[bugfix] harden checks for remotes masquerading as local, and return correct local account redirects early (#3706)

2025-11-18 14:07:35 -06:00 · 2025-01-30 09:40:21 +00:00 · 2025-01-30 09:40:21 +00:00 · aebb846327
commit aebb846327
parent 6f4cb2f14e
3 changed files with 146 additions and 22 deletions
--- a/internal/federation/dereferencing/account.go
+++ b/internal/federation/dereferencing/account.go
@ -639,7 +639,16 @@ func (d *Dereferencer) enrichAccount(
 				return nil, nil, gtserror.Newf("db error getting account after redirects: %w", err)
 			}

-			if alreadyAcc != nil {
+			switch {
+			case alreadyAcc == nil:
+				// nothing to do
+
+			case alreadyAcc.IsLocal():
+				// Request eventually redirected to a
+				// local account. Return it as-is here.
+				return alreadyAcc, nil, nil
+
+			default:
 				// We had this account stored
 				// under discovered final URI.
 				//
@ -718,12 +727,6 @@ func (d *Dereferencer) enrichAccount(
 		latestAcc.Username = cmp.Or(latestAcc.Username, accUsername)
 	}

-	if latestAcc.Domain == "" {
-		// Ensure we have a domain set by this point,
-		// otherwise it gets stored as a local user!
-		return nil, nil, gtserror.Newf("empty domain for %s", uri)
-	}
-
 	// Ensure the final parsed account URI matches
 	// the input URI we fetched (or received) it as.
 	if matches, err := util.URIMatches(
@ -740,10 +743,16 @@ func (d *Dereferencer) enrichAccount(
 	} else if !matches {
 		return nil, nil, gtserror.Newf(
 			"account uri %s does not match %s",
-			latestAcc.URI, uri.String(),
+			latestAcc.URI, uri,
 		)
 	}

+	// Ensure this isn't a local account,
+	// or a remote masquerading as such!
+	if latestAcc.IsLocal() {
+		return nil, nil, gtserror.Newf("cannot dereference local account %s", uri)
+	}
+
 	// Get current time.
 	now := time.Now()