Merge remote-tracking branch 'upstream/develop' into by-approval

2020-07-26 15:46:14 -05:00 · 2020-07-26 15:46:14 -05:00 · 6931dbfa58
commit 6931dbfa58
parent 15f8921b11 a7616dec8c
242 changed files with 2000 additions and 2867 deletions
--- a/test/web/activity_pub/activity_pub_controller_test.exs
+++ b/test/web/activity_pub/activity_pub_controller_test.exs
@ -1082,6 +1082,45 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
      assert object = Object.get_by_ap_id(note_object.data["id"])
      assert object.data["like_count"] == 1
    end
+
+    test "it doesn't spreads faulty attributedTo or actor fields", %{
+      conn: conn,
+      activity: activity
+    } do
+      reimu = insert(:user, nickname: "reimu")
+      cirno = insert(:user, nickname: "cirno")
+
+      assert reimu.ap_id
+      assert cirno.ap_id
+
+      activity =
+        activity
+        |> put_in(["object", "actor"], reimu.ap_id)
+        |> put_in(["object", "attributedTo"], reimu.ap_id)
+        |> put_in(["actor"], reimu.ap_id)
+        |> put_in(["attributedTo"], reimu.ap_id)
+
+      _reimu_outbox =
+        conn
+        |> assign(:user, cirno)
+        |> put_req_header("content-type", "application/activity+json")
+        |> post("/users/#{reimu.nickname}/outbox", activity)
+        |> json_response(403)
+
+      cirno_outbox =
+        conn
+        |> assign(:user, cirno)
+        |> put_req_header("content-type", "application/activity+json")
+        |> post("/users/#{cirno.nickname}/outbox", activity)
+        |> json_response(201)
+
+      assert cirno_outbox["attributedTo"] == nil
+      assert cirno_outbox["actor"] == cirno.ap_id
+
+      assert cirno_object = Object.normalize(cirno_outbox["object"])
+      assert cirno_object.data["actor"] == cirno.ap_id
+      assert cirno_object.data["attributedTo"] == cirno.ap_id
+    end
  end

  describe "/relay/followers" do
--- a/test/web/activity_pub/activity_pub_test.exs
+++ b/test/web/activity_pub/activity_pub_test.exs
@ -1179,7 +1179,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
        "id" => activity_ap_id,
        "content" => content,
        "published" => activity_with_object.object.data["published"],
-        "actor" => AccountView.render("show.json", %{user: target_account})
+        "actor" =>
+          AccountView.render("show.json", %{user: target_account, skip_visibility_check: true})
      }

      assert %Activity{
--- a/test/web/activity_pub/mrf/anti_followbot_policy_test.exs
+++ b/test/web/activity_pub/mrf/anti_followbot_policy_test.exs
@ -21,7 +21,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.AntiFollowbotPolicyTest do
        "id" => "https://example.com/activities/1234"
      }

-      {:reject, nil} = AntiFollowbotPolicy.filter(message)
+      assert {:reject, "[AntiFollowbotPolicy]" <> _} = AntiFollowbotPolicy.filter(message)
    end

    test "matches followbots by display name" do
@ -36,7 +36,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.AntiFollowbotPolicyTest do
        "id" => "https://example.com/activities/1234"
      }

-      {:reject, nil} = AntiFollowbotPolicy.filter(message)
+      assert {:reject, "[AntiFollowbotPolicy]" <> _} = AntiFollowbotPolicy.filter(message)
    end
  end

--- a/test/web/activity_pub/mrf/hellthread_policy_test.exs
+++ b/test/web/activity_pub/mrf/hellthread_policy_test.exs
@ -50,7 +50,8 @@ defmodule Pleroma.Web.ActivityPub.MRF.HellthreadPolicyTest do
    } do
      Pleroma.Config.put([:mrf_hellthread], %{delist_threshold: 0, reject_threshold: 2})

-      {:reject, nil} = filter(message)
+      assert {:reject, "[HellthreadPolicy] 3 recipients is over the limit of 2"} ==
+               filter(message)
    end

    test "does not reject the message if the recipient count is below reject_threshold", %{
--- a/test/web/activity_pub/mrf/keyword_policy_test.exs
+++ b/test/web/activity_pub/mrf/keyword_policy_test.exs
@ -25,7 +25,8 @@ defmodule Pleroma.Web.ActivityPub.MRF.KeywordPolicyTest do
        }
      }

-      assert {:reject, nil} == KeywordPolicy.filter(message)
+      assert {:reject, "[KeywordPolicy] Matches with rejected keyword"} =
+               KeywordPolicy.filter(message)
    end

    test "rejects if string matches in summary" do
@ -39,7 +40,8 @@ defmodule Pleroma.Web.ActivityPub.MRF.KeywordPolicyTest do
        }
      }

