Merge remote-tracking branch 'origin/develop' into shigusegubu

* origin/develop: Fix bookmarks depending on embeded object and move checking if the status is bookmarked to SQL update pleroma frontend tests: fix up for changed bbcode library output and verify html is properly escaped add support for bbcode mix: add bbcode dependency update Changelog Add mediaproxy whitelist capability Move settings to Source subentity test fixes fixes for tests migration without using old field name unused removing useless transaction migration optimization changelog file update favourites add bookmark display migrate user.bookmarks to separate table bookmarks in separate table activitypub: transmogrifier: send reject follow if following does not succeed Fix leaking private configuration parameters in Mastodon and Twitter APIs, and add new configuration parameters to Mastodon API
2019-04-28 18:29:15 +03:00 · 2019-04-28 18:29:15 +03:00 · 10d743e46a
commit 10d743e46a
parent 5015d517d0 f2a4156d49
62 changed files with 763 additions and 295 deletions
--- a/lib/pleroma/bookmark.ex
+++ b/lib/pleroma/bookmark.ex
@ -0,0 +1,60 @@
+defmodule Pleroma.Bookmark do
+  use Ecto.Schema
+
+  import Ecto.Changeset
+  import Ecto.Query
+
+  alias Pleroma.Activity
+  alias Pleroma.Bookmark
+  alias Pleroma.FlakeId
+  alias Pleroma.Repo
+  alias Pleroma.User
+
+  @type t :: %__MODULE__{}
+
+  schema "bookmarks" do
+    belongs_to(:user, User, type: FlakeId)
+    belongs_to(:activity, Activity, type: FlakeId)
+
+    timestamps()
+  end
+
+  @spec create(FlakeId.t(), FlakeId.t()) :: {:ok, Bookmark.t()} | {:error, Changeset.t()}
+  def create(user_id, activity_id) do
+    attrs = %{
+      user_id: user_id,
+      activity_id: activity_id
+    }
+
+    %Bookmark{}
+    |> cast(attrs, [:user_id, :activity_id])
+    |> validate_required([:user_id, :activity_id])
+    |> unique_constraint(:activity_id, name: :bookmarks_user_id_activity_id_index)
+    |> Repo.insert()
+  end
+
+  @spec for_user_query(FlakeId.t()) :: Ecto.Query.t()
+  def for_user_query(user_id) do
+    Bookmark
+    |> where(user_id: ^user_id)
+    |> join(:inner, [b], activity in assoc(b, :activity))
+    |> preload([b, a], activity: a)
+  end
+
+  def get(user_id, activity_id) do
+    Bookmark
+    |> where(user_id: ^user_id)
+    |> where(activity_id: ^activity_id)
+    |> Repo.one()
+  end
+
+  @spec destroy(FlakeId.t(), FlakeId.t()) :: {:ok, Bookmark.t()} | {:error, Changeset.t()}
+  def destroy(user_id, activity_id) do
+    from(b in Bookmark,
+      where: b.user_id == ^user_id,
+      where: b.activity_id == ^activity_id
+    )
+    |> Repo.one()
+    |> Repo.delete()
+  end
+end
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@ -10,6 +10,7 @@ defmodule Pleroma.User do

  alias Comeonin.Pbkdf2
  alias Pleroma.Activity
+  alias Pleroma.Bookmark
  alias Pleroma.Formatter
  alias Pleroma.Notification
  alias Pleroma.Object
@ -53,8 +54,8 @@ defmodule Pleroma.User do
    field(:search_rank, :float, virtual: true)
    field(:search_type, :integer, virtual: true)
    field(:tags, {:array, :string}, default: [])
-    field(:bookmarks, {:array, :string}, default: [])
    field(:last_refreshed_at, :naive_datetime_usec)
+    has_many(:bookmarks, Bookmark)
    has_many(:notifications, Notification)
    has_many(:registrations, Registration)
    embeds_one(:info, Pleroma.User.Info)
@ -1379,22 +1380,6 @@ defmodule Pleroma.User do
    updated_user
  end

