Merge remote-tracking branch 'upstream/develop' into by-approval

2020-07-26 15:46:14 -05:00 · 2020-07-26 15:46:14 -05:00 · 6931dbfa58
commit 6931dbfa58
parent 15f8921b11 a7616dec8c
242 changed files with 2000 additions and 2867 deletions
--- a/lib/pleroma/web/activity_pub/activity_pub.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub.ex
@ -1370,6 +1370,10 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
        Logger.debug("Could not decode user at fetch #{ap_id}, #{inspect(e)}")
        {:error, e}

+      {:error, {:reject, reason} = e} ->
+        Logger.info("Rejected user #{ap_id}: #{inspect(reason)}")
+        {:error, e}
+
      {:error, e} ->
        Logger.error("Could not decode user at fetch #{ap_id}, #{inspect(e)}")
        {:error, e}
--- a/lib/pleroma/web/activity_pub/mrf/anti_followbot_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/anti_followbot_policy.ex
@ -60,7 +60,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.AntiFollowbotPolicy do
    if score < 0.8 do
      {:ok, message}
    else
-      {:reject, nil}
+      {:reject, "[AntiFollowbotPolicy] Scored #{actor_id} as #{score}"}
    end
  end

--- a/lib/pleroma/web/activity_pub/mrf/anti_link_spam_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/anti_link_spam_policy.ex
@ -39,14 +39,13 @@ defmodule Pleroma.Web.ActivityPub.MRF.AntiLinkSpamPolicy do
        {:ok, message}

      {:old_user, false} ->
-        {:reject, nil}
+        {:reject, "[AntiLinkSpamPolicy] User has no posts nor followers"}

      {:error, _} ->
-        {:reject, nil}
+        {:reject, "[AntiLinkSpamPolicy] Failed to get or fetch user by ap_id"}

      e ->
-        Logger.warn("[MRF anti-link-spam] WTF: unhandled error #{inspect(e)}")
-        {:reject, nil}
+        {:reject, "[AntiLinkSpamPolicy] Unhandled error #{inspect(e)}"}
    end
  end

--- a/lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex
@ -43,7 +43,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.HellthreadPolicy do
  defp reject_message(message, threshold) when threshold > 0 do
    with {_, recipients} <- get_recipient_count(message) do
      if recipients > threshold do
-        {:reject, nil}
+        {:reject, "[HellthreadPolicy] #{recipients} recipients is over the limit of #{threshold}"}
      else
        {:ok, message}
      end
@ -87,7 +87,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.HellthreadPolicy do
         {:ok, message} <- delist_message(message, delist_threshold) do
      {:ok, message}
    else
-      _e -> {:reject, nil}
+      e -> e
    end
  end

--- a/lib/pleroma/web/activity_pub/mrf/keyword_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/keyword_policy.ex
@ -24,7 +24,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.KeywordPolicy do
    if Enum.any?(Pleroma.Config.get([:mrf_keyword, :reject]), fn pattern ->
         string_matches?(content, pattern) or string_matches?(summary, pattern)
       end) do
-      {:reject, nil}
+      {:reject, "[KeywordPolicy] Matches with rejected keyword"}
    else
      {:ok, message}
    end
@ -89,8 +89,9 @@ defmodule Pleroma.Web.ActivityPub.MRF.KeywordPolicy do
         {:ok, message} <- check_replace(message) do
      {:ok, message}
    else
-      _e ->
-        {:reject, nil}
+      {:reject, nil} -> {:reject, "[KeywordPolicy] "}
+      {:reject, _} = e -> e
+      _e -> {:reject, "[KeywordPolicy] "}
    end
  end

--- a/lib/pleroma/web/activity_pub/mrf/mention_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/mention_policy.ex
@ -12,8 +12,9 @@ defmodule Pleroma.Web.ActivityPub.MRF.MentionPolicy do
    reject_actors = Pleroma.Config.get([:mrf_mention, :actors], [])
    recipients = (message["to"] || []) ++ (message["cc"] || [])

