Merge 8fec4048cd into 1959365c2f

app/models/account/field.rb

@@ -35,18 +35,15 @@ class Account::Field < ActiveModelSerializers::Model
   def verifiable?
     return false if value_for_verification.blank?
 
-    # This is slower than checking through a regular expression, but we
-    # need to confirm that it's not an IDN domain.
-
-    parsed_url = Addressable::URI.parse(value_for_verification)
+    # Raises on URLs not compliant with RFC 3986, including URLs with non-ASCII
+    # characters in hostname or path.
+    parsed_url = URI(value_for_verification).normalize
 
     ACCEPTED_SCHEMES.include?(parsed_url.scheme) &&
       parsed_url.user.nil? &&
       parsed_url.password.nil? &&
-      parsed_url.host.present? &&
-      parsed_url.normalized_host == parsed_url.host &&
-      (parsed_url.path.empty? || parsed_url.path == parsed_url.normalized_path)
-  rescue Addressable::URI::InvalidURIError, IDN::Idna::IdnaError
+      parsed_url.path == Addressable::URI.normalize_path(parsed_url.path)
+  rescue URI::InvalidURIError
     false
   end
 

spec/models/account/field_spec.rb

@@ -68,6 +68,14 @@ RSpec.describe Account::Field do
         end
       end
 
+      context 'with an HTTP URL' do
+        let(:value) { 'http://example.com' }
+
+        it 'returns false' do
+          expect(subject.verifiable?).to be false
+        end
+      end
+
       context 'with an IDN URL' do
         let(:value) { 'https://twitter.com∕dougallj∕status∕1590357240443437057.ê.cc/twitter.html' }