-      assert {:reject, nil} == KeywordPolicy.filter(message)
+      assert {:reject, "[KeywordPolicy] Matches with rejected keyword"} =
+               KeywordPolicy.filter(message)
    end

    test "rejects if regex matches in content" do
@ -55,7 +57,8 @@ defmodule Pleroma.Web.ActivityPub.MRF.KeywordPolicyTest do
                   }
                 }

-                 {:reject, nil} == KeywordPolicy.filter(message)
+                 {:reject, "[KeywordPolicy] Matches with rejected keyword"} ==
+                   KeywordPolicy.filter(message)
               end)
    end

@ -72,7 +75,8 @@ defmodule Pleroma.Web.ActivityPub.MRF.KeywordPolicyTest do
                   }
                 }

-                 {:reject, nil} == KeywordPolicy.filter(message)
+                 {:reject, "[KeywordPolicy] Matches with rejected keyword"} ==
+                   KeywordPolicy.filter(message)
               end)
    end
  end
--- a/test/web/activity_pub/mrf/mention_policy_test.exs
+++ b/test/web/activity_pub/mrf/mention_policy_test.exs
@ -76,7 +76,8 @@ defmodule Pleroma.Web.ActivityPub.MRF.MentionPolicyTest do
        "to" => ["https://example.com/blocked"]
      }

-      assert MentionPolicy.filter(message) == {:reject, nil}
+      assert MentionPolicy.filter(message) ==
+               {:reject, "[MentionPolicy] Rejected for mention of https://example.com/blocked"}
    end

    test "cc" do
@ -88,7 +89,8 @@ defmodule Pleroma.Web.ActivityPub.MRF.MentionPolicyTest do
        "cc" => ["https://example.com/blocked"]
      }

-      assert MentionPolicy.filter(message) == {:reject, nil}
+      assert MentionPolicy.filter(message) ==
+               {:reject, "[MentionPolicy] Rejected for mention of https://example.com/blocked"}
    end
  end
 end
--- a/test/web/activity_pub/mrf/reject_non_public_test.exs
+++ b/test/web/activity_pub/mrf/reject_non_public_test.exs
@ -64,7 +64,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.RejectNonPublicTest do
      }

      Pleroma.Config.put([:mrf_rejectnonpublic, :allow_followersonly], false)
-      assert {:reject, nil} = RejectNonPublic.filter(message)
+      assert {:reject, _} = RejectNonPublic.filter(message)
    end
  end

@ -94,7 +94,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.RejectNonPublicTest do
      }

      Pleroma.Config.put([:mrf_rejectnonpublic, :allow_direct], false)
-      assert {:reject, nil} = RejectNonPublic.filter(message)
+      assert {:reject, _} = RejectNonPublic.filter(message)
    end
  end
 end
--- a/test/web/activity_pub/mrf/simple_policy_test.exs
+++ b/test/web/activity_pub/mrf/simple_policy_test.exs
@ -124,7 +124,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
      report_message = build_report_message()
      local_message = build_local_message()

-      assert SimplePolicy.filter(report_message) == {:reject, nil}
+      assert {:reject, _} = SimplePolicy.filter(report_message)
      assert SimplePolicy.filter(local_message) == {:ok, local_message}
    end

@ -133,7 +133,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
      report_message = build_report_message()
      local_message = build_local_message()

-      assert SimplePolicy.filter(report_message) == {:reject, nil}
+      assert {:reject, _} = SimplePolicy.filter(report_message)
      assert SimplePolicy.filter(local_message) == {:ok, local_message}
    end
  end
@ -241,7 +241,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do

      remote_message = build_remote_message()

-      assert SimplePolicy.filter(remote_message) == {:reject, nil}
+      assert {:reject, _} = SimplePolicy.filter(remote_message)
    end

    test "activity matches with wildcard domain" do
@ -249,7 +249,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do

      remote_message = build_remote_message()

-      assert SimplePolicy.filter(remote_message) == {:reject, nil}
+      assert {:reject, _} = SimplePolicy.filter(remote_message)
    end

    test "actor has a matching host" do
@ -257,7 +257,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do

      remote_user = build_remote_user()

-      assert SimplePolicy.filter(remote_user) == {:reject, nil}
+      assert {:reject, _} = SimplePolicy.filter(remote_user)
    end
  end

@ -279,7 +279,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
      remote_message = build_remote_message()

      assert SimplePolicy.filter(local_message) == {:ok, local_message}
-      assert SimplePolicy.filter(remote_message) == {:reject, nil}
+      assert {:reject, _} = SimplePolicy.filter(remote_message)
    end

    test "activity has a matching host" do
@ -429,7 +429,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
    test "it rejects the deletion" do
      deletion_message = build_remote_deletion_message()

-      assert SimplePolicy.filter(deletion_message) == {:reject, nil}
+      assert {:reject, _} = SimplePolicy.filter(deletion_message)
    end
  end

@ -439,7 +439,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
    test "it rejects the deletion" do
      deletion_message = build_remote_deletion_message()

-      assert SimplePolicy.filter(deletion_message) == {:reject, nil}
+      assert {:reject, _} = SimplePolicy.filter(deletion_message)
    end
  end