-    if Enum.any?(recipients, fn recipient -> Enum.member?(reject_actors, recipient) end) do
-      {:reject, nil}
+    if rejected_mention =
+         Enum.find(recipients, fn recipient -> Enum.member?(reject_actors, recipient) end) do
+      {:reject, "[MentionPolicy] Rejected for mention of #{rejected_mention}"}
    else
      {:ok, message}
    end
--- a/lib/pleroma/web/activity_pub/mrf/object_age_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/object_age_policy.ex
@ -28,7 +28,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.ObjectAgePolicy do

  defp check_reject(message, actions) do
    if :reject in actions do
-      {:reject, nil}
+      {:reject, "[ObjectAgePolicy]"}
    else
      {:ok, message}
    end
@ -47,9 +47,8 @@ defmodule Pleroma.Web.ActivityPub.MRF.ObjectAgePolicy do

        {:ok, message}
      else
-        # Unhandleable error: somebody is messing around, just drop the message.
        _e ->
-          {:reject, nil}
+          {:reject, "[ObjectAgePolicy] Unhandled error"}
      end
    else
      {:ok, message}
@ -69,9 +68,8 @@ defmodule Pleroma.Web.ActivityPub.MRF.ObjectAgePolicy do

        {:ok, message}
      else
-        # Unhandleable error: somebody is messing around, just drop the message.
        _e ->
-          {:reject, nil}
+          {:reject, "[ObjectAgePolicy] Unhandled error"}
      end
    else
      {:ok, message}
--- a/lib/pleroma/web/activity_pub/mrf/reject_non_public.ex
+++ b/lib/pleroma/web/activity_pub/mrf/reject_non_public.ex
@ -38,7 +38,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.RejectNonPublic do
        {:ok, object}

      true ->
-        {:reject, nil}
+        {:reject, "[RejectNonPublic] visibility: #{visibility}"}
    end
  end

--- a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex
@ -21,7 +21,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
      accepts == [] -> {:ok, object}
      actor_host == Config.get([Pleroma.Web.Endpoint, :url, :host]) -> {:ok, object}
      MRF.subdomain_match?(accepts, actor_host) -> {:ok, object}
-      true -> {:reject, nil}
+      true -> {:reject, "[SimplePolicy] host not in accept list"}
    end
  end

@ -31,7 +31,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
      |> MRF.subdomains_regex()

    if MRF.subdomain_match?(rejects, actor_host) do
-      {:reject, nil}
+      {:reject, "[SimplePolicy] host in reject list"}
    else
      {:ok, object}
    end
@ -114,7 +114,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
      |> MRF.subdomains_regex()

    if MRF.subdomain_match?(report_removal, actor_host) do
-      {:reject, nil}
+      {:reject, "[SimplePolicy] host in report_removal list"}
    else
      {:ok, object}
    end
@ -159,7 +159,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
      |> MRF.subdomains_regex()

    if MRF.subdomain_match?(reject_deletes, actor_host) do
-      {:reject, nil}
+      {:reject, "[SimplePolicy] host in reject_deletes list"}
    else
      {:ok, object}
    end
@ -177,7 +177,9 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
         {:ok, object} <- check_report_removal(actor_info, object) do
      {:ok, object}
    else
-      _e -> {:reject, nil}
+      {:reject, nil} -> {:reject, "[SimplePolicy]"}
+      {:reject, _} = e -> e
+      _ -> {:reject, "[SimplePolicy]"}
    end
  end

@ -191,7 +193,9 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
         {:ok, object} <- check_banner_removal(actor_info, object) do
      {:ok, object}
    else
-      _e -> {:reject, nil}
+      {:reject, nil} -> {:reject, "[SimplePolicy]"}
+      {:reject, _} = e -> e
+      _ -> {:reject, "[SimplePolicy]"}
    end
  end

--- a/lib/pleroma/web/activity_pub/mrf/tag_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/tag_policy.ex
@ -134,12 +134,13 @@ defmodule Pleroma.Web.ActivityPub.MRF.TagPolicy do
    if user.local == true do
      {:ok, message}
    else
-      {:reject, nil}
+      {:reject,
+       "[TagPolicy] Follow from #{actor} tagged with mrf_tag:disable-remote-subscription"}
    end
  end

-  defp process_tag("mrf_tag:disable-any-subscription", %{"type" => "Follow"}),
-    do: {:reject, nil}
+  defp process_tag("mrf_tag:disable-any-subscription", %{"type" => "Follow", "actor" => actor}),
+    do: {:reject, "[TagPolicy] Follow from #{actor} tagged with mrf_tag:disable-any-subscription"}

  defp process_tag(_, message), do: {:ok, message}

--- a/lib/pleroma/web/activity_pub/mrf/user_allow_list_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/user_allow_list_policy.ex
@ -14,7 +14,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.UserAllowListPolicy do
    if actor in allow_list do
      {:ok, object}
    else
-      {:reject, nil}
+      {:reject, "[UserAllowListPolicy] #{actor} not in the list"}
    end
  end

