Skip to content

Fix split-origin WebFinger subjects#921

Merged
dahlia merged 4 commits into
fedify-dev:2.0-maintenancefrom
dahlia:bugfix/split-origin-webfinger
Jul 6, 2026
Merged

Fix split-origin WebFinger subjects#921
dahlia merged 4 commits into
fedify-dev:2.0-maintenancefrom
dahlia:bugfix/split-origin-webfinger

Conversation

@dahlia

@dahlia dahlia commented Jul 6, 2026

Copy link
Copy Markdown
Member

Fixes #920.

Why this change is needed

In split-origin deployments, the public fediverse handle and the ActivityPub server can live on different hosts. A server may receive a WebFinger request for an acct: URI on the server origin after a remote implementation starts from an actor URL and checks the reciprocal account identity.

Fedify already accepted that server-origin acct: URI as an alias when the actor was local. The response still used the queried alias as subject, though, which made the alias look canonical to clients that stop at the WebFinger subject. The canonical handle-host identity was present only in aliases, too late for that lookup path.

How this fixes it

The handler in packages/fedify/src/federation/webfinger.ts now keeps the normalized query URI separate from the JRD subject. For an acct: query on the web-origin host, it returns the handle-host acct: URI as subject and keeps the queried server-origin acct: URI in aliases. Canonical handle-host queries and actor-URI queries keep their existing behavior.

The regression test in packages/fedify/src/federation/webfinger.test.ts uses the split-origin shape directly: ap.example.com for the web origin and example.com for the handle host. That makes the expected subject unambiguous: acct:someone@example.com, with acct:someone@ap.example.com retained as an alias.

CHANGES.md documents the behavior change for 2.0.22.

Return the canonical handle-host acct URI as the WebFinger subject when a
local actor is resolved through a server-origin acct alias.  Keep the queried
acct alias in the aliases list so reciprocal checks can still relate the two
identities.

Fixes fedify-dev#920

Assisted-by: Codex:gpt-5.5
@dahlia dahlia self-assigned this Jul 6, 2026
@dahlia dahlia added component/federation Federation object related component/webfinger WebFinger related labels Jul 6, 2026
@coderabbitai

coderabbitai Bot commented Jul 6, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 0ebf28cc-9651-4c73-81fb-7db988ff56ed

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@dahlia

dahlia commented Jul 6, 2026

Copy link
Copy Markdown
Member Author

@codex review

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request fixes split-origin WebFinger responses for acct: aliases on the web origin host. When a local actor is queried through the server-origin acct: alias, Fedify now returns the canonical handle-host acct: URI as the JRD subject and keeps the queried acct: URI in aliases. The review feedback suggests also including the canonical acct: URI on the web origin in the aliases list when the actor's preferredUsername differs from the queried username to ensure consistency.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread packages/fedify/src/federation/webfinger.ts Outdated
@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. Bravo.

Reviewed commit: 9ee34efa77

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
packages/fedify/src/federation/webfinger.ts (1)

253-261: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick win

Fallback username re-derivation may diverge from the original queried username due to URL percent-encoding.

username is recomputed by stripping resourceUrl.href rather than reusing the raw match[1] captured earlier (line 188-189). Since acct: is a non-special URI scheme, new URL() percent-encodes reserved characters (e.g. spaces) in the opaque path when resourceUrl was constructed. If actor.preferredUsername is null, the fallback subject would use this percent-encoded username instead of the original raw one, producing an inconsistent subject for usernames containing characters needing encoding.

Consider hoisting the original username into an outer-scoped variable when resourceUrl is reconstructed (around line 189) and reusing it here instead of re-parsing href.