-  def bookmark(%User{} = user, status_id) do
-    bookmarks = Enum.uniq(user.bookmarks ++ [status_id])
-    update_bookmarks(user, bookmarks)
-  end
-
-  def unbookmark(%User{} = user, status_id) do
-    bookmarks = Enum.uniq(user.bookmarks -- [status_id])
-    update_bookmarks(user, bookmarks)
-  end
-
-  def update_bookmarks(%User{} = user, bookmarks) do
-    user
-    |> change(%{bookmarks: bookmarks})
-    |> update_and_set_cache
-  end
-
  defp normalize_tags(tags) do
    [tags]
    |> List.flatten()
--- a/lib/pleroma/user/info.ex
+++ b/lib/pleroma/user/info.ex
@ -227,14 +227,6 @@ defmodule Pleroma.User.Info do
    cast(info, params, [:confirmation_pending, :confirmation_token])
  end

-  def mastodon_profile_update(info, params) do
-    info
-    |> cast(params, [
-      :locked,
-      :banner
-    ])
-  end
-
  def mastodon_settings_update(info, settings) do
    params = %{settings: settings}

--- a/lib/pleroma/web/activity_pub/transmogrifier.ex
+++ b/lib/pleroma/web/activity_pub/transmogrifier.ex
@ -438,20 +438,46 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
    with %User{local: true} = followed <- User.get_cached_by_ap_id(followed),
         %User{} = follower <- User.get_or_fetch_by_ap_id(follower),
         {:ok, activity} <- ActivityPub.follow(follower, followed, id, false) do
-      if not User.locked?(followed) do
+      with deny_follow_blocked <- Pleroma.Config.get([:user, :deny_follow_blocked]),
+           {:user_blocked, false} <-
+             {:user_blocked, User.blocks?(followed, follower) && deny_follow_blocked},
+           {:user_locked, false} <- {:user_locked, User.locked?(followed)},
+           {:follow, {:ok, follower}} <- {:follow, User.follow(follower, followed)} do
        ActivityPub.accept(%{
          to: [follower.ap_id],
          actor: followed,
          object: data,
          local: true
        })
+      else
+        {:user_blocked, true} ->
+          {:ok, _} = Utils.update_follow_state(activity, "reject")

-        User.follow(follower, followed)
+          ActivityPub.reject(%{
+            to: [follower.ap_id],
+            actor: followed,
+            object: data,
+            local: true
+          })
+
+        {:follow, {:error, _}} ->
+          {:ok, _} = Utils.update_follow_state(activity, "reject")
+
+          ActivityPub.reject(%{
+            to: [follower.ap_id],
+            actor: followed,
+            object: data,
+            local: true
+          })
+
+        {:user_locked, true} ->
+          :noop
      end

      {:ok, activity}
    else
-      _e -> :error
+      _e ->
+        :error
    end
  end

--- a/lib/pleroma/web/common_api/common_api.ex
+++ b/lib/pleroma/web/common_api/common_api.ex
@ -4,6 +4,7 @@

 defmodule Pleroma.Web.CommonAPI do
  alias Pleroma.Activity
+  alias Pleroma.Bookmark
  alias Pleroma.Formatter
  alias Pleroma.Object
  alias Pleroma.ThreadMute
@ -282,6 +283,15 @@ defmodule Pleroma.Web.CommonAPI do
    end
  end

+  def bookmarked?(user, activity) do
+    with %Bookmark{} <- Bookmark.get(user.id, activity.id) do
+      true
+    else
+      _ ->
+        false
+    end
+  end
+
  def report(user, data) do
    with {:account_id, %{"account_id" => account_id}} <- {:account_id, data},
         {:account, %User{} = account} <- {:account, User.get_cached_by_id(account_id)},
--- a/lib/pleroma/web/common_api/utils.ex
+++ b/lib/pleroma/web/common_api/utils.ex
@ -182,6 +182,18 @@ defmodule Pleroma.Web.CommonAPI.Utils do
        end).()
  end