--- a/test/web/activity_pub/mrf/tag_policy_test.exs
+++ b/test/web/activity_pub/mrf/tag_policy_test.exs
@ -12,8 +12,8 @@ defmodule Pleroma.Web.ActivityPub.MRF.TagPolicyTest do
  describe "mrf_tag:disable-any-subscription" do
    test "rejects message" do
      actor = insert(:user, tags: ["mrf_tag:disable-any-subscription"])
-      message = %{"object" => actor.ap_id, "type" => "Follow"}
-      assert {:reject, nil} = TagPolicy.filter(message)
+      message = %{"object" => actor.ap_id, "type" => "Follow", "actor" => actor.ap_id}
+      assert {:reject, _} = TagPolicy.filter(message)
    end
  end

@ -22,7 +22,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.TagPolicyTest do
      actor = insert(:user, tags: ["mrf_tag:disable-remote-subscription"])
      follower = insert(:user, tags: ["mrf_tag:disable-remote-subscription"], local: false)
      message = %{"object" => actor.ap_id, "type" => "Follow", "actor" => follower.ap_id}
-      assert {:reject, nil} = TagPolicy.filter(message)
+      assert {:reject, _} = TagPolicy.filter(message)
    end

    test "allows non-local follow requests" do
--- a/test/web/activity_pub/mrf/user_allowlist_policy_test.exs
+++ b/test/web/activity_pub/mrf/user_allowlist_policy_test.exs
@ -26,6 +26,6 @@ defmodule Pleroma.Web.ActivityPub.MRF.UserAllowListPolicyTest do
    actor = insert(:user)
    Pleroma.Config.put([:mrf_user_allowlist], %{"localhost" => ["test-ap-id"]})
    message = %{"actor" => actor.ap_id}
-    assert UserAllowListPolicy.filter(message) == {:reject, nil}
+    assert {:reject, _} = UserAllowListPolicy.filter(message)
  end
 end
--- a/test/web/activity_pub/mrf/vocabulary_policy_test.exs
+++ b/test/web/activity_pub/mrf/vocabulary_policy_test.exs
@ -46,7 +46,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.VocabularyPolicyTest do
        }
      }

-      {:reject, nil} = VocabularyPolicy.filter(message)
+      {:reject, _} = VocabularyPolicy.filter(message)
    end

    test "it does not accept disallowed parent types" do
@ -60,7 +60,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.VocabularyPolicyTest do
        }
      }

-      {:reject, nil} = VocabularyPolicy.filter(message)
+      {:reject, _} = VocabularyPolicy.filter(message)
    end
  end

@ -75,7 +75,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.VocabularyPolicyTest do
        "object" => "whatever"
      }

-      {:reject, nil} = VocabularyPolicy.filter(message)
+      {:reject, _} = VocabularyPolicy.filter(message)
    end

    test "it rejects based on child object type" do
@ -89,7 +89,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.VocabularyPolicyTest do
        }
      }

-      {:reject, nil} = VocabularyPolicy.filter(message)
+      {:reject, _} = VocabularyPolicy.filter(message)
    end

    test "it passes through objects that aren't disallowed" do
--- a/test/web/activity_pub/publisher_test.exs
+++ b/test/web/activity_pub/publisher_test.exs
@ -123,6 +123,39 @@ defmodule Pleroma.Web.ActivityPub.PublisherTest do
  end

  describe "publish_one/1" do
+    test "publish to url with with different ports" do
+      inbox80 = "http://42.site/users/nick1/inbox"
+      inbox42 = "http://42.site:42/users/nick1/inbox"
+
+      mock(fn
+        %{method: :post, url: "http://42.site:42/users/nick1/inbox"} ->
+          {:ok, %Tesla.Env{status: 200, body: "port 42"}}
+
+        %{method: :post, url: "http://42.site/users/nick1/inbox"} ->
+          {:ok, %Tesla.Env{status: 200, body: "port 80"}}
+      end)
+
+      actor = insert(:user)
+
+      assert {:ok, %{body: "port 42"}} =
+               Publisher.publish_one(%{
+                 inbox: inbox42,
+                 json: "{}",
+                 actor: actor,
+                 id: 1,
+                 unreachable_since: true
+               })
+
+      assert {:ok, %{body: "port 80"}} =
+               Publisher.publish_one(%{
+                 inbox: inbox80,
+                 json: "{}",
+                 actor: actor,
+                 id: 1,
+                 unreachable_since: true
+               })
+    end
+
    test_with_mock "calls `Instances.set_reachable` on successful federation if `unreachable_since` is not specified",
                   Instances,
                   [:passthrough],
@ -131,7 +164,6 @@ defmodule Pleroma.Web.ActivityPub.PublisherTest do
      inbox = "http://200.site/users/nick1/inbox"

      assert {:ok, _} = Publisher.publish_one(%{inbox: inbox, json: "{}", actor: actor, id: 1})
-
      assert called(Instances.set_reachable(inbox))
    end

