Merge remote-tracking branch 'pleroma/develop' into status-notification-type

Signed-off-by: marcin mikołajczak <git@mkljczk.pl>

test/fixtures/config/temp.secret.exs

@@ -8,8 +8,6 @@ config :pleroma, :first_setting, key: "value", key2: [Pleroma.Repo]
 
 config :pleroma, :second_setting, key: "value2", key2: ["Activity"]
 
-config :quack, level: :info
-
 config :pleroma, Pleroma.Repo, pool: Ecto.Adapters.SQL.Sandbox
 
 config :postgrex, :json_library, Poison

test/fixtures/create-pleroma-reply-to-misskey-thread.json

@@ -0,0 +1,61 @@
+{
+    "@context": [
+        "https://www.w3.org/ns/activitystreams",
+        "https://p.helene.moe/schemas/litepub-0.1.jsonld",
+        {
+            "@language": "und"
+        }
+    ],
+    "actor": "https://p.helene.moe/users/helene",
+    "attachment": [],
+    "attributedTo": "https://p.helene.moe/users/helene",
+    "cc": [
+        "https://p.helene.moe/users/helene/followers"
+    ],
+    "context": "https://p.helene.moe/contexts/cc324643-5583-4c3f-91d2-c6ed37db159d",
+    "conversation": "https://p.helene.moe/contexts/cc324643-5583-4c3f-91d2-c6ed37db159d",
+    "directMessage": false,
+    "id": "https://p.helene.moe/activities/5f80db86-a9bb-4883-9845-fbdbd1478f3a",
+    "object": {
+        "actor": "https://p.helene.moe/users/helene",
+        "attachment": [],
+        "attributedTo": "https://p.helene.moe/users/helene",
+        "cc": [
+            "https://p.helene.moe/users/helene/followers"
+        ],
+        "content": "<span class=\"h-card\"><a class=\"u-url mention\" data-user=\"AHntpQ4T3J4OSnpgMC\" href=\"https://mk.absturztau.be/@mametsuko\" rel=\"ugc\">@<span>mametsuko</span></a></span> meow",
+        "context": "https://p.helene.moe/contexts/cc324643-5583-4c3f-91d2-c6ed37db159d",
+        "conversation": "https://p.helene.moe/contexts/cc324643-5583-4c3f-91d2-c6ed37db159d",
+        "id": "https://p.helene.moe/objects/fd5910ac-d9dc-412e-8d1d-914b203296c4",
+        "inReplyTo": "https://mk.absturztau.be/notes/93e7nm8wqg",
+        "published": "2022-08-02T13:46:58.403996Z",
+        "sensitive": null,
+        "source": "@mametsuko@mk.absturztau.be meow",
+        "summary": "",
+        "tag": [
+            {
+                "href": "https://mk.absturztau.be/users/8ozbzjs3o8",
+                "name": "@mametsuko@mk.absturztau.be",
+                "type": "Mention"
+            }
+        ],
+        "to": [
+            "https://mk.absturztau.be/users/8ozbzjs3o8",
+            "https://www.w3.org/ns/activitystreams#Public"
+        ],
+        "type": "Note"
+    },
+    "published": "2022-08-02T13:46:58.403883Z",
+    "tag": [
+        {
+            "href": "https://mk.absturztau.be/users/8ozbzjs3o8",
+            "name": "@mametsuko@mk.absturztau.be",
+            "type": "Mention"
+        }
+    ],
+    "to": [
+        "https://mk.absturztau.be/users/8ozbzjs3o8",
+        "https://www.w3.org/ns/activitystreams#Public"
+    ],
+    "type": "Create"
+}

test/fixtures/owncast-note-with-attachment.json

@@ -0,0 +1,31 @@
+{
+  "attachment": {
+    "content": "Live stream preview",
+    "type": "Image",
+    "url": "https://owncast.localhost.localdomain/preview.gif?us=KjfNX387gm"
+  },
+  "attributedTo": "https://owncast.localhost.localdomain/federation/user/streamer",
+  "audience": "https://www.w3.org/ns/activitystreams#Public",
+  "content": "<p>I've gone live!</p><p></p><p><a class=\"hashtag\" href=\"https://directory.owncast.online/tags/owncast\">#owncast</a> <a class=\"hashtag\" href=\"https://directory.owncast.online/tags/streaming\">#streaming</a></p><a href=\"https://owncast.localhost.localdomain\">https://owncast.localhost.localdomain</a>",
+  "id": "https://owncast.localhost.localdomain/federation/KjBNuq8ng",
+  "published": "2022-04-17T15:42:03Z",
+  "tag": [
+    {
+      "href": "https://directory.owncast.online/tags/owncast",
+      "name": "#owncast",
+      "type": "Hashtag"
+    },
+    {
+      "href": "https://directory.owncast.online/tags/streaming",
+      "name": "#streaming",
+      "type": "Hashtag"
+    },
+    {
+      "href": "https://directory.owncast.online/tags/owncast",
+      "name": "#owncast",
+      "type": "Hashtag"
+    }
+  ],
+  "to": "https://www.w3.org/ns/activitystreams#Public",
+  "type": "Note"
+}

test/fixtures/rsa_keys/key_1.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA2gdPJM5bWarGZ6QujfQ296l1yEQohS5fdtnxYQc+RXuS1gqZ
+R/jVGHG25o4tmwyCLClyREU1CBTOCQBsg+BSehXlxNR9fiB4KaVQW9MMNa2vhHuG
+f7HLdILiC+SPPTV1Bi8LCpxJowiSpnFPP4BDDeRKib7nOxll9Ln9gEpUueKKabsQ
+EQKCmEJYhIz/8g5R0Qz+6VjASdejDjTEdZbr/rwyldRRjIklyeZ3lBzB/c8/51wn
+HT2Dt0r9NiapxYC3oNhbE2A+4FU9pZTqS8yc3KqWZAy74snaRO9QQSednKlOJpXP
+V3vwWo5CxuSNLttV7zRcrqeYOkIVNF4dQ/bHzQIDAQABAoIBADTCfglnEj4BkF92
+IHnjdgW6cTEUJUYNMba+CKY1LYF85Mx85hi/gzmWEu95yllxznJHWUpiAPJCrpUJ
+EDldaDf44pAd53xE+S8CvQ5rZNH8hLOnfKWb7aL1JSRBm9PxAq+LZL2dkkgsg+hZ
+FRdFv3Q2IT9x/dyUSdLNyyVnV1dfoya/7zOFc7+TwqlofznzrlBgNoAe8Lb4AN/q
+itormPxskqATiq11XtP4F6eQ556eRgHCBxmktx/rRDl6f9G9dvjRQOA2qZlHQdFq
+kjOZsrvItL46LdVoLPOdCYG+3HFeKoDUR1NNXEkt66eqmEhLY4MgzGUT1wqXWk7N
+XowZc9UCgYEA+L5h4PhANiY5Kd+PkRI8zTlJMv8hFqLK17Q0p9eL+mAyOgXjH9so
+QutJf4wU+h6ESDxH+1tCjCN307uUqT7YnT2zHf3b6GcmA+t6ewxfxOY2nJ82HENq
+hK1aodnPTvRRRqCGfrx9qUHRTarTzi+2u86zH+KoMHSiuzn4VpQhg4MCgYEA4GOL
+1tLR9+hyfYuMFo2CtQjp3KpJeGNKEqc33vFD05xJQX+m5THamBv8vzdVlVrMh/7j
+iV85mlA7HaaP+r5DGwtonw9bqY76lYRgJJprsS5lHcRnXsDmU4Ne8RdB3dHNsT5P
+n4P6v8y4jaT638iJ/qLt4e8itOBlZwS//VIglm8CgYEA7KXD3RKRlHK9A7drkOs2
+6VBM8bWEN1LdhGYvilcpFyUZ49XiBVatcS0EGdKdym/qDgc7vElQgJ7ly4y0nGfs
+EXy3whrYcrxfkG8hcZuOKXeUEWHvSuhgmKWMilr8PfN2t6jVDBIrwzGY/Tk+lPUT
+9o1qITW0KZVtlI5MU6JOWB0CgYAHwwnETZibxbuoIhqfcRezYXKNgop2EqEuUgB5
+wsjA2igijuLcDMRt/JHan3RjbTekAKooR1X7w4i39toGJ2y008kzr1lRXTPH1kNp
+ILpW767pv7B/s5aEDwhKuK47mRVPa0Nf1jXnSpKbu7g943b6ivJFnXsK3LRFQwHN
+JnkgGwKBgGUleQVd2GPr1dkqLVOF/s2aNB/+h2b1WFWwq0YTnW81OLwAcUVE4p58
+3GQgz8PCsWbNdTb9yFY5fq0fXgi0+T54FEoZWH09DrOepA433llAwI6sq7egrFdr
+kKQttZMzs6ST9q/IOF4wgqSnBjjTC06vKSkNAlXJz+LMvIRMeBr0
+-----END RSA PRIVATE KEY-----

test/fixtures/rsa_keys/key_2.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAwu0VqVGRVDW09V3zZ0+08K9HMKivIzIInO0xim3jbfVcg8r1
+sR7vNLorYAB6TDDlXYAWKx1OxUMZusbOigrpQd+5wy8VdCogDD7qk4bbZ+NjXkuD
+ETzrQsGWUXe+IdeH8L0Zh0bGjbarCuA0qAeY1TEteGl+Qwo2dsrBUH7yKmWO6Mz9
+XfPshrIDOGo4QNyVfEBNGq2K9eRrQUHeAPcM2/qu4ZAZRK+VCifDZrF8ZNpoAsnS
+R2mJDhOBUMvI/ZaxOc2ry4EzwcS4uBaM2wONkGWDaqO6jNAQflaX7vtzOAeJB7Dt
+VKXUUcZAGN7uI3c2mG5IKGMhTYUtUdrzmqmtZwIDAQABAoIBAQCHBJfTf3dt4AGn
+T9twfSp06MQj9UPS2i5THI0LONCm8qSReX0zoZzJZgbzaYFM0zWczUMNvDA6vR7O
+XDTmM2acxW4zv6JZo3Ata0sqwuepDz1eLGnt/8dppxQK/ClL4bH8088h/6k6sgPJ
+9cEjfpejXHwFgvT9VM6i/BBpRHVTXWuJqwpDtg+bleQNN3L3RapluDd7BGiKoCwQ
+cCTKd+lxTu9gVJkbRTI/Jn3kV+rnedYxHTxVp5cU1qIabsJWBcdDz25mRHupxQsn
+JbQR4+ZnRLeAsC6WJZtEJz2KjXgBaYroHbGZY3KcGW95ILqiCJoJJugbW1eABKnN
+Q5k8XVspAoGBAPzGJBZuX3c0quorhMIpREmGq2vS6VCQwLhH5qayYYH1LiPDfpdq
+69lOROxZodzLxBgTf5z/a5kBF+eNKvOqfZJeRTxmllxxO1MuJQuRLi/b7BHHLuyN
+Eea+YwtehA0T0CbD2hydefARNDruor2BLvt/kt6qEoIFiPauTsMfXP39AoGBAMVp
+8argtnB+vsk5Z7rpQ4b9gF5QxfNbA0Hpg5wUUdYrUjFr50KWt1iowj6AOVp/EYgr
+xRfvOQdYODDH7R5cjgMbwvtpHo39Zwq7ewaiT1sJXnpGmCDVh+pdTHePC5OOXnxN
+0USK3M4KjltjVqJo7xPPElgJvCejudD47mtHMaQzAoGBAIFQ/PVc0goyL55NVUXf
+xse21cv7wtEsvOuKHT361FegD1LMmN7uHGq32BryYBSNSmzmzMqNAYbtQEV9uxOd
+jVBsWg9kjFgOtcMAQIOCapahdExEEoWCRj49+H3AhN4L3Nl4KQWqqs9efdIIc8lv
+ZZHU2lZ/u6g5HLDWzASW7wQhAoGAdERPRrqN+HdNWinrA9Q6JxjKL8IWs5rYsksb
+biMxh5eAEwdf7oHhfd/2duUB4mCQLMjKjawgxEia33AAIS+VnBMPpQ5mJm4l79Y3
+QNL7Nbyw3gcRtdTM9aT5Ujj3MnJZB5C1PU8jeF4TNZOuBH0UwW/ld+BT5myxFXhm
+wtvtSq0CgYEA19b0/7il4Em6uiLOmYUuqaUoFhUPqzjaS6OM/lRAw12coWv/8/1P
+cwaNZHNMW9Me/bNH3zcOTz0lxnYp2BeRehjFYVPRuS1GU7uwqKtlL2wCPptTfAhN
+aJWIplzUCTg786u+sdNZ0umWRuCLoUpsKTgP/yt4RglzEcfxAuBDljk=
+-----END RSA PRIVATE KEY-----