+  @doc """
+  Formatting text as BBCode.
+  """
+  def format_input(text, "text/bbcode", options) do
+    text
+    |> String.replace(~r/\r/, "")
+    |> Formatter.html_escape("text/plain")
+    |> BBCode.to_html()
+    |> (fn {:ok, html} -> html end).()
+    |> Formatter.linkify(options)
+  end
+
  @doc """
  Formatting text to html.
  """
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@ -6,6 +6,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
  use Pleroma.Web, :controller
  alias Ecto.Changeset
  alias Pleroma.Activity
+  alias Pleroma.Bookmark
  alias Pleroma.Config
  alias Pleroma.Filter
  alias Pleroma.Notification
@ -35,7 +36,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
  alias Pleroma.Web.OAuth.Authorization
  alias Pleroma.Web.OAuth.Token

-  import Pleroma.Web.ControllerHelper, only: [oauth_scopes: 2]
+  alias Pleroma.Web.ControllerHelper
  import Ecto.Query

  require Logger
@ -46,7 +47,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
  action_fallback(:errors)

  def create_app(conn, params) do
-    scopes = oauth_scopes(params, ["read"])
+    scopes = ControllerHelper.oauth_scopes(params, ["read"])

    app_attrs =
      params
@ -96,8 +97,12 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
      end)

    info_params =
-      %{}
-      |> add_if_present(params, "locked", :locked, fn value -> {:ok, value == "true"} end)
+      [:no_rich_text, :locked, :hide_followers, :hide_follows, :hide_favorites, :show_role]
+      |> Enum.reduce(%{}, fn key, acc ->
+        add_if_present(acc, params, to_string(key), key, fn value ->
+          {:ok, ControllerHelper.truthy_param?(value)}
+        end)
+      end)
      |> add_if_present(params, "header", :banner, fn value ->
        with %Plug.Upload{} <- value,
             {:ok, object} <- ActivityPub.upload(value, type: :banner) do
@ -107,7 +112,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
        end
      end)

-    info_cng = User.Info.mastodon_profile_update(user.info, info_params)
+    info_cng = User.Info.profile_update(user.info, info_params)

    with changeset <- User.update_changeset(user, user_params),
         changeset <- Ecto.Changeset.put_embed(changeset, :info, info_cng),
@ -279,6 +284,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
      |> ActivityPub.contain_timeline(user)
      |> Enum.reverse()

+    user = Repo.preload(user, bookmarks: :activity)
+
    conn
    |> add_link_headers(:home_timeline, activities)
    |> put_view(StatusView)
@ -297,6 +304,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
      |> ActivityPub.fetch_public_activities()
      |> Enum.reverse()

+    user = Repo.preload(user, bookmarks: :activity)
+
    conn
    |> add_link_headers(:public_timeline, activities, false, %{"local" => local_only})
    |> put_view(StatusView)
@ -304,7 +313,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
  end

  def user_statuses(%{assigns: %{user: reading_user}} = conn, params) do
-    with %User{} = user <- User.get_cached_by_id(params["id"]) do
+    with %User{} = user <- User.get_cached_by_id(params["id"]),
+         reading_user <- Repo.preload(reading_user, :bookmarks) do
      activities = ActivityPub.fetch_user_activities(user, reading_user, params)

      conn
@ -331,6 +341,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
      |> ActivityPub.fetch_activities_query(params)
      |> Pagination.fetch_paginated(params)