--- a/test/web/activity_pub/transmogrifier_test.exs
+++ b/test/web/activity_pub/transmogrifier_test.exs
@ -160,7 +160,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do

      assert capture_log(fn ->
               {:ok, _returned_activity} = Transmogrifier.handle_incoming(data)
-             end) =~ "[error] Couldn't fetch \"https://404.site/whatever\", error: nil"
+             end) =~ "[warn] Couldn't fetch \"https://404.site/whatever\", error: nil"
    end

    test "it works for incoming notices" do
@ -710,7 +710,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
        "id" => activity.data["id"],
        "content" => "test post",
        "published" => object.data["published"],
-        "actor" => AccountView.render("show.json", %{user: user})
+        "actor" => AccountView.render("show.json", %{user: user, skip_visibility_check: true})
      }

      message = %{
--- a/test/web/activity_pub/utils_test.exs
+++ b/test/web/activity_pub/utils_test.exs
@ -482,7 +482,8 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
        "id" => activity_ap_id,
        "content" => content,
        "published" => activity.object.data["published"],
-        "actor" => AccountView.render("show.json", %{user: target_account})
+        "actor" =>
+          AccountView.render("show.json", %{user: target_account, skip_visibility_check: true})
      }

      assert %{
--- a/test/web/admin_api/controllers/admin_api_controller_test.exs
+++ b/test/web/admin_api/controllers/admin_api_controller_test.exs
@ -9,6 +9,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
  import ExUnit.CaptureLog
  import Mock
  import Pleroma.Factory
+  import Swoosh.TestAssertions

  alias Pleroma.Activity
  alias Pleroma.Config
@ -1849,6 +1850,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
               "@#{admin.nickname} re-sent confirmation email for users: @#{first_user.nickname}, @#{
                 second_user.nickname
               }"
+
+      ObanHelpers.perform_all()
+      assert_email_sent(Pleroma.Emails.UserEmail.account_confirmation_email(first_user))
    end
  end

--- a/test/web/admin_api/views/report_view_test.exs
+++ b/test/web/admin_api/views/report_view_test.exs
@ -4,11 +4,14 @@

 defmodule Pleroma.Web.AdminAPI.ReportViewTest do
  use Pleroma.DataCase
+
  import Pleroma.Factory
+
+  alias Pleroma.Web.AdminAPI
  alias Pleroma.Web.AdminAPI.Report
  alias Pleroma.Web.AdminAPI.ReportView
  alias Pleroma.Web.CommonAPI
-  alias Pleroma.Web.MastodonAPI.AccountView
+  alias Pleroma.Web.MastodonAPI
  alias Pleroma.Web.MastodonAPI.StatusView

  test "renders a report" do
@ -21,13 +24,16 @@ defmodule Pleroma.Web.AdminAPI.ReportViewTest do
      content: nil,
      actor:
        Map.merge(
-          AccountView.render("show.json", %{user: user}),
-          Pleroma.Web.AdminAPI.AccountView.render("show.json", %{user: user})
+          MastodonAPI.AccountView.render("show.json", %{user: user, skip_visibility_check: true}),
+          AdminAPI.AccountView.render("show.json", %{user: user})
        ),
      account:
        Map.merge(
-          AccountView.render("show.json", %{user: other_user}),
-          Pleroma.Web.AdminAPI.AccountView.render("show.json", %{user: other_user})
+          MastodonAPI.AccountView.render("show.json", %{
+            user: other_user,
+            skip_visibility_check: true
+          }),
+          AdminAPI.AccountView.render("show.json", %{user: other_user})
        ),
      statuses: [],
      notes: [],
@ -56,13 +62,16 @@ defmodule Pleroma.Web.AdminAPI.ReportViewTest do
      content: nil,
      actor:
        Map.merge(
-          AccountView.render("show.json", %{user: user}),
-          Pleroma.Web.AdminAPI.AccountView.render("show.json", %{user: user})
+          MastodonAPI.AccountView.render("show.json", %{user: user, skip_visibility_check: true}),
+          AdminAPI.AccountView.render("show.json", %{user: user})
        ),
      account:
        Map.merge(
-          AccountView.render("show.json", %{user: other_user}),
-          Pleroma.Web.AdminAPI.AccountView.render("show.json", %{user: other_user})
+          MastodonAPI.AccountView.render("show.json", %{
+            user: other_user,
+            skip_visibility_check: true
+          }),
+          AdminAPI.AccountView.render("show.json", %{user: other_user})
        ),
      statuses: [StatusView.render("show.json", %{activity: activity})],
      state: "open",
--- a/test/web/mastodon_api/controllers/account_controller_test.exs
+++ b/test/web/mastodon_api/controllers/account_controller_test.exs
@ -583,6 +583,15 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
               |> get("/api/v1/accounts/#{user.id}/followers?max_id=#{follower3_id}")
               |> json_response_and_validate_schema(200)