test/fixtures/rsa_keys/key_3.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEA0GvzqZ3r78GLa7guGn+palKRLGru4D4jnriHgfrUAJrdLyZ5
+9d0zAA4qnS2L6YAMoPPBhBUtIV5e2sn1+rwTClWU3dm3FyBAeqdeIBKN+04AyrUc
+HXYaZtOPJXCTeytzoSQE359Tq6+xwgoHlUWSWxQF51/z/PDQcUvqFjJqAtdiDchd
+3CiFRtdjegyxXGnqvPmBix+vEjDytcVydfch+R1Twf6f5EL7a1jFVWNGcratYBEl
+nqOWKI2fBu/WA8QlrcVW5zmtZo9aJ6IrFddQgQTxPk/mEHgCzv8tbCRI9TxiXeYH
+YqxZFYBW40xbZQwGRjaYHJlIRYp9+TOynW9OZQIDAQABAoIBAQC97cIMDbdVsyAk
+N6D70N5H35ofygqJGtdG6o3B6xuKuZVaREvbu4mgQUigF0Nqs5/OhJMSlGGeCOuT
+oXug1Abd4gNY7++jCWb43tAtlfsAyaJ7FvPZ/SguEBhgW+hp07z5WWN/jSeoSuFI
+G++xHcczbFm88XncRG8O78kQFTz5/DlQYkFXfbqpuS3BqxnrACpDCUfrUwZNYFIp
+CUNq21jdifhHwlS0K3PX8A5HdOYeVnVHaE78LGE4oJVHwcokELv+PYqarWZq/a6L
+vKU3yn2+4pj2WO490iGQaRKVM35vrtjdVxiWEIUiFc3Jg5fKZA3wuHXoF1N1DpPO
+BO6Att55AoGBAP/nC2szmDcnU5Sh8LDeQbL+FpSBwOmFnmel5uqbjKnDzf9emPQu
+NFUls1N9OGgyUq08TnmcY/7wLZzcu7Y9XOUURuYtx9nGRs4RmE2VEBhK1r7CkDIx
+oOb+NtdqnPtQASAxCHszoGCFxpuV7UVoo2SRgc+M4ceX128arvBUtvdrAoGBANCA
+RuO3eelkXaJoCeogEUVWXZ6QmPeYzbMD4vg2DM0ynUbReyuEIIhn+SR7tehlj5ie
+4T3ixVdur6k+YUdiFhUYgXaHBJWHoHl1lrU3ZON8n7AeEk9ft6gg4L07ouj78UMZ
+sArJIlU5mLnW02zbV9XryU39dIgpQREqC0bIOtVvAoGBAORv1JKq6Rt7ALJy6VCJ
+5y4ogfGp7pLHk8NEpuERYDz/rLllMbbwNAk6cV17L8pb+c/pQMhwohcnQiCALxUc
+q/tW4X+CqJ+vzu8PZ90Bzu9Qh2iceGpGQTNTBZPA+UeigI7DFqYcTPM9GDE1YiyO
+nyUcezvSsI4i7s6gjD+/7+DnAoGABm3+QaV1z/m1XX3B2IN2pOG971bcML54kW2s
+QSVBjc5ixT1OhBAGBM7YAwUBnhILtJQptAPbPBAAwMJYs5/VuH7R9zrArG/LRhOX
+Oy1jIhTEw+SZgfMcscWZyJwfMPob/Yq8QAjl0yT8jbaPPIsjEUi9I3eOcWh8RjA6
+ussP7WcCgYEAm3yvJR9z6QGoQQwtDbwjyZPYOSgK9wFS/65aupi6cm/Qk2N1YaLY
+q2amNrzNsIc9vQwYGEHUwogn4MieHk96V7m2f0Hx9EHCMwizU9EiS6oyiLVowTG6
+YsBgSzcpnt0Vkgil4CQks5uQoan0tubEUQ5DI79lLnb02n4o46iAYK0=
+-----END RSA PRIVATE KEY-----

test/fixtures/rsa_keys/key_4.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAw6MLRbP/henX2JxwdMkQlskKghBoMyUPu9kZpUQ9yYfIm9I4
+a3gEfzef75jKLOSf+BkZulvEUGjC+VnkpV3s+OZCSq81Ykv5PHuTqbj8Cn/dEt/g
+lBXxPcOBKWqa+1cDX6QVIVJsBihLB/1b64H3U96Yu9+knmXvT1Az5MFA2KtSq7HJ
+O+GJNn0EMI7xwPz/atUGlMLrhzwS4UDpw9CAaRPojplJYl4K1JMCFTgTt3hJILXZ
+tw1MKTeeyWzNiuQRBQJuCnqfvsBYsasIlHWfqIL/uBzcGHHCIK5ZW9luntJXyLVj
+zzaF7etIJk1uddM2wnqOOaVyqbssZXGt7Tb9IQIDAQABAoIBAH5QJRUKFK8Xvp9C
+0nD06NsSTtCPW1e6VCBLGf3Uw7f9DY9d+cOZp/2jooYGNnMp4gdD3ZKvcV8hZNGu
+Mqx6qmhB8wdZfLRMrU1Z1Is+vqzgxZJMLiouyKXCNwDQreQd2DXGMUZkew62sUsl
+UFYMge4KyL50tUr4Mb0Z4YePJxk804tcqgw0n+D0lR7ZKhSqoQpoMqEiO+27Yw7E
+Txj/MKH8f/ZJ6LBLRISOdBOrxonHqqeYWchczykCwojOZc3bIlWZGhg727dFTHDC
+yrj3/zsZ2hy+TQsucCFY0RljIbacmHvrF/VqfhTIhg98H0F27V/jiPGsdKhptyst
+E9iQVMkCgYEA42ge4H2Wl42sRh61GOrOgzzr0WZS54bF5skMxiGGnLwnb82rwUBt
+xw94PRORJbV9l+2fkxbfiW0uzornfN8OBHSB64Pcjzzbl5Qm+eaDOiuTLtakYOWQ
+/ipGqw8iE4J9iRteZCo8GnMxWbTkYCporTlFDTeYguXmwR4yCXtlCbMCgYEA3DxM
+7R5HMUWRe64ucdekMh742McS8q/X5jdN9iFGy0M8P1WTyspSlaPDXgjaO4XqpRqg
+djkL993kCDvOAiDl6Tpdiu1iFcOaRLb19Tj1pm8sKdk6X4d10U9lFri4NVYCmvVi
+yOahUYFK/k5bA+1o+KU9Pi82H36H3WNeF4evC9sCgYEAs1zNdc04uQKiTZAs0KFr
+DzI+4aOuYjT35ObQr3mD/h2dkV6MSNmzfF1kPfAv/KkgjXN7+H0DBRbb40bF/MTF
+/peSXZtcnJGote7Bqzu4Z2o1Ja1ga5jF+uKHaKZ//xleQIUYtzJkw4v18cZulrb8
+ZxyTrTAbl6sTjWBuoPH1qGcCgYEAsQNahR9X81dKJpGKTQAYvhw8wOfI5/zD2ArN
+g62dXBRPYUxkPJM/q3xzs6oD1eG+BjQPktYpM3FKLf/7haRxhnLd6qL/uiR8Ywx3
+RkEg2EP0yDIMA+o5nSFmS8vuaxgVgf0HCBiuwnbcEuhhqRdxzp/pSIjjxI6LnzqV
+zu3EmQ8CgYEAhq8Uhvw+79tK7q2PCjDbiucA0n/4a3aguuvRoEh7F93Pf6VGZmT+
+Yld54Cd4P5ATI3r5YdD+JBuvgNMOTVPCaD/WpjbJKnrpNEXtXRQD6LzAXZDNk0sF
+IO9i4gjhBolRykWn10khoPdxw/34FWBP5SxU1JYk75NQXvI3TD+5xbU=
+-----END RSA PRIVATE KEY-----

test/fixtures/rsa_keys/key_5.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpgIBAAKCAQEA0jdKtMkgqnEGO3dn4OKxtggfFDzv+ddXToO0cdPXkUgPajCo
+UGPunz+A1KmkAmLY0Vwk0tkOmKK8GFHek/5zQ+1N2FHBi19fbwlJk7hzh5OiYRhu
+YZi0d6LsqEMKhDk6NqIeiFmOe2YHgklVvZV0hebvHlHLgzDhYrDltSPe33UZa3MS
+g2Knf4WQAjLOo2BAb+oyj/UNXeAqaMGcOr6/kAHPcODW2EGhF3H3umFLv7t/Kq5i
+WPBgarbCGPR5qq9SW5ZIjS3Sz0dl105Grw8wU23CC/2IBZ5vNiu+bkmLEoh/KpX2
+YBILoLmwtVX0Qxc15CrpOi12p+/4pLR8kuEowQIDAQABAoIBAQDMDQ3AJMdHisSQ
+7pvvyDzWRFXesDQE4YmG1gNOxmImTLthyW9n8UjMXbjxNOXVxxtNRdMcs8MeWECa
+nsWeBEzgr7VzeBCV9/LL9kjsUgwamyzwcOWcaL0ssAJmZgUMSfx+0akvkzbiAyzg
+w8ytZSihXYPYe28/ni/5O1sOFI6feenOnJ9NSmVUA24c9TTJGNQs7XRUMZ8f9wt6
+KwRmYeNDKyqH7NvLmmKoDp6m7bMDQxWArVTAoRWTVApnj35iLQtmSi8DBdw6xSzQ
+fKpUe/B4iQmMNxUW7KmolOvCIS5wcYZJE+/j7xshA2GGnOpx4aC+N+w2GSX4Bz/q
+OnYSpGUBAoGBAOwnSeg17xlZqmd86qdiCxg0hRtAjwrd7btYq6nkK+t9woXgcV99
+FBS3nLbk/SIdXCW8vHFJTmld60j2q2kdestYBdHznwNZJ4Ee8JhamzcC64wY7O0x
+RameO/6uoKS4C3VF+Zc9CCPfZOqYujkGvSqbTjFZWuFtDp0GHDk+qEIRAoGBAOPh
++PCB2QkGgiujSPmuCT5PTuNylAug3D4ZdMRKpQb9Rnzlia1Rpdrihq+PvB2vwa+S
+mB6dgb0E7M2AyEMVu5buris0mVpRdmEeLCXR8mYJ48kOslIGArEStXDetfbRaXdK
+7vf4APq2d78AQYldU2fYlo754Dh/3MZIguzpqMuxAoGBAIDJqG/AQiYkFV+c62ff
+e0d3FQRYv+ngQE9Eu1HKwv0Jt7VFQu8din8F56yC013wfxmBhY+Ot/mUo8VF6RNJ
+ZXdSCNKINzcfPwEW+4VLHIzyxbzAty1gCqrHRdbOK4PJb05EnCqTuUW/Bg0+v4hs
+GWwMCKe3IG4CCM8vzuKVPjPRAoGBANYCQtJDb3q9ZQPsTb1FxyKAQprx4Lzm7c9Y
+AsPRQhhFRaxHuLtPQU5FjK1VdBoBFAl5x2iBDPVhqa348pml0E0Xi/PBav9aH61n
+M5i1CUrwoL4SEj9bq61133XHgeXwlnZUpgW0H99T+zMh32pMfea5jfNqETueQMzq
+DiLF8SKRAoGBAOFlU0kRZmAx3Y4rhygp1ydPBt5+zfDaGINRWEN7QWjhX2QQan3C
+SnXZlP3POXLessKxdCpBDq/RqVQhLea6KJMfP3F0YbohfWHt96WjiriJ0d0ZYVhu
+34aUM2UGGG0Kia9OVvftESBaXk02vrY9zU3LAVAv0eLgIADm1kpj85v7
+-----END RSA PRIVATE KEY-----

