From af1444ec632b963eeba9fd50f52c78976c244eb3 Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Thu, 21 Nov 2024 14:08:56 -0500
Subject: [PATCH 1/5] fix: Handle when required `resource` parameter is missing
 or empty

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 lib/WellKnown/WebfingerHandler.php | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/lib/WellKnown/WebfingerHandler.php b/lib/WellKnown/WebfingerHandler.php
index fee8c4b28..9009c0410 100644
--- a/lib/WellKnown/WebfingerHandler.php
+++ b/lib/WellKnown/WebfingerHandler.php
@@ -97,6 +97,12 @@ public function handle(
 	 */
 	public function handleWebfinger(IRequestContext $context, ?IResponse $previousResponse): ?IResponse {
 		$subject = $this->getSubjectFromRequest($context->getHttpRequest());
+		
+		// the `resource` parameter is required
+		if ($subject === null || $subject === '') {
+			return new JrdResponse('', Http::STATUS_BAD_REQUEST);
+		}
+		
 		if (str_starts_with($subject, 'acct:')) {
 			$subject = substr($subject, 5);
 		}
@@ -216,8 +222,11 @@ private function getSubjectFromRequest(IRequest $request): string {
 
 		// work around to extract resource:
 		// on some setup (i.e. tests) the data are not available from IRequest
-		parse_str(parse_url($request->getRequestUri(), PHP_URL_QUERY), $query);
-
+		$requestUri = $request->getRequestUri();
+		if ($requestUri !== '') {
+			parse_str(parse_url($requestUri, PHP_URL_QUERY), $query);
+		}
+		
 		return $query['resource'] ?? '';
 	}
 }

From 4c0834d1c6419a19ed2eb7c5e385fb7ecf14cef1 Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Thu, 21 Nov 2024 14:41:00 -0500
Subject: [PATCH 2/5] fix: psalm

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 lib/WellKnown/WebfingerHandler.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/WellKnown/WebfingerHandler.php b/lib/WellKnown/WebfingerHandler.php
index 9009c0410..96072d028 100644
--- a/lib/WellKnown/WebfingerHandler.php
+++ b/lib/WellKnown/WebfingerHandler.php
@@ -99,7 +99,7 @@ public function handleWebfinger(IRequestContext $context, ?IResponse $previousRe
 		$subject = $this->getSubjectFromRequest($context->getHttpRequest());
 		
 		// the `resource` parameter is required
-		if ($subject === null || $subject === '') {
+		if ($subject === '') {
 			return new JrdResponse('', Http::STATUS_BAD_REQUEST);
 		}
 		

From 3a0c72ec90c3c9f58f7de5f62db597224bbe48ef Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Thu, 21 Nov 2024 15:23:59 -0500
Subject: [PATCH 3/5] fix: oops

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 lib/WellKnown/WebfingerHandler.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/WellKnown/WebfingerHandler.php b/lib/WellKnown/WebfingerHandler.php
index 96072d028..17f778fbf 100644
--- a/lib/WellKnown/WebfingerHandler.php
+++ b/lib/WellKnown/WebfingerHandler.php
@@ -223,7 +223,7 @@ private function getSubjectFromRequest(IRequest $request): string {
 		// work around to extract resource:
 		// on some setup (i.e. tests) the data are not available from IRequest
 		$requestUri = $request->getRequestUri();
-		if ($requestUri !== '') {
+		if ($requestUri !== null) {
 			parse_str(parse_url($requestUri, PHP_URL_QUERY), $query);
 		}
 		

From 662b1994d47b1b588fae22d262ae8af75f506b36 Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Tue, 26 Nov 2024 21:37:09 -0500
Subject: [PATCH 4/5] fixup
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 lib/WellKnown/WebfingerHandler.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/WellKnown/WebfingerHandler.php b/lib/WellKnown/WebfingerHandler.php
index 17f778fbf..569653be7 100644
--- a/lib/WellKnown/WebfingerHandler.php
+++ b/lib/WellKnown/WebfingerHandler.php
@@ -224,7 +224,7 @@ private function getSubjectFromRequest(IRequest $request): string {
 		// on some setup (i.e. tests) the data are not available from IRequest
 		$requestUri = $request->getRequestUri();
 		if ($requestUri !== null) {
-			parse_str(parse_url($requestUri, PHP_URL_QUERY), $query);
+			parse_str(parse_url($requestUri, PHP_URL_QUERY) ?? '', $query);
 		}
 		
 		return $query['resource'] ?? '';

From a02f309c956648f469dd5c18bc84c4fd90c7ca03 Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Tue, 26 Nov 2024 21:38:09 -0500
Subject: [PATCH 5/5] Update WebfingerHandler.php

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 lib/WellKnown/WebfingerHandler.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/WellKnown/WebfingerHandler.php b/lib/WellKnown/WebfingerHandler.php
index 569653be7..ff3559eaf 100644
--- a/lib/WellKnown/WebfingerHandler.php
+++ b/lib/WellKnown/WebfingerHandler.php
@@ -223,7 +223,7 @@ private function getSubjectFromRequest(IRequest $request): string {
 		// work around to extract resource:
 		// on some setup (i.e. tests) the data are not available from IRequest
 		$requestUri = $request->getRequestUri();
-		if ($requestUri !== null) {
+		if ($requestUri !== '') {
 			parse_str(parse_url($requestUri, PHP_URL_QUERY) ?? '', $query);
 		}