Merge remote-tracking branch 'remotes/origin/develop' into feature/object-hashtags-rework

# Conflicts: # CHANGELOG.md # lib/mix/tasks/pleroma/database.ex # lib/pleroma/web/templates/feed/feed/_activity.rss.eex
2021-02-11 19:31:57 +03:00 · 2021-02-11 19:31:57 +03:00 · 5992382cf8
commit 5992382cf8
parent a996ab46a5 2cf753c502
93 changed files with 2049 additions and 803 deletions
--- a/test/pleroma/web/activity_pub/activity_pub_controller_test.exs
+++ b/test/pleroma/web/activity_pub/activity_pub_controller_test.exs
@ -229,6 +229,24 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
      assert json_response(conn, 404)
    end

+    test "returns local-only objects when authenticated", %{conn: conn} do
+      user = insert(:user)
+      {:ok, post} = CommonAPI.post(user, %{status: "test", visibility: "local"})
+
+      assert Pleroma.Web.ActivityPub.Visibility.is_local_public?(post)
+
+      object = Object.normalize(post, fetch: false)
+      uuid = String.split(object.data["id"], "/") |> List.last()
+
+      assert response =
+               conn
+               |> assign(:user, user)
+               |> put_req_header("accept", "application/activity+json")
+               |> get("/objects/#{uuid}")
+
+      assert json_response(response, 200) == ObjectView.render("object.json", %{object: object})
+    end
+
    test "it returns a json representation of the object with accept application/json", %{
      conn: conn
    } do
@ -285,6 +303,28 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
      assert json_response(conn, 404)
    end

+    test "returns visible non-public messages when authenticated", %{conn: conn} do
+      note = insert(:direct_note)
+      uuid = String.split(note.data["id"], "/") |> List.last()
+      user = User.get_by_ap_id(note.data["actor"])
+      marisa = insert(:user)
+
+      assert conn
+             |> assign(:user, marisa)
+             |> put_req_header("accept", "application/activity+json")
+             |> get("/objects/#{uuid}")
+             |> json_response(404)
+
+      assert response =
+               conn
+               |> assign(:user, user)
+               |> put_req_header("accept", "application/activity+json")
+               |> get("/objects/#{uuid}")
+               |> json_response(200)
+
+      assert response == ObjectView.render("object.json", %{object: note})
+    end
+
    test "it returns 404 for tombstone objects", %{conn: conn} do
      tombstone = insert(:tombstone)
      uuid = String.split(tombstone.data["id"], "/") |> List.last()
@ -358,6 +398,23 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
      assert json_response(conn, 404)
    end

+    test "returns local-only activities when authenticated", %{conn: conn} do
+      user = insert(:user)
+      {:ok, post} = CommonAPI.post(user, %{status: "test", visibility: "local"})
+
+      assert Pleroma.Web.ActivityPub.Visibility.is_local_public?(post)
+
+      uuid = String.split(post.data["id"], "/") |> List.last()
+
+      assert response =
+               conn
+               |> assign(:user, user)
+               |> put_req_header("accept", "application/activity+json")
+               |> get("/activities/#{uuid}")
+
+      assert json_response(response, 200) == ObjectView.render("object.json", %{object: post})
+    end
+
    test "it returns a json representation of the activity", %{conn: conn} do
      activity = insert(:note_activity)
      uuid = String.split(activity.data["id"], "/") |> List.last()
@ -382,6 +439,28 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
      assert json_response(conn, 404)
    end