--- a/lib/pleroma/web/activity_pub/mrf/vocabulary_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/vocabulary_policy.ex
@ -11,22 +11,26 @@ defmodule Pleroma.Web.ActivityPub.MRF.VocabularyPolicy do
    with {:ok, _} <- filter(child_message) do
      {:ok, message}
    else
-      {:reject, nil} ->
-        {:reject, nil}
+      {:reject, _} = e -> e
    end
  end

  def filter(%{"type" => message_type} = message) do
    with accepted_vocabulary <- Pleroma.Config.get([:mrf_vocabulary, :accept]),
         rejected_vocabulary <- Pleroma.Config.get([:mrf_vocabulary, :reject]),
-         true <-
-           Enum.empty?(accepted_vocabulary) || Enum.member?(accepted_vocabulary, message_type),
-         false <-
-           length(rejected_vocabulary) > 0 && Enum.member?(rejected_vocabulary, message_type),
+         {_, true} <-
+           {:accepted,
+            Enum.empty?(accepted_vocabulary) || Enum.member?(accepted_vocabulary, message_type)},
+         {_, false} <-
+           {:rejected,
+            length(rejected_vocabulary) > 0 && Enum.member?(rejected_vocabulary, message_type)},
         {:ok, _} <- filter(message["object"]) do
      {:ok, message}
    else
-      _ -> {:reject, nil}
+      {:reject, _} = e -> e
+      {:accepted, _} -> {:reject, "[VocabularyPolicy] #{message_type} not in accept list"}
+      {:rejected, _} -> {:reject, "[VocabularyPolicy] #{message_type} in reject list"}
+      _ -> {:reject, "[VocabularyPolicy]"}
    end
  end

--- a/lib/pleroma/web/activity_pub/publisher.ex
+++ b/lib/pleroma/web/activity_pub/publisher.ex
@ -49,7 +49,8 @@ defmodule Pleroma.Web.ActivityPub.Publisher do
  """
  def publish_one(%{inbox: inbox, json: json, actor: %User{} = actor, id: id} = params) do
    Logger.debug("Federating #{id} to #{inbox}")
-    %{host: host, path: path} = URI.parse(inbox)
+
+    uri = URI.parse(inbox)

    digest = "SHA-256=" <> (:crypto.hash(:sha256, json) |> Base.encode64())

@ -57,8 +58,8 @@ defmodule Pleroma.Web.ActivityPub.Publisher do

    signature =
      Pleroma.Signature.sign(actor, %{
-        "(request-target)": "post #{path}",
-        host: host,
+        "(request-target)": "post #{uri.path}",
+        host: signature_host(uri),
        "content-length": byte_size(json),
        digest: digest,
        date: date
@ -76,8 +77,9 @@ defmodule Pleroma.Web.ActivityPub.Publisher do
                 {"digest", digest}
               ]
             ) do
-      if !Map.has_key?(params, :unreachable_since) || params[:unreachable_since],
-        do: Instances.set_reachable(inbox)
+      if not Map.has_key?(params, :unreachable_since) || params[:unreachable_since] do
+        Instances.set_reachable(inbox)
+      end

      result
    else
@ -96,6 +98,14 @@ defmodule Pleroma.Web.ActivityPub.Publisher do
    |> publish_one()
  end

+  defp signature_host(%URI{port: port, scheme: scheme, host: host}) do
+    if port == URI.default_port(scheme) do
+      host
+    else
+      "#{host}:#{port}"
+    end
+  end
+
  defp should_federate?(inbox, public) do
    if public do
      true
--- a/lib/pleroma/web/activity_pub/transmogrifier.ex
+++ b/lib/pleroma/web/activity_pub/transmogrifier.ex
@ -178,7 +178,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
        |> Map.drop(["conversation"])
      else
        e ->
-          Logger.error("Couldn't fetch #{inspect(in_reply_to_id)}, error: #{inspect(e)}")
+          Logger.warn("Couldn't fetch #{inspect(in_reply_to_id)}, error: #{inspect(e)}")
          object
      end
    else
--- a/lib/pleroma/web/activity_pub/utils.ex
+++ b/lib/pleroma/web/activity_pub/utils.ex
@ -719,15 +719,18 @@ defmodule Pleroma.Web.ActivityPub.Utils do

