Skip to content

Fix malformed ActivityPub handles for email-based logins #2082

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: trunk
Choose a base branch
from
Open

Fix malformed ActivityPub handles for email-based logins #2082

wants to merge 6 commits into from

Conversation

obenland
Copy link
Member

Fixes #2070.

Proposed changes:

  • Modified get_preferred_username() method in includes/model/class-user.php to detect email-based logins and sanitize them using sanitize_title()
  • Added comprehensive test coverage in tests/includes/model/class-test-user.php to verify proper email username sanitization
  • Ensures ActivityPub handles are properly formatted as @[email protected] instead of malformed @[email protected]@domain.com

Other information:

  • Have you written new tests for your changes, if applicable?

Testing instructions:

Setup

  1. Install and activate the ActivityPub plugin in a WordPress test environment
  2. Install and configure Site Kit with Google authentication (or manually create a user with email-based login)

Test Case 1: Email-based Login from Site Kit

  1. Create a test user via Site Kit Google login, which typically creates a username like [email protected]
  2. Navigate to the user's ActivityPub profile page or use the webfinger endpoint
  3. Expected result: ActivityPub handle should be @[email protected]
  4. Previous buggy behavior: Handle was malformed as @[email protected]@yourdomain.com

Test Case 2: Manual Email-based Username

  1. Create a user with login name [email protected]
  2. Check their ActivityPub handle via webfinger or profile
  3. Expected result: Handle should be @[email protected]

Test Case 3: Normal Username (Regression Test)

  1. Create a user with normal login name normaluser
  2. Check their ActivityPub handle
  3. Expected result: Handle should be @[email protected] (unchanged behavior)

Test Case 4: Run Unit Tests

npm run env-test -- --filter=test_email_username_sanitization

Expected result: All tests should pass

Changelog entry

  • Automatically create a changelog entry from the details below.
Changelog Entry Details

Significance

  • Patch

Type

  • Fixed - for any bug fixes

Message

Fix malformed ActivityPub handles for users with email-based logins (e.g., from Site Kit Google authentication)

@obenland
Fix malformed ActivityPub handles for email-based logins
e1b9baa 
Sanitize email-based usernames (e.g., from Site Kit Google login) to prevent
malformed ActivityPub handles like @[email protected]@domain.com.

- Modified get_preferred_username() to detect and sanitize email logins
- Added comprehensive test coverage for email username sanitization
- Ensures proper webfinger format without double @ symbols

Fixes #2070.
@Copilot Copilot AI review requested due to automatic review settings August 19, 2025 17:20
@obenland obenland self-assigned this Aug 19, 2025
@obenland obenland requested a review from pfefferle August 19, 2025 17:20
Copilot
Copilot AI reviewed Aug 19, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes malformed ActivityPub handles for users with email-based login names, such as those created through Site Kit Google authentication. The issue occurred when usernames containing "@" symbols resulted in double "@" symbols in ActivityPub handles.

  • Modified get_preferred_username() to sanitize email-based usernames using sanitize_title()
  • Added comprehensive test coverage to verify proper email username sanitization
  • Ensures ActivityPub handles are properly formatted without malformed double "@" symbols

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
includes/model/class-user.php Modified get_preferred_username() to detect and sanitize email-based login names
tests/includes/model/class-test-user.php Added comprehensive test cases for email username sanitization scenarios

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@obenland
Add global namespace to str_contains in User model
5eeb2ed 
Prefixed str_contains with a backslash to ensure the global PHP function is used, preventing potential issues with overridden or namespaced functions.
@obenland
Merge branch 'fix/email-username-sanitization' of https://github.com/…
e89eb14 
…Automattic/wordpress-activitypub into fix/email-username-sanitization
@obenland
Fix code style alignment in test
1a3d797 
Fix PHPCS alignment warnings for variable assignments.
@Jiwoon-Kim
Copy link

Jiwoon-Kim commented Aug 19, 2025
edited
Loading

If the administrator creates a new account using a Google email address but sets the username in a non-email format (a regular ID instead of an email), and then links it via Sign in with Google, this bug can be bypassed.

Honestly, I’m not entirely sure whether this should be debugged on the ActivityPub side, or if it’s something that Site Kit should address by changing how it handles email-based username creation.

If my memory serves me correctly, Misskey prevents users from creating accounts with email-style IDs at signup (or at least explicitly instructs users not to enter them).

However, since the author page ID for email-based accounts does not include special characters, this fix still seems to have some value.

@Jiwoon-Kim Jiwoon-Kim mentioned this pull request Aug 19, 2025
Open
@Jiwoon-Kim
Copy link

Jiwoon-Kim commented Aug 19, 2025
edited
Loading

The profile URL is generated as:
https://travel-in-busan.com/author/kimjiwoon75gmail-com/

To maintain consistency with the ActivityPub handle, instead of replacing @ with a hyphen, the @ should be omitted entirely.

👉 Desired format:
@[email protected]

is not very “clean” as a username.

It may be worth considering a redirect mechanism in the future so that such legacy usernames can point to a cleaner, newly chosen identifier.

Of course, this would also require solving the name collision problem (e.g., if two users try to adopt the same “cleaned” username).

👉 In practice, this would mean:

Keep the legacy handle for backwards compatibility.

Allow the user/admin to register a new canonical handle.

Set up a redirect/alias system so that old mentions and followers still resolve correctly.

This should be addressed together with the ability for users to edit their blog profile handle. For example, mechanisms that allow arbitrary manipulation of the handle—such as using the posts page slug as the handle—should be prevented. The goal is to maintain consistency and integrity of ActivityPub handles across posts and profiles.

@obenland
Fix email username sanitization logic
a49da59 
Use explicit string replacement instead of sanitize_title()
to ensure dots are converted to dashes as expected by tests.
Also use filter_var() for proper email validation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@pfefferle pfefferle Awaiting requested review from pfefferle

Assignees

@obenland obenland

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ActivityPub Handle Format Issue with Google Login
3 participants
@obenland @Jiwoon-Kim @matticbot