+    test "returns visible non-public messages when authenticated", %{conn: conn} do
+      note = insert(:direct_note_activity)
+      uuid = String.split(note.data["id"], "/") |> List.last()
+      user = User.get_by_ap_id(note.data["actor"])
+      marisa = insert(:user)
+
+      assert conn
+             |> assign(:user, marisa)
+             |> put_req_header("accept", "application/activity+json")
+             |> get("/activities/#{uuid}")
+             |> json_response(404)
+
+      assert response =
+               conn
+               |> assign(:user, user)
+               |> put_req_header("accept", "application/activity+json")
+               |> get("/activities/#{uuid}")
+               |> json_response(200)
+
+      assert response == ObjectView.render("object.json", %{object: note})
+    end
+
    test "it caches a response", %{conn: conn} do
      activity = insert(:note_activity)
      uuid = String.split(activity.data["id"], "/") |> List.last()
--- a/test/pleroma/web/activity_pub/mrf/no_empty_policy_test.exs
+++ b/test/pleroma/web/activity_pub/mrf/no_empty_policy_test.exs
@ -0,0 +1,154 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.MRF.NoEmptyPolicyTest do
+  use Pleroma.DataCase
+  alias Pleroma.Web.ActivityPub.MRF.NoEmptyPolicy
+
+  setup_all do: clear_config([:mrf, :policies], [Pleroma.Web.ActivityPub.MRF.NoEmptyPolicy])
+
+  test "Notes with content are exempt" do
+    message = %{
+      "actor" => "http://localhost:4001/users/testuser",
+      "cc" => ["http://localhost:4001/users/testuser/followers"],
+      "object" => %{
+        "actor" => "http://localhost:4001/users/testuser",
+        "attachment" => [],
+        "cc" => ["http://localhost:4001/users/testuser/followers"],
+        "source" => "this is a test post",
+        "to" => ["https://www.w3.org/ns/activitystreams#Public"],
+        "type" => "Note"
+      },
+      "to" => ["https://www.w3.org/ns/activitystreams#Public"],
+      "type" => "Create"
+    }
+
+    assert NoEmptyPolicy.filter(message) == {:ok, message}
+  end
+
+  test "Polls are exempt" do
+    message = %{
+      "actor" => "http://localhost:4001/users/testuser",
+      "cc" => ["http://localhost:4001/users/testuser/followers"],
+      "object" => %{
+        "actor" => "http://localhost:4001/users/testuser",
+        "attachment" => [],
+        "cc" => ["http://localhost:4001/users/testuser/followers"],
+        "oneOf" => [
+          %{
+            "name" => "chocolate",
+            "replies" => %{"totalItems" => 0, "type" => "Collection"},
+            "type" => "Note"
+          },
+          %{
+            "name" => "vanilla",
+            "replies" => %{"totalItems" => 0, "type" => "Collection"},
+            "type" => "Note"
+          }
+        ],
+        "source" => "@user2",
+        "to" => [
+          "https://www.w3.org/ns/activitystreams#Public",
+          "http://localhost:4001/users/user2"
+        ],
+        "type" => "Question"
+      },
+      "to" => [
+        "https://www.w3.org/ns/activitystreams#Public",
+        "http://localhost:4001/users/user2"
+      ],
+      "type" => "Create"
+    }
+
+    assert NoEmptyPolicy.filter(message) == {:ok, message}
+  end
+
+  test "Notes with attachments are exempt" do
+    message = %{
+      "actor" => "http://localhost:4001/users/testuser",
+      "cc" => ["http://localhost:4001/users/testuser/followers"],
+      "object" => %{
+        "actor" => "http://localhost:4001/users/testuser",
+        "attachment" => [
+          %{
+            "actor" => "http://localhost:4001/users/testuser",
+            "mediaType" => "image/png",
+            "name" => "",
+            "type" => "Document",
+            "url" => [
+              %{
+                "href" =>
+                  "http://localhost:4001/media/68ba231cf12e1382ce458f1979969f8ed5cc07ba198a02e653464abaf39bdb90.png",
+                "mediaType" => "image/png",
+                "type" => "Link"
+              }
+            ]
+          }
+        ],
+        "cc" => ["http://localhost:4001/users/testuser/followers"],
+        "source" => "@user2",
+        "to" => [
+          "https://www.w3.org/ns/activitystreams#Public",
+          "http://localhost:4001/users/user2"
+        ],
+        "type" => "Note"
+      },
+      "to" => [
+        "https://www.w3.org/ns/activitystreams#Public",
+        "http://localhost:4001/users/user2"
+      ],
+      "type" => "Create"
+    }
+
+    assert NoEmptyPolicy.filter(message) == {:ok, message}
+  end
+
+  test "Notes with only mentions are denied" do
+    message = %{
+      "actor" => "http://localhost:4001/users/testuser",
+      "cc" => ["http://localhost:4001/users/testuser/followers"],
+      "object" => %{
+        "actor" => "http://localhost:4001/users/testuser",
+        "attachment" => [],
+        "cc" => ["http://localhost:4001/users/testuser/followers"],
+        "source" => "@user2",
+        "to" => [
+          "https://www.w3.org/ns/activitystreams#Public",
+          "http://localhost:4001/users/user2"
+        ],
+        "type" => "Note"
+      },
+      "to" => [
+        "https://www.w3.org/ns/activitystreams#Public",
+        "http://localhost:4001/users/user2"
+      ],
+      "type" => "Create"
+    }
+
+    assert NoEmptyPolicy.filter(message) == {:reject, "[NoEmptyPolicy]"}
+  end
+
+  test "Notes with no content are denied" do
+    message = %{
+      "actor" => "http://localhost:4001/users/testuser",
+      "cc" => ["http://localhost:4001/users/testuser/followers"],
+      "object" => %{
+        "actor" => "http://localhost:4001/users/testuser",
+        "attachment" => [],
+        "cc" => ["http://localhost:4001/users/testuser/followers"],
+        "source" => "",
+        "to" => [
+          "https://www.w3.org/ns/activitystreams#Public"
+        ],
+        "type" => "Note"
+      },
+      "to" => [
+        "https://www.w3.org/ns/activitystreams#Public"
+      ],
+      "type" => "Create"
+    }
+
+    assert NoEmptyPolicy.filter(message) == {:reject, "[NoEmptyPolicy]"}
+  end
+end
--- a/test/pleroma/web/activity_pub/visibility_test.exs
+++ b/test/pleroma/web/activity_pub/visibility_test.exs
@ -6,6 +6,7 @@ defmodule Pleroma.Web.ActivityPub.VisibilityTest do
  use Pleroma.DataCase, async: true