test/fixtures/tesla_mock/framatube.org_host_meta

@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0"><hm:Host xmlns:hm="http://host-meta.net/xrd/1.0">framatube.org</hm:Host><Link rel="lrdd" template="http://framatube.org/main/xrd?uri={uri}"><Title>Resource Descriptor</Title></Link></XRD>
+<XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0"><hm:Host xmlns:hm="http://host-meta.net/xrd/1.0">framatube.org</hm:Host><Link rel="lrdd" template="https://framatube.org/main/xrd?uri={uri}"><Title>Resource Descriptor</Title></Link></XRD>

test/fixtures/tesla_mock/helene@p.helene.moe.json

@@ -0,0 +1,50 @@
+{
+    "@context": [
+        "https://www.w3.org/ns/activitystreams",
+        "https://p.helene.moe/schemas/litepub-0.1.jsonld",
+        {
+            "@language": "und"
+        }
+    ],
+    "alsoKnownAs": [],
+    "attachment": [
+        {
+            "name": "Timezone",
+            "type": "PropertyValue",
+            "value": "UTC+2 (Paris/Berlin)"
+        }
+    ],
+    "capabilities": {
+        "acceptsChatMessages": true
+    },
+    "discoverable": true,
+    "endpoints": {
+        "oauthAuthorizationEndpoint": "https://p.helene.moe/oauth/authorize",
+        "oauthRegistrationEndpoint": "https://p.helene.moe/api/v1/apps",
+        "oauthTokenEndpoint": "https://p.helene.moe/oauth/token",
+        "sharedInbox": "https://p.helene.moe/inbox",
+        "uploadMedia": "https://p.helene.moe/api/ap/upload_media"
+    },
+    "featured": "https://p.helene.moe/users/helene/collections/featured",
+    "followers": "https://p.helene.moe/users/helene/followers",
+    "following": "https://p.helene.moe/users/helene/following",
+    "icon": {
+        "type": "Image",
+        "url": "https://p.helene.moe/media/9a39209daa5a66b7ebb0547b08bf8360aa9d8d65a4ffba2603c6ffbe6aecb432.jpg"
+    },
+    "id": "https://p.helene.moe/users/helene",
+    "inbox": "https://p.helene.moe/users/helene/inbox",
+    "manuallyApprovesFollowers": false,
+    "name": "Hélène",
+    "outbox": "https://p.helene.moe/users/helene/outbox",
+    "preferredUsername": "helene",
+    "publicKey": {
+        "id": "https://p.helene.moe/users/helene#main-key",
+        "owner": "https://p.helene.moe/users/helene",
+        "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtoSBPU/VS2Kx3f6ap3zv\nZVacJsgUfaoFb3c2ii/FRh9RmRVlarq8sJXcjsQt1e0oxWaWJaIDDwyKZPt6hXae\nrY/AiGGeNu+NA+BtY7l7+9Yu67HUyT62+1qAwYHKBXX3fLOPs/YmQI0Tt0c4wKAG\nKEkiYsRizghgpzUC6jqdKV71DJkUZ8yhckCGb2fLko1ajbWEssdaP51aLsyRMyC2\nuzeWrxtD4O/HG0ea4S6y5X6hnsAHIK4Y3nnyIQ6pn4tOsl3HgqkjXE9MmZSvMCFx\nBq89TfZrVXNa2gSZdZLdbbJstzEScQWNt1p6tA6rM+e4JXYGr+rMdF3G+jV7afI2\nFQIDAQAB\n-----END PUBLIC KEY-----\n\n"
+    },
+    "summary": "I can speak: Français, English, Deutsch (nicht sehr gut), 日本語 (not very well)",
+    "tag": [],
+    "type": "Person",
+    "url": "https://p.helene.moe/users/helene"
+}

test/fixtures/tesla_mock/https___lm.kazv.moe_users_mewmew.xml

@@ -0,0 +1 @@
+<?xml version="1.0" encoding="UTF-8"?><XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0"><Subject>acct:mewmew@lm.kazv.moe</Subject><Alias>https://lm.kazv.moe/users/mewmew</Alias><Alias>https://lm.kazv.moe/users/tester</Alias><Alias>https://lm.kazv.moe/users/testuser</Alias><Link href="https://lm.kazv.moe/users/mewmew" rel="http://webfinger.net/rel/profile-page" type="text/html" /><Link href="https://lm.kazv.moe/users/mewmew" rel="self" type="application/activity+json" /><Link href="https://lm.kazv.moe/users/mewmew" rel="self" type="application/ld+json; profile=&quot;https://www.w3.org/ns/activitystreams&quot;" /><Link rel="http://ostatus.org/schema/1.0/subscribe" template="https://lm.kazv.moe/ostatus_subscribe?acct={uri}" /></XRD>

test/fixtures/tesla_mock/lm.kazv.moe_host_meta

@@ -0,0 +1 @@
+<?xml version="1.0" encoding="UTF-8"?><XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0"><Link rel="lrdd" template="https://lm.kazv.moe/.well-known/webfinger?resource={uri}" type="application/xrd+xml" /></XRD>

test/fixtures/tesla_mock/mametsuko@mk.absturztau.be.json

@@ -0,0 +1,65 @@
+{
+    "@context": [
+        "https://www.w3.org/ns/activitystreams",
+        "https://w3id.org/security/v1",
+        {
+            "manuallyApprovesFollowers": "as:manuallyApprovesFollowers",
+            "sensitive": "as:sensitive",
+            "Hashtag": "as:Hashtag",
+            "quoteUrl": "as:quoteUrl",
+            "toot": "http://joinmastodon.org/ns#",
+            "Emoji": "toot:Emoji",
+            "featured": "toot:featured",
+            "discoverable": "toot:discoverable",
+            "schema": "http://schema.org#",
+            "PropertyValue": "schema:PropertyValue",
+            "value": "schema:value",
+            "misskey": "https://misskey-hub.net/ns#",
+            "_misskey_content": "misskey:_misskey_content",
+            "_misskey_quote": "misskey:_misskey_quote",
+            "_misskey_reaction": "misskey:_misskey_reaction",
+            "_misskey_votes": "misskey:_misskey_votes",
+            "_misskey_talk": "misskey:_misskey_talk",
+            "isCat": "misskey:isCat",
+            "vcard": "http://www.w3.org/2006/vcard/ns#"
+        }
+    ],
+    "type": "Person",
+    "id": "https://mk.absturztau.be/users/8ozbzjs3o8",
+    "inbox": "https://mk.absturztau.be/users/8ozbzjs3o8/inbox",
+    "outbox": "https://mk.absturztau.be/users/8ozbzjs3o8/outbox",
+    "followers": "https://mk.absturztau.be/users/8ozbzjs3o8/followers",
+    "following": "https://mk.absturztau.be/users/8ozbzjs3o8/following",
+    "featured": "https://mk.absturztau.be/users/8ozbzjs3o8/collections/featured",
+    "sharedInbox": "https://mk.absturztau.be/inbox",
+    "endpoints": {
+        "sharedInbox": "https://mk.absturztau.be/inbox"
+    },
+    "url": "https://mk.absturztau.be/@mametsuko",
+    "preferredUsername": "mametsuko",
+    "name": "mametschko",
+    "summary": "<p><span>nya, ich bin eine Brotperson</span></p>",
+    "icon": {
+        "type": "Image",
+        "url": "https://mk.absturztau.be/files/webpublic-3b5594f4-fa52-4548-b4e3-c379ae2143ed",
+        "sensitive": false,
+        "name": null
+    },
+    "image": {
+        "type": "Image",
+        "url": "https://mk.absturztau.be/files/webpublic-0d03b03d-b14b-4916-ac3d-8a137118ec84",
+        "sensitive": false,
+        "name": null
+    },
+    "tag": [],
+    "manuallyApprovesFollowers": true,
+    "discoverable": false,
+    "publicKey": {
+        "id": "https://mk.absturztau.be/users/8ozbzjs3o8#main-key",
+        "type": "Key",
+        "owner": "https://mk.absturztau.be/users/8ozbzjs3o8",
+        "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuN/S1spBGmh8FXI1Bt16\nXB7Cc0QutBp7UPgmDNHjOfsq0zrF4g3L1UBxvrpU0XX77XPMCd9yPvGwAYURH2mv\ntIcYuE+R90VLDmBu5MTVthcG2D874eCZ2rD2YsEYmN5AjTX7QBIqCck+qDhVWkkM\nEZ6S5Ht6IJ5Of74eKffXElQI/C6QB+9uEDOmPk0jCzgI5gw7xvJqFj/DIF4kUUAu\nA89JqaFZzZlkrSrj4cr48bLN/YOmpdaHu0BKHaDSHct4+MqlixqovgdB6RboCEDw\ne4Aeav7+Q0Y9oGIvuggg0Q+nCubnVNnaPyzd817tpPVzyZmTts+DKyDuv90SX3nR\nsPaNa5Ty60eqplUk4b7X1gSvuzBJUFBxTVV84WnjwoeoydaS6rSyjCDPGLBjaByc\nFyWMMEb/zlQyhLZfBlvT7k96wRSsMszh2hDALWmgYIhq/jNwINvALJ1GKLNHHKZ4\nyz2LnxVpRm2rWrZzbvtcnSQOt3LaPSZn8Wgwv4buyHF02iuVuIamZVtKexsE1Ixl\nIi9qa3AKEc5gOzYXhRhvHaruzoCehUbb/UHC5c8Tto8L5G1xYzjLP3qj3PT9w/wM\n+k1Ra/4JhuAnVFROOoOmx9rIELLHH7juY2nhM7plGhyt1M5gysgqEloij8QzyQU2\nZK1YlAERG2XFO6br8omhcmECAwEAAQ==\n-----END PUBLIC KEY-----\n"
+    },
+    "isCat": true,
+    "vcard:Address": "Vienna, Austria"
+}

test/fixtures/tesla_mock/mewmew@lm.kazv.moe.json

@@ -0,0 +1 @@
+{"@context":["https://www.w3.org/ns/activitystreams","https://lm.kazv.moe/schemas/litepub-0.1.jsonld",{"@language":"und"}],"alsoKnownAs":["https://lm.kazv.moe/users/tester","https://lm.kazv.moe/users/testuser"],"attachment":[],"capabilities":{"acceptsChatMessages":true},"discoverable":false,"endpoints":{"oauthAuthorizationEndpoint":"https://lm.kazv.moe/oauth/authorize","oauthRegistrationEndpoint":"https://lm.kazv.moe/api/v1/apps","oauthTokenEndpoint":"https://lm.kazv.moe/oauth/token","sharedInbox":"https://lm.kazv.moe/inbox","uploadMedia":"https://lm.kazv.moe/api/ap/upload_media"},"featured":"https://lm.kazv.moe/users/mewmew/collections/featured","followers":"https://lm.kazv.moe/users/mewmew/followers","following":"https://lm.kazv.moe/users/mewmew/following","id":"https://lm.kazv.moe/users/mewmew","inbox":"https://lm.kazv.moe/users/mewmew/inbox","manuallyApprovesFollowers":false,"name":"mew","outbox":"https://lm.kazv.moe/users/mewmew/outbox","preferredUsername":"mewmew","publicKey":{"id":"https://lm.kazv.moe/users/mewmew#main-key","owner":"https://lm.kazv.moe/users/mewmew","publicKeyPem":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0nT3IVUwx799FSJyJEOY\n5D2c5zgtt2Z+BD9417eVLmVQF5fJlWgcKS4pbFc76zkYoBkZtV7XbzvN9KTNulpa\nUGNOM0/UdEoQLB8xbVCMm0ABUU8vbTWoMTxp93bfVHBz+33FPYdH1JHX4TCU/mJF\nX4UJMvFmMn5BFjSQm9GG6Eq2j6SAUsaTa8+Rrd8FzS6zb/dk3N/Llz0tfsZYS0sq\nEy9OYhsKOQ6eegULFJOF3Hz04vzwftmeXFsbb3aO2zKz3uAMYZglWHNBYJAePBtJ\ng362kqdJwgT14TFnZ0K2ziDPbkRULG1Kke/lsqw2rPF6Q6P4PeO1shCEDthoDoID\newIDAQAB\n-----END PUBLIC KEY-----\n\n"},"summary":"","tag":[],"type":"Person","url":"https://lm.kazv.moe/users/mewmew"}

