Merge remote-tracking branch 'origin/develop' into status-notification-type

Signed-off-by: marcin mikołajczak <git@mkljczk.pl>

test/pleroma/web/mastodon_api/controllers/account_controller_test.exs

@@ -18,6 +18,11 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
 
   import Pleroma.Factory
 
+  setup do
+    Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Config)
+    :ok
+  end
+
   describe "account fetching" do
     test "works by id" do
       %User{id: user_id} = insert(:user)
@@ -1355,7 +1360,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
       assert user.registration_reason == "I'm a cool dude, bro"
     end
 
-    test "returns error when user already registred", %{conn: conn, valid_params: valid_params} do
+    test "returns error when user already registered", %{conn: conn, valid_params: valid_params} do
       _user = insert(:user, email: "lain@example.org")
       app_token = insert(:oauth_token, user: nil)
 
@@ -1490,7 +1495,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
         |> Plug.Conn.put_req_header("authorization", "Bearer " <> token)
         |> put_req_header("content-type", "multipart/form-data")
         |> post("/api/v1/accounts", %{
-          nickname: "nickanme",
+          nickname: "nickname",
           agreement: true,
           email: "email@example.com",
           fullname: "Lain",
@@ -1776,7 +1781,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
       assert %{language: "ru_RU"} = Pleroma.User.get_by_nickname("foo")
     end
 
-    test "createing an account without language parameter should fallback to cookie/header language",
+    test "creating an account without language parameter should fallback to cookie/header language",
          %{conn: conn} do
       params = %{
         username: "foo2",
@@ -2031,6 +2036,39 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
     assert [%{"id" => ^id1}] = result
   end
 
+  test "list of blocks with with_relationships parameter" do
+    %{user: user, conn: conn} = oauth_access(["read:blocks"])
+    %{id: id1} = other_user1 = insert(:user)
+    %{id: id2} = other_user2 = insert(:user)
+    %{id: id3} = other_user3 = insert(:user)
+
+    {:ok, _, _} = User.follow(other_user1, user)
+    {:ok, _, _} = User.follow(other_user2, user)
+    {:ok, _, _} = User.follow(other_user3, user)
+
+    {:ok, _} = User.block(user, other_user1)
+    {:ok, _} = User.block(user, other_user2)
+    {:ok, _} = User.block(user, other_user3)
+
+    assert [
+             %{
+               "id" => ^id3,
+               "pleroma" => %{"relationship" => %{"blocking" => true, "followed_by" => false}}
+             },
+             %{
+               "id" => ^id2,
+               "pleroma" => %{"relationship" => %{"blocking" => true, "followed_by" => false}}
+             },
+             %{
+               "id" => ^id1,
+               "pleroma" => %{"relationship" => %{"blocking" => true, "followed_by" => false}}
+             }
+           ] =
+             conn
+             |> get("/api/v1/blocks?with_relationships=true")
+             |> json_response_and_validate_schema(200)
+  end
+
   test "account lookup", %{conn: conn} do
     %{nickname: acct} = insert(:user, %{nickname: "nickname"})
     %{nickname: acct_two} = insert(:user, %{nickname: "nickname@notlocaldoma.in"})

test/pleroma/web/mastodon_api/controllers/directory_controller_test.exs

@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.MastodonAPI.DirectoryControllerTest do
-  use Pleroma.Web.ConnCase, async: true
+  use Pleroma.Web.ConnCase
   alias Pleroma.Web.CommonAPI
   import Pleroma.Factory
 

test/pleroma/web/mastodon_api/controllers/instance_controller_test.exs

@@ -106,4 +106,11 @@ defmodule Pleroma.Web.MastodonAPI.InstanceControllerTest do
              |> get("/api/v1/instance")
              |> json_response_and_validate_schema(200)
   end
+
+  test "get instance information v2", %{conn: conn} do
+    clear_config([:auth, :oauth_consumer_strategies], [])
+
+    assert get(conn, "/api/v2/instance")
+           |> json_response_and_validate_schema(200)
+  end
 end

test/pleroma/web/mastodon_api/controllers/media_controller_test.exs

@@ -6,8 +6,10 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do
   use Pleroma.Web.ConnCase
 
   import ExUnit.CaptureLog
+  import Mox
 
   alias Pleroma.Object
+  alias Pleroma.UnstubbedConfigMock, as: ConfigMock
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ActivityPub
 
@@ -15,6 +17,9 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do
     setup do: oauth_access(["write:media"])
 
     setup do
+      ConfigMock
+      |> stub_with(Pleroma.Test.StaticConfig)
+
       image = %Plug.Upload{
         content_type: "image/jpeg",
         path: Path.absname("test/fixtures/image.jpg"),
@@ -122,12 +127,32 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do
 
       assert :ok == File.rm(Path.absname("test/tmp/large_binary.data"))
     end
+
+    test "Do not allow nested filename", %{conn: conn, image: image} do
+      image = %Plug.Upload{
+        image
+        | filename: "../../../../../nested/file.jpg"
+      }
+
+      desc = "Description of the image"
+
+      media =
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> post("/api/v1/media", %{"file" => image, "description" => desc})
+        |> json_response_and_validate_schema(:ok)
+
+      refute Regex.match?(~r"/nested/", media["url"])
+    end
   end
 
   describe "Update media description" do
     setup do: oauth_access(["write:media"])
 
     setup %{user: actor} do
+      ConfigMock
+      |> stub_with(Pleroma.Test.StaticConfig)
+
       file = %Plug.Upload{
         content_type: "image/jpeg",
         path: Path.absname("test/fixtures/image.jpg"),
@@ -160,6 +185,9 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do
     setup do: oauth_access(["read:media"])
 
     setup %{user: actor} do
+      ConfigMock
+      |> stub_with(Pleroma.Test.StaticConfig)
+
       file = %Plug.Upload{
         content_type: "image/jpeg",
         path: Path.absname("test/fixtures/image.jpg"),

test/pleroma/web/mastodon_api/controllers/notification_controller_test.exs

@@ -12,6 +12,11 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
 
   import Pleroma.Factory
 
+  setup do
+    Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Config)
+    :ok
+  end
+
   test "does NOT render account/pleroma/relationship by default" do
     %{user: user, conn: conn} = oauth_access(["read:notifications"])
     other_user = insert(:user)

test/pleroma/web/mastodon_api/controllers/scheduled_activity_controller_test.exs

@@ -3,15 +3,25 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.MastodonAPI.ScheduledActivityControllerTest do
-  use Pleroma.Web.ConnCase
+  use Pleroma.Web.ConnCase, async: true
 
   alias Pleroma.Repo
   alias Pleroma.ScheduledActivity
+  alias Pleroma.UnstubbedConfigMock, as: ConfigMock
 
-  import Pleroma.Factory
   import Ecto.Query
+  import Mox
+  import Pleroma.Factory
 