    case Activity.get_by_ap_id_with_object(id) do
      %Activity{} = activity ->
+        activity_actor = User.get_by_ap_id(activity.object.data["actor"])
+
        %{
          "type" => "Note",
          "id" => activity.data["id"],
          "content" => activity.object.data["content"],
          "published" => activity.object.data["published"],
          "actor" =>
-            AccountView.render("show.json", %{
-              user: User.get_by_ap_id(activity.object.data["actor"])
-            })
+            AccountView.render(
+              "show.json",
+              %{user: activity_actor, skip_visibility_check: true}
+            )
        }

      _ ->
--- a/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex
+++ b/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex
@ -361,7 +361,11 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
    with {:ok, users, count} <- Search.user(Map.merge(search_params, filters)) do
      json(
        conn,
-        AccountView.render("index.json", users: users, count: count, page_size: page_size)
+        AccountView.render("index.json",
+          users: users,
+          count: count,
+          page_size: page_size
+        )
      )
    end
  end
@ -632,29 +636,24 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
  end

  def confirm_email(%{assigns: %{user: admin}} = conn, %{"nicknames" => nicknames}) do
-    users = nicknames |> Enum.map(&User.get_cached_by_nickname/1)
+    users = Enum.map(nicknames, &User.get_cached_by_nickname/1)

    User.toggle_confirmation(users)

-    ModerationLog.insert_log(%{
-      actor: admin,
-      subject: users,
-      action: "confirm_email"
-    })
+    ModerationLog.insert_log(%{actor: admin, subject: users, action: "confirm_email"})

    json(conn, "")
  end

  def resend_confirmation_email(%{assigns: %{user: admin}} = conn, %{"nicknames" => nicknames}) do
-    users = nicknames |> Enum.map(&User.get_cached_by_nickname/1)
+    users =
+      Enum.map(nicknames, fn nickname ->
+        nickname
+        |> User.get_cached_by_nickname()
+        |> User.send_confirmation_email()
+      end)

-    User.try_send_confirmation_email(users)
-
-    ModerationLog.insert_log(%{
-      actor: admin,
-      subject: users,
-      action: "resend_confirmation_email"
-    })
+    ModerationLog.insert_log(%{actor: admin, subject: users, action: "resend_confirmation_email"})

    json(conn, "")
  end
--- a/lib/pleroma/web/admin_api/views/account_view.ex
+++ b/lib/pleroma/web/admin_api/views/account_view.ex
@ -107,7 +107,7 @@ defmodule Pleroma.Web.AdminAPI.AccountView do
  end

  def merge_account_views(%User{} = user) do
-    MastodonAPI.AccountView.render("show.json", %{user: user})
+    MastodonAPI.AccountView.render("show.json", %{user: user, skip_visibility_check: true})
    |> Map.merge(AdminAPI.AccountView.render("show.json", %{user: user}))
  end

--- a/lib/pleroma/web/api_spec/operations/account_operation.ex
+++ b/lib/pleroma/web/api_spec/operations/account_operation.ex
@ -159,6 +159,7 @@ defmodule Pleroma.Web.ApiSpec.AccountOperation do
        "Accounts which follow the given account, if network is not hidden by the account owner.",
      parameters: [
        %Reference{"$ref": "#/components/parameters/accountIdOrNickname"},
+        Operation.parameter(:id, :query, :string, "ID of the resource owner"),
        with_relationships_param() | pagination_params()
      ],
      responses: %{
@ -177,6 +178,7 @@ defmodule Pleroma.Web.ApiSpec.AccountOperation do
        "Accounts which the given account is following, if network is not hidden by the account owner.",
      parameters: [
        %Reference{"$ref": "#/components/parameters/accountIdOrNickname"},
+        Operation.parameter(:id, :query, :string, "ID of the resource owner"),
        with_relationships_param() | pagination_params()
      ],
      responses: %{200 => Operation.response("Accounts", "application/json", array_of_accounts())}
--- a/lib/pleroma/web/api_spec/operations/chat_operation.ex
+++ b/lib/pleroma/web/api_spec/operations/chat_operation.ex
@ -300,11 +300,11 @@ defmodule Pleroma.Web.ApiSpec.ChatOperation do
          "content" => "Check this out :firefox:",
          "id" => "13",
          "chat_id" => "1",
-          "actor_id" => "someflakeid",
+          "account_id" => "someflakeid",
          "unread" => false
        },
        %{
-          "actor_id" => "someflakeid",
+          "account_id" => "someflakeid",
          "content" => "Whats' up?",
          "id" => "12",
          "chat_id" => "1",
--- a/lib/pleroma/web/api_spec/operations/domain_block_operation.ex
+++ b/lib/pleroma/web/api_spec/operations/domain_block_operation.ex
@ -31,6 +31,7 @@ defmodule Pleroma.Web.ApiSpec.DomainBlockOperation do
    }
  end