test/fixtures/tesla_mock/mk.absturztau.be-93e7nm8wqg-activity.json

@@ -0,0 +1 @@
+{"@context":["https://www.w3.org/ns/activitystreams","https://w3id.org/security/v1",{"manuallyApprovesFollowers":"as:manuallyApprovesFollowers","sensitive":"as:sensitive","Hashtag":"as:Hashtag","quoteUrl":"as:quoteUrl","toot":"http://joinmastodon.org/ns#","Emoji":"toot:Emoji","featured":"toot:featured","discoverable":"toot:discoverable","schema":"http://schema.org#","PropertyValue":"schema:PropertyValue","value":"schema:value","misskey":"https://misskey-hub.net/ns#","_misskey_content":"misskey:_misskey_content","_misskey_quote":"misskey:_misskey_quote","_misskey_reaction":"misskey:_misskey_reaction","_misskey_votes":"misskey:_misskey_votes","_misskey_talk":"misskey:_misskey_talk","isCat":"misskey:isCat","vcard":"http://www.w3.org/2006/vcard/ns#"}],"id":"https://mk.absturztau.be/notes/93e7nm8wqg/activity","actor":"https://mk.absturztau.be/users/8ozbzjs3o8","type":"Create","published":"2022-08-01T11:06:49.568Z","object":{"id":"https://mk.absturztau.be/notes/93e7nm8wqg","type":"Note","attributedTo":"https://mk.absturztau.be/users/8ozbzjs3o8","summary":null,"content":"<p><span>meow</span></p>","_misskey_content":"meow","published":"2022-08-01T11:06:49.568Z","to":["https://www.w3.org/ns/activitystreams#Public"],"cc":["https://mk.absturztau.be/users/8ozbzjs3o8/followers"],"inReplyTo":null,"attachment":[],"sensitive":false,"tag":[]},"to":["https://www.w3.org/ns/activitystreams#Public"],"cc":["https://mk.absturztau.be/users/8ozbzjs3o8/followers"]}

test/fixtures/tesla_mock/mk.absturztau.be-93e7nm8wqg.json

@@ -0,0 +1,44 @@
+{
+    "@context": [
+        "https://www.w3.org/ns/activitystreams",
+        "https://w3id.org/security/v1",
+        {
+            "manuallyApprovesFollowers": "as:manuallyApprovesFollowers",
+            "sensitive": "as:sensitive",
+            "Hashtag": "as:Hashtag",
+            "quoteUrl": "as:quoteUrl",
+            "toot": "http://joinmastodon.org/ns#",
+            "Emoji": "toot:Emoji",
+            "featured": "toot:featured",
+            "discoverable": "toot:discoverable",
+            "schema": "http://schema.org#",
+            "PropertyValue": "schema:PropertyValue",
+            "value": "schema:value",
+            "misskey": "https://misskey-hub.net/ns#",
+            "_misskey_content": "misskey:_misskey_content",
+            "_misskey_quote": "misskey:_misskey_quote",
+            "_misskey_reaction": "misskey:_misskey_reaction",
+            "_misskey_votes": "misskey:_misskey_votes",
+            "_misskey_talk": "misskey:_misskey_talk",
+            "isCat": "misskey:isCat",
+            "vcard": "http://www.w3.org/2006/vcard/ns#"
+        }
+    ],
+    "id": "https://mk.absturztau.be/notes/93e7nm8wqg",
+    "type": "Note",
+    "attributedTo": "https://mk.absturztau.be/users/8ozbzjs3o8",
+    "summary": null,
+    "content": "<p><span>meow</span></p>",
+    "_misskey_content": "meow",
+    "published": "2022-08-01T11:06:49.568Z",
+    "to": [
+        "https://www.w3.org/ns/activitystreams#Public"
+    ],
+    "cc": [
+        "https://mk.absturztau.be/users/8ozbzjs3o8/followers"
+    ],
+    "inReplyTo": null,
+    "attachment": [],
+    "sensitive": false,
+    "tag": []
+}

test/fixtures/tesla_mock/p.helene.moe-AM7S6vZQmL6pI9TgPY.json

@@ -0,0 +1,36 @@
+{
+    "@context": [
+        "https://www.w3.org/ns/activitystreams",
+        "https://p.helene.moe/schemas/litepub-0.1.jsonld",
+        {
+            "@language": "und"
+        }
+    ],
+    "actor": "https://p.helene.moe/users/helene",
+    "attachment": [],
+    "attributedTo": "https://p.helene.moe/users/helene",
+    "cc": [
+        "https://p.helene.moe/users/helene/followers"
+    ],
+    "content": "<span class=\"h-card\"><a class=\"u-url mention\" data-user=\"AHntpQ4T3J4OSnpgMC\" href=\"https://mk.absturztau.be/@mametsuko\" rel=\"ugc\">@<span>mametsuko</span></a></span> meow",
+    "context": "https://p.helene.moe/contexts/cc324643-5583-4c3f-91d2-c6ed37db159d",
+    "conversation": "https://p.helene.moe/contexts/cc324643-5583-4c3f-91d2-c6ed37db159d",
+    "id": "https://p.helene.moe/objects/fd5910ac-d9dc-412e-8d1d-914b203296c4",
+    "inReplyTo": "https://mk.absturztau.be/notes/93e7nm8wqg",
+    "published": "2022-08-02T13:46:58.403996Z",
+    "sensitive": null,
+    "source": "@mametsuko@mk.absturztau.be meow",
+    "summary": "",
+    "tag": [
+        {
+            "href": "https://mk.absturztau.be/users/8ozbzjs3o8",
+            "name": "@mametsuko@mk.absturztau.be",
+            "type": "Mention"
+        }
+    ],
+    "to": [
+        "https://mk.absturztau.be/users/8ozbzjs3o8",
+        "https://www.w3.org/ns/activitystreams#Public"
+    ],
+    "type": "Note"
+}

test/fixtures/tesla_mock/status.alpicola.com_host_meta

@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0"><hm:Host xmlns:hm="http://host-meta.net/xrd/1.0">status.alpicola.com</hm:Host><Link rel="lrdd" template="http://status.alpicola.com/main/xrd?uri={uri}"><Title>Resource Descriptor</Title></Link></XRD>
+<XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0"><hm:Host xmlns:hm="http://host-meta.net/xrd/1.0">status.alpicola.com</hm:Host><Link rel="lrdd" template="https://status.alpicola.com/main/xrd?uri={uri}"><Title>Resource Descriptor</Title></Link></XRD>

test/fixtures/webfinger/masto-host-meta.xml

@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0">
+  <Link rel="lrdd" template="https://{{domain}}/.well-known/webfinger?resource={uri}"/>
+</XRD>

test/fixtures/webfinger/masto-user.json

@@ -0,0 +1,92 @@
+{
+  "@context": [
+    "https://www.w3.org/ns/activitystreams",
+    "https://w3id.org/security/v1",
+    {
+      "manuallyApprovesFollowers": "as:manuallyApprovesFollowers",
+      "toot": "http://joinmastodon.org/ns#",
+      "featured": {
+        "@id": "toot:featured",
+        "@type": "@id"
+      },
+      "featuredTags": {
+        "@id": "toot:featuredTags",
+        "@type": "@id"
+      },
+      "alsoKnownAs": {
+        "@id": "as:alsoKnownAs",
+        "@type": "@id"
+      },
+      "movedTo": {
+        "@id": "as:movedTo",
+        "@type": "@id"
+      },
+      "schema": "http://schema.org#",
+      "PropertyValue": "schema:PropertyValue",
+      "value": "schema:value",
+      "IdentityProof": "toot:IdentityProof",
+      "discoverable": "toot:discoverable",
+      "Device": "toot:Device",
+      "Ed25519Signature": "toot:Ed25519Signature",
+      "Ed25519Key": "toot:Ed25519Key",
+      "Curve25519Key": "toot:Curve25519Key",
+      "EncryptedMessage": "toot:EncryptedMessage",
+      "publicKeyBase64": "toot:publicKeyBase64",
+      "deviceId": "toot:deviceId",
+      "claim": {
+        "@type": "@id",
+        "@id": "toot:claim"
+      },
+      "fingerprintKey": {
+        "@type": "@id",
+        "@id": "toot:fingerprintKey"
+      },
+      "identityKey": {
+        "@type": "@id",
+        "@id": "toot:identityKey"
+      },
+      "devices": {
+        "@type": "@id",
+        "@id": "toot:devices"
+      },
+      "messageFranking": "toot:messageFranking",
+      "messageType": "toot:messageType",
+      "cipherText": "toot:cipherText",
+      "suspended": "toot:suspended",
+      "focalPoint": {
+        "@container": "@list",
+        "@id": "toot:focalPoint"
+      }
+    }
+  ],
+  "id": "https://{{domain}}/users/{{nickname}}",
+  "type": "Person",
+  "following": "https://{{domain}}/users/{{nickname}}/following",
+  "followers": "https://{{domain}}/users/{{nickname}}/followers",
+  "inbox": "https://{{domain}}/users/{{nickname}}/inbox",
+  "outbox": "https://{{domain}}/users/{{nickname}}/outbox",
+  "featured": "https://{{domain}}/users/{{nickname}}/collections/featured",
+  "featuredTags": "https://{{domain}}/users/{{nickname}}/collections/tags",
+  "preferredUsername": "{{nickname}}",
+  "name": "Name Name",
+  "summary": "<p>Summary</p>",
+  "url": "https://{{domain}}/@{{nickname}}",
+  "manuallyApprovesFollowers": false,
+  "discoverable": false,
+  "devices": "https://{{domain}}/users/{{nickname}}/collections/devices",
+  "publicKey": {
+    "id": "https://{{domain}}/users/{{nickname}}#main-key",
+    "owner": "https://{{domain}}/users/{{nickname}}",
+    "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwDujxmxoYHs64MyVB3L\nG5ZyBxV3ufaMRBFu42bkcTpISq1WwZ+3Zb6CI8zOO+nM+Q2llrVRYjZa4ZFnOLvM\nTq/Kf+Zf5wy2aCRer88gX+MsJOAtItSi412y0a/rKOuFaDYLOLeTkRvmGLgZWbsr\nZJOp+YWb3zQ5qsIOInkc5BwI172tMsGeFtsnbNApPV4lrmtTGaJ8RiM8MR7XANBO\nfOHggSt1+eAIKGIsCmINEMzs1mG9D75xKtC/sM8GfbvBclQcBstGkHAEj1VHPW0c\nh6Bok5/QQppicyb8UA1PAA9bznSFtKlYE4xCH8rlCDSDTBRtdnBWHKcj619Ujz4Q\nawIDAQAB\n-----END PUBLIC KEY-----\n"
+  },
+  "tag": [],
+  "attachment": [],
+  "endpoints": {
+    "sharedInbox": "https://{{domain}}/inbox"
+  },
+  "icon": {
+    "type": "Image",
+    "mediaType": "image/jpeg",
+    "url": "https://s3.wasabisys.com/merp/accounts/avatars/000/000/001/original/6fdd3eee632af247.jpg"
+  }
+}

