From 9cb690c70690bcebba69d3b66fb0b90e798d477d Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Wed, 16 Mar 2016 18:29:52 +0100
Subject: [PATCH] Access tokens no longer expire, case-insensitive local
 username validation, as well as case-insensitive Webfinger look-up

---
 app/controllers/xrd_controller.rb | 12 ++++++++----
 app/models/account.rb             |  7 ++++++-
 config/initializers/doorkeeper.rb |  2 +-
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/app/controllers/xrd_controller.rb b/app/controllers/xrd_controller.rb
index 2946e9999..fa67b2baa 100644
--- a/app/controllers/xrd_controller.rb
+++ b/app/controllers/xrd_controller.rb
@@ -6,7 +6,7 @@ class XrdController < ApplicationController
   end
 
   def webfinger
-    @account = Account.find_by!(username: username_from_resource, domain: nil)
+    @account = Account.find_local!(username_from_resource)
     @canonical_account_uri = "acct:#{@account.username}@#{Rails.configuration.x.local_domain}"
     @magic_key = pem_to_magic_key(@account.keypair.public_key)
   rescue ActiveRecord::RecordNotFound
@@ -21,10 +21,10 @@ class XrdController < ApplicationController
   end
 
   def username_from_resource
-    if params[:resource].start_with?('acct:')
-      params[:resource].split('@').first.gsub('acct:', '')
+    if resource_param.start_with?('acct:')
+      resource_param.split('@').first.gsub('acct:', '')
     else
-      url = Addressable::URI.parse(params[:resource])
+      url = Addressable::URI.parse(resource_param)
       url.path.gsub('/users/', '')
     end
   end
@@ -43,4 +43,8 @@ class XrdController < ApplicationController
 
     (["RSA"] + [modulus, exponent].map { |n| Base64.urlsafe_encode64(n) }).join('.')
   end
+
+  def resource_param
+    params.require(:resource)
+  end
 end
diff --git a/app/models/account.rb b/app/models/account.rb
index b3917e6e8..c92bb1574 100644
--- a/app/models/account.rb
+++ b/app/models/account.rb
@@ -1,7 +1,7 @@
 class Account < ActiveRecord::Base
   # Local users
   has_one :user, inverse_of: :account
-  validates :username, uniqueness: { scope: :domain }
+  validates :username, uniqueness: { scope: :domain, case_sensitive: false }
 
   # Avatar upload
   attr_reader :avatar_remote_url
@@ -97,6 +97,11 @@ class Account < ActiveRecord::Base
     self.username
   end
 
+  def self.find_local!(username)
+    table = self.arel_table
+    self.where(table[:username].matches(username)).where(domain: nil).take!
+  end
+
   before_create do
     if local?
       keypair = OpenSSL::PKey::RSA.new(Rails.env.test? ? 1024 : 2048)
diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
index f84f12378..f36445942 100644
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -23,7 +23,7 @@ Doorkeeper.configure do
 
   # Access token expiration time (default 2 hours).
   # If you want to disable expiration, set this to nil.
-  # access_token_expires_in nil
+  access_token_expires_in nil
 
   # Assign a custom TTL for implicit grants.
   # custom_access_token_expires_in do |oauth_client|