+      assert [%{"id" => ^follower2_id}, %{"id" => ^follower1_id}] =
+               conn
+               |> get(
+                 "/api/v1/accounts/#{user.id}/followers?id=#{user.id}&limit=20&max_id=#{
+                   follower3_id
+                 }"
+               )
+               |> json_response_and_validate_schema(200)
+
      res_conn = get(conn, "/api/v1/accounts/#{user.id}/followers?limit=1&max_id=#{follower3_id}")

      assert [%{"id" => ^follower2_id}] = json_response_and_validate_schema(res_conn, 200)
@ -654,6 +663,16 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
      assert id2 == following2.id
      assert id1 == following1.id

+      res_conn =
+        get(
+          conn,
+          "/api/v1/accounts/#{user.id}/following?id=#{user.id}&limit=20&max_id=#{following3.id}"
+        )
+
+      assert [%{"id" => id2}, %{"id" => id1}] = json_response_and_validate_schema(res_conn, 200)
+      assert id2 == following2.id
+      assert id1 == following1.id
+
      res_conn =
        get(conn, "/api/v1/accounts/#{user.id}/following?limit=1&max_id=#{following3.id}")

--- a/test/web/mastodon_api/controllers/domain_block_controller_test.exs
+++ b/test/web/mastodon_api/controllers/domain_block_controller_test.exs
@ -32,6 +32,38 @@ defmodule Pleroma.Web.MastodonAPI.DomainBlockControllerTest do
    refute User.blocks?(user, other_user)
  end

+  test "blocking a domain via query params" do
+    %{user: user, conn: conn} = oauth_access(["write:blocks"])
+    other_user = insert(:user, %{ap_id: "https://dogwhistle.zone/@pundit"})
+
+    ret_conn =
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> post("/api/v1/domain_blocks?domain=dogwhistle.zone")
+
+    assert %{} == json_response_and_validate_schema(ret_conn, 200)
+    user = User.get_cached_by_ap_id(user.ap_id)
+    assert User.blocks?(user, other_user)
+  end
+
+  test "unblocking a domain via query params" do
+    %{user: user, conn: conn} = oauth_access(["write:blocks"])
+    other_user = insert(:user, %{ap_id: "https://dogwhistle.zone/@pundit"})
+
+    User.block_domain(user, "dogwhistle.zone")
+    user = refresh_record(user)
+    assert User.blocks?(user, other_user)
+
+    ret_conn =
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> delete("/api/v1/domain_blocks?domain=dogwhistle.zone")
+
+    assert %{} == json_response_and_validate_schema(ret_conn, 200)
+    user = User.get_cached_by_ap_id(user.ap_id)
+    refute User.blocks?(user, other_user)
+  end
+
  test "getting a list of domain blocks" do
    %{user: user, conn: conn} = oauth_access(["read:blocks"])

--- a/test/web/mastodon_api/controllers/status_controller_test.exs
+++ b/test/web/mastodon_api/controllers/status_controller_test.exs
@ -22,6 +22,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
  setup do: clear_config([:instance, :federating])
  setup do: clear_config([:instance, :allow_relay])
  setup do: clear_config([:rich_media, :enabled])
+  setup do: clear_config([:mrf, :policies])
+  setup do: clear_config([:mrf_keyword, :reject])

  describe "posting statuses" do
    setup do: oauth_access(["write:statuses"])
@ -157,6 +159,17 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do
               |> json_response_and_validate_schema(422)
    end

+    test "Get MRF reason when posting a status is rejected by one", %{conn: conn} do
+      Pleroma.Config.put([:mrf_keyword, :reject], ["GNO"])
+      Pleroma.Config.put([:mrf, :policies], [Pleroma.Web.ActivityPub.MRF.KeywordPolicy])
+
+      assert %{"error" => "[KeywordPolicy] Matches with rejected keyword"} =
+               conn
+               |> put_req_header("content-type", "application/json")
+               |> post("api/v1/statuses", %{"status" => "GNO/Linux"})
+               |> json_response_and_validate_schema(422)
+    end
+
    test "posting an undefined status with an attachment", %{user: user, conn: conn} do
      file = %Plug.Upload{
        content_type: "image/jpg",
--- a/test/web/mastodon_api/views/account_view_test.exs
+++ b/test/web/mastodon_api/views/account_view_test.exs
@ -95,7 +95,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
      }
    }

-    assert expected == AccountView.render("show.json", %{user: user})
+    assert expected == AccountView.render("show.json", %{user: user, skip_visibility_check: true})
  end

  test "Favicon is nil when :instances_favicons is disabled" do
@ -108,22 +108,20 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
               favicon:
                 "https://shitposter.club/plugins/Qvitter/img/gnusocial-favicons/favicon-16x16.png"
             }
-           } = AccountView.render("show.json", %{user: user})
+           } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})

    Config.put([:instances_favicons, :enabled], false)