test/fixtures/webfinger/masto-webfinger.json

@@ -0,0 +1,23 @@
+{
+  "subject": "acct:{{nickname}}@{{domain}}",
+  "aliases": [
+    "https://{{subdomain}}/@{{nickname}}",
+    "https://{{subdomain}}/users/{{nickname}}"
+  ],
+  "links": [
+    {
+      "rel": "http://webfinger.net/rel/profile-page",
+      "type": "text/html",
+      "href": "https://{{subdomain}}/@{{nickname}}"
+    },
+    {
+      "rel": "self",
+      "type": "application/activity+json",
+      "href": "https://{{subdomain}}/users/{{nickname}}"
+    },
+    {
+      "rel": "http://ostatus.org/schema/1.0/subscribe",
+      "template": "https://{{subdomain}}/authorize_interaction?uri={uri}"
+    }
+  ]
+}

test/fixtures/webfinger/pleroma-host-meta.xml

@@ -0,0 +1 @@
+<?xml version="1.0" encoding="UTF-8"?><XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0"><Link rel="lrdd" template="https://{{domain}}/.well-known/webfinger?resource={uri}" type="application/xrd+xml" /></XRD>

test/fixtures/webfinger/pleroma-user.json

@@ -0,0 +1,58 @@
+{
+  "@context": [
+    "https://www.w3.org/ns/activitystreams",
+    "https://{{domain}}/schemas/litepub-0.1.jsonld",
+    {
+      "@language": "und"
+    }
+  ],
+  "alsoKnownAs": [],
+  "attachment": [],
+  "capabilities": {
+    "acceptsChatMessages": true
+  },
+  "discoverable": true,
+  "endpoints": {
+    "oauthAuthorizationEndpoint": "https://{{domain}}/oauth/authorize",
+    "oauthRegistrationEndpoint": "https://{{domain}}/api/v1/apps",
+    "oauthTokenEndpoint": "https://{{domain}}/oauth/token",
+    "sharedInbox": "https://{{domain}}/inbox",
+    "uploadMedia": "https://{{domain}}/api/ap/upload_media"
+  },
+  "followers": "https://{{domain}}/users/{{nickname}}/followers",
+  "following": "https://{{domain}}/users/{{nickname}}/following",
+  "icon": {
+    "type": "Image",
+    "url": "https://{{domain}}/media/a932a27f158b63c3a97e3a57d5384f714a82249274c6fc66c9eca581b4fd8af2.jpg"
+  },
+  "id": "https://{{domain}}/users/{{nickname}}",
+  "image": {
+    "type": "Image",
+    "url": "https://{{domain}}/media/db15f476d0ad14488db4762b7800479e6ef67b1824f8b9ea5c1fa05b7525c5b7.jpg"
+  },
+  "inbox": "https://{{domain}}/users/{{nickname}}/inbox",
+  "manuallyApprovesFollowers": false,
+  "name": "{{nickname}} :verified:",
+  "outbox": "https://{{domain}}/users/{{nickname}}/outbox",
+  "preferredUsername": "{{nickname}}",
+  "publicKey": {
+    "id": "https://{{domain}}/users/{{nickname}}#main-key",
+    "owner": "https://{{domain}}/users/{{nickname}}",
+    "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4XOAopC4nRIxNlHlt60\n//nCicuedu5wvLGIoQ+KUM2u7/PhLrrTDEqr1A7yQL95S0X8ryYtALgFLI5A54ww\nqjMIbIGAs44lEmDLMEd+XI+XxREE8wdsFpb4QQzWug0DTyqlMouTU25k0tfKh1rF\n4PMJ3uBSjDTAGgFvLNyFWTiVVgChbTNgGOmrEBucRl4NmKzQ69/FIUwENV88oQSU\n3bWvQTEH9rWH1rCLpkmQwdRiWfnhFX/4EUqXukfgoskvenKR8ff3nYhElDqFoE0e\nqUnIW1OZceyl8JewVLcL6m0/wdKeosTsfrcWc8DKfnRYQcBGNoBEq9GrOHDU0q2v\nyQIDAQAB\n-----END PUBLIC KEY-----\n\n"
+  },
+  "summary": "Pleroma BE dev",
+  "tag": [
+    {
+      "icon": {
+        "type": "Image",
+        "url": "https://{{domain}}/emoji/mine/6143373a807b1ae7.png"
+      },
+      "id": "https://{{domain}}/emoji/mine/6143373a807b1ae7.png",
+      "name": ":verified:",
+      "type": "Emoji",
+      "updated": "1970-01-01T00:00:00Z"
+    }
+  ],
+  "type": "Person",
+  "url": "https://{{domain}}/users/{{nickname}}"
+}

test/fixtures/webfinger/pleroma-webfinger.json

@@ -0,0 +1,27 @@
+{
+  "aliases": [
+    "https://{{subdomain}}/users/{{nickname}}"
+  ],
+  "links": [
+    {
+      "href": "https://{{subdomain}}/users/{{nickname}}",
+      "rel": "http://webfinger.net/rel/profile-page",
+      "type": "text/html"
+    },
+    {
+      "href": "https://{{subdomain}}/users/{{nickname}}",
+      "rel": "self",
+      "type": "application/activity+json"
+    },
+    {
+      "href": "https://{{subdomain}}/users/{{nickname}}",
+      "rel": "self",
+      "type": "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\""
+    },
+    {
+      "rel": "http://ostatus.org/schema/1.0/subscribe",
+      "template": "https://{{subdomain}}/ostatus_subscribe?acct={uri}"
+    }
+  ],
+  "subject": "acct:{{nickname}}@{{domain}}"
+}

test/mix/tasks/pleroma/config_test.exs

@@ -49,7 +49,6 @@ defmodule Mix.Tasks.Pleroma.ConfigTest do
   describe "migrate_to_db/1" do
     setup do
       clear_config(:configurable_from_database, true)
-      clear_config([:quack, :level])
     end
 
     @tag capture_log: true
@@ -72,14 +71,12 @@ defmodule Mix.Tasks.Pleroma.ConfigTest do
 
       config1 = ConfigDB.get_by_params(%{group: ":pleroma", key: ":first_setting"})
       config2 = ConfigDB.get_by_params(%{group: ":pleroma", key: ":second_setting"})
-      config3 = ConfigDB.get_by_params(%{group: ":quack", key: ":level"})
       refute ConfigDB.get_by_params(%{group: ":pleroma", key: "Pleroma.Repo"})
       refute ConfigDB.get_by_params(%{group: ":postgrex", key: ":json_library"})
       refute ConfigDB.get_by_params(%{group: ":pleroma", key: ":database"})
 
       assert config1.value == [key: "value", key2: [Repo]]
       assert config2.value == [key: "value2", key2: ["Activity"]]
-      assert config3.value == :info
     end
 
     test "config table is truncated before migration" do
@@ -108,7 +105,6 @@ defmodule Mix.Tasks.Pleroma.ConfigTest do
     test "settings are migrated to file and deleted from db", %{temp_file: temp_file} do
       insert_config_record(:pleroma, :setting_first, key: "value", key2: ["Activity"])
       insert_config_record(:pleroma, :setting_second, key: "value2", key2: [Repo])
-      insert_config_record(:quack, :level, :info)
 
       MixTask.run(["migrate_from_db", "--env", "temp", "-d"])
 
@@ -117,7 +113,6 @@ defmodule Mix.Tasks.Pleroma.ConfigTest do
       file = File.read!(temp_file)
       assert file =~ "config :pleroma, :setting_first,"
       assert file =~ "config :pleroma, :setting_second,"
-      assert file =~ "config :quack, :level, :info"
     end
 
     test "load a settings with large values and pass to file", %{temp_file: temp_file} do
@@ -199,7 +194,6 @@ defmodule Mix.Tasks.Pleroma.ConfigTest do
     setup do
       insert_config_record(:pleroma, :setting_first, key: "value", key2: ["Activity"])
       insert_config_record(:pleroma, :setting_second, key: "value2", key2: [Repo])
-      insert_config_record(:quack, :level, :info)
 
       path = "test/instance_static"
       file_path = Path.join(path, "temp.exported_from_db.secret.exs")
@@ -215,7 +209,6 @@ defmodule Mix.Tasks.Pleroma.ConfigTest do
       file = File.read!(file_path)
       assert file =~ "config :pleroma, :setting_first,"
       assert file =~ "config :pleroma, :setting_second,"
-      assert file =~ "config :quack, :level, :info"
     end
 
     test "release", %{file_path: file_path} do
@@ -227,7 +220,6 @@ defmodule Mix.Tasks.Pleroma.ConfigTest do
       file = File.read!(file_path)
       assert file =~ "config :pleroma, :setting_first,"
       assert file =~ "config :pleroma, :setting_second,"
-      assert file =~ "config :quack, :level, :info"
     end
   end
 

test/mix/tasks/pleroma/instance_test.exs

@@ -67,7 +67,9 @@ defmodule Mix.Tasks.Pleroma.InstanceTest do
         "test/uploads",
         "--static-dir",
         "./test/../test/instance/static/",
-        "--strip-uploads",
+        "--strip-uploads-location",
+        "y",
+        "--read-uploads-description",
         "y",
         "--dedupe-uploads",
         "n",
@@ -91,7 +93,10 @@ defmodule Mix.Tasks.Pleroma.InstanceTest do
     assert generated_config =~ "password: \"dbpass\""
     assert generated_config =~ "configurable_from_database: true"
     assert generated_config =~ "http: [ip: {127, 0, 0, 1}, port: 4000]"
-    assert generated_config =~ "filters: [Pleroma.Upload.Filter.Exiftool]"
+
+    assert generated_config =~
+             "filters: [Pleroma.Upload.Filter.Exiftool.StripLocation, Pleroma.Upload.Filter.Exiftool.ReadDescription]"
+
     assert File.read!(tmp_path() <> "setup.psql") == generated_setup_psql()
     assert File.exists?(Path.expand("./test/instance/static/robots.txt"))
   end

test/mix/tasks/pleroma/openapi_spec_test.exs

@@ -0,0 +1,62 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Mix.Tasks.Pleroma.OpenapiSpecTest do
+  use Pleroma.DataCase, async: true
+
+  alias Mix.Tasks.Pleroma.OpenapiSpec
+
+  @spec_base %{
+    "paths" => %{
+      "/cofe" => %{
+        "get" => %{
+          "operationId" => "Some.operation",
+          "tags" => []
+        }
+      },
+      "/mew" => %{
+        "post" => %{
+          "operationId" => "Another.operation",
+          "tags" => ["mew mew"]
+        }
+      }
+    },
+    "x-tagGroups" => [
+      %{
+        "name" => "mew",
+        "tags" => ["mew mew", "abc"]
+      },
+      %{
+        "name" => "lol",
+        "tags" => ["lol lol", "xyz"]
+      }
+    ]
+  }
+
+  describe "check_specs/1" do
+    test "Every operation must have a tag" do
+      assert {:error, ["Some.operation (get /cofe): No tags specified"]} ==
+               OpenapiSpec.check_specs(@spec_base)
+    end
+
+    test "Every tag must be in tag groups" do
+      spec =
+        @spec_base
+        |> put_in(["paths", "/cofe", "get", "tags"], ["abc", "def", "not specified"])
+
+      assert {:error,
+              [
+                "Some.operation (get /cofe): Tags #{inspect(["def", "not specified"])} not available. Please add it in \"x-tagGroups\" in Pleroma.Web.ApiSpec"
+              ]} == OpenapiSpec.check_specs(spec)
+    end
+
+    test "No errors if ok" do
+      spec =
+        @spec_base
+        |> put_in(["paths", "/cofe", "get", "tags"], ["abc", "mew mew"])
+
+      assert :ok == OpenapiSpec.check_specs(spec)
+    end
+  end
+end

test/pleroma/activity/ir/topics_test.exs

@@ -13,6 +13,29 @@ defmodule Pleroma.Activity.Ir.TopicsTest do
 
   import Mock
 
+  describe "chat message" do
+    test "Create produces no topics" do
+      activity = %Activity{
+        object: %Object{data: %{"type" => "ChatMessage"}},
+        data: %{"type" => "Create"}
+      }
+
+      assert [] == Topics.get_activity_topics(activity)
+    end
+
+    test "Delete produces user and user:pleroma_chat" do
+      activity = %Activity{
+        object: %Object{data: %{"type" => "ChatMessage"}},
+        data: %{"type" => "Delete"}
+      }
+
+      topics = Topics.get_activity_topics(activity)
+      assert [_, _] = topics
+      assert "user" in topics
+      assert "user:pleroma_chat" in topics
+    end
+  end
+
   describe "poll answer" do
     test "produce no topics" do
       activity = %Activity{object: %Object{data: %{"type" => "Answer"}}}
@@ -35,7 +58,7 @@ defmodule Pleroma.Activity.Ir.TopicsTest do
     setup do
       activity = %Activity{
         object: %Object{data: %{"type" => "Note"}},
-        data: %{"to" => [Pleroma.Constants.as_public()]}
+        data: %{"to" => [Pleroma.Constants.as_public()], "type" => "Create"}
       }
 