  alias Pleroma.Activity
+  alias Pleroma.Object
  alias Pleroma.Web.ActivityPub.Visibility
  alias Pleroma.Web.CommonAPI
  import Pleroma.Factory
@ -107,7 +108,7 @@ defmodule Pleroma.Web.ActivityPub.VisibilityTest do
    assert Visibility.is_list?(list)
  end

-  test "visible_for_user?", %{
+  test "visible_for_user? Activity", %{
    public: public,
    private: private,
    direct: direct,
@ -149,10 +150,76 @@ defmodule Pleroma.Web.ActivityPub.VisibilityTest do
    refute Visibility.visible_for_user?(private, unrelated)
    refute Visibility.visible_for_user?(direct, unrelated)

+    # Public and unlisted visible for unauthenticated
+
+    assert Visibility.visible_for_user?(public, nil)
+    assert Visibility.visible_for_user?(unlisted, nil)
+    refute Visibility.visible_for_user?(private, nil)
+    refute Visibility.visible_for_user?(direct, nil)
+
    # Visible for a list member
    assert Visibility.visible_for_user?(list, unrelated)
  end

+  test "visible_for_user? Object", %{
+    public: public,
+    private: private,
+    direct: direct,
+    unlisted: unlisted,
+    user: user,
+    mentioned: mentioned,
+    following: following,
+    unrelated: unrelated,
+    list: list
+  } do
+    public = Object.normalize(public)
+    private = Object.normalize(private)
+    unlisted = Object.normalize(unlisted)
+    direct = Object.normalize(direct)
+    list = Object.normalize(list)
+
+    # All visible to author
+
+    assert Visibility.visible_for_user?(public, user)
+    assert Visibility.visible_for_user?(private, user)
+    assert Visibility.visible_for_user?(unlisted, user)
+    assert Visibility.visible_for_user?(direct, user)
+    assert Visibility.visible_for_user?(list, user)
+
+    # All visible to a mentioned user
+
+    assert Visibility.visible_for_user?(public, mentioned)
+    assert Visibility.visible_for_user?(private, mentioned)
+    assert Visibility.visible_for_user?(unlisted, mentioned)
+    assert Visibility.visible_for_user?(direct, mentioned)
+    assert Visibility.visible_for_user?(list, mentioned)
+
+    # DM not visible for just follower
+
+    assert Visibility.visible_for_user?(public, following)
+    assert Visibility.visible_for_user?(private, following)
+    assert Visibility.visible_for_user?(unlisted, following)
+    refute Visibility.visible_for_user?(direct, following)
+    refute Visibility.visible_for_user?(list, following)
+
+    # Public and unlisted visible for unrelated user
+
+    assert Visibility.visible_for_user?(public, unrelated)
+    assert Visibility.visible_for_user?(unlisted, unrelated)
+    refute Visibility.visible_for_user?(private, unrelated)
+    refute Visibility.visible_for_user?(direct, unrelated)
+
+    # Public and unlisted visible for unauthenticated
+
+    assert Visibility.visible_for_user?(public, nil)
+    assert Visibility.visible_for_user?(unlisted, nil)
+    refute Visibility.visible_for_user?(private, nil)
+    refute Visibility.visible_for_user?(direct, nil)
+
+    # Visible for a list member
+    # assert Visibility.visible_for_user?(list, unrelated)
+  end
+
  test "doesn't die when the user doesn't exist",
       %{
         direct: direct,
--- a/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs
+++ b/test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs
@ -405,13 +405,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
    setup do
      user = insert(:user)

-      date1 = (DateTime.to_unix(DateTime.utc_now()) + 2000) |> DateTime.from_unix!()
-      date2 = (DateTime.to_unix(DateTime.utc_now()) + 1000) |> DateTime.from_unix!()
-      date3 = (DateTime.to_unix(DateTime.utc_now()) + 3000) |> DateTime.from_unix!()
-
-      insert(:note_activity, user: user, published: date1)
-      insert(:note_activity, user: user, published: date2)
-      insert(:note_activity, user: user, published: date3)
+      insert(:note_activity, user: user)
+      insert(:note_activity, user: user)
+      insert(:note_activity, user: user)