+    user = Repo.preload(user, bookmarks: :activity)
+
    conn
    |> add_link_headers(:dm_timeline, activities)
    |> put_view(StatusView)
@ -340,6 +352,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
  def get_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do
    with %Activity{} = activity <- Activity.get_by_id_with_object(id),
         true <- Visibility.visible_for_user?(activity, user) do
+      user = Repo.preload(user, bookmarks: :activity)
+
      conn
      |> put_view(StatusView)
      |> try_render("status.json", %{activity: activity, for: user})
@ -489,6 +503,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
  def reblog_status(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do
    with {:ok, announce, _activity} <- CommonAPI.repeat(ap_id_or_id, user),
         %Activity{} = announce <- Activity.normalize(announce.data) do
+      user = Repo.preload(user, bookmarks: :activity)
+
      conn
      |> put_view(StatusView)
      |> try_render("status.json", %{activity: announce, for: user, as: :activity})
@ -498,6 +514,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
  def unreblog_status(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do
    with {:ok, _unannounce, %{data: %{"id" => id}}} <- CommonAPI.unrepeat(ap_id_or_id, user),
         %Activity{} = activity <- Activity.get_create_by_object_ap_id_with_object(id) do
+      user = Repo.preload(user, bookmarks: :activity)
+
      conn
      |> put_view(StatusView)
      |> try_render("status.json", %{activity: activity, for: user, as: :activity})
@ -545,10 +563,11 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do

  def bookmark_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do
    with %Activity{} = activity <- Activity.get_by_id_with_object(id),
-         %Object{} = object <- Object.normalize(activity),
         %User{} = user <- User.get_cached_by_nickname(user.nickname),
         true <- Visibility.visible_for_user?(activity, user),
-         {:ok, user} <- User.bookmark(user, object.data["id"]) do
+         {:ok, _bookmark} <- Bookmark.create(user.id, activity.id) do
+      user = Repo.preload(user, bookmarks: :activity)
+
      conn
      |> put_view(StatusView)
      |> try_render("status.json", %{activity: activity, for: user, as: :activity})
@ -557,10 +576,11 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do

  def unbookmark_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do
    with %Activity{} = activity <- Activity.get_by_id_with_object(id),
-         %Object{} = object <- Object.normalize(activity),
         %User{} = user <- User.get_cached_by_nickname(user.nickname),
         true <- Visibility.visible_for_user?(activity, user),
-         {:ok, user} <- User.unbookmark(user, object.data["id"]) do
+         {:ok, _bookmark} <- Bookmark.destroy(user.id, activity.id) do
+      user = Repo.preload(user, bookmarks: :activity)
+
      conn
      |> put_view(StatusView)
      |> try_render("status.json", %{activity: activity, for: user, as: :activity})
@ -1081,6 +1101,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
      ActivityPub.fetch_activities([], params)
      |> Enum.reverse()

+    user = Repo.preload(user, bookmarks: :activity)
+
    conn
    |> add_link_headers(:favourites, activities)
    |> put_view(StatusView)
@ -1124,15 +1146,20 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
    end
  end

-  def bookmarks(%{assigns: %{user: user}} = conn, _) do
+  def bookmarks(%{assigns: %{user: user}} = conn, params) do
    user = User.get_cached_by_id(user.id)
+    user = Repo.preload(user, bookmarks: :activity)
+
+    bookmarks =
+      Bookmark.for_user_query(user.id)
+      |> Pagination.fetch_paginated(params)

    activities =
-      user.bookmarks
-      |> Enum.map(fn id -> Activity.get_create_by_object_ap_id(id) end)
-      |> Enum.reverse()
+      bookmarks
+      |> Enum.map(fn b -> b.activity end)

    conn
+    |> add_link_headers(:bookmarks, bookmarks)
    |> put_view(StatusView)
    |> render("index.json", %{activities: activities, for: user, as: :activity})
  end
@ -1238,6 +1265,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
        |> ActivityPub.fetch_activities_bounded(following, params)
        |> Enum.reverse()

+      user = Repo.preload(user, bookmarks: :activity)
+
      conn
      |> put_view(StatusView)
      |> render("index.json", %{activities: activities, for: user, as: :activity})
--- a/lib/pleroma/web/mastodon_api/views/account_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/account_view.ex
@ -113,21 +113,23 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
      bot: bot,
      source: %{
        note: "",
-        privacy: user_info.default_scope,
-        sensitive: false
+        sensitive: false,
+        pleroma: %{}
      },