-  setup do: clear_config([ScheduledActivity, :enabled])
+  setup do
+    ConfigMock
+    |> stub(:get, fn
+      [ScheduledActivity, :enabled] -> true
+      path -> Pleroma.Test.StaticConfig.get(path)
+    end)
+
+    :ok
+  end
 
   test "shows scheduled activities" do
     %{user: user, conn: conn} = oauth_access(["read:statuses"])
@@ -55,7 +65,6 @@ defmodule Pleroma.Web.MastodonAPI.ScheduledActivityControllerTest do
   end
 
   test "updates a scheduled activity" do
-    clear_config([ScheduledActivity, :enabled], true)
     %{user: user, conn: conn} = oauth_access(["write:statuses"])
 
     scheduled_at = Timex.shift(NaiveDateTime.utc_now(), minutes: 60)
@@ -103,7 +112,6 @@ defmodule Pleroma.Web.MastodonAPI.ScheduledActivityControllerTest do
   end
 
   test "deletes a scheduled activity" do
-    clear_config([ScheduledActivity, :enabled], true)
     %{user: user, conn: conn} = oauth_access(["write:statuses"])
     scheduled_at = Timex.shift(NaiveDateTime.utc_now(), minutes: 60)
 

test/pleroma/web/mastodon_api/controllers/search_controller_test.exs

@@ -13,6 +13,11 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
   import Tesla.Mock
   import Mock
 
+  setup do
+    Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Config)
+    :ok
+  end
+
   setup_all do
     mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
     :ok
@@ -37,7 +42,7 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
       end
     end
 
-    @tag :skip_on_mac
+    @tag :skip_darwin
     test "search", %{conn: conn} do
       user = insert(:user)
       user_two = insert(:user, %{nickname: "shp@shitposter.club"})

test/pleroma/web/mastodon_api/controllers/status_controller_test.exs

@@ -12,6 +12,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
   alias Pleroma.Object
   alias Pleroma.Repo
   alias Pleroma.ScheduledActivity
+  alias Pleroma.Tests.Helpers
   alias Pleroma.Tests.ObanHelpers
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ActivityPub
@@ -19,25 +20,38 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
   alias Pleroma.Web.CommonAPI
   alias Pleroma.Workers.ScheduledActivityWorker
 
+  import Mox
   import Pleroma.Factory
 
   setup do: clear_config([:instance, :federating])
   setup do: clear_config([:instance, :allow_relay])
-  setup do: clear_config([:rich_media, :enabled])
   setup do: clear_config([:mrf, :policies])
   setup do: clear_config([:mrf_keyword, :reject])
 
+  setup do
+    Pleroma.UnstubbedConfigMock
+    |> stub_with(Pleroma.Config)
+
+    Pleroma.StaticStubbedConfigMock
+    |> stub(:get, fn
+      [:rich_media, :enabled] -> false
+      path -> Pleroma.Test.StaticConfig.get(path)
+    end)
+
+    :ok
+  end
+
   describe "posting statuses" do
     setup do: oauth_access(["write:statuses"])
 
     test "posting a status does not increment reblog_count when relaying", %{conn: conn} do
       clear_config([:instance, :federating], true)
-      Config.get([:instance, :allow_relay], true)
+      clear_config([:instance, :allow_relay], true)
 
       response =
         conn
         |> put_req_header("content-type", "application/json")
-        |> post("api/v1/statuses", %{
+        |> post("/api/v1/statuses", %{
           "content_type" => "text/plain",
           "source" => "Pleroma FE",
           "status" => "Hello world",
@@ -50,7 +64,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
 
       response =
         conn
-        |> get("api/v1/statuses/#{response["id"]}", %{})
+        |> get("/api/v1/statuses/#{response["id"]}", %{})
         |> json_response_and_validate_schema(200)
 
       assert response["reblogs_count"] == 0
@@ -109,7 +123,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
       conn_four =
         conn
         |> put_req_header("content-type", "application/json")
-        |> post("api/v1/statuses", %{
+        |> post("/api/v1/statuses", %{
           "status" => "oolong",
           "expires_in" => expires_in
         })
@@ -125,6 +139,28 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
       )
     end
 
+    test "posting a quote post", %{conn: conn} do
+      user = insert(:user)
+
+      {:ok, %{id: activity_id} = activity} = CommonAPI.post(user, %{status: "yolo"})
+      %{data: %{"id" => quote_url}} = Object.normalize(activity)
+
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/statuses", %{
+          "status" => "indeed",
+          "quote_id" => activity_id
+        })
+
+      assert %{
+               "id" => id,
+               "pleroma" => %{"quote" => %{"id" => ^activity_id}, "quote_url" => ^quote_url}
+             } = json_response_and_validate_schema(conn, 200)
+
+      assert Activity.get_by_id(id)
+    end
+
     test "it fails to create a status if `expires_in` is less or equal than an hour", %{
       conn: conn
     } do
@@ -134,7 +170,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
       assert %{"error" => "Expiry date is too soon"} =
                conn
                |> put_req_header("content-type", "application/json")
-               |> post("api/v1/statuses", %{
+               |> post("/api/v1/statuses", %{
                  "status" => "oolong",
                  "expires_in" => expires_in
                })
@@ -146,7 +182,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
       assert %{"error" => "Expiry date is too soon"} =
                conn
                |> put_req_header("content-type", "application/json")
-               |> post("api/v1/statuses", %{
+               |> post("/api/v1/statuses", %{
                  "status" => "oolong",
                  "expires_in" => expires_in
                })
@@ -160,7 +196,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
       assert %{"error" => "[KeywordPolicy] Matches with rejected keyword"} =
                conn
                |> put_req_header("content-type", "application/json")
-               |> post("api/v1/statuses", %{"status" => "GNO/Linux"})
+               |> post("/api/v1/statuses", %{"status" => "GNO/Linux"})
                |> json_response_and_validate_schema(422)
     end
 
@@ -294,7 +330,11 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
     end
 
     test "fake statuses' preview card is not cached", %{conn: conn} do
-      clear_config([:rich_media, :enabled], true)
+      Pleroma.StaticStubbedConfigMock
+      |> stub(:get, fn
+        [:rich_media, :enabled] -> true
+        path -> Pleroma.Test.StaticConfig.get(path)
+      end)
 