+  # Supporting domain query parameter is deprecated in Mastodon API
  def create_operation do
    %Operation{
      tags: ["domain_blocks"],
@ -45,11 +46,13 @@ defmodule Pleroma.Web.ApiSpec.DomainBlockOperation do
      """,
      operationId: "DomainBlockController.create",
      requestBody: domain_block_request(),
+      parameters: [Operation.parameter(:domain, :query, %Schema{type: :string}, "Domain name")],
      security: [%{"oAuth" => ["follow", "write:blocks"]}],
      responses: %{200 => empty_object_response()}
    }
  end

+  # Supporting domain query parameter is deprecated in Mastodon API
  def delete_operation do
    %Operation{
      tags: ["domain_blocks"],
@ -57,6 +60,7 @@ defmodule Pleroma.Web.ApiSpec.DomainBlockOperation do
      description: "Remove a domain block, if it exists in the user's array of blocked domains.",
      operationId: "DomainBlockController.delete",
      requestBody: domain_block_request(),
+      parameters: [Operation.parameter(:domain, :query, %Schema{type: :string}, "Domain name")],
      security: [%{"oAuth" => ["follow", "write:blocks"]}],
      responses: %{
        200 => Operation.response("Empty object", "application/json", %Schema{type: :object})
@ -71,10 +75,9 @@ defmodule Pleroma.Web.ApiSpec.DomainBlockOperation do
        type: :object,
        properties: %{
          domain: %Schema{type: :string}
-        },
-        required: [:domain]
+        }
      },
-      required: true,
+      required: false,
      example: %{
        "domain" => "facebook.com"
      }
--- a/lib/pleroma/web/api_spec/schemas/account.ex
+++ b/lib/pleroma/web/api_spec/schemas/account.ex
@ -90,11 +90,8 @@ defmodule Pleroma.Web.ApiSpec.Schemas.Account do
          notification_settings: %Schema{
            type: :object,
            properties: %{
-              followers: %Schema{type: :boolean},
-              follows: %Schema{type: :boolean},
-              non_followers: %Schema{type: :boolean},
-              non_follows: %Schema{type: :boolean},
-              privacy_option: %Schema{type: :boolean}
+              block_from_strangers: %Schema{type: :boolean},
+              hide_notification_contents: %Schema{type: :boolean}
            }
          },
          relationship: AccountRelationship,
@ -182,11 +179,8 @@ defmodule Pleroma.Web.ApiSpec.Schemas.Account do
        "unread_conversation_count" => 0,
        "tags" => [],
        "notification_settings" => %{
-          "followers" => true,
-          "follows" => true,
-          "non_followers" => true,
-          "non_follows" => true,
-          "privacy_option" => false
+          "block_from_strangers" => false,
+          "hide_notification_contents" => false
        },
        "relationship" => %{
          "blocked_by" => false,
--- a/lib/pleroma/web/chat_channel.ex
+++ b/lib/pleroma/web/chat_channel.ex
@ -4,8 +4,10 @@

 defmodule Pleroma.Web.ChatChannel do
  use Phoenix.Channel
+
  alias Pleroma.User
  alias Pleroma.Web.ChatChannel.ChatChannelState
+  alias Pleroma.Web.MastodonAPI.AccountView

  def join("chat:public", _message, socket) do
    send(self(), :after_join)
@ -22,9 +24,9 @@ defmodule Pleroma.Web.ChatChannel do

    if String.length(text) in 1..Pleroma.Config.get([:instance, :chat_limit]) do
      author = User.get_cached_by_nickname(user_name)
-      author = Pleroma.Web.MastodonAPI.AccountView.render("show.json", user: author)
+      author_json = AccountView.render("show.json", user: author, skip_visibility_check: true)