      # Pleroma extension
-      pleroma:
-        %{
-          confirmation_pending: user_info.confirmation_pending,
-          tags: user.tags,
-          is_moderator: user.info.is_moderator,
-          is_admin: user.info.is_admin,
-          relationship: relationship
-        }
-        |> with_notification_settings(user, opts[:for])
+      pleroma: %{
+        confirmation_pending: user_info.confirmation_pending,
+        tags: user.tags,
+        hide_followers: user.info.hide_followers,
+        hide_follows: user.info.hide_follows,
+        hide_favorites: user.info.hide_favorites,
+        relationship: relationship
+      }
    }
+    |> maybe_put_role(user, opts[:for])
+    |> maybe_put_settings(user, opts[:for], user_info)
+    |> maybe_put_notification_settings(user, opts[:for])
  end

  defp username_from_nickname(string) when is_binary(string) do
@ -136,9 +138,37 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do

  defp username_from_nickname(_), do: nil

-  defp with_notification_settings(data, %User{id: user_id} = user, %User{id: user_id}) do
-    Map.put(data, :notification_settings, user.info.notification_settings)
+  defp maybe_put_settings(
+         data,
+         %User{id: user_id} = user,
+         %User{id: user_id},
+         user_info
+       ) do
+    data
+    |> Kernel.put_in([:source, :privacy], user_info.default_scope)
+    |> Kernel.put_in([:source, :pleroma, :show_role], user.info.show_role)
+    |> Kernel.put_in([:source, :pleroma, :no_rich_text], user.info.no_rich_text)
  end

-  defp with_notification_settings(data, _, _), do: data
+  defp maybe_put_settings(data, _, _, _), do: data
+
+  defp maybe_put_role(data, %User{info: %{show_role: true}} = user, _) do
+    data
+    |> Kernel.put_in([:pleroma, :is_admin], user.info.is_admin)
+    |> Kernel.put_in([:pleroma, :is_moderator], user.info.is_moderator)
+  end
+
+  defp maybe_put_role(data, %User{id: user_id} = user, %User{id: user_id}) do
+    data
+    |> Kernel.put_in([:pleroma, :is_admin], user.info.is_admin)
+    |> Kernel.put_in([:pleroma, :is_moderator], user.info.is_moderator)
+  end
+
+  defp maybe_put_role(data, _, _), do: data
+
+  defp maybe_put_notification_settings(data, %User{id: user_id} = user, %User{id: user_id}) do
+    Kernel.put_in(data, [:pleroma, :notification_settings], user.info.notification_settings)
+  end
+
+  defp maybe_put_notification_settings(data, _, _), do: data
 end
--- a/lib/pleroma/web/mastodon_api/views/status_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/status_view.ex
@ -85,7 +85,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do

    activity_object = Object.normalize(activity)
    favorited = opts[:for] && opts[:for].ap_id in (activity_object.data["likes"] || [])
-    bookmarked = opts[:for] && activity_object.data["id"] in opts[:for].bookmarks
+
+    bookmarked = opts[:for] && CommonAPI.bookmarked?(opts[:for], reblogged_activity)

    mentions =
      activity.recipients
@ -148,7 +149,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do

    favorited = opts[:for] && opts[:for].ap_id in (object.data["likes"] || [])

-    bookmarked = opts[:for] && object.data["id"] in opts[:for].bookmarks
+    bookmarked = opts[:for] && CommonAPI.bookmarked?(opts[:for], activity)

    attachment_data = object.data["attachment"] || []
    attachments = render_many(attachment_data, StatusView, "attachment.json", as: :attachment)
--- a/lib/pleroma/web/media_proxy/media_proxy.ex
+++ b/lib/pleroma/web/media_proxy/media_proxy.ex
@ -13,32 +13,44 @@ defmodule Pleroma.Web.MediaProxy do

  def url(url) do
    config = Application.get_env(:pleroma, :media_proxy, [])
+    domain = URI.parse(url).host