       Tesla.Mock.mock(fn
         %{
@@ -331,7 +371,12 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
 
     test "posting a status with OGP link preview", %{conn: conn} do
       Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
-      clear_config([:rich_media, :enabled], true)
+
+      Pleroma.StaticStubbedConfigMock
+      |> stub(:get, fn
+        [:rich_media, :enabled] -> true
+        path -> Pleroma.Test.StaticConfig.get(path)
+      end)
 
       conn =
         conn
@@ -353,7 +398,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
       conn =
         conn
         |> put_req_header("content-type", "application/json")
-        |> post("api/v1/statuses", %{"status" => content, "visibility" => "direct"})
+        |> post("/api/v1/statuses", %{"status" => content, "visibility" => "direct"})
 
       assert %{"id" => id} = response = json_response_and_validate_schema(conn, 200)
       assert response["visibility"] == "direct"
@@ -390,7 +435,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
 
       result =
         conn
-        |> get("api/v1/statuses/#{activity}")
+        |> get("/api/v1/statuses/#{activity}")
 
       assert %{
                "content" => "cofe is my copilot",
@@ -419,7 +464,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
 
       result =
         conn
-        |> get("api/v1/statuses/#{activity}")
+        |> get("/api/v1/statuses/#{activity}")
 
       assert %{
                "content" => "club mate is my wingman",
@@ -626,7 +671,10 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
         |> put_req_header("content-type", "application/json")
         |> post("/api/v1/statuses", %{
           "status" => "desu~",
-          "poll" => %{"options" => Enum.map(0..limit, fn _ -> "desu" end), "expires_in" => 1}
+          "poll" => %{
+            "options" => Enum.map(0..limit, fn num -> "desu #{num}" end),
+            "expires_in" => 1
+          }
         })
 
       %{"error" => error} = json_response_and_validate_schema(conn, 422)
@@ -642,7 +690,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
         |> post("/api/v1/statuses", %{
           "status" => "...",
           "poll" => %{
-            "options" => [Enum.reduce(0..limit, "", fn _, acc -> acc <> "." end)],
+            "options" => [String.duplicate(".", limit + 1), "lol"],
             "expires_in" => 1
           }
         })
@@ -724,6 +772,32 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
       assert object.data["type"] == "Question"
       assert length(object.data["oneOf"]) == 3
     end
+
+    test "cannot have only one option", %{conn: conn} do
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/statuses", %{
+          "status" => "desu~",
+          "poll" => %{"options" => ["mew"], "expires_in" => 1}
+        })
+
+      %{"error" => error} = json_response_and_validate_schema(conn, 422)
+      assert error == "Poll must contain at least 2 options"
+    end
+
+    test "cannot have only duplicated options", %{conn: conn} do
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/statuses", %{
+          "status" => "desu~",
+          "poll" => %{"options" => ["mew", "mew"], "expires_in" => 1}
+        })
+
+      %{"error" => error} = json_response_and_validate_schema(conn, 422)
+      assert error == "Poll must contain at least 2 options"
+    end
   end
 
   test "get a status" do
@@ -742,6 +816,49 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
     {:ok, local: local, remote: remote}
   end
 
+  defp local_and_remote_context_activities do
+    local_user_1 = insert(:user)
+    local_user_2 = insert(:user)
+    remote_user = insert(:user, local: false)
+
+    {:ok, %{id: id1, data: %{"context" => context}}} =
+      CommonAPI.post(local_user_1, %{status: "post"})
+
+    {:ok, %{id: id2} = post} =
+      CommonAPI.post(local_user_2, %{status: "local reply", in_reply_to_status_id: id1})
+
+    params = %{
+      "@context" => "https://www.w3.org/ns/activitystreams",
+      "actor" => remote_user.ap_id,
+      "type" => "Create",
+      "context" => context,
+      "id" => "#{remote_user.ap_id}/activities/1",
+      "inReplyTo" => post.data["id"],
+      "object" => %{
+        "type" => "Note",
+        "content" => "remote reply",
+        "context" => context,
+        "id" => "#{remote_user.ap_id}/objects/1",
+        "attributedTo" => remote_user.ap_id,
+        "to" => [
+          local_user_1.ap_id,
+          local_user_2.ap_id,
+          "https://www.w3.org/ns/activitystreams#Public"
+        ]
+      },
+      "to" => [
+        local_user_1.ap_id,
+        local_user_2.ap_id,
+        "https://www.w3.org/ns/activitystreams#Public"
+      ]
+    }
+
+    {:ok, job} = Pleroma.Web.Federator.incoming_ap_doc(params)
+    {:ok, remote_activity} = ObanHelpers.perform(job)
+
+    %{locals: [id1, id2], remote: remote_activity.id, context: context}
+  end
+
   describe "status with restrict unauthenticated activities for local and remote" do
     setup do: local_and_remote_activities()
 
@@ -928,6 +1045,230 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
     end
   end
 