      %{user: user}
    end
@ -419,23 +415,22 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
    test "renders user's statuses", %{conn: conn, user: user} do
      conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/statuses")

-      assert json_response(conn, 200) |> length() == 3
+      assert %{"total" => 3, "activities" => activities} = json_response(conn, 200)
+      assert length(activities) == 3
    end

    test "renders user's statuses with pagination", %{conn: conn, user: user} do
-      conn1 = get(conn, "/api/pleroma/admin/users/#{user.nickname}/statuses?page_size=1&page=1")
+      %{"total" => 3, "activities" => [activity1]} =
+        conn
+        |> get("/api/pleroma/admin/users/#{user.nickname}/statuses?page_size=1&page=1")
+        |> json_response(200)

-      response1 = json_response(conn1, 200)
+      %{"total" => 3, "activities" => [activity2]} =
+        conn
+        |> get("/api/pleroma/admin/users/#{user.nickname}/statuses?page_size=1&page=2")
+        |> json_response(200)

-      assert response1 |> length() == 1
-
-      conn2 = get(conn, "/api/pleroma/admin/users/#{user.nickname}/statuses?page_size=1&page=2")
-
-      response2 = json_response(conn2, 200)
-
-      assert response2 |> length() == 1
-
-      refute response1 == response2
+      refute activity1 == activity2
    end

    test "doesn't return private statuses by default", %{conn: conn, user: user} do
@ -443,9 +438,12 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do

      {:ok, _public_status} = CommonAPI.post(user, %{status: "public", visibility: "public"})

-      conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/statuses")
+      %{"total" => 4, "activities" => activities} =
+        conn
+        |> get("/api/pleroma/admin/users/#{user.nickname}/statuses")
+        |> json_response(200)

-      assert json_response(conn, 200) |> length() == 4
+      assert length(activities) == 4
    end

    test "returns private statuses with godmode on", %{conn: conn, user: user} do
@ -453,9 +451,12 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do

      {:ok, _public_status} = CommonAPI.post(user, %{status: "public", visibility: "public"})

-      conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/statuses?godmode=true")
+      %{"total" => 5, "activities" => activities} =
+        conn
+        |> get("/api/pleroma/admin/users/#{user.nickname}/statuses?godmode=true")
+        |> json_response(200)

-      assert json_response(conn, 200) |> length() == 5
+      assert length(activities) == 5
    end

    test "excludes reblogs by default", %{conn: conn, user: user} do
@ -463,13 +464,17 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
      {:ok, activity} = CommonAPI.post(user, %{status: "."})
      {:ok, %Activity{}} = CommonAPI.repeat(activity.id, other_user)

-      conn_res = get(conn, "/api/pleroma/admin/users/#{other_user.nickname}/statuses")
-      assert json_response(conn_res, 200) |> length() == 0
+      assert %{"total" => 0, "activities" => []} ==
+               conn
+               |> get("/api/pleroma/admin/users/#{other_user.nickname}/statuses")
+               |> json_response(200)

-      conn_res =
-        get(conn, "/api/pleroma/admin/users/#{other_user.nickname}/statuses?with_reblogs=true")
-
-      assert json_response(conn_res, 200) |> length() == 1
+      assert %{"total" => 1, "activities" => [_]} =
+               conn
+               |> get(
+                 "/api/pleroma/admin/users/#{other_user.nickname}/statuses?with_reblogs=true"
+               )
+               |> json_response(200)
    end
  end

@ -859,33 +864,30 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
      insert_pair(:note_activity, user: user)
      activity = insert(:note_activity, user: user2)

-      ret_conn = get(conn, "/api/pleroma/admin/instances/archae.me/statuses")
+      %{"total" => 2, "activities" => activities} =
+        conn |> get("/api/pleroma/admin/instances/archae.me/statuses") |> json_response(200)

-      response = json_response(ret_conn, 200)
+      assert length(activities) == 2

-      assert length(response) == 2
+      %{"total" => 1, "activities" => [_]} =
+        conn |> get("/api/pleroma/admin/instances/test.com/statuses") |> json_response(200)

-      ret_conn = get(conn, "/api/pleroma/admin/instances/test.com/statuses")
-
-      response = json_response(ret_conn, 200)
-
-      assert length(response) == 1
-
-      ret_conn = get(conn, "/api/pleroma/admin/instances/nonexistent.com/statuses")
-
-      response = json_response(ret_conn, 200)
-
-      assert Enum.empty?(response)
+      %{"total" => 0, "activities" => []} =
+        conn |> get("/api/pleroma/admin/instances/nonexistent.com/statuses") |> json_response(200)

      CommonAPI.repeat(activity.id, user)