       {:ok, activity: activity}
@@ -114,6 +137,55 @@ defmodule Pleroma.Activity.Ir.TopicsTest do
     end
   end
 
+  describe "public visibility Announces" do
+    setup do
+      activity = %Activity{
+        object: %Object{data: %{"attachment" => []}},
+        data: %{"type" => "Announce", "to" => [Pleroma.Constants.as_public()]}
+      }
+
+      {:ok, activity: activity}
+    end
+
+    test "does not generate public topics", %{activity: activity} do
+      topics = Topics.get_activity_topics(activity)
+
+      refute "public" in topics
+      refute "public:remote" in topics
+      refute "public:local" in topics
+    end
+  end
+
+  describe "local-public visibility create events" do
+    setup do
+      activity = %Activity{
+        object: %Object{data: %{"attachment" => []}},
+        data: %{"type" => "Create", "to" => [Pleroma.Web.ActivityPub.Utils.as_local_public()]}
+      }
+
+      {:ok, activity: activity}
+    end
+
+    test "doesn't produce public topics", %{activity: activity} do
+      topics = Topics.get_activity_topics(activity)
+
+      refute Enum.member?(topics, "public")
+    end
+
+    test "produces public:local topics", %{activity: activity} do
+      topics = Topics.get_activity_topics(activity)
+
+      assert Enum.member?(topics, "public:local")
+    end
+
+    test "with no attachments doesn't produce public:media topics", %{activity: activity} do
+      topics = Topics.get_activity_topics(activity)
+
+      refute Enum.member?(topics, "public:media")
+      refute Enum.member?(topics, "public:local:media")
+    end
+  end
+
   describe "public visibility create events with attachments" do
     setup do
       activity = %Activity{
@@ -152,9 +224,36 @@ defmodule Pleroma.Activity.Ir.TopicsTest do
     end
   end
 
+  describe "local-public visibility create events with attachments" do
+    setup do
+      activity = %Activity{
+        object: %Object{data: %{"attachment" => ["foo"]}},
+        data: %{"type" => "Create", "to" => [Pleroma.Web.ActivityPub.Utils.as_local_public()]}
+      }
+
+      {:ok, activity: activity}
+    end
+
+    test "do not produce public:media topics", %{activity: activity} do
+      topics = Topics.get_activity_topics(activity)
+
+      refute Enum.member?(topics, "public:media")
+    end
+
+    test "produces public:local:media topics", %{activity: activity} do
+      topics = Topics.get_activity_topics(activity)
+
+      assert Enum.member?(topics, "public:local:media")
+    end
+  end
+
   describe "non-public visibility" do
     test "produces direct topic" do
-      activity = %Activity{object: %Object{data: %{"type" => "Note"}}, data: %{"to" => []}}
+      activity = %Activity{
+        object: %Object{data: %{"type" => "Note"}},
+        data: %{"to" => [], "type" => "Create"}
+      }
+
       topics = Topics.get_activity_topics(activity)
 
       assert Enum.member?(topics, "direct")

test/pleroma/activity/search_test.exs

@@ -18,6 +18,23 @@ defmodule Pleroma.Activity.SearchTest do
     assert result.id == post.id
   end
 
+  test "it finds local-only posts for authenticated users" do
+    user = insert(:user)
+    reader = insert(:user)
+    {:ok, post} = CommonAPI.post(user, %{status: "it's wednesday my dudes", visibility: "local"})
+
+    [result] = Search.search(reader, "wednesday")
+
+    assert result.id == post.id
+  end
+
+  test "it does not find local-only posts for anonymous users" do
+    user = insert(:user)
+    {:ok, _post} = CommonAPI.post(user, %{status: "it's wednesday my dudes", visibility: "local"})
+
+    assert [] = Search.search(nil, "wednesday")
+  end
+
   test "using plainto_tsquery on postgres < 11" do
     old_version = :persistent_term.get({Pleroma.Repo, :postgres_version})
     :persistent_term.put({Pleroma.Repo, :postgres_version}, 10.0)

test/pleroma/activity_test.exs

@@ -145,6 +145,7 @@ defmodule Pleroma.ActivityTest do
 
     setup do: clear_config([:instance, :limit_to_local_content])
 
+    @tag :skip_on_mac
     test "finds utf8 text in statuses", %{
       japanese_activity: japanese_activity,
       user: user
@@ -278,4 +279,78 @@ defmodule Pleroma.ActivityTest do
 
     assert Repo.aggregate(Activity, :count, :id) == 2
   end
+
+  describe "associated_object_id() sql function" do
+    test "with json object" do
+      %{rows: [[object_id]]} =
+        Ecto.Adapters.SQL.query!(
+          Pleroma.Repo,
+          """
+          select associated_object_id('{"object": {"id":"foobar"}}'::jsonb);
+          """
+        )
+
+      assert object_id == "foobar"
+    end
+
+    test "with string object" do
+      %{rows: [[object_id]]} =
+        Ecto.Adapters.SQL.query!(
+          Pleroma.Repo,
+          """
+          select associated_object_id('{"object": "foobar"}'::jsonb);
+          """
+        )
+
+      assert object_id == "foobar"
+    end
+
+    test "with array object" do
+      %{rows: [[object_id]]} =
+        Ecto.Adapters.SQL.query!(
+          Pleroma.Repo,
+          """
+          select associated_object_id('{"object": ["foobar", {}]}'::jsonb);
+          """
+        )
+
+      assert object_id == "foobar"
+    end
+
+    test "invalid" do
+      %{rows: [[object_id]]} =
+        Ecto.Adapters.SQL.query!(
+          Pleroma.Repo,
+          """
+          select associated_object_id('{"object": {}}'::jsonb);
+          """
+        )
+
+      assert is_nil(object_id)
+    end
+
+    test "invalid object id" do
+      %{rows: [[object_id]]} =
+        Ecto.Adapters.SQL.query!(
+          Pleroma.Repo,
+          """
+          select associated_object_id('{"object": {"id": 123}}'::jsonb);
+          """
+        )
+
+      assert is_nil(object_id)
+    end
+
+    test "no object field" do
+      %{rows: [[object_id]]} =
+        Ecto.Adapters.SQL.query!(
+          Pleroma.Repo,
+          """
+          select associated_object_id('{}'::jsonb);
+          """
+        )
+
+      assert is_nil(object_id)
+    end
+  end
 end

test/pleroma/announcement_read_relationship_test.exs

@@ -0,0 +1,40 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.AnnouncementReadRelationshipTest do
+  alias Pleroma.AnnouncementReadRelationship
+
+  use Pleroma.DataCase, async: true
+
+  import Pleroma.Factory
+
+  setup do
+    {:ok, user: insert(:user), announcement: insert(:announcement)}
+  end
+
+  describe "mark_read/2" do
+    test "should insert relationship", %{user: user, announcement: announcement} do
+      {:ok, _} = AnnouncementReadRelationship.mark_read(user, announcement)
+
+      assert AnnouncementReadRelationship.exists?(user, announcement)
+    end
+  end
+
+  describe "mark_unread/2" do
+    test "should delete relationship", %{user: user, announcement: announcement} do
+      {:ok, _} = AnnouncementReadRelationship.mark_read(user, announcement)
+
+      assert :ok = AnnouncementReadRelationship.mark_unread(user, announcement)
+      refute AnnouncementReadRelationship.exists?(user, announcement)
+    end
+
+    test "should not fail if relationship does not exist", %{
+      user: user,
+      announcement: announcement
+    } do
+      assert :ok = AnnouncementReadRelationship.mark_unread(user, announcement)
+      refute AnnouncementReadRelationship.exists?(user, announcement)
+    end
+  end
+end

test/pleroma/announcement_test.exs

@@ -0,0 +1,98 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.AnnouncementTest do
+  alias Pleroma.Announcement
+
+  use Pleroma.DataCase, async: true
+
+  import Pleroma.Factory
+
+  describe "list_all_visible_when/1" do
+    setup do: {:ok, time: NaiveDateTime.utc_now()}
+
+    test "with no start or end time", %{time: time} do
+      _announcement = insert(:announcement)
+
+      assert [_] = Announcement.list_all_visible_when(time)
+    end
+
+    test "with start time before current", %{time: time} do
+      before_now = NaiveDateTime.add(time, -10, :second)
+
+      _announcement = insert(:announcement, %{starts_at: before_now})
+
+      assert [_] = Announcement.list_all_visible_when(time)
+    end
+
+    test "with start time after current", %{time: time} do
+      after_now = NaiveDateTime.add(time, 10, :second)
+
+      _announcement = insert(:announcement, %{starts_at: after_now})
+
+      assert [] = Announcement.list_all_visible_when(time)
+    end
+
+    test "with end time after current", %{time: time} do
+      after_now = NaiveDateTime.add(time, 10, :second)
+
+      _announcement = insert(:announcement, %{ends_at: after_now})
+
+      assert [_] = Announcement.list_all_visible_when(time)
+    end
+
+    test "with end time before current", %{time: time} do
+      before_now = NaiveDateTime.add(time, -10, :second)
+
+      _announcement = insert(:announcement, %{ends_at: before_now})
+
+      assert [] = Announcement.list_all_visible_when(time)
+    end
+
+    test "with both start and end time", %{time: time} do
+      before_now = NaiveDateTime.add(time, -10, :second)
+      after_now = NaiveDateTime.add(time, 10, :second)
+
+      _announcement = insert(:announcement, %{starts_at: before_now, ends_at: after_now})
+
+      assert [_] = Announcement.list_all_visible_when(time)
+    end
+
+    test "with both start and end time, current not in the range", %{time: time} do
+      before_now = NaiveDateTime.add(time, -10, :second)
+      after_now = NaiveDateTime.add(time, 10, :second)
+
+      _announcement = insert(:announcement, %{starts_at: after_now, ends_at: before_now})
+
+      assert [] = Announcement.list_all_visible_when(time)
+    end
+  end
+
+  describe "announcements formatting" do
+    test "it formats links" do
+      raw = "something on https://pleroma.social ."
+      announcement = insert(:announcement, %{data: %{"content" => raw}})
+
+      assert announcement.rendered["content"] =~ ~r(<a.+?https://pleroma.social)
+      assert announcement.data["content"] == raw
+    end
+
+    test "it formats mentions" do
+      user = insert(:user)
+      raw = "something on @#{user.nickname} ."
+      announcement = insert(:announcement, %{data: %{"content" => raw}})
+
+      assert announcement.rendered["content"] =~ ~r(<a.+?#{user.nickname})
+      assert announcement.data["content"] == raw
+    end
+
+    test "it formats tags" do
+      raw = "something on #mew ."
+      announcement = insert(:announcement, %{data: %{"content" => raw}})
+
+      assert announcement.rendered["content"] =~ ~r(<a.+?#mew)
+      assert announcement.data["content"] == raw
+    end
+  end
+end

test/pleroma/config/deprecation_warnings_test.exs

@@ -11,6 +11,62 @@ defmodule Pleroma.Config.DeprecationWarningsTest do
   alias Pleroma.Config
   alias Pleroma.Config.DeprecationWarnings
 