+  describe "getting status contexts restricted unauthenticated for local and remote" do
+    setup do: local_and_remote_context_activities()
+
+    setup do: clear_config([:restrict_unauthenticated, :activities, :local], true)
+
+    setup do: clear_config([:restrict_unauthenticated, :activities, :remote], true)
+
+    test "if user is unauthenticated", %{conn: conn, locals: [post_id, _]} do
+      res_conn = get(conn, "/api/v1/statuses/#{post_id}/context")
+
+      assert json_response_and_validate_schema(res_conn, 200) == %{
+               "ancestors" => [],
+               "descendants" => []
+             }
+    end
+
+    test "if user is unauthenticated reply", %{conn: conn, locals: [_, reply_id]} do
+      res_conn = get(conn, "/api/v1/statuses/#{reply_id}/context")
+
+      assert json_response_and_validate_schema(res_conn, 200) == %{
+               "ancestors" => [],
+               "descendants" => []
+             }
+    end
+
+    test "if user is authenticated", %{locals: [post_id, reply_id], remote: remote_reply_id} do
+      %{conn: conn} = oauth_access(["read"])
+      res_conn = get(conn, "/api/v1/statuses/#{post_id}/context")
+
+      %{"ancestors" => [], "descendants" => descendants} =
+        json_response_and_validate_schema(res_conn, 200)
+
+      descendant_ids =
+        descendants
+        |> Enum.map(& &1["id"])
+
+      assert reply_id in descendant_ids
+      assert remote_reply_id in descendant_ids
+    end
+
+    test "if user is authenticated reply", %{locals: [post_id, reply_id], remote: remote_reply_id} do
+      %{conn: conn} = oauth_access(["read"])
+      res_conn = get(conn, "/api/v1/statuses/#{reply_id}/context")
+
+      %{"ancestors" => ancestors, "descendants" => descendants} =
+        json_response_and_validate_schema(res_conn, 200)
+
+      ancestor_ids =
+        ancestors
+        |> Enum.map(& &1["id"])
+
+      descendant_ids =
+        descendants
+        |> Enum.map(& &1["id"])
+
+      assert post_id in ancestor_ids
+      assert remote_reply_id in descendant_ids
+    end
+  end
+
+  describe "getting status contexts restricted unauthenticated for local" do
+    setup do: local_and_remote_context_activities()
+
+    setup do: clear_config([:restrict_unauthenticated, :activities, :local], true)
+
+    setup do: clear_config([:restrict_unauthenticated, :activities, :remote], false)
+
+    test "if user is unauthenticated", %{
+      conn: conn,
+      locals: [post_id, reply_id],
+      remote: remote_reply_id
+    } do
+      res_conn = get(conn, "/api/v1/statuses/#{post_id}/context")
+
+      %{"ancestors" => [], "descendants" => descendants} =
+        json_response_and_validate_schema(res_conn, 200)
+
+      descendant_ids =
+        descendants
+        |> Enum.map(& &1["id"])
+
+      assert reply_id not in descendant_ids
+      assert remote_reply_id in descendant_ids
+    end
+
+    test "if user is unauthenticated reply", %{
+      conn: conn,
+      locals: [post_id, reply_id],
+      remote: remote_reply_id
+    } do
+      res_conn = get(conn, "/api/v1/statuses/#{reply_id}/context")
+
+      %{"ancestors" => ancestors, "descendants" => descendants} =
+        json_response_and_validate_schema(res_conn, 200)
+
+      ancestor_ids =
+        ancestors
+        |> Enum.map(& &1["id"])
+
+      descendant_ids =
+        descendants
+        |> Enum.map(& &1["id"])
+
+      assert post_id not in ancestor_ids
+      assert remote_reply_id in descendant_ids
+    end
+
+    test "if user is authenticated", %{locals: [post_id, reply_id], remote: remote_reply_id} do
+      %{conn: conn} = oauth_access(["read"])
+      res_conn = get(conn, "/api/v1/statuses/#{post_id}/context")
+
+      %{"ancestors" => [], "descendants" => descendants} =
+        json_response_and_validate_schema(res_conn, 200)
+
+      descendant_ids =
+        descendants
+        |> Enum.map(& &1["id"])
+
+      assert reply_id in descendant_ids
+      assert remote_reply_id in descendant_ids
+    end
+
+    test "if user is authenticated reply", %{locals: [post_id, reply_id], remote: remote_reply_id} do
+      %{conn: conn} = oauth_access(["read"])
+      res_conn = get(conn, "/api/v1/statuses/#{reply_id}/context")
+
+      %{"ancestors" => ancestors, "descendants" => descendants} =
+        json_response_and_validate_schema(res_conn, 200)
+
+      ancestor_ids =
+        ancestors
+        |> Enum.map(& &1["id"])
+
+      descendant_ids =
+        descendants
+        |> Enum.map(& &1["id"])
+
+      assert post_id in ancestor_ids
+      assert remote_reply_id in descendant_ids
+    end
+  end
+
+  describe "getting status contexts restricted unauthenticated for remote" do
+    setup do: local_and_remote_context_activities()
+
+    setup do: clear_config([:restrict_unauthenticated, :activities, :local], false)
+
+    setup do: clear_config([:restrict_unauthenticated, :activities, :remote], true)
+
+    test "if user is unauthenticated", %{
+      conn: conn,
+      locals: [post_id, reply_id],
+      remote: remote_reply_id
+    } do
+      res_conn = get(conn, "/api/v1/statuses/#{post_id}/context")
+
+      %{"ancestors" => [], "descendants" => descendants} =
+        json_response_and_validate_schema(res_conn, 200)
+
+      descendant_ids =
+        descendants
+        |> Enum.map(& &1["id"])
+
+      assert reply_id in descendant_ids
+      assert remote_reply_id not in descendant_ids
+    end
+
+    test "if user is unauthenticated reply", %{
+      conn: conn,
+      locals: [post_id, reply_id],
+      remote: remote_reply_id
+    } do
+      res_conn = get(conn, "/api/v1/statuses/#{reply_id}/context")
+
+      %{"ancestors" => ancestors, "descendants" => descendants} =
+        json_response_and_validate_schema(res_conn, 200)
+
+      ancestor_ids =
+        ancestors
+        |> Enum.map(& &1["id"])
+
+      descendant_ids =
+        descendants
+        |> Enum.map(& &1["id"])
+
+      assert post_id in ancestor_ids
+      assert remote_reply_id not in descendant_ids
+    end
+
+    test "if user is authenticated", %{locals: [post_id, reply_id], remote: remote_reply_id} do
+      %{conn: conn} = oauth_access(["read"])
+      res_conn = get(conn, "/api/v1/statuses/#{post_id}/context")
+
+      %{"ancestors" => [], "descendants" => descendants} =
+        json_response_and_validate_schema(res_conn, 200)
+
+      reply_ids =
+        descendants
+        |> Enum.map(& &1["id"])
+
+      assert reply_id in reply_ids
+      assert remote_reply_id in reply_ids
+    end
+
+    test "if user is authenticated reply", %{locals: [post_id, reply_id], remote: remote_reply_id} do
+      %{conn: conn} = oauth_access(["read"])
+      res_conn = get(conn, "/api/v1/statuses/#{reply_id}/context")
+
+      %{"ancestors" => ancestors, "descendants" => descendants} =
+        json_response_and_validate_schema(res_conn, 200)
+
+      ancestor_ids =
+        ancestors
+        |> Enum.map(& &1["id"])
+
+      descendant_ids =
+        descendants
+        |> Enum.map(& &1["id"])
+
+      assert post_id in ancestor_ids
+      assert remote_reply_id in descendant_ids
+    end
+  end
+
   describe "deleting a status" do
     test "when you created it" do
       %{user: author, conn: conn} = oauth_access(["write:statuses"])
@@ -989,6 +1330,27 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
 
       refute Activity.get_by_id(activity.id)
     end
+
+    test "when you're privileged and the user is banned", %{conn: conn} do
+      clear_config([:instance, :moderator_privileges], [:messages_delete])
+      posting_user = insert(:user, is_active: false)
+      refute posting_user.is_active
+      activity = insert(:note_activity, user: posting_user)
+      user = insert(:user, is_moderator: true)
+
+      res_conn =
+        conn
+        |> assign(:user, user)
+        |> assign(:token, insert(:oauth_token, user: user, scopes: ["write:statuses"]))
+        |> delete("/api/v1/statuses/#{activity.id}")
+
+      assert %{} = json_response_and_validate_schema(res_conn, 200)
+
+      assert ModerationLog |> Repo.one() |> ModerationLog.get_log_entry_message() ==
+               "@#{user.nickname} deleted status ##{activity.id}"
+
+      refute Activity.get_by_id(activity.id)
+    end
   end
 
   describe "reblogging" do
@@ -1305,7 +1667,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
       assert %{"id" => id} =
                conn
                |> put_req_header("content-type", "application/json")
-               |> post("api/v1/statuses", %{
+               |> post("/api/v1/statuses", %{
                  "status" => "oolong",
                  "expires_in" => expires_in
                })
@@ -1345,7 +1707,11 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
 
   describe "cards" do
     setup do
-      clear_config([:rich_media, :enabled], true)
+      Pleroma.StaticStubbedConfigMock
+      |> stub(:get, fn
+        [:rich_media, :enabled] -> true
+        path -> Pleroma.Test.StaticConfig.get(path)
+      end)
 
       oauth_access(["read:statuses"])
     end
@@ -1555,7 +1921,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
       conn
       |> assign(:user, user3)
       |> assign(:token, insert(:oauth_token, user: user3, scopes: ["read:statuses"]))
-      |> get("api/v1/timelines/home")
+      |> get("/api/v1/timelines/home")
 