-      ret_conn = get(conn, "/api/pleroma/admin/instances/archae.me/statuses")
-      response = json_response(ret_conn, 200)
-      assert length(response) == 2
+      %{"total" => 2, "activities" => activities} =
+        conn |> get("/api/pleroma/admin/instances/archae.me/statuses") |> json_response(200)

-      ret_conn = get(conn, "/api/pleroma/admin/instances/archae.me/statuses?with_reblogs=true")
-      response = json_response(ret_conn, 200)
-      assert length(response) == 3
+      assert length(activities) == 2
+
+      %{"total" => 3, "activities" => activities} =
+        conn
+        |> get("/api/pleroma/admin/instances/archae.me/statuses?with_reblogs=true")
+        |> json_response(200)
+
+      assert length(activities) == 3
    end
  end

--- a/test/pleroma/web/admin_api/controllers/config_controller_test.exs
+++ b/test/pleroma/web/admin_api/controllers/config_controller_test.exs
@ -31,7 +31,7 @@ defmodule Pleroma.Web.AdminAPI.ConfigControllerTest do

      assert json_response_and_validate_schema(conn, 400) ==
               %{
-                 "error" => "To use this endpoint you need to enable configuration from database."
+                 "error" => "You must enable configurable_from_database in your config file."
               }
    end

@ -170,7 +170,7 @@ defmodule Pleroma.Web.AdminAPI.ConfigControllerTest do
      |> post("/api/pleroma/admin/config", %{"configs" => []})

    assert json_response_and_validate_schema(conn, 400) ==
-             %{"error" => "To use this endpoint you need to enable configuration from database."}
+             %{"error" => "You must enable configurable_from_database in your config file."}
  end

  describe "POST /api/pleroma/admin/config" do
--- a/test/pleroma/web/mastodon_api/controllers/filter_controller_test.exs
+++ b/test/pleroma/web/mastodon_api/controllers/filter_controller_test.exs
@ -4,149 +4,412 @@

 defmodule Pleroma.Web.MastodonAPI.FilterControllerTest do
  use Pleroma.Web.ConnCase, async: true
+  use Oban.Testing, repo: Pleroma.Repo

-  alias Pleroma.Web.MastodonAPI.FilterView
+  import Pleroma.Factory

-  test "creating a filter" do
-    %{conn: conn} = oauth_access(["write:filters"])
+  alias Pleroma.Filter
+  alias Pleroma.Repo
+  alias Pleroma.Workers.PurgeExpiredFilter

-    filter = %Pleroma.Filter{
-      phrase: "knights",
-      context: ["home"]
-    }
-
-    conn =
+  test "non authenticated creation request", %{conn: conn} do
+    response =
      conn
      |> put_req_header("content-type", "application/json")
-      |> post("/api/v1/filters", %{"phrase" => filter.phrase, context: filter.context})
+      |> post("/api/v1/filters", %{"phrase" => "knights", context: ["home"]})
+      |> json_response(403)

-    assert response = json_response_and_validate_schema(conn, 200)
-    assert response["phrase"] == filter.phrase
-    assert response["context"] == filter.context
-    assert response["irreversible"] == false
-    assert response["id"] != nil
-    assert response["id"] != ""
+    assert response["error"] == "Invalid credentials."
+  end
+
+  describe "creating" do
+    setup do: oauth_access(["write:filters"])
+
+    test "a common filter", %{conn: conn, user: user} do
+      params = %{
+        phrase: "knights",
+        context: ["home"],
+        irreversible: true
+      }
+
+      response =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/filters", params)
+        |> json_response_and_validate_schema(200)
+
+      assert response["phrase"] == params.phrase
+      assert response["context"] == params.context
+      assert response["irreversible"] == true
+      assert response["id"] != nil
+      assert response["id"] != ""
+      assert response["expires_at"] == nil
+
+      filter = Filter.get(response["id"], user)
+      assert filter.hide == true
+    end
+
+    test "a filter with expires_in", %{conn: conn, user: user} do
+      in_seconds = 600
+
+      response =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/filters", %{
+          "phrase" => "knights",
+          context: ["home"],
+          expires_in: in_seconds
+        })
+        |> json_response_and_validate_schema(200)
+
+      assert response["irreversible"] == false
+
+      expires_at =
+        NaiveDateTime.utc_now()
+        |> NaiveDateTime.add(in_seconds)
+        |> Pleroma.Web.CommonAPI.Utils.to_masto_date()
+
+      assert response["expires_at"] == expires_at
+
+      filter = Filter.get(response["id"], user)
+
+      id = filter.id
+
+      assert_enqueued(
+        worker: PurgeExpiredFilter,
+        args: %{filter_id: filter.id}
+      )
+
+      assert {:ok, %{id: ^id}} =
+               perform_job(PurgeExpiredFilter, %{
+                 filter_id: filter.id
+               })
+
+      assert Repo.aggregate(Filter, :count, :id) == 0
+    end
  end

  test "fetching a list of filters" do
    %{user: user, conn: conn} = oauth_access(["read:filters"])