-    if !Keyword.get(config, :enabled, false) or String.starts_with?(url, Pleroma.Web.base_url()) do
-      url
-    else
-      secret = Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base]
-
-      # Must preserve `%2F` for compatibility with S3
-      # https://git.pleroma.social/pleroma/pleroma/issues/580
-      replacement = get_replacement(url, ":2F:")
-
-      # The URL is url-decoded and encoded again to ensure it is correctly encoded and not twice.
-      base64 =
+    cond do
+      !Keyword.get(config, :enabled, false) or String.starts_with?(url, Pleroma.Web.base_url()) ->
        url
-        |> String.replace("%2F", replacement)
-        |> URI.decode()
-        |> URI.encode()
-        |> String.replace(replacement, "%2F")
-        |> Base.url_encode64(@base64_opts)

-      sig = :crypto.hmac(:sha, secret, base64)
-      sig64 = sig |> Base.url_encode64(@base64_opts)
+      Enum.any?(Pleroma.Config.get([:media_proxy, :whitelist]), fn pattern ->
+        String.equivalent?(domain, pattern)
+      end) ->
+        url

-      build_url(sig64, base64, filename(url))
+      true ->
+        encode_url(url)
    end
  end

+  def encode_url(url) do
+    secret = Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base]
+
+    # Must preserve `%2F` for compatibility with S3
+    # https://git.pleroma.social/pleroma/pleroma/issues/580
+    replacement = get_replacement(url, ":2F:")
+
+    # The URL is url-decoded and encoded again to ensure it is correctly encoded and not twice.
+    base64 =
+      url
+      |> String.replace("%2F", replacement)
+      |> URI.decode()
+      |> URI.encode()
+      |> String.replace(replacement, "%2F")
+      |> Base.url_encode64(@base64_opts)
+
+    sig = :crypto.hmac(:sha, secret, base64)
+    sig64 = sig |> Base.url_encode64(@base64_opts)
+
+    build_url(sig64, base64, filename(url))
+  end
+
  def decode_url(sig, url) do
    secret = Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base]
    sig = Base.url_decode64!(sig, @base64_opts)
--- a/lib/pleroma/web/twitter_api/views/user_view.ex
+++ b/lib/pleroma/web/twitter_api/views/user_view.ex
@ -74,52 +74,48 @@ defmodule Pleroma.Web.TwitterAPI.UserView do
      |> Enum.filter(fn %{"type" => t} -> t == "PropertyValue" end)
      |> Enum.map(fn fields -> Map.take(fields, ["name", "value"]) end)