     [reblogged_activity] = json_response_and_validate_schema(conn3, 200)
 
@@ -1826,7 +2192,10 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
 
     # Using the header for pagination works correctly
     [next, _] = get_resp_header(result, "link") |> hd() |> String.split(", ")
-    [_, max_id] = Regex.run(~r/max_id=([^&]+)/, next)
+    [next_url, _next_rel] = String.split(next, ";")
+    next_url = String.trim_trailing(next_url, ">") |> String.trim_leading("<")
+
+    max_id = Helpers.get_query_parameter(next_url, "max_id")
 
     assert max_id == third_favorite.id
 

test/pleroma/web/mastodon_api/controllers/subscription_controller_test.exs

@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
-  use Pleroma.Web.ConnCase, async: true
+  use Pleroma.Web.ConnCase, async: false
 
   import Pleroma.Factory
 
@@ -35,17 +35,20 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
 
   defmacro assert_error_when_disable_push(do: yield) do
     quote do
-      vapid_details = Application.get_env(:web_push_encryption, :vapid_details, [])
-      Application.put_env(:web_push_encryption, :vapid_details, [])
-
       assert %{"error" => "Web push subscription is disabled on this Pleroma instance"} ==
                unquote(yield)
-
-      Application.put_env(:web_push_encryption, :vapid_details, vapid_details)
     end
   end
 
   describe "when disabled" do
+    setup do
+      vapid_config = Application.get_env(:web_push_encryption, :vapid_details)
+
+      Application.put_env(:web_push_encryption, :vapid_details, [])
+
+      on_exit(fn -> Application.put_env(:web_push_encryption, :vapid_details, vapid_config) end)
+    end
+
     test "POST returns error", %{conn: conn} do
       assert_error_when_disable_push do
         conn

test/pleroma/web/mastodon_api/controllers/timeline_controller_test.exs

@@ -527,7 +527,7 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
         |> assign(:token, insert(:oauth_token, user: user_two, scopes: ["read:statuses"]))
 
       # Only direct should be visible here
-      res_conn = get(conn_user_two, "api/v1/timelines/direct")
+      res_conn = get(conn_user_two, "/api/v1/timelines/direct")
 
       assert [status] = json_response_and_validate_schema(res_conn, :ok)
 
@@ -539,14 +539,14 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
         build_conn()
         |> assign(:user, user_one)
         |> assign(:token, insert(:oauth_token, user: user_one, scopes: ["read:statuses"]))
-        |> get("api/v1/timelines/direct")
+        |> get("/api/v1/timelines/direct")
 
       [status] = json_response_and_validate_schema(res_conn, :ok)
 
       assert %{"visibility" => "direct"} = status
 
       # Both should be visible here
-      res_conn = get(conn_user_two, "api/v1/timelines/home")
+      res_conn = get(conn_user_two, "/api/v1/timelines/home")
 
       [_s1, _s2] = json_response_and_validate_schema(res_conn, :ok)
 
@@ -559,14 +559,14 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
           })
       end)
 
-      res_conn = get(conn_user_two, "api/v1/timelines/direct")
+      res_conn = get(conn_user_two, "/api/v1/timelines/direct")
 
       statuses = json_response_and_validate_schema(res_conn, :ok)
       assert length(statuses) == 20
 
       max_id = List.last(statuses)["id"]
 
-      res_conn = get(conn_user_two, "api/v1/timelines/direct?max_id=#{max_id}")
+      res_conn = get(conn_user_two, "/api/v1/timelines/direct?max_id=#{max_id}")
 
       assert [status] = json_response_and_validate_schema(res_conn, :ok)
 
@@ -591,7 +591,7 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
           visibility: "direct"
         })
 
-      res_conn = get(conn, "api/v1/timelines/direct")
+      res_conn = get(conn, "/api/v1/timelines/direct")
 
       [status] = json_response_and_validate_schema(res_conn, :ok)
       assert status["id"] == direct.id

test/pleroma/web/mastodon_api/mastodon_api_test.exs

@@ -7,11 +7,13 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPITest do
 
   alias Pleroma.Notification
   alias Pleroma.ScheduledActivity
+  alias Pleroma.UnstubbedConfigMock, as: ConfigMock
   alias Pleroma.User
   alias Pleroma.Web.CommonAPI
   alias Pleroma.Web.MastodonAPI.MastodonAPI
 
   import Pleroma.Factory
+  import Mox
 
   describe "follow/3" do
     test "returns error when followed user is deactivated" do
@@ -88,6 +90,9 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPITest do
 
   describe "get_scheduled_activities/2" do
     test "returns user scheduled activities" do
+      ConfigMock
+      |> stub_with(Pleroma.Test.StaticConfig)
+
       user = insert(:user)
 
       today =

test/pleroma/web/mastodon_api/update_credentials_test.exs

@@ -4,13 +4,22 @@
 
 defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do
   alias Pleroma.Repo
+  alias Pleroma.UnstubbedConfigMock, as: ConfigMock
   alias Pleroma.User
 
   use Pleroma.Web.ConnCase
 
   import Mock
+  import Mox
   import Pleroma.Factory
 
+  setup do
+    ConfigMock
+    |> stub_with(Pleroma.Test.StaticConfig)
+
+    :ok
+  end
+
   describe "updating credentials" do
     setup do: oauth_access(["write:accounts"])
     setup :request_content_type
@@ -97,6 +106,42 @@ defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do
       assert user.raw_bio == raw_bio
     end
 
+    test "updating bio honours bio limit", %{conn: conn} do
+      bio_limit = Config.get([:instance, :user_bio_length], 5000)
+
+      raw_bio = String.duplicate(".", bio_limit + 1)
+
+      conn = patch(conn, "/api/v1/accounts/update_credentials", %{"note" => raw_bio})
+
+      assert %{"error" => "Bio is too long"} = json_response_and_validate_schema(conn, 413)
+    end
+
+    test "updating name honours name limit", %{conn: conn} do
+      name_limit = Config.get([:instance, :user_name_length], 100)
+
+      name = String.duplicate(".", name_limit + 1)
+
+      conn = patch(conn, "/api/v1/accounts/update_credentials", %{"display_name" => name})
+
+      assert %{"error" => "Name is too long"} = json_response_and_validate_schema(conn, 413)
+    end
+
+    test "when both name and bio exceeds the limit, display name error", %{conn: conn} do
+      name_limit = Config.get([:instance, :user_name_length], 100)
+      bio_limit = Config.get([:instance, :user_bio_length], 5000)
+
+      name = String.duplicate(".", name_limit + 1)
+      raw_bio = String.duplicate(".", bio_limit + 1)
+
+      conn =
+        patch(conn, "/api/v1/accounts/update_credentials", %{
+          "display_name" => name,
+          "note" => raw_bio
+        })
+
+      assert %{"error" => "Name is too long"} = json_response_and_validate_schema(conn, 413)
+    end
+
     test "updates the user's locking status", %{conn: conn} do
       conn = patch(conn, "/api/v1/accounts/update_credentials", %{locked: "true"})
 