+  describe "filter exiftool" do
+    test "gives warning when still used" do
+      clear_config(
+        [Pleroma.Upload, :filters],
+        [Pleroma.Upload.Filter.Exiftool]
+      )
+
+      assert capture_log(fn -> DeprecationWarnings.check_exiftool_filter() end) =~
+               """
+               !!!DEPRECATION WARNING!!!
+               Your config is using Exiftool as a filter instead of Exiftool.StripLocation. This should work for now, but you are advised to change to the new configuration to prevent possible issues later:
+
+               ```
+               config :pleroma, Pleroma.Upload,
+                 filters: [Pleroma.Upload.Filter.Exiftool]
+               ```
+
+               Is now
+
+
+               ```
+               config :pleroma, Pleroma.Upload,
+                 filters: [Pleroma.Upload.Filter.Exiftool.StripLocation]
+               ```
+               """
+    end
+
+    test "changes setting to exiftool strip location" do
+      clear_config(
+        [Pleroma.Upload, :filters],
+        [Pleroma.Upload.Filter.Exiftool, Pleroma.Upload.Filter.Exiftool.ReadDescription]
+      )
+
+      expected_config = [
+        Pleroma.Upload.Filter.Exiftool.StripLocation,
+        Pleroma.Upload.Filter.Exiftool.ReadDescription
+      ]
+
+      capture_log(fn -> DeprecationWarnings.warn() end)
+
+      assert Config.get([Pleroma.Upload]) |> Keyword.get(:filters, []) == expected_config
+    end
+
+    test "doesn't give a warning with correct config" do
+      clear_config(
+        [Pleroma.Upload, :filters],
+        [
+          Pleroma.Upload.Filter.Exiftool.StripLocation,
+          Pleroma.Upload.Filter.Exiftool.ReadDescription
+        ]
+      )
+
+      assert capture_log(fn -> DeprecationWarnings.check_exiftool_filter() end) == ""
+    end
+  end
+
   describe "simple policy tuples" do
     test "gives warning when there are still strings" do
       clear_config([:mrf_simple],

test/pleroma/config/loader_test.exs

@@ -11,7 +11,6 @@ defmodule Pleroma.Config.LoaderTest do
     config = Loader.read("test/fixtures/config/temp.secret.exs")
     assert config[:pleroma][:first_setting][:key] == "value"
     assert config[:pleroma][:first_setting][:key2] == [Pleroma.Repo]
-    assert config[:quack][:level] == :info
   end
 
   test "filter_group/2" do

test/pleroma/config/transfer_task_test.exs

@@ -15,13 +15,11 @@ defmodule Pleroma.Config.TransferTaskTest do
   test "transfer config values from db to env" do
     refute Application.get_env(:pleroma, :test_key)
     refute Application.get_env(:idna, :test_key)
-    refute Application.get_env(:quack, :test_key)
     refute Application.get_env(:postgrex, :test_key)
     initial = Application.get_env(:logger, :level)
 
     insert(:config, key: :test_key, value: [live: 2, com: 3])
     insert(:config, group: :idna, key: :test_key, value: [live: 15, com: 35])
-    insert(:config, group: :quack, key: :test_key, value: [:test_value1, :test_value2])
     insert(:config, group: :postgrex, key: :test_key, value: :value)
     insert(:config, group: :logger, key: :level, value: :debug)
 
@@ -29,36 +27,32 @@ defmodule Pleroma.Config.TransferTaskTest do
 
     assert Application.get_env(:pleroma, :test_key) == [live: 2, com: 3]
     assert Application.get_env(:idna, :test_key) == [live: 15, com: 35]
-    assert Application.get_env(:quack, :test_key) == [:test_value1, :test_value2]
     assert Application.get_env(:logger, :level) == :debug
     assert Application.get_env(:postgrex, :test_key) == :value
 
     on_exit(fn ->
       Application.delete_env(:pleroma, :test_key)
       Application.delete_env(:idna, :test_key)
-      Application.delete_env(:quack, :test_key)
       Application.delete_env(:postgrex, :test_key)
       Application.put_env(:logger, :level, initial)
     end)
   end
 
   test "transfer config values for 1 group and some keys" do
-    level = Application.get_env(:quack, :level)
-    meta = Application.get_env(:quack, :meta)
+    level = Application.get_env(:somegroup, :level)
+    meta = Application.get_env(:somegroup, :meta)
 
-    insert(:config, group: :quack, key: :level, value: :info)
-    insert(:config, group: :quack, key: :meta, value: [:none])
+    insert(:config, group: :somegroup, key: :level, value: :info)
+    insert(:config, group: :somegroup, key: :meta, value: [:none])
 
     TransferTask.start_link([])
 
-    assert Application.get_env(:quack, :level) == :info
-    assert Application.get_env(:quack, :meta) == [:none]
-    default = Pleroma.Config.Holder.default_config(:quack, :webhook_url)
-    assert Application.get_env(:quack, :webhook_url) == default
+    assert Application.get_env(:somegroup, :level) == :info
+    assert Application.get_env(:somegroup, :meta) == [:none]
 
     on_exit(fn ->
-      Application.put_env(:quack, :level, level)
-      Application.put_env(:quack, :meta, meta)
+      Application.put_env(:somegroup, :level, level)
+      Application.put_env(:somegroup, :meta, meta)
     end)
   end
 
@@ -79,35 +73,70 @@ defmodule Pleroma.Config.TransferTaskTest do
 
   describe "pleroma restart" do
     setup do
-      on_exit(fn -> Restarter.Pleroma.refresh() end)
+      on_exit(fn ->
+        Restarter.Pleroma.refresh()
+
+        # Restarter.Pleroma.refresh/0 is an asynchronous call.
+        # A GenServer will first finish the previous call before starting a new one.
+        # Here we do a synchronous call.
+        # That way we are sure that the previous call has finished before we continue.
+        # See https://stackoverflow.com/questions/51361856/how-to-use-task-await-with-genserver
+        Restarter.Pleroma.rebooted?()
+      end)
     end
 
-    @tag :erratic
     test "don't restart if no reboot time settings were changed" do
       clear_config(:emoji)
       insert(:config, key: :emoji, value: [groups: [a: 1, b: 2]])
 
       refute String.contains?(
-               capture_log(fn -> TransferTask.start_link([]) end),
+               capture_log(fn ->
+                 TransferTask.start_link([])
+
+                 # TransferTask.start_link/1 is an asynchronous call.
+                 # A GenServer will first finish the previous call before starting a new one.
+                 # Here we do a synchronous call.
+                 # That way we are sure that the previous call has finished before we continue.
+                 Restarter.Pleroma.rebooted?()
+               end),
                "pleroma restarted"
              )
     end
 
-    @tag :erratic
     test "on reboot time key" do
       clear_config(:shout)
       insert(:config, key: :shout, value: [enabled: false])
-      assert capture_log(fn -> TransferTask.start_link([]) end) =~ "pleroma restarted"
+
+      # Note that we don't actually restart Pleroma.
+      # See module Restarter.Pleroma
+      assert capture_log(fn ->
+               TransferTask.start_link([])
+
+               # TransferTask.start_link/1 is an asynchronous call.
+               # A GenServer will first finish the previous call before starting a new one.
+               # Here we do a synchronous call.
+               # That way we are sure that the previous call has finished before we continue.
+               Restarter.Pleroma.rebooted?()
+             end) =~ "pleroma restarted"
     end
 
-    @tag :erratic
     test "on reboot time subkey" do
       clear_config(Pleroma.Captcha)
       insert(:config, key: Pleroma.Captcha, value: [seconds_valid: 60])
-      assert capture_log(fn -> TransferTask.start_link([]) end) =~ "pleroma restarted"
+
+      # Note that we don't actually restart Pleroma.
+      # See module Restarter.Pleroma
+      assert capture_log(fn ->
+               TransferTask.start_link([])
+
+               # TransferTask.start_link/1 is an asynchronous call.
+               # A GenServer will first finish the previous call before starting a new one.
+               # Here we do a synchronous call.
+               # That way we are sure that the previous call has finished before we continue.
+               Restarter.Pleroma.rebooted?()
+             end) =~ "pleroma restarted"
     end
 
-    @tag :erratic
     test "don't restart pleroma on reboot time key and subkey if there is false flag" do
       clear_config(:shout)
       clear_config(Pleroma.Captcha)
@@ -116,7 +145,15 @@ defmodule Pleroma.Config.TransferTaskTest do
       insert(:config, key: Pleroma.Captcha, value: [seconds_valid: 60])
 
       refute String.contains?(
-               capture_log(fn -> TransferTask.load_and_update_env([], false) end),
+               capture_log(fn ->
+                 TransferTask.load_and_update_env([], false)
+
+                 # TransferTask.start_link/1 is an asynchronous call.
+                 # A GenServer will first finish the previous call before starting a new one.
+                 # Here we do a synchronous call.
+                 # That way we are sure that the previous call has finished before we continue.
+                 Restarter.Pleroma.rebooted?()
+               end),
                "pleroma restarted"
              )
     end

test/pleroma/config_db_test.exs

@@ -16,13 +16,13 @@ defmodule Pleroma.ConfigDBTest do
 
   test "get_all_as_keyword/0" do
     saved = insert(:config)
-    insert(:config, group: ":quack", key: ":level", value: :info)
-    insert(:config, group: ":quack", key: ":meta", value: [:none])
+    insert(:config, group: ":goose", key: ":level", value: :info)
+    insert(:config, group: ":goose", key: ":meta", value: [:none])
 
     insert(:config,
-      group: ":quack",
+      group: ":goose",
       key: ":webhook_url",
-      value: "https://hooks.slack.com/services/KEY/some_val"
+      value: "https://gander.com/"
     )
 
     config = ConfigDB.get_all_as_keyword()
@@ -31,9 +31,9 @@ defmodule Pleroma.ConfigDBTest do
              {saved.key, saved.value}
            ]
 
-    assert config[:quack][:level] == :info
-    assert config[:quack][:meta] == [:none]
-    assert config[:quack][:webhook_url] == "https://hooks.slack.com/services/KEY/some_val"
+    assert config[:goose][:level] == :info
+    assert config[:goose][:meta] == [:none]
+    assert config[:goose][:webhook_url] == "https://gander.com/"
   end
 
   describe "update_or_create/1" do
@@ -238,10 +238,11 @@ defmodule Pleroma.ConfigDBTest do
     end
 
     test "ssl options" do
-      assert ConfigDB.to_elixir_types([":tlsv1", ":tlsv1.1", ":tlsv1.2"]) == [
+      assert ConfigDB.to_elixir_types([":tlsv1", ":tlsv1.1", ":tlsv1.2", ":tlsv1.3"]) == [
                :tlsv1,
                :"tlsv1.1",
-               :"tlsv1.2"
+               :"tlsv1.2",
+               :"tlsv1.3"
              ]
     end
 
@@ -266,10 +267,6 @@ defmodule Pleroma.ConfigDBTest do
       assert ConfigDB.to_elixir_types("ExSyslogger") == ExSyslogger
     end
 