-    assert %{pleroma: %{favicon: nil}} = AccountView.render("show.json", %{user: user})
+    assert %{pleroma: %{favicon: nil}} =
+             AccountView.render("show.json", %{user: user, skip_visibility_check: true})
  end

  test "Represent the user account for the account owner" do
    user = insert(:user)

    notification_settings = %{
-      followers: true,
-      follows: true,
-      non_followers: true,
-      non_follows: true,
-      privacy_option: false
+      block_from_strangers: false,
+      hide_notification_contents: false
    }

    privacy = user.default_scope
@ -192,7 +190,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
      }
    }

-    assert expected == AccountView.render("show.json", %{user: user})
+    assert expected == AccountView.render("show.json", %{user: user, skip_visibility_check: true})
  end

  test "Represent a Funkwhale channel" do
@ -201,7 +199,9 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
        "https://channels.tests.funkwhale.audio/federation/actors/compositions"
      )

-    assert represented = AccountView.render("show.json", %{user: user})
+    assert represented =
+             AccountView.render("show.json", %{user: user, skip_visibility_check: true})
+
    assert represented.acct == "compositions@channels.tests.funkwhale.audio"
    assert represented.url == "https://channels.tests.funkwhale.audio/channels/compositions"
  end
@ -226,6 +226,23 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
    assert expected == AccountView.render("mention.json", %{user: user})
  end

+  test "demands :for or :skip_visibility_check option for account rendering" do
+    clear_config([:restrict_unauthenticated, :profiles, :local], false)
+
+    user = insert(:user)
+    user_id = user.id
+
+    assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: nil})
+    assert %{id: ^user_id} = AccountView.render("show.json", %{user: user, for: user})
+
+    assert %{id: ^user_id} =
+             AccountView.render("show.json", %{user: user, skip_visibility_check: true})
+
+    assert_raise RuntimeError, ~r/:skip_visibility_check or :for option is required/, fn ->
+      AccountView.render("show.json", %{user: user})
+    end
+  end
+
  describe "relationship" do
    defp test_relationship_rendering(user, other_user, expected_result) do
      opts = %{user: user, target: other_user, relationships: nil}
@ -339,7 +356,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do

    assert result.pleroma.settings_store == %{:fe => "test"}

-    result = AccountView.render("show.json", %{user: user, with_pleroma_settings: true})
+    result = AccountView.render("show.json", %{user: user, for: nil, with_pleroma_settings: true})
    assert result.pleroma[:settings_store] == nil

    result = AccountView.render("show.json", %{user: user, for: user})
@ -348,13 +365,13 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do

  test "doesn't sanitize display names" do
    user = insert(:user, name: "<marquee> username </marquee>")
-    result = AccountView.render("show.json", %{user: user})
+    result = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
    assert result.display_name == "<marquee> username </marquee>"
  end

  test "never display nil user follow counts" do
    user = insert(:user, following_count: 0, follower_count: 0)
-    result = AccountView.render("show.json", %{user: user})
+    result = AccountView.render("show.json", %{user: user, skip_visibility_check: true})

    assert result.following_count == 0
    assert result.followers_count == 0
@ -378,7 +395,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
               followers_count: 0,
               following_count: 0,
               pleroma: %{hide_follows_count: true, hide_followers_count: true}
-             } = AccountView.render("show.json", %{user: user})
+             } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
    end

    test "shows when follows/followers are hidden" do
@ -391,7 +408,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
               followers_count: 1,
               following_count: 1,
               pleroma: %{hide_follows: true, hide_followers: true}
-             } = AccountView.render("show.json", %{user: user})
+             } = AccountView.render("show.json", %{user: user, skip_visibility_check: true})
    end

    test "shows actual follower/following count to the account owner" do
@ -534,7 +551,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
        emoji: %{"joker_smile" => "https://evil.website/society.png"}
      )

-    AccountView.render("show.json", %{user: user})
+    AccountView.render("show.json", %{user: user, skip_visibility_check: true})
    |> Enum.all?(fn
      {key, url} when key in [:avatar, :avatar_static, :header, :header_static] ->
        String.starts_with?(url, Pleroma.Web.base_url())
--- a/test/web/mastodon_api/views/status_view_test.exs
+++ b/test/web/mastodon_api/views/status_view_test.exs
@ -56,6 +56,23 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
           ]
  end

+  test "works correctly with badly formatted emojis" do
+    user = insert(:user)
+    {:ok, activity} = CommonAPI.post(user, %{status: "yo"})
+
+    activity
+    |> Object.normalize(false)
+    |> Object.update_data(%{"reactions" => %{"☕" => [user.ap_id], "x" => 1}})
+
+    activity = Activity.get_by_id(activity.id)
+
+    status = StatusView.render("show.json", activity: activity, for: user)
+
+    assert status[:pleroma][:emoji_reactions] == [
+             %{name: "☕", count: 1, me: true}
+           ]
+  end
+
  test "loads and returns the direct conversation id when given the `with_direct_conversation_id` option" do
    user = insert(:user)