-    query_one = %Pleroma.Filter{
-      user_id: user.id,
-      filter_id: 1,
-      phrase: "knights",
-      context: ["home"]
-    }
+    %{filter_id: id1} = insert(:filter, user: user)
+    %{filter_id: id2} = insert(:filter, user: user)

-    query_two = %Pleroma.Filter{
-      user_id: user.id,
-      filter_id: 2,
-      phrase: "who",
-      context: ["home"]
-    }
+    id1 = to_string(id1)
+    id2 = to_string(id2)

-    {:ok, filter_one} = Pleroma.Filter.create(query_one)
-    {:ok, filter_two} = Pleroma.Filter.create(query_two)
+    assert [%{"id" => ^id2}, %{"id" => ^id1}] =
+             conn
+             |> get("/api/v1/filters")
+             |> json_response_and_validate_schema(200)
+  end
+
+  test "fetching a list of filters without token", %{conn: conn} do
+    insert(:filter)

    response =
      conn
      |> get("/api/v1/filters")
-      |> json_response_and_validate_schema(200)
+      |> json_response(403)

-    assert response ==
-             render_json(
-               FilterView,
-               "index.json",
-               filters: [filter_two, filter_one]
-             )
+    assert response["error"] == "Invalid credentials."
  end

  test "get a filter" do
    %{user: user, conn: conn} = oauth_access(["read:filters"])

    # check whole_word false
-    query = %Pleroma.Filter{
-      user_id: user.id,
-      filter_id: 2,
-      phrase: "knight",
-      context: ["home"],
-      whole_word: false
-    }
+    filter = insert(:filter, user: user, whole_word: false)

-    {:ok, filter} = Pleroma.Filter.create(query)
+    resp1 =
+      conn |> get("/api/v1/filters/#{filter.filter_id}") |> json_response_and_validate_schema(200)

-    conn = get(conn, "/api/v1/filters/#{filter.filter_id}")
-
-    assert response = json_response_and_validate_schema(conn, 200)
-    assert response["whole_word"] == false
+    assert resp1["whole_word"] == false

    # check whole_word true
-    %{user: user, conn: conn} = oauth_access(["read:filters"])
+    filter = insert(:filter, user: user, whole_word: true)

-    query = %Pleroma.Filter{
-      user_id: user.id,
-      filter_id: 3,
-      phrase: "knight",
-      context: ["home"],
-      whole_word: true
-    }
+    resp2 =
+      conn |> get("/api/v1/filters/#{filter.filter_id}") |> json_response_and_validate_schema(200)

-    {:ok, filter} = Pleroma.Filter.create(query)
-
-    conn = get(conn, "/api/v1/filters/#{filter.filter_id}")
-
-    assert response = json_response_and_validate_schema(conn, 200)
-    assert response["whole_word"] == true
+    assert resp2["whole_word"] == true
  end

-  test "update a filter" do
-    %{user: user, conn: conn} = oauth_access(["write:filters"])
+  test "get a filter not_found error" do
+    filter = insert(:filter)
+    %{conn: conn} = oauth_access(["read:filters"])

-    query = %Pleroma.Filter{
-      user_id: user.id,
-      filter_id: 2,
-      phrase: "knight",
-      context: ["home"],
-      hide: true,
-      whole_word: true
-    }
+    response =
+      conn |> get("/api/v1/filters/#{filter.filter_id}") |> json_response_and_validate_schema(404)

-    {:ok, _filter} = Pleroma.Filter.create(query)
+    assert response["error"] == "Record not found"
+  end

-    new = %Pleroma.Filter{
-      phrase: "nii",
-      context: ["home"]
-    }
+  describe "updating a filter" do
+    setup do: oauth_access(["write:filters"])