@@ -385,6 +430,34 @@ defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do
       assert :ok == File.rm(Path.absname("test/tmp/large_binary.data"))
     end
 
+    test "Strip / from upload files", %{user: user, conn: conn} do
+      new_image = %Plug.Upload{
+        content_type: "image/jpeg",
+        path: Path.absname("test/fixtures/image.jpg"),
+        filename: "../../../../nested/an_image.jpg"
+      }
+
+      assert user.avatar == %{}
+
+      res =
+        patch(conn, "/api/v1/accounts/update_credentials", %{
+          "avatar" => new_image,
+          "header" => new_image,
+          "pleroma_background_image" => new_image
+        })
+
+      assert user_response = json_response_and_validate_schema(res, 200)
+      assert user_response["avatar"]
+      assert user_response["header"]
+      assert user_response["pleroma"]["background_image"]
+      refute Regex.match?(~r"/nested/", user_response["avatar"])
+      refute Regex.match?(~r"/nested/", user_response["header"])
+      refute Regex.match?(~r"/nested/", user_response["pleroma"]["background_image"])
+
+      user = User.get_by_id(user.id)
+      refute user.avatar == %{}
+    end
+
     test "requires 'write:accounts' permission" do
       token1 = insert(:oauth_token, scopes: ["read"])
       token2 = insert(:oauth_token, scopes: ["write", "follow"])
@@ -567,17 +640,17 @@ defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do
 
       fields = [%{"name" => "foo", "value" => long_value}]
 
-      assert %{"error" => "Invalid request"} ==
+      assert %{"error" => "One or more field entries are too long"} ==
                conn
                |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
-               |> json_response_and_validate_schema(403)
+               |> json_response_and_validate_schema(413)
 
       fields = [%{"name" => long_name, "value" => "bar"}]
 
-      assert %{"error" => "Invalid request"} ==
+      assert %{"error" => "One or more field entries are too long"} ==
                conn
                |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
-               |> json_response_and_validate_schema(403)
+               |> json_response_and_validate_schema(413)
 
       clear_config([:instance, :max_account_fields], 1)
 
@@ -586,10 +659,10 @@ defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do
         %{"name" => "link", "value" => "cofe.io"}
       ]
 
-      assert %{"error" => "Invalid request"} ==
+      assert %{"error" => "Too many field entries"} ==
                conn
                |> patch("/api/v1/accounts/update_credentials", %{"fields_attributes" => fields})
-               |> json_response_and_validate_schema(403)
+               |> json_response_and_validate_schema(413)
     end
   end
 
@@ -659,4 +732,20 @@ defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do
       assert account["source"]["pleroma"]["actor_type"] == "Person"
     end
   end
+
+  describe "Mark account as group" do
+    setup do: oauth_access(["write:accounts"])
+    setup :request_content_type
+
+    test "changing actor_type to Group makes account a Group and enables bot indicator for backward compatibility",
+         %{conn: conn} do
+      account =
+        conn
+        |> patch("/api/v1/accounts/update_credentials", %{actor_type: "Group"})
+        |> json_response_and_validate_schema(200)
+
+      assert account["bot"]
+      assert account["source"]["pleroma"]["actor_type"] == "Group"
+    end
+  end
 end

test/pleroma/web/mastodon_api/views/account_view_test.exs

@@ -5,11 +5,13 @@
 defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
   use Pleroma.DataCase, async: false
 
+  alias Pleroma.UnstubbedConfigMock, as: ConfigMock
   alias Pleroma.User
   alias Pleroma.UserRelationship
   alias Pleroma.Web.CommonAPI
   alias Pleroma.Web.MastodonAPI.AccountView
 
+  import Mox
   import Pleroma.Factory
   import Tesla.Mock
 
@@ -35,7 +37,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
         inserted_at: ~N[2017-08-15 15:47:06.597036],
         emoji: %{"karjalanpiirakka" => "/file.png"},
         raw_bio: "valid html. a\nb\nc\nd\nf '&<>\"",
-        also_known_as: ["https://shitposter.zone/users/shp"]
+        also_known_as: ["https://shitposter.zone/users/shp"],
+        last_status_at: NaiveDateTime.utc_now()
       })
 
     expected = %{
@@ -74,7 +77,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
         fields: []
       },
       fqn: "shp@shitposter.club",
-      last_status_at: nil,
+      last_status_at: user.last_status_at |> NaiveDateTime.to_date() |> Date.to_iso8601(),
       pleroma: %{
         ap_id: user.ap_id,
         also_known_as: ["https://shitposter.zone/users/shp"],
@@ -752,6 +755,9 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
     clear_config([:media_proxy, :enabled], true)
     clear_config([:media_preview_proxy, :enabled])
 
+    ConfigMock
+    |> stub_with(Pleroma.Test.StaticConfig)
+
     user =
       insert(:user,
         avatar: %{"url" => [%{"href" => "https://evil.website/avatar.png"}]},
@@ -759,7 +765,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
         emoji: %{"joker_smile" => "https://evil.website/society.png"}
       )
 
-    with media_preview_enabled <- [false, true] do
+    Enum.each([true, false], fn media_preview_enabled ->
       clear_config([:media_preview_proxy, :enabled], media_preview_enabled)
 
       AccountView.render("show.json", %{user: user, skip_visibility_check: true})
@@ -777,7 +783,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
           true
       end)
       |> assert()
-    end
+    end)
   end
 
   test "renders mute expiration date" do

test/pleroma/web/mastodon_api/views/notification_view_test.exs

@@ -22,6 +22,11 @@ defmodule Pleroma.Web.MastodonAPI.NotificationViewTest do
   alias Pleroma.Web.PleromaAPI.Chat.MessageReferenceView
   import Pleroma.Factory
 
+  setup do
+    Mox.stub_with(Pleroma.UnstubbedConfigMock, Pleroma.Config)
+    :ok
+  end
+
   defp test_notifications_rendering(notifications, user, expected_result) do
     result = NotificationView.render("index.json", %{notifications: notifications, for: user})
 
