summaryrefslogtreecommitdiff
path: root/packages/backend/src/server/WellKnownServerService.ts
diff options
context:
space:
mode:
Diffstat (limited to 'packages/backend/src/server/WellKnownServerService.ts')
-rw-r--r--packages/backend/src/server/WellKnownServerService.ts10
1 files changed, 7 insertions, 3 deletions
diff --git a/packages/backend/src/server/WellKnownServerService.ts b/packages/backend/src/server/WellKnownServerService.ts
index f48310c50f..5770aac73b 100644
--- a/packages/backend/src/server/WellKnownServerService.ts
+++ b/packages/backend/src/server/WellKnownServerService.ts
@@ -136,12 +136,16 @@ fastify.get('/.well-known/change-password', async (request, reply) => {
resource.startsWith('acct:') ? resource.slice('acct:'.length) :
resource));
- const fromAcct = (acct: Acct.Acct): FindOptionsWhere<MiUser> | number =>
- !acct.host || acct.host === this.config.host.toLowerCase() ? {
+ const fromAcct = (acct: Acct.Acct): FindOptionsWhere<MiUser> | number => {
+ if (acct.host && acct.host !== this.config.host.toLowerCase() && !this.config.allowedHosts.includes(acct.host))
+ return 422;
+
+ return {
usernameLower: acct.username.toLowerCase(),
host: IsNull(),
isSuspended: false,
- } : 422;
+ }
+ }
if (typeof request.query.resource !== 'string') {
reply.code(400);
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-03 02:20:37 +0000