-    data = %{
-      "created_at" => user.inserted_at |> Utils.format_naive_asctime(),
-      "description" => HTML.strip_tags((user.bio || "") |> String.replace("<br>", "\n")),
-      "description_html" => HTML.filter_tags(user.bio, User.html_filter_policy(for_user)),
-      "favourites_count" => 0,
-      "followers_count" => user_info[:follower_count],
-      "following" => following,
-      "follows_you" => follows_you,
-      "statusnet_blocking" => statusnet_blocking,
-      "friends_count" => user_info[:following_count],
-      "id" => user.id,
-      "name" => user.name || user.nickname,
-      "name_html" =>
-        if(user.name,
-          do: HTML.strip_tags(user.name) |> Formatter.emojify(emoji),
-          else: user.nickname
-        ),
-      "profile_image_url" => image,
-      "profile_image_url_https" => image,
-      "profile_image_url_profile_size" => image,
-      "profile_image_url_original" => image,
-      "rights" => %{
-        "delete_others_notice" => !!user.info.is_moderator,
-        "admin" => !!user.info.is_admin
-      },
-      "screen_name" => user.nickname,
-      "statuses_count" => user_info[:note_count],
-      "statusnet_profile_url" => user.ap_id,
-      "cover_photo" => User.banner_url(user) |> MediaProxy.url(),
-      "background_image" => image_url(user.info.background) |> MediaProxy.url(),
-      "is_local" => user.local,
-      "locked" => user.info.locked,
-      "default_scope" => user.info.default_scope,
-      "no_rich_text" => user.info.no_rich_text,
-      "hide_followers" => user.info.hide_followers,
-      "hide_follows" => user.info.hide_follows,
-      "fields" => fields,
+    data =
+      %{
+        "created_at" => user.inserted_at |> Utils.format_naive_asctime(),
+        "description" => HTML.strip_tags((user.bio || "") |> String.replace("<br>", "\n")),
+        "description_html" => HTML.filter_tags(user.bio, User.html_filter_policy(for_user)),
+        "favourites_count" => 0,
+        "followers_count" => user_info[:follower_count],
+        "following" => following,
+        "follows_you" => follows_you,
+        "statusnet_blocking" => statusnet_blocking,
+        "friends_count" => user_info[:following_count],
+        "id" => user.id,
+        "name" => user.name || user.nickname,
+        "name_html" =>
+          if(user.name,
+            do: HTML.strip_tags(user.name) |> Formatter.emojify(emoji),
+            else: user.nickname
+          ),
+        "profile_image_url" => image,
+        "profile_image_url_https" => image,
+        "profile_image_url_profile_size" => image,
+        "profile_image_url_original" => image,
+        "screen_name" => user.nickname,
+        "statuses_count" => user_info[:note_count],
+        "statusnet_profile_url" => user.ap_id,
+        "cover_photo" => User.banner_url(user) |> MediaProxy.url(),
+        "background_image" => image_url(user.info.background) |> MediaProxy.url(),
+        "is_local" => user.local,
+        "locked" => user.info.locked,
+        "hide_followers" => user.info.hide_followers,
+        "hide_follows" => user.info.hide_follows,
+        "fields" => fields,

-      # Pleroma extension
-      "pleroma" =>
-        %{
-          "confirmation_pending" => user_info.confirmation_pending,
-          "tags" => user.tags
-        }
-        |> maybe_with_activation_status(user, for_user)
-    }
+        # Pleroma extension
+        "pleroma" =>
+          %{
+            "confirmation_pending" => user_info.confirmation_pending,
+            "tags" => user.tags
+          }
+          |> maybe_with_activation_status(user, for_user)
+      }
+      |> maybe_with_user_settings(user, for_user)

    data =
      if(user.info.is_admin || user.info.is_moderator,
@ -141,15 +137,35 @@ defmodule Pleroma.Web.TwitterAPI.UserView do
  defp maybe_with_activation_status(data, _, _), do: data

  defp maybe_with_role(data, %User{id: id} = user, %User{id: id}) do
-    Map.merge(data, %{"role" => role(user), "show_role" => user.info.show_role})
+    Map.merge(data, %{
+      "role" => role(user),
+      "show_role" => user.info.show_role,
+      "rights" => %{
+        "delete_others_notice" => !!user.info.is_moderator,
+        "admin" => !!user.info.is_admin
+      }
+    })
  end

  defp maybe_with_role(data, %User{info: %{show_role: true}} = user, _user) do
-    Map.merge(data, %{"role" => role(user)})
+    Map.merge(data, %{
+      "role" => role(user),
+      "rights" => %{
+        "delete_others_notice" => !!user.info.is_moderator,
+        "admin" => !!user.info.is_admin
+      }
+    })
  end

  defp maybe_with_role(data, _, _), do: data

+  defp maybe_with_user_settings(data, %User{info: info, id: id} = _user, %User{id: id}) do
+    data
+    |> Kernel.put_in(["default_scope"], info.default_scope)
+    |> Kernel.put_in(["no_rich_text"], info.no_rich_text)
+  end
+
+  defp maybe_with_user_settings(data, _, _), do: data
  defp role(%User{info: %{:is_admin => true}}), do: "admin"
  defp role(%User{info: %{:is_moderator => true}}), do: "moderator"
  defp role(_), do: "member"