-    conn =
+    test "common" do
+      %{conn: conn, user: user} = oauth_access(["write:filters"])
+
+      filter =
+        insert(:filter,
+          user: user,
+          hide: true,
+          whole_word: true
+        )
+
+      params = %{
+        phrase: "nii",
+        context: ["public"],
+        irreversible: false
+      }
+
+      response =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> put("/api/v1/filters/#{filter.filter_id}", params)
+        |> json_response_and_validate_schema(200)
+
+      assert response["phrase"] == params.phrase
+      assert response["context"] == params.context
+      assert response["irreversible"] == false
+      assert response["whole_word"] == true
+    end
+
+    test "with adding expires_at", %{conn: conn, user: user} do
+      filter = insert(:filter, user: user)
+      in_seconds = 600
+
+      response =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> put("/api/v1/filters/#{filter.filter_id}", %{
+          phrase: "nii",
+          context: ["public"],
+          expires_in: in_seconds,
+          irreversible: true
+        })
+        |> json_response_and_validate_schema(200)
+
+      assert response["irreversible"] == true
+
+      assert response["expires_at"] ==
+               NaiveDateTime.utc_now()
+               |> NaiveDateTime.add(in_seconds)
+               |> Pleroma.Web.CommonAPI.Utils.to_masto_date()
+
+      filter = Filter.get(response["id"], user)
+
+      id = filter.id
+
+      assert_enqueued(
+        worker: PurgeExpiredFilter,
+        args: %{filter_id: id}
+      )
+
+      assert {:ok, %{id: ^id}} =
+               perform_job(PurgeExpiredFilter, %{
+                 filter_id: id
+               })
+
+      assert Repo.aggregate(Filter, :count, :id) == 0
+    end
+
+    test "with removing expires_at", %{conn: conn, user: user} do
+      response =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/filters", %{
+          phrase: "cofe",
+          context: ["home"],
+          expires_in: 600
+        })
+        |> json_response_and_validate_schema(200)
+
+      filter = Filter.get(response["id"], user)
+
+      assert_enqueued(
+        worker: PurgeExpiredFilter,
+        args: %{filter_id: filter.id}
+      )
+
+      response =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> put("/api/v1/filters/#{filter.filter_id}", %{
+          phrase: "nii",
+          context: ["public"],
+          expires_in: nil,
+          whole_word: true
+        })
+        |> json_response_and_validate_schema(200)
+
+      refute_enqueued(
+        worker: PurgeExpiredFilter,
+        args: %{filter_id: filter.id}
+      )
+
+      assert response["irreversible"] == false
+      assert response["whole_word"] == true
+      assert response["expires_at"] == nil
+    end
+
+    test "expires_at is the same in create and update so job is in db", %{conn: conn, user: user} do
+      resp1 =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/filters", %{
+          phrase: "cofe",
+          context: ["home"],
+          expires_in: 600
+        })
+        |> json_response_and_validate_schema(200)
+
+      filter = Filter.get(resp1["id"], user)
+
+      assert_enqueued(
+        worker: PurgeExpiredFilter,
+        args: %{filter_id: filter.id}
+      )
+
+      job = PurgeExpiredFilter.get_expiration(filter.id)
+
+      resp2 =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> put("/api/v1/filters/#{filter.filter_id}", %{
+          phrase: "nii",
+          context: ["public"]
+        })
+        |> json_response_and_validate_schema(200)
+
+      updated_filter = Filter.get(resp2["id"], user)
+
+      assert_enqueued(
+        worker: PurgeExpiredFilter,
+        args: %{filter_id: updated_filter.id}
+      )
+
+      after_update = PurgeExpiredFilter.get_expiration(updated_filter.id)
+
+      assert resp1["expires_at"] == resp2["expires_at"]
+
+      assert job.scheduled_at == after_update.scheduled_at
+    end
+
+    test "updating expires_at updates oban job too", %{conn: conn, user: user} do
+      resp1 =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/filters", %{
+          phrase: "cofe",
+          context: ["home"],
+          expires_in: 600
+        })
+        |> json_response_and_validate_schema(200)
+
+      filter = Filter.get(resp1["id"], user)
+
+      assert_enqueued(
+        worker: PurgeExpiredFilter,
+        args: %{filter_id: filter.id}
+      )
+
+      job = PurgeExpiredFilter.get_expiration(filter.id)
+
+      resp2 =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> put("/api/v1/filters/#{filter.filter_id}", %{
+          phrase: "nii",
+          context: ["public"],
+          expires_in: 300
+        })
+        |> json_response_and_validate_schema(200)
+
+      updated_filter = Filter.get(resp2["id"], user)
+
+      assert_enqueued(
+        worker: PurgeExpiredFilter,
+        args: %{filter_id: updated_filter.id}
+      )
+
+      after_update = PurgeExpiredFilter.get_expiration(updated_filter.id)
+
+      refute resp1["expires_at"] == resp2["expires_at"]
+
+      refute job.scheduled_at == after_update.scheduled_at
+    end
+  end
+
+  test "update filter without token", %{conn: conn} do
+    filter = insert(:filter)
+
+    response =
      conn
      |> put_req_header("content-type", "application/json")
-      |> put("/api/v1/filters/#{query.filter_id}", %{
-        phrase: new.phrase,
-        context: new.context
+      |> put("/api/v1/filters/#{filter.filter_id}", %{
+        phrase: "nii",
+        context: ["public"]
      })
+      |> json_response(403)

-    assert response = json_response_and_validate_schema(conn, 200)
-    assert response["phrase"] == new.phrase
-    assert response["context"] == new.context
-    assert response["irreversible"] == true
-    assert response["whole_word"] == true
+    assert response["error"] == "Invalid credentials."
  end