@@ -190,7 +195,47 @@ defmodule Pleroma.Web.MastodonAPI.NotificationViewTest do
       emoji: "☕",
       account: AccountView.render("show.json", %{user: other_user, for: user}),
       status: StatusView.render("show.json", %{activity: activity, for: user}),
-      created_at: Utils.to_masto_date(notification.inserted_at)
+      created_at: Utils.to_masto_date(notification.inserted_at),
+      emoji_url: nil
+    }
+
+    test_notifications_rendering([notification], user, [expected])
+  end
+
+  test "EmojiReact custom emoji notification" do
+    user = insert(:user)
+    other_user = insert(:user)
+
+    note =
+      insert(:note,
+        user: user,
+        data: %{
+          "reactions" => [
+            ["👍", [user.ap_id], nil],
+            ["dinosaur", [user.ap_id], "http://localhost:4001/emoji/dino walking.gif"]
+          ]
+        }
+      )
+
+    activity = insert(:note_activity, note: note, user: user)
+
+    {:ok, _activity} = CommonAPI.react_with_emoji(activity.id, other_user, "dinosaur")
+
+    activity = Repo.get(Activity, activity.id)
+
+    [notification] = Notification.for_user(user)
+
+    assert notification
+
+    expected = %{
+      id: to_string(notification.id),
+      pleroma: %{is_seen: false, is_muted: false},
+      type: "pleroma:emoji_reaction",
+      emoji: ":dinosaur:",
+      account: AccountView.render("show.json", %{user: other_user, for: user}),
+      status: StatusView.render("show.json", %{activity: activity, for: user}),
+      created_at: Utils.to_masto_date(notification.inserted_at),
+      emoji_url: "http://localhost:4001/emoji/dino walking.gif"
     }
 
     test_notifications_rendering([notification], user, [expected])

test/pleroma/web/mastodon_api/views/scheduled_activity_view_test.exs

@@ -4,12 +4,16 @@
 
 defmodule Pleroma.Web.MastodonAPI.ScheduledActivityViewTest do
   use Pleroma.DataCase, async: true
+
   alias Pleroma.ScheduledActivity
+  alias Pleroma.UnstubbedConfigMock, as: ConfigMock
   alias Pleroma.Web.ActivityPub.ActivityPub
   alias Pleroma.Web.CommonAPI
   alias Pleroma.Web.CommonAPI.Utils
   alias Pleroma.Web.MastodonAPI.ScheduledActivityView
   alias Pleroma.Web.MastodonAPI.StatusView
+
+  import Mox
   import Pleroma.Factory
 
   test "A scheduled activity with a media attachment" do
@@ -27,6 +31,9 @@ defmodule Pleroma.Web.MastodonAPI.ScheduledActivityViewTest do
       filename: "an_image.jpg"
     }
 
+    ConfigMock
+    |> stub_with(Pleroma.Test.StaticConfig)
+
     {:ok, upload} = ActivityPub.upload(file, actor: user.ap_id)
 
     attrs = %{
@@ -48,7 +55,7 @@ defmodule Pleroma.Web.MastodonAPI.ScheduledActivityViewTest do
       id: to_string(scheduled_activity.id),
       media_attachments:
         %{media_ids: [upload.id]}
-        |> Utils.attachments_from_ids()
+        |> Utils.attachments_from_ids(user)
         |> Enum.map(&StatusView.render("attachment.json", %{attachment: &1})),
       params: %{
         in_reply_to_id: to_string(activity.id),

test/pleroma/web/mastodon_api/views/status_view_test.exs

@@ -11,6 +11,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
   alias Pleroma.HTML
   alias Pleroma.Object
   alias Pleroma.Repo
+  alias Pleroma.UnstubbedConfigMock, as: ConfigMock
   alias Pleroma.User
   alias Pleroma.UserRelationship
   alias Pleroma.Web.CommonAPI
@@ -19,9 +20,10 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
 
   require Bitwise
 
+  import Mox
+  import OpenApiSpex.TestAssertions
   import Pleroma.Factory
   import Tesla.Mock
-  import OpenApiSpex.TestAssertions
 
   setup do
     mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
@@ -35,16 +37,26 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
     {:ok, activity} = CommonAPI.post(user, %{status: "dae cofe??"})
 
     {:ok, _} = CommonAPI.react_with_emoji(activity.id, user, "☕")
+    {:ok, _} = CommonAPI.react_with_emoji(activity.id, user, ":dinosaur:")
     {:ok, _} = CommonAPI.react_with_emoji(activity.id, third_user, "🍵")
     {:ok, _} = CommonAPI.react_with_emoji(activity.id, other_user, "☕")
+    {:ok, _} = CommonAPI.react_with_emoji(activity.id, other_user, ":dinosaur:")
+
     activity = Repo.get(Activity, activity.id)
     status = StatusView.render("show.json", activity: activity)
 
     assert_schema(status, "Status", Pleroma.Web.ApiSpec.spec())
 
     assert status[:pleroma][:emoji_reactions] == [
-             %{name: "☕", count: 2, me: false},
-             %{name: "🍵", count: 1, me: false}
+             %{name: "☕", count: 2, me: false, url: nil, account_ids: [other_user.id, user.id]},
+             %{
+               count: 2,
+               me: false,
+               name: "dinosaur",
+               url: "http://localhost:4001/emoji/dino walking.gif",
+               account_ids: [other_user.id, user.id]
+             },
+             %{name: "🍵", count: 1, me: false, url: nil, account_ids: [third_user.id]}
            ]
 
     status = StatusView.render("show.json", activity: activity, for: user)
@@ -52,8 +64,36 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
     assert_schema(status, "Status", Pleroma.Web.ApiSpec.spec())
 
     assert status[:pleroma][:emoji_reactions] == [
-             %{name: "☕", count: 2, me: true},
-             %{name: "🍵", count: 1, me: false}
+             %{name: "☕", count: 2, me: true, url: nil, account_ids: [other_user.id, user.id]},
+             %{
+               count: 2,
+               me: true,
+               name: "dinosaur",
+               url: "http://localhost:4001/emoji/dino walking.gif",
+               account_ids: [other_user.id, user.id]
+             },
+             %{name: "🍵", count: 1, me: false, url: nil, account_ids: [third_user.id]}
+           ]
+  end
+
+  test "works with legacy-formatted reactions" do
+    user = insert(:user)
+    other_user = insert(:user)
+
+    note =
+      insert(:note,
+        user: user,
+        data: %{
+          "reactions" => [["😿", [other_user.ap_id]]]
+        }
+      )
+
+    activity = insert(:note_activity, user: user, note: note)
+
+    status = StatusView.render("show.json", activity: activity, for: user)
+
+    assert status[:pleroma][:emoji_reactions] == [
+             %{name: "😿", count: 1, me: false, url: nil, account_ids: [other_user.id]}
            ]
   end
 
@@ -66,11 +106,10 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
     |> Object.update_data(%{"reactions" => %{"☕" => [user.ap_id], "x" => 1}})
 
     activity = Activity.get_by_id(activity.id)
-
     status = StatusView.render("show.json", activity: activity, for: user)
 
     assert status[:pleroma][:emoji_reactions] == [
-             %{name: "☕", count: 1, me: true}
+             %{name: "☕", count: 1, me: true, url: nil, account_ids: [user.id]}
            ]
   end
 