-      message = ChatChannelState.add_message(%{text: text, author: author})
+      message = ChatChannelState.add_message(%{text: text, author: author_json})

      broadcast!(socket, "new_msg", message)
    end
--- a/lib/pleroma/web/mastodon_api/controllers/domain_block_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/domain_block_controller.ex
@ -32,9 +32,19 @@ defmodule Pleroma.Web.MastodonAPI.DomainBlockController do
    json(conn, %{})
  end

+  def create(%{assigns: %{user: blocker}} = conn, %{domain: domain}) do
+    User.block_domain(blocker, domain)
+    json(conn, %{})
+  end
+
  @doc "DELETE /api/v1/domain_blocks"
  def delete(%{assigns: %{user: blocker}, body_params: %{domain: domain}} = conn, _params) do
    User.unblock_domain(blocker, domain)
    json(conn, %{})
  end
+
+  def delete(%{assigns: %{user: blocker}} = conn, %{domain: domain}) do
+    User.unblock_domain(blocker, domain)
+    json(conn, %{})
+  end
 end
--- a/lib/pleroma/web/mastodon_api/controllers/search_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/search_controller.ex
@ -93,7 +93,6 @@ defmodule Pleroma.Web.MastodonAPI.SearchController do
    AccountView.render("index.json",
      users: accounts,
      for: options[:for_user],
-      as: :user,
      embed_relationships: options[:embed_relationships]
    )
  end
--- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex
@ -172,6 +172,11 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do
        with_direct_conversation_id: true
      )
    else
+      {:error, {:reject, message}} ->
+        conn
+        |> put_status(:unprocessable_entity)
+        |> json(%{error: message})
+
      {:error, message} ->
        conn
        |> put_status(:unprocessable_entity)
--- a/lib/pleroma/web/mastodon_api/views/account_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/account_view.ex
@ -27,21 +27,40 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
          UserRelationship.view_relationships_option(reading_user, users)
      end

-    opts = Map.put(opts, :relationships, relationships_opt)
+    opts =
+      opts
+      |> Map.merge(%{relationships: relationships_opt, as: :user})
+      |> Map.delete(:users)

    users
    |> render_many(AccountView, "show.json", opts)
    |> Enum.filter(&Enum.any?/1)
  end

-  def render("show.json", %{user: user} = opts) do
-    if User.visible_for(user, opts[:for]) == :visible do
+  @doc """
+  Renders specified user account.
+    :skip_visibility_check option skips visibility check and renders any user (local or remote)
+      regardless of [:pleroma, :restrict_unauthenticated] setting.
+    :for option specifies the requester and can be a User record or nil.
+      Only use `user: user, for: user` when `user` is the actual requester of own profile.
+  """
+  def render("show.json", %{user: _user, skip_visibility_check: true} = opts) do
+    do_render("show.json", opts)
+  end
+
+  def render("show.json", %{user: user, for: for_user_or_nil} = opts) do
+    if User.visible_for(user, for_user_or_nil) == :visible do
      do_render("show.json", opts)
    else
      %{}
    end
  end

+  def render("show.json", _) do
+    raise "In order to prevent account accessibility issues, " <>
+            ":skip_visibility_check or :for option is required."
+  end
+
  def render("mention.json", %{user: user}) do
    %{
      id: to_string(user.id),
--- a/lib/pleroma/web/mastodon_api/views/conversation_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/conversation_view.ex
@ -38,7 +38,7 @@ defmodule Pleroma.Web.MastodonAPI.ConversationView do

    %{
      id: participation.id |> to_string(),
-      accounts: render(AccountView, "index.json", users: users, as: :user),
+      accounts: render(AccountView, "index.json", users: users, for: user),
      unread: !participation.read,
      last_status:
        render(StatusView, "show.json",
--- a/lib/pleroma/web/mastodon_api/views/instance_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/instance_view.ex
@ -42,7 +42,8 @@ defmodule Pleroma.Web.MastodonAPI.InstanceView do
          account_activation_required: Keyword.get(instance, :account_activation_required),
          features: features(),
          federation: federation(),
-          fields_limits: fields_limits()
+          fields_limits: fields_limits(),
+          post_formats: Config.get([:instance, :allowed_post_formats])
        },
        vapid_public_key: Keyword.get(Pleroma.Web.Push.vapid_config(), :public_key)
      }
--- a/lib/pleroma/web/mastodon_api/views/status_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/status_view.ex
@ -297,13 +297,17 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do