-  test "delete a filter" do
-    %{user: user, conn: conn} = oauth_access(["write:filters"])
+  describe "delete a filter" do
+    setup do: oauth_access(["write:filters"])

-    query = %Pleroma.Filter{
-      user_id: user.id,
-      filter_id: 2,
-      phrase: "knight",
-      context: ["home"]
-    }
+    test "common", %{conn: conn, user: user} do
+      filter = insert(:filter, user: user)

-    {:ok, filter} = Pleroma.Filter.create(query)
+      assert conn
+             |> delete("/api/v1/filters/#{filter.filter_id}")
+             |> json_response_and_validate_schema(200) == %{}

-    conn = delete(conn, "/api/v1/filters/#{filter.filter_id}")
+      assert Repo.all(Filter) == []
+    end

-    assert json_response_and_validate_schema(conn, 200) == %{}
+    test "with expires_at", %{conn: conn, user: user} do
+      response =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/filters", %{
+          phrase: "cofe",
+          context: ["home"],
+          expires_in: 600
+        })
+        |> json_response_and_validate_schema(200)
+
+      filter = Filter.get(response["id"], user)
+
+      assert_enqueued(
+        worker: PurgeExpiredFilter,
+        args: %{filter_id: filter.id}
+      )
+
+      assert conn
+             |> delete("/api/v1/filters/#{filter.filter_id}")
+             |> json_response_and_validate_schema(200) == %{}
+
+      refute_enqueued(
+        worker: PurgeExpiredFilter,
+        args: %{filter_id: filter.id}
+      )
+
+      assert Repo.all(Filter) == []
+      assert Repo.all(Oban.Job) == []
+    end
+  end
+
+  test "delete a filter without token", %{conn: conn} do
+    filter = insert(:filter)
+
+    response =
+      conn
+      |> delete("/api/v1/filters/#{filter.filter_id}")
+      |> json_response(403)
+
+    assert response["error"] == "Invalid credentials."
  end
 end
--- a/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs
+++ b/test/pleroma/web/mastodon_api/controllers/status_controller_test.exs
@ -516,7 +516,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
             end)

      assert NaiveDateTime.diff(NaiveDateTime.from_iso8601!(response["poll"]["expires_at"]), time) in 420..430
-      refute response["poll"]["expred"]
+      assert response["poll"]["expired"] == false

      question = Object.get_by_id(response["poll"]["id"])

@ -592,6 +592,44 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
      %{"error" => error} = json_response_and_validate_schema(conn, 422)
      assert error == "Expiration date is too far in the future"
    end
+
+    test "scheduled poll", %{conn: conn} do
+      clear_config([ScheduledActivity, :enabled], true)
+
+      scheduled_at =
+        NaiveDateTime.add(NaiveDateTime.utc_now(), :timer.minutes(6), :millisecond)
+        |> NaiveDateTime.to_iso8601()
+        |> Kernel.<>("Z")
+
+      %{"id" => scheduled_id} =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/statuses", %{
+          "status" => "very cool poll",
+          "poll" => %{
+            "options" => ~w(a b c),
+            "expires_in" => 420
+          },
+          "scheduled_at" => scheduled_at
+        })
+        |> json_response_and_validate_schema(200)
+
+      assert {:ok, %{id: activity_id}} =
+               perform_job(Pleroma.Workers.ScheduledActivityWorker, %{
+                 activity_id: scheduled_id
+               })
+
+      assert Repo.all(Oban.Job) == []
+
+      object =
+        Activity
+        |> Repo.get(activity_id)
+        |> Object.normalize()
+
+      assert object.data["content"] == "very cool poll"
+      assert object.data["type"] == "Question"
+      assert length(object.data["oneOf"]) == 3
+    end
  end

  test "get a status" do
--- a/test/pleroma/web/o_status/o_status_controller_test.exs
+++ b/test/pleroma/web/o_status/o_status_controller_test.exs
@ -144,13 +144,19 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do
      assert redirect_url == expected_redirect_url
    end

-    test "returns a 404 on remote notice when json requested", %{conn: conn} do
+    test "redirects to a proper object URL when json requested and the object is remote", %{
+      conn: conn
+    } do
      note_activity = insert(:note_activity, local: false)
+      expected_redirect_url = Object.normalize(note_activity, fetch: false).data["id"]

-      conn
-      |> put_req_header("accept", "application/activity+json")
-      |> get("/notice/#{note_activity.id}")
-      |> response(404)
+      redirect_url =
+        conn
+        |> put_req_header("accept", "application/activity+json")
+        |> get("/notice/#{note_activity.id}")
+        |> redirected_to()
+
+      assert redirect_url == expected_redirect_url
    end

    test "500s when actor not found", %{conn: conn} do