@ -177,7 +194,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
      id: to_string(note.id),
      uri: object_data["id"],
      url: Pleroma.Web.Router.Helpers.o_status_url(Pleroma.Web.Endpoint, :notice, note),
-      account: AccountView.render("show.json", %{user: user}),
+      account: AccountView.render("show.json", %{user: user, skip_visibility_check: true}),
      in_reply_to_id: nil,
      in_reply_to_account_id: nil,
      card: nil,
--- a/test/web/pleroma_api/controllers/chat_controller_test.exs
+++ b/test/web/pleroma_api/controllers/chat_controller_test.exs
@ -332,5 +332,27 @@ defmodule Pleroma.Web.PleromaAPI.ChatControllerTest do
               chat_1.id |> to_string()
             ]
    end
+
+    test "it is not affected by :restrict_unauthenticated setting (issue #1973)", %{
+      conn: conn,
+      user: user
+    } do
+      clear_config([:restrict_unauthenticated, :profiles, :local], true)
+      clear_config([:restrict_unauthenticated, :profiles, :remote], true)
+
+      user2 = insert(:user)
+      user3 = insert(:user, local: false)
+
+      {:ok, _chat_12} = Chat.get_or_create(user.id, user2.ap_id)
+      {:ok, _chat_13} = Chat.get_or_create(user.id, user3.ap_id)
+
+      result =
+        conn
+        |> get("/api/v1/pleroma/chats")
+        |> json_response_and_validate_schema(200)
+
+      account_ids = Enum.map(result, &get_in(&1, ["account", "id"]))
+      assert Enum.sort(account_ids) == Enum.sort([user2.id, user3.id])
+    end
  end
 end
--- a/test/web/pleroma_api/controllers/emoji_pack_controller_test.exs
+++ b/test/web/pleroma_api/controllers/emoji_pack_controller_test.exs
@ -14,6 +14,8 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do
              )
  setup do: clear_config([:auth, :enforce_oauth_admin_scope_usage], false)

+  setup do: clear_config([:instance, :public], true)
+
  setup do
    admin = insert(:user, is_admin: true)
    token = insert(:oauth_admin_token, user: admin)
@ -27,6 +29,11 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do
    {:ok, %{admin_conn: admin_conn}}
  end

+  test "GET /api/pleroma/emoji/packs when :public: false", %{conn: conn} do
+    Config.put([:instance, :public], false)
+    conn |> get("/api/pleroma/emoji/packs") |> json_response_and_validate_schema(200)
+  end
+
  test "GET /api/pleroma/emoji/packs", %{conn: conn} do
    resp = conn |> get("/api/pleroma/emoji/packs") |> json_response_and_validate_schema(200)

--- a/test/web/pleroma_api/views/chat_view_test.exs
+++ b/test/web/pleroma_api/views/chat_view_test.exs
@ -26,7 +26,8 @@ defmodule Pleroma.Web.PleromaAPI.ChatViewTest do

    assert represented_chat == %{
             id: "#{chat.id}",
-             account: AccountView.render("show.json", user: recipient),
+             account:
+               AccountView.render("show.json", user: recipient, skip_visibility_check: true),
             unread: 0,
             last_message: nil,
             updated_at: Utils.to_masto_date(chat.updated_at)
--- a/test/web/push/impl_test.exs
+++ b/test/web/push/impl_test.exs
@ -238,9 +238,11 @@ defmodule Pleroma.Web.Push.ImplTest do
             }
    end

-    test "hides details for notifications when privacy option enabled" do
+    test "hides contents of notifications when option enabled" do
      user = insert(:user, nickname: "Bob")
-      user2 = insert(:user, nickname: "Rob", notification_settings: %{privacy_option: true})
+
+      user2 =
+        insert(:user, nickname: "Rob", notification_settings: %{hide_notification_contents: true})

      {:ok, activity} =
        CommonAPI.post(user, %{
@ -284,9 +286,11 @@ defmodule Pleroma.Web.Push.ImplTest do
             }
    end

-    test "returns regular content for notifications with privacy option disabled" do
+    test "returns regular content when hiding contents option disabled" do
      user = insert(:user, nickname: "Bob")
-      user2 = insert(:user, nickname: "Rob", notification_settings: %{privacy_option: false})
+
+      user2 =
+        insert(:user, nickname: "Rob", notification_settings: %{hide_notification_contents: false})

      {:ok, activity} =
        CommonAPI.post(user, %{
--- a/test/web/twitter_api/twitter_api_test.exs
+++ b/test/web/twitter_api/twitter_api_test.exs
@ -9,7 +9,6 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
  alias Pleroma.Tests.ObanHelpers
  alias Pleroma.User
  alias Pleroma.UserInviteToken
-  alias Pleroma.Web.MastodonAPI.AccountView
  alias Pleroma.Web.TwitterAPI.TwitterAPI

  setup_all do
@ -28,13 +27,10 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do