♻️ Suggested approach
-  let identifier: string | null = null;
+  let identifier: string | null = null;
+  let queriedUsername: string | null = null;
   const uriParsed = context.parseUri(resourceUrl);
   ...
     } else {
       ...
       identifier = await mapUsernameToIdentifier(match[1]);
       resourceUrl = new URL(`acct:${match[1]}@${normalizedHost}`);
+      queriedUsername = match[1];
     }
   ...
-    const username = resourceUrl.href.replace(/^acct:/, "").replace(/@.*$/, "");
-    subject = `acct:${actor.preferredUsername ?? username}@${host}`;
+    subject = `acct:${actor.preferredUsername ?? queriedUsername}@${host}`;
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/fedify/src/federation/webfinger.ts` around lines 253 - 261, The
fallback subject in webfinger handling is re-deriving the username from
resourceUrl.href, which can pick up percent-encoding and diverge from the
originally queried acct username. Hoist the raw username captured during the
initial acct: parsing in federation/webfinger.ts into an outer-scoped variable,
then reuse that original value when building subject in this fallback block
instead of re-parsing resourceUrl.href. Keep the existing host and
actor.preferredUsername logic intact.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@packages/fedify/src/federation/webfinger.ts`:
- Around line 253-261: The fallback subject in webfinger handling is re-deriving
the username from resourceUrl.href, which can pick up percent-encoding and
diverge from the originally queried acct username. Hoist the raw username
captured during the initial acct: parsing in federation/webfinger.ts into an
outer-scoped variable, then reuse that original value when building subject in
this fallback block instead of re-parsing resourceUrl.href. Keep the existing
host and actor.preferredUsername logic intact.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 6262805e-9906-432a-b979-6dffd319eab2

📥 Commits

Reviewing files that changed from the base of the PR and between ab7f167 and 9ee34ef.

📒 Files selected for processing (3)
  • CHANGES.md
  • packages/fedify/src/federation/webfinger.test.ts
  • packages/fedify/src/federation/webfinger.ts

@codecov

codecov Bot commented Jul 6, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

Files with missing lines Coverage Δ
packages/fedify/src/federation/webfinger.ts 84.97% <100.00%> (+2.36%) ⬆️

... and 1 file with indirect coverage changes

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

dahlia added 2 commits July 6, 2026 12:35
Keep the original username captured while parsing an acct WebFinger query and
reuse it when building the split-origin fallback subject.  This avoids deriving
the subject from the URL-serialized resource, which may have changed escaping.

fedify-dev#921 (review)

Assisted-by: Codex:gpt-5.5
When a split-origin acct lookup uses a non-canonical username, include the
preferred username on the web-origin host in aliases.  This keeps the fallback
acct response consistent with actor URI lookups while preserving the queried
alias.

fedify-dev#921 (comment)

Assisted-by: Codex:gpt-5.5
@dahlia

dahlia commented Jul 6, 2026

Copy link
Copy Markdown
Member Author

/gemini review

@gemini-code-assist

Copy link
Copy Markdown
Contributor

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

@dahlia

dahlia commented Jul 6, 2026

Copy link
Copy Markdown
Member Author

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ff302a1bc0

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread CHANGES.md
@dahlia dahlia requested review from 2chanhaeng and sij411 July 6, 2026 03:50

@2chanhaeng 2chanhaeng left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

Comment thread packages/fedify/src/federation/webfinger.ts Outdated
Move subject and alias construction into a helper so split-origin handling shares the same actor username and host inputs without repeating the surrounding calculations.

fedify-dev#921 (comment)

Assisted-by: Codex:gpt-5.5
@dahlia

dahlia commented Jul 6, 2026

Copy link
Copy Markdown
Member Author

@codex review

@dahlia

dahlia commented Jul 6, 2026

Copy link
Copy Markdown
Member Author

/gemini review

@dahlia dahlia requested a review from 2chanhaeng July 6, 2026 10:19
@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. Already looking forward to the next diff.

Reviewed commit: 1fa4357a7c

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@gemini-code-assist

Copy link
Copy Markdown
Contributor

Warning

Gemini encountered an error creating the review. You can try again by commenting /gemini review.

@dahlia dahlia merged commit b5a902f into fedify-dev:2.0-maintenance Jul 6, 2026
17 checks passed
@dahlia dahlia deleted the bugfix/split-origin-webfinger branch July 6, 2026 12:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

component/federation Federation object related component/webfinger WebFinger related

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Split-origin WebFinger should return the handle-host acct URI as the subject for server-origin acct aliases

2 participants