Commit Graph

4 Commits (1ad64b5557f8980b8ec54ac09cd79ac51223a2ea)

Author SHA1 Message Date
David Leadbeater 69378eac99
Don't allow URLs that contain non-normalized paths to be verified ()
* Don't allow URLs that contain non-normalized paths to be verified

This stops things like https://example.com/otheruser/../realuser where
"/otheruser" appears to be the verified URL, but the actual URL being
verified is "/realuser" due to the "/../".

Also fix a test to use 'https', so it is testing the right thing, now
that since  https is required.

* missing do
2022-11-20 19:28:13 +01:00
Emily Strickland c2231539c7
Test blank account field verifiability ()
* Test blank account field verifiability

This change tests the need for , which ensures that we guard against a situation in which `at_xpath` returns `nil`.

* Test verifiability of blank fields for remote account profiles

This adds a counterpart test for remote account profiles' fields' verifiability when those fields are blank. I previously added the same test for local accounts.
2022-11-13 21:02:09 +01:00
Eugen Rochko 9965a23b04
Change link verification to ignore IDN domains ()
Fix 
2022-11-10 06:27:45 +01:00
Eugen Rochko e98833748e
Fix being able to spoof link verification ()
- Change verification to happen in `default` queue
- Change verification worker to only be queued if there's something to do
- Add `link` tags from metadata fields to page header of profiles
2022-11-09 08:24:21 +01:00