    {:ok, user} = TwitterAPI.register_user(data)

-    fetched_user = User.get_cached_by_nickname("lain")
-
-    assert AccountView.render("show.json", %{user: user}) ==
-             AccountView.render("show.json", %{user: fetched_user})
+    assert user == User.get_cached_by_nickname("lain")
  end

-  test "it registers a new user with empty string in bio and returns the user." do
+  test "it registers a new user with empty string in bio and returns the user" do
    data = %{
      :username => "lain",
      :email => "lain@wired.jp",
@ -46,10 +42,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do

    {:ok, user} = TwitterAPI.register_user(data)

-    fetched_user = User.get_cached_by_nickname("lain")
-
-    assert AccountView.render("show.json", %{user: user}) ==
-             AccountView.render("show.json", %{user: fetched_user})
+    assert user == User.get_cached_by_nickname("lain")
  end

  test "it sends confirmation email if :account_activation_required is specified in instance config" do
@ -171,13 +164,10 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do

      {:ok, user} = TwitterAPI.register_user(data)

-      fetched_user = User.get_cached_by_nickname("vinny")
+      assert user == User.get_cached_by_nickname("vinny")
+
      invite = Repo.get_by(UserInviteToken, token: invite.token)
-
      assert invite.used == true
-
-      assert AccountView.render("show.json", %{user: user}) ==
-               AccountView.render("show.json", %{user: fetched_user})
    end

    test "returns error on invalid token" do
@ -234,10 +224,8 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
      check_fn = fn invite ->
        data = Map.put(data, :token, invite.token)
        {:ok, user} = TwitterAPI.register_user(data)
-        fetched_user = User.get_cached_by_nickname("vinny")

-        assert AccountView.render("show.json", %{user: user}) ==
-                 AccountView.render("show.json", %{user: fetched_user})
+        assert user == User.get_cached_by_nickname("vinny")
      end

      {:ok, data: data, check_fn: check_fn}
@ -297,14 +285,11 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
      }

      {:ok, user} = TwitterAPI.register_user(data)
-      fetched_user = User.get_cached_by_nickname("vinny")
+      assert user == User.get_cached_by_nickname("vinny")
+
      invite = Repo.get_by(UserInviteToken, token: invite.token)
-
      assert invite.used == true

-      assert AccountView.render("show.json", %{user: user}) ==
-               AccountView.render("show.json", %{user: fetched_user})
-
      data = %{
        :username => "GrimReaper",
        :email => "death@reapers.afterlife",
@ -339,13 +324,10 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
      }

      {:ok, user} = TwitterAPI.register_user(data)
-      fetched_user = User.get_cached_by_nickname("vinny")
+      assert user == User.get_cached_by_nickname("vinny")
+
      invite = Repo.get_by(UserInviteToken, token: invite.token)
-
      refute invite.used
-
-      assert AccountView.render("show.json", %{user: user}) ==
-               AccountView.render("show.json", %{user: fetched_user})
    end

    test "error after max uses" do
@ -364,13 +346,11 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
      }

      {:ok, user} = TwitterAPI.register_user(data)
-      fetched_user = User.get_cached_by_nickname("vinny")
+      assert user == User.get_cached_by_nickname("vinny")
+
      invite = Repo.get_by(UserInviteToken, token: invite.token)
      assert invite.used == true

-      assert AccountView.render("show.json", %{user: user}) ==
-               AccountView.render("show.json", %{user: fetched_user})
-
      data = %{
        :username => "GrimReaper",
        :email => "death@reapers.afterlife",
--- a/test/web/twitter_api/util_controller_test.exs
+++ b/test/web/twitter_api/util_controller_test.exs
@ -191,7 +191,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
    test "it updates notification settings", %{user: user, conn: conn} do
      conn
      |> put("/api/pleroma/notification_settings", %{
-        "followers" => false,
+        "block_from_strangers" => true,
        "bar" => 1
      })
      |> json_response(:ok)
@ -199,27 +199,21 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
      user = refresh_record(user)

      assert %Pleroma.User.NotificationSetting{
-               followers: false,
-               follows: true,
-               non_follows: true,
-               non_followers: true,
-               privacy_option: false
+               block_from_strangers: true,
+               hide_notification_contents: false
             } == user.notification_settings
    end

-    test "it updates notification privacy option", %{user: user, conn: conn} do
+    test "it updates notification settings to enable hiding contents", %{user: user, conn: conn} do
      conn
-      |> put("/api/pleroma/notification_settings", %{"privacy_option" => "1"})
+      |> put("/api/pleroma/notification_settings", %{"hide_notification_contents" => "1"})
      |> json_response(:ok)

      user = refresh_record(user)

      assert %Pleroma.User.NotificationSetting{
-               followers: true,
-               follows: true,
-               non_follows: true,
-               non_followers: true,
-               privacy_option: true
+               block_from_strangers: false,
+               hide_notification_contents: true
             } == user.notification_settings
    end
  end