    emoji_reactions =
      with %{data: %{"reactions" => emoji_reactions}} <- object do
-        Enum.map(emoji_reactions, fn [emoji, users] ->
-          %{
-            name: emoji,
-            count: length(users),
-            me: !!(opts[:for] && opts[:for].ap_id in users)
-          }
+        Enum.map(emoji_reactions, fn
+          [emoji, users] when is_list(users) ->
+            build_emoji_map(emoji, users, opts[:for])
+
+          {emoji, users} when is_list(users) ->
+            build_emoji_map(emoji, users, opts[:for])
+
+          _ ->
+            nil
        end)
+        |> Enum.reject(&is_nil/1)
      else
        _ -> []
      end
@ -545,4 +549,12 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do

  defp pinned?(%Activity{id: id}, %User{pinned_activities: pinned_activities}),
    do: id in pinned_activities
+
+  defp build_emoji_map(emoji, users, current_user) do
+    %{
+      name: emoji,
+      count: length(users),
+      me: !!(current_user && current_user.ap_id in users)
+    }
+  end
 end
--- a/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex
@ -89,11 +89,11 @@ defmodule Pleroma.Web.PleromaAPI.ChatController do
         cm_ref <- MessageReference.for_chat_and_object(chat, message) do
      conn
      |> put_view(MessageReferenceView)
-      |> render("show.json", for: user, chat_message_reference: cm_ref)
+      |> render("show.json", chat_message_reference: cm_ref)
    end
  end

-  def mark_message_as_read(%{assigns: %{user: %{id: user_id} = user}} = conn, %{
+  def mark_message_as_read(%{assigns: %{user: %{id: user_id}}} = conn, %{
        id: chat_id,
        message_id: message_id
      }) do
@ -104,12 +104,15 @@ defmodule Pleroma.Web.PleromaAPI.ChatController do
         {:ok, cm_ref} <- MessageReference.mark_as_read(cm_ref) do
      conn
      |> put_view(MessageReferenceView)
-      |> render("show.json", for: user, chat_message_reference: cm_ref)
+      |> render("show.json", chat_message_reference: cm_ref)
    end
  end

  def mark_as_read(
-        %{body_params: %{last_read_id: last_read_id}, assigns: %{user: %{id: user_id}}} = conn,
+        %{
+          body_params: %{last_read_id: last_read_id},
+          assigns: %{user: %{id: user_id}}
+        } = conn,
        %{id: id}
      ) do
    with %Chat{} = chat <- Repo.get_by(Chat, id: id, user_id: user_id),
@ -121,7 +124,7 @@ defmodule Pleroma.Web.PleromaAPI.ChatController do
    end
  end

-  def messages(%{assigns: %{user: %{id: user_id} = user}} = conn, %{id: id} = params) do
+  def messages(%{assigns: %{user: %{id: user_id}}} = conn, %{id: id} = params) do
    with %Chat{} = chat <- Repo.get_by(Chat, id: id, user_id: user_id) do
      cm_refs =
        chat
@ -130,7 +133,7 @@ defmodule Pleroma.Web.PleromaAPI.ChatController do

      conn
      |> put_view(MessageReferenceView)
-      |> render("index.json", for: user, chat_message_references: cm_refs)
+      |> render("index.json", chat_message_references: cm_refs)
    else
      _ ->
        conn
--- a/lib/pleroma/web/pleroma_api/controllers/emoji_pack_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/emoji_pack_controller.ex
@ -21,8 +21,8 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackController do
         ]
  )

-  @skip_plugs [Pleroma.Plugs.OAuthScopesPlug, Pleroma.Plugs.ExpectPublicOrAuthenticatedCheckPlug]
-  plug(:skip_plug, @skip_plugs when action in [:archive, :show, :list])
+  @skip_plugs [Pleroma.Plugs.OAuthScopesPlug, Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug]
+  plug(:skip_plug, @skip_plugs when action in [:index, :show, :archive])

  defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.PleromaEmojiPackOperation

--- a/lib/pleroma/web/pleroma_api/views/chat_view.ex
+++ b/lib/pleroma/web/pleroma_api/views/chat_view.ex
@ -15,10 +15,11 @@ defmodule Pleroma.Web.PleromaAPI.ChatView do
  def render("show.json", %{chat: %Chat{} = chat} = opts) do
    recipient = User.get_cached_by_ap_id(chat.recipient)
    last_message = opts[:last_message] || MessageReference.last_message_for_chat(chat)
+    account_view_opts = account_view_opts(opts, recipient)