@@ -90,7 +129,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
     status = StatusView.render("show.json", activity: activity)
 
     assert status[:pleroma][:emoji_reactions] == [
-             %{name: "☕", count: 1, me: false}
+             %{name: "☕", count: 1, me: false, url: nil, account_ids: [other_user.id]}
            ]
 
     status = StatusView.render("show.json", activity: activity, for: user)
@@ -102,19 +141,25 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
     status = StatusView.render("show.json", activity: activity)
 
     assert status[:pleroma][:emoji_reactions] == [
-             %{name: "☕", count: 2, me: false}
+             %{
+               name: "☕",
+               count: 2,
+               me: false,
+               url: nil,
+               account_ids: [third_user.id, other_user.id]
+             }
            ]
 
     status = StatusView.render("show.json", activity: activity, for: user)
 
     assert status[:pleroma][:emoji_reactions] == [
-             %{name: "☕", count: 1, me: false}
+             %{name: "☕", count: 1, me: false, url: nil, account_ids: [third_user.id]}
            ]
 
     status = StatusView.render("show.json", activity: activity, for: other_user)
 
     assert status[:pleroma][:emoji_reactions] == [
-             %{name: "☕", count: 1, me: true}
+             %{name: "☕", count: 1, me: true, url: nil, account_ids: [other_user.id]}
            ]
   end
 
@@ -155,6 +200,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
     assert_schema(status, "Status", Pleroma.Web.ApiSpec.spec())
   end
 
+  @tag capture_log: true
   test "returns a temporary ap_id based user for activities missing db users" do
     user = insert(:user)
 
@@ -283,6 +329,10 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
         conversation_id: convo_id,
         context: object_data["context"],
         in_reply_to_account_acct: nil,
+        quote: nil,
+        quote_id: nil,
+        quote_url: nil,
+        quote_visible: false,
         content: %{"text/plain" => HTML.strip_tags(object_data["content"])},
         spoiler_text: %{"text/plain" => HTML.strip_tags(object_data["summary"])},
         expires_at: nil,
@@ -290,7 +340,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
         thread_muted: false,
         emoji_reactions: [],
         parent_visible: false,
-        pinned_at: nil
+        pinned_at: nil,
+        quotes_count: 0
       }
     }
 
@@ -379,6 +430,88 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
     assert status.in_reply_to_id == to_string(note.id)
   end
 
+  test "a quote post" do
+    post = insert(:note_activity)
+    user = insert(:user)
+
+    {:ok, quote_post} = CommonAPI.post(user, %{status: "he", quote_id: post.id})
+    {:ok, quoted_quote_post} = CommonAPI.post(user, %{status: "yo", quote_id: quote_post.id})
+
+    status = StatusView.render("show.json", %{activity: quoted_quote_post})
+
+    assert status.pleroma.quote.id == to_string(quote_post.id)
+    assert status.pleroma.quote_id == to_string(quote_post.id)
+    assert status.pleroma.quote_url == Object.normalize(quote_post).data["id"]
+    assert status.pleroma.quote_visible
+
+    # Quotes don't go more than one level deep
+    refute status.pleroma.quote.pleroma.quote
+    assert status.pleroma.quote.pleroma.quote_id == to_string(post.id)
+    assert status.pleroma.quote.pleroma.quote_url == Object.normalize(post).data["id"]
+    assert status.pleroma.quote.pleroma.quote_visible
+
+    # In an index
+    [status] = StatusView.render("index.json", %{activities: [quoted_quote_post], as: :activity})
+
+    assert status.pleroma.quote.id == to_string(quote_post.id)
+  end
+
+  test "quoted private post" do
+    user = insert(:user)
+
+    # Insert a private post
+    private = insert(:followers_only_note_activity, user: user)
+    private_object = Object.normalize(private)
+
+    # Create a public post quoting the private post
+    quote_private =
+      insert(:note_activity, note: insert(:note, data: %{"quoteUrl" => private_object.data["id"]}))
+
+    status = StatusView.render("show.json", %{activity: quote_private})
+
+    # The quote isn't rendered
+    refute status.pleroma.quote
+    assert status.pleroma.quote_url == private_object.data["id"]
+    refute status.pleroma.quote_visible
+
+    # After following the user, the quote is rendered
+    follower = insert(:user)
+    CommonAPI.follow(follower, user)
+
+    status = StatusView.render("show.json", %{activity: quote_private, for: follower})
+    assert status.pleroma.quote.id == to_string(private.id)
+    assert status.pleroma.quote_visible
+  end
+
+  test "quoted direct message" do
+    # Insert a direct message
+    direct = insert(:direct_note_activity)
+    direct_object = Object.normalize(direct)
+
+    # Create a public post quoting the direct message
+    quote_direct =
+      insert(:note_activity, note: insert(:note, data: %{"quoteUrl" => direct_object.data["id"]}))
+
+    status = StatusView.render("show.json", %{activity: quote_direct})
+
+    # The quote isn't rendered
+    refute status.pleroma.quote
+    assert status.pleroma.quote_url == direct_object.data["id"]
+    refute status.pleroma.quote_visible
+  end
+
+  test "repost of quote post" do
+    post = insert(:note_activity)
+    user = insert(:user)
+
+    {:ok, quote_post} = CommonAPI.post(user, %{status: "he", quote_id: post.id})
+    {:ok, repost} = CommonAPI.repeat(quote_post.id, user)
+
+    [status] = StatusView.render("index.json", %{activities: [repost], as: :activity})
+
+    assert status.reblog.pleroma.quote.id == to_string(post.id)
+  end
+
   test "contains mentions" do
     user = insert(:user)
     mentioned = insert(:user)
@@ -649,6 +782,39 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
       %{provider_name: "example.com"} =
         StatusView.render("card.json", %{page_url: page_url, rich_media: card})
     end
+
+    test "a rich media card has all media proxied" do
+      clear_config([:media_proxy, :enabled], true)
+      clear_config([:media_preview_proxy, :enabled])
+
+      ConfigMock
+      |> stub_with(Pleroma.Test.StaticConfig)
+
+      page_url = "http://example.com"
+
+      card = %{
+        url: page_url,
+        site_name: "Example site name",
+        title: "Example website",
+        image: page_url <> "/example.jpg",
+        audio: page_url <> "/example.ogg",
+        video: page_url <> "/example.mp4",
+        description: "Example description"
+      }
+
+      strcard = for {k, v} <- card, into: %{}, do: {to_string(k), v}
+
+      %{
+        provider_name: "example.com",
+        image: image,
+        pleroma: %{opengraph: og}
+      } = StatusView.render("card.json", %{page_url: page_url, rich_media: strcard})
+
+      assert String.match?(image, ~r/\/proxy\//)
+      assert String.match?(og["image"], ~r/\/proxy\//)
+      assert String.match?(og["audio"], ~r/\/proxy\//)
+      assert String.match?(og["video"], ~r/\/proxy\//)
+    end
   end
 
   test "does not embed a relationship in the account" do