Merge branch 'master' into feature/mastodon_api

app/controllers/web_key_directory_controller.rb

@@ -1,8 +1,16 @@
 class WebKeyDirectoryController < WellKnownController
   before_action :allow_cross_origin_requests
 
-  # /.well-known/openpgpkey/hu/:hashed_username(.txt)
+  # /.well-known/openpgpkey/hu/:hashed_username(.txt)?l=username
   def show
+    if params[:l].blank?
+      # TODO store hashed username in db if existing implementations trigger
+      # this a lot
+      msg = "WKD request with \"l\" param omitted for hu: #{params[:hashed_username]})"
+      Sentry.capture_message(msg) if Setting.sentry_enabled?
+      http_status :bad_request and return
+    end
+
     @user = User.find_by(cn: params[:l].downcase)
 
     if @user.nil? ||

app/views/settings/_account.html.erb

@@ -52,9 +52,11 @@
   <section class="!pt-8 sm:!pt-12">
     <h3>OpenPGP</h3>
     <ul role="list">
+      <% example_link = link_to "example", "https://accounts.kosmos.org/.well-known/openpgpkey/hu/yuca4ky39mhwkjo78qb8zjgbfj1hg3yf.txt?l=jimmy",
+          target: "_blank", class: "text-gray-500 underline" %>
       <%= render FormElements::FieldsetComponent.new(
             title: "Public key",
-            description: "Your OpenPGP public key in ASCII Armor format"
+            description: raw("Your OpenPGP public key in ASCII Armor format (#{example_link})")
           ) do %>
         <%= f.text_area :pgp_pubkey,
           value: @user.pgp_pubkey,

spec/requests/web_key_directory_spec.rb

@@ -9,6 +9,13 @@ RSpec.describe "OpenPGP Web Key Directory", type: :request do
     end
   end
 
+  describe "omitted 'l' param" do
+    it "returns a 400 status" do
+      get "/.well-known/openpgpkey/hu/fmb8gw3n4zdj4xpwaziki4mwcxr1368i"
+      expect(response).to have_http_status(:bad_request)
+    end
+  end
+
   describe "non-existent user" do
     it "returns a 404 status" do
       get "/.well-known/openpgpkey/hu/fmb8gw3n4zdj4xpwaziki4mwcxr1368i?l=aristotle"