    %{
      id: chat.id |> to_string(),
-      account: AccountView.render("show.json", Map.put(opts, :user, recipient)),
+      account: AccountView.render("show.json", account_view_opts),
      unread: MessageReference.unread_count_for_chat(chat),
      last_message:
        last_message &&
@ -27,7 +28,17 @@ defmodule Pleroma.Web.PleromaAPI.ChatView do
    }
  end

-  def render("index.json", %{chats: chats}) do
-    render_many(chats, __MODULE__, "show.json")
+  def render("index.json", %{chats: chats} = opts) do
+    render_many(chats, __MODULE__, "show.json", Map.delete(opts, :chats))
+  end
+
+  defp account_view_opts(opts, recipient) do
+    account_view_opts = Map.put(opts, :user, recipient)
+
+    if Map.has_key?(account_view_opts, :for) do
+      account_view_opts
+    else
+      Map.put(account_view_opts, :skip_visibility_check, true)
+    end
  end
 end
--- a/lib/pleroma/web/pleroma_api/views/emoji_reaction_view.ex
+++ b/lib/pleroma/web/pleroma_api/views/emoji_reaction_view.ex
@ -17,7 +17,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiReactionView do
    %{
      name: emoji,
      count: length(users),
-      accounts: render(AccountView, "index.json", users: users, for: user, as: :user),
+      accounts: render(AccountView, "index.json", users: users, for: user),
      me: !!(user && user.ap_id in user_ap_ids)
    }
  end
--- a/lib/pleroma/web/push/impl.ex
+++ b/lib/pleroma/web/push/impl.ex
@ -104,7 +104,7 @@ defmodule Pleroma.Web.Push.Impl do

  def build_content(
        %{
-          user: %{notification_settings: %{privacy_option: true}}
+          user: %{notification_settings: %{hide_notification_contents: true}}
        } = notification,
        _actor,
        _object,
--- a/lib/pleroma/web/rich_media/helpers.ex
+++ b/lib/pleroma/web/rich_media/helpers.ex
@ -11,10 +11,10 @@ defmodule Pleroma.Web.RichMedia.Helpers do

  @spec validate_page_url(URI.t() | binary()) :: :ok | :error
  defp validate_page_url(page_url) when is_binary(page_url) do
-    validate_tld = Application.get_env(:auto_linker, :opts)[:validate_tld]
+    validate_tld = Pleroma.Config.get([Pleroma.Formatter, :validate_tld])

    page_url
-    |> AutoLinker.Parser.url?(scheme: true, validate_tld: validate_tld)
+    |> Linkify.Parser.url?(validate_tld: validate_tld)
    |> parse_uri(page_url)
  end

--- a/lib/pleroma/web/templates/o_auth/mfa/recovery.html.eex
+++ b/lib/pleroma/web/templates/o_auth/mfa/recovery.html.eex
@ -10,7 +10,7 @@
 <%= form_for @conn, mfa_verify_path(@conn, :verify), [as: "mfa"], fn f -> %>
 <div class="input">
  <%= label f, :code, "Recovery code" %>
-  <%= text_input f, :code %>
+  <%= text_input f, :code, [autocomplete: false, autocorrect: "off", autocapitalize: "off", autofocus: true, spellcheck: false] %>
  <%= hidden_input f, :mfa_token, value: @mfa_token %>
  <%= hidden_input f, :state, value: @state %>
  <%= hidden_input f, :redirect_uri, value: @redirect_uri %>
--- a/lib/pleroma/web/templates/o_auth/mfa/totp.html.eex
+++ b/lib/pleroma/web/templates/o_auth/mfa/totp.html.eex
@ -10,7 +10,7 @@
 <%= form_for @conn, mfa_verify_path(@conn, :verify), [as: "mfa"], fn f -> %>
 <div class="input">
  <%= label f, :code, "Authentication code" %>
-  <%= text_input f, :code %>
+  <%= text_input f, :code, [autocomplete: false, autocorrect: "off", autocapitalize: "off", autofocus: true, pattern: "[0-9]*", spellcheck: false] %>
  <%= hidden_input f, :mfa_token, value: @mfa_token %>
  <%= hidden_input f, :state, value: @state %>
  <%= hidden_input f, :redirect_uri, value: @redirect_uri %>