From ebbd87368c2cfeffcdda316b67a47d5d961ca096 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Sun, 18 May 2025 14:37:22 +0400 Subject: [PATCH] Handle l param missing for WKD request --- app/controllers/web_key_directory_controller.rb | 5 +++-- spec/requests/web_key_directory_spec.rb | 7 +++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/app/controllers/web_key_directory_controller.rb b/app/controllers/web_key_directory_controller.rb index 2809728..cc2e439 100644 --- a/app/controllers/web_key_directory_controller.rb +++ b/app/controllers/web_key_directory_controller.rb @@ -1,9 +1,10 @@ class WebKeyDirectoryController < WellKnownController before_action :allow_cross_origin_requests - # /.well-known/openpgpkey/hu/:hashed_username(.txt) + # /.well-known/openpgpkey/hu/:hashed_username(.txt)?l=username def show - @user = User.find_by(cn: params[:l].downcase) + username = params[:l] || "" + @user = User.find_by(cn: username.downcase) if @user.nil? || @user.pgp_pubkey.blank? || diff --git a/spec/requests/web_key_directory_spec.rb b/spec/requests/web_key_directory_spec.rb index c7ef1f3..aa3fb63 100644 --- a/spec/requests/web_key_directory_spec.rb +++ b/spec/requests/web_key_directory_spec.rb @@ -9,6 +9,13 @@ RSpec.describe "OpenPGP Web Key Directory", type: :request do end end + describe "omitted 'l' param" do + it "returns a 404 status" do + get "/.well-known/openpgpkey/hu/fmb8gw3n4zdj4xpwaziki4mwcxr1368i" + expect(response).to have_http_status(:not_found) + end + end + describe "non-existent user" do it "returns a 404 status" do get "/.well-known/openpgpkey/hu/fmb8gw3n4zdj4xpwaziki4mwcxr1368i?l=aristotle"