <suwako@076.moe>
  - tgrant <tom.grant760@gmail.com>
  - timm2k <timm2k@gmx.de>
  - tux-rampage <tux-rampage@users.noreply.github.com>
diff --git a/lib/private/Accounts/AccountManager.php b/lib/private/Accounts/AccountManager.php
@@ -734,7 +734,7 @@ private function sanitizePropertyFediverse(IAccountProperty $property): void {
 
 				try {
 					// try the public account lookup API of mastodon
-					$response = $client->get("https://{$instance}/api/v1/accounts/lookup?acct={$username}@{$instance}");
+					$response = $client->get("https://{$instance}/.well-known/webfinger?resource=acct:{$username}@{$instance}");
 					// should be a json response with account information
 					$data = $response->getBody();
 					if (is_resource($data)) {
@@ -743,7 +743,7 @@ private function sanitizePropertyFediverse(IAccountProperty $property): void {
 					$decoded = json_decode($data, true);
 					// ensure the username is the same the user passed
 					// in this case we can assume this is a valid fediverse server and account
-					if (!is_array($decoded) || ($decoded['username'] ?? '') !== $username) {
+					if (!is_array($decoded) || ($decoded['subject'] ?? '') !== "acct:{$username}@{$instance}") {
 						throw new InvalidArgumentException();
 					}
 				} catch (InvalidArgumentException) {
diff --git a/tests/lib/Accounts/AccountManagerTest.php b/tests/lib/Accounts/AccountManagerTest.php
@@ -839,12 +839,12 @@ public function testSanitizingFediverseServer(string $input, ?string $output, bo
 					->willReturn($serverResponse);
 				$client->expects(self::once())
 					->method('get')
-					->with('https://example.com/api/v1/accounts/lookup?acct=foo@example.com')
+					->with('https://example.com/.well-known/webfinger?resource=acct:foo@example.com')
 					->willReturn($response);
 			} else {
 				$client->expects(self::once())
 					->method('get')
-					->with('https://example.com/api/v1/accounts/lookup?acct=foo@example.com')
+					->with('https://example.com/.well-known/webfinger?resource=acct:foo@example.com')
 					->willThrowException(new \Exception('404'));
 			}
 