-    test "Quack.Logger module" do
-      assert ConfigDB.to_elixir_types("Quack.Logger") == Quack.Logger
-    end
-
     test "Swoosh.Adapters modules" do
       assert ConfigDB.to_elixir_types("Swoosh.Adapters.SMTP") == Swoosh.Adapters.SMTP
       assert ConfigDB.to_elixir_types("Swoosh.Adapters.AmazonSES") == Swoosh.Adapters.AmazonSES

test/pleroma/conversation/participation_test.exs

@@ -122,11 +122,11 @@ defmodule Pleroma.Conversation.ParticipationTest do
   end
 
   test "it marks a participation as read" do
-    participation = insert(:participation, %{read: false})
+    participation = insert(:participation, %{updated_at: ~N[2017-07-17 17:09:58], read: false})
     {:ok, updated_participation} = Participation.mark_as_read(participation)
 
     assert updated_participation.read
-    assert updated_participation.updated_at == participation.updated_at
+    assert :gt = NaiveDateTime.compare(updated_participation.updated_at, participation.updated_at)
   end
 
   test "it marks a participation as unread" do

test/pleroma/docs/generator_test.exs

@@ -86,7 +86,7 @@ defmodule Pleroma.Docs.GeneratorTest do
           key: :versions,
           type: {:list, :atom},
           description: "List of TLS version to use",
-          suggestions: [:tlsv1, ":tlsv1.1", ":tlsv1.2"]
+          suggestions: [:tlsv1, ":tlsv1.1", ":tlsv1.2", ":tlsv1.3"]
         }
       ]
     },
@@ -213,7 +213,7 @@ defmodule Pleroma.Docs.GeneratorTest do
     test "suggestion for tls versions" do
       [%{children: children} | _] = Generator.convert_to_strings(@descriptions)
       child = Enum.at(children, 8)
-      assert child[:suggestions] == [":tlsv1", ":tlsv1.1", ":tlsv1.2"]
+      assert child[:suggestions] == [":tlsv1", ":tlsv1.1", ":tlsv1.2", ":tlsv1.3"]
     end
 
     test "subgroup with module name" do

test/pleroma/docs/translator/compiler_test.exs

@@ -0,0 +1,90 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Docs.Translator.CompilerTest do
+  use ExUnit.Case, async: true
+
+  alias Pleroma.Docs.Translator.Compiler
+
+  @descriptions [
+    %{
+      key: "1",
+      label: "1",
+      description: "2",
+      children: [
+        %{
+          key: "3",
+          label: "3",
+          description: "4"
+        },
+        %{
+          key: "5",
+          label: "5",
+          description: "6"
+        }
+      ]
+    },
+    %{
+      key: "7",
+      label: "7",
+      description: "8",
+      children: [
+        %{
+          key: "9",
+          description: "9",
+          children: [
+            %{
+              key: "10",
+              description: "10",
+              children: [
+                %{key: "11", description: "11"},
+                %{description: "12"}
+              ]
+            }
+          ]
+        },
+        %{
+          label: "13"
+        }
+      ]
+    },
+    %{
+      group: "14",
+      label: "14"
+    },
+    %{
+      group: "15",
+      key: "15",
+      label: "15"
+    },
+    %{
+      group: {":subgroup", "16"},
+      label: "16"
+    }
+  ]
+
+  describe "extract_strings/1" do
+    test "it extracts all labels and descriptions" do
+      strings = Compiler.extract_strings(@descriptions)
+      assert length(strings) == 16
+
+      assert {["1"], "label", "1"} in strings
+      assert {["1"], "description", "2"} in strings
+      assert {["1", "3"], "label", "3"} in strings
+      assert {["1", "3"], "description", "4"} in strings
+      assert {["1", "5"], "label", "5"} in strings
+      assert {["1", "5"], "description", "6"} in strings
+      assert {["7"], "label", "7"} in strings
+      assert {["7"], "description", "8"} in strings
+      assert {["7", "9"], "description", "9"} in strings
+      assert {["7", "9", "10"], "description", "10"} in strings
+      assert {["7", "9", "10", "11"], "description", "11"} in strings
+      assert {["7", "9", "10", nil], "description", "12"} in strings
+      assert {["7", nil], "label", "13"} in strings
+      assert {["14"], "label", "14"} in strings
+      assert {["15-15"], "label", "15"} in strings
+      assert {["16"], "label", "16"} in strings
+    end
+  end
+end

test/pleroma/html_test.exs

@@ -17,6 +17,7 @@ defmodule Pleroma.HTMLTest do
     this is a link with allowed "rel" attribute: <a href="http://example.com/" rel="tag">example.com</a>
     this is a link with not allowed "rel" attribute: <a href="http://example.com/" rel="tag noallowed">example.com</a>
     this is an image: <img src="http://example.com/image.jpg"><br />
+    this is an inline emoji: <img class="emoji" src="http://example.com/image.jpg"><br />
     <script>alert('hacked')</script>
   """
 
@@ -24,6 +25,10 @@ defmodule Pleroma.HTMLTest do
   <img src="http://example.com/image.jpg" onerror="alert('hacked')">
   """
 
+  @html_stillimage_sample """
+  <img class="still-image" src="http://example.com/image.jpg">
+  """
+
   @html_span_class_sample """
   <span class="animate-spin">hi</span>
   """
@@ -45,6 +50,7 @@ defmodule Pleroma.HTMLTest do
         this is a link with allowed &quot;rel&quot; attribute: example.com
         this is a link with not allowed &quot;rel&quot; attribute: example.com
         this is an image: 
+        this is an inline emoji: 
         alert(&#39;hacked&#39;)
       """
 
@@ -67,6 +73,7 @@ defmodule Pleroma.HTMLTest do
         this is a link with allowed &quot;rel&quot; attribute: <a href="http://example.com/" rel="tag">example.com</a>
         this is a link with not allowed &quot;rel&quot; attribute: <a href="http://example.com/">example.com</a>
         this is an image: <img src="http://example.com/image.jpg"/><br/>
+        this is an inline emoji: <img class="emoji" src="http://example.com/image.jpg"/><br/>
         alert(&#39;hacked&#39;)
       """
 
@@ -90,6 +97,15 @@ defmodule Pleroma.HTMLTest do
                HTML.filter_tags(@html_span_class_sample, Pleroma.HTML.Scrubber.TwitterText)
     end
 
+    test "does not allow images with invalid classes" do
+      expected = """
+      <img src="http://example.com/image.jpg"/>
+      """
+
+      assert expected ==
+               HTML.filter_tags(@html_stillimage_sample, Pleroma.HTML.Scrubber.TwitterText)
+    end
+
     test "does allow microformats" do
       expected = """
       <span class="h-card"><a class="u-url mention">@<span>foo</span></a></span>
@@ -121,6 +137,7 @@ defmodule Pleroma.HTMLTest do
         this is a link with allowed &quot;rel&quot; attribute: <a href="http://example.com/" rel="tag">example.com</a>
         this is a link with not allowed &quot;rel&quot; attribute: <a href="http://example.com/">example.com</a>
         this is an image: <img src="http://example.com/image.jpg"/><br/>
+        this is an inline emoji: <img class="emoji" src="http://example.com/image.jpg"/><br/>
         alert(&#39;hacked&#39;)
       """
 
@@ -143,6 +160,15 @@ defmodule Pleroma.HTMLTest do
       assert expected == HTML.filter_tags(@html_span_class_sample, Pleroma.HTML.Scrubber.Default)
     end
 
+    test "does not allow images with invalid classes" do
+      expected = """
+      <img src="http://example.com/image.jpg"/>
+      """
+
+      assert expected ==
+               HTML.filter_tags(@html_stillimage_sample, Pleroma.HTML.Scrubber.TwitterText)
+    end
+
     test "does allow microformats" do
       expected = """
       <span class="h-card"><a class="u-url mention">@<span>foo</span></a></span>

test/pleroma/integration/mastodon_websocket_test.exs

@@ -33,16 +33,18 @@ defmodule Pleroma.Integration.MastodonWebsocketTest do
 
   test "refuses invalid requests" do
     capture_log(fn ->
-      assert {:error, {404, _}} = start_socket()
-      assert {:error, {404, _}} = start_socket("?stream=ncjdk")
+      assert {:error, %WebSockex.RequestError{code: 404}} = start_socket()
+      assert {:error, %WebSockex.RequestError{code: 404}} = start_socket("?stream=ncjdk")
       Process.sleep(30)
     end)
   end
 
   test "requires authentication and a valid token for protected streams" do
     capture_log(fn ->
-      assert {:error, {401, _}} = start_socket("?stream=user&access_token=aaaaaaaaaaaa")
-      assert {:error, {401, _}} = start_socket("?stream=user")
+      assert {:error, %WebSockex.RequestError{code: 401}} =
+               start_socket("?stream=user&access_token=aaaaaaaaaaaa")
+
+      assert {:error, %WebSockex.RequestError{code: 401}} = start_socket("?stream=user")
       Process.sleep(30)
     end)
   end
@@ -91,7 +93,7 @@ defmodule Pleroma.Integration.MastodonWebsocketTest do
 
       {:ok, token} = OAuth.Token.exchange_token(app, auth)
 
-      %{user: user, token: token}
+      %{app: app, user: user, token: token}
     end
 
     test "accepts valid tokens", state do
@@ -102,7 +104,7 @@ defmodule Pleroma.Integration.MastodonWebsocketTest do
       assert {:ok, _} = start_socket("?stream=user&access_token=#{token.token}")
 
       capture_log(fn ->
-        assert {:error, {401, _}} = start_socket("?stream=user")
+        assert {:error, %WebSockex.RequestError{code: 401}} = start_socket("?stream=user")
         Process.sleep(30)
       end)
     end
@@ -111,7 +113,9 @@ defmodule Pleroma.Integration.MastodonWebsocketTest do
       assert {:ok, _} = start_socket("?stream=user:notification&access_token=#{token.token}")
 
       capture_log(fn ->
-        assert {:error, {401, _}} = start_socket("?stream=user:notification")
+        assert {:error, %WebSockex.RequestError{code: 401}} =
+                 start_socket("?stream=user:notification")
+
         Process.sleep(30)
       end)
     end
@@ -120,11 +124,27 @@ defmodule Pleroma.Integration.MastodonWebsocketTest do
       assert {:ok, _} = start_socket("?stream=user", [{"Sec-WebSocket-Protocol", token.token}])
 
       capture_log(fn ->
-        assert {:error, {401, _}} =
+        assert {:error, %WebSockex.RequestError{code: 401}} =
                  start_socket("?stream=user", [{"Sec-WebSocket-Protocol", "I am a friend"}])
 
         Process.sleep(30)
       end)
     end
+
+    test "disconnect when token is revoked", %{app: app, user: user, token: token} do
+      assert {:ok, _} = start_socket("?stream=user:notification&access_token=#{token.token}")
+      assert {:ok, _} = start_socket("?stream=user&access_token=#{token.token}")
+
+      {:ok, auth} = OAuth.Authorization.create_authorization(app, user)
+
+      {:ok, token2} = OAuth.Token.exchange_token(app, auth)
+      assert {:ok, _} = start_socket("?stream=user&access_token=#{token2.token}")
+
+      OAuth.Token.Strategy.Revoke.revoke(token)
+
+      assert_receive {:close, _}
+      assert_receive {:close, _}
+      refute_receive {:close, _}
+    end
   end
 end

test/pleroma/notification_test.exs

@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.NotificationTest do
-  use Pleroma.DataCase
+  use Pleroma.DataCase, async: false
 
   import Pleroma.Factory
   import Mock
@@ -32,20 +32,26 @@ defmodule Pleroma.NotificationTest do
       refute {:ok, [nil]} == Notification.create_notifications(activity)
     end
 
-    test "creates a notification for a report" do
+    test "creates a report notification only for privileged users" do
       reporting_user = insert(:user)
       reported_user = insert(:user)
-      {:ok, moderator_user} = insert(:user) |> User.admin_api_update(%{is_moderator: true})
+      moderator_user = insert(:user, is_moderator: true)
 
-      {:ok, activity} = CommonAPI.report(reporting_user, %{account_id: reported_user.id})
+      clear_config([:instance, :moderator_privileges], [])
+      {:ok, activity1} = CommonAPI.report(reporting_user, %{account_id: reported_user.id})
+      {:ok, []} = Notification.create_notifications(activity1)
 
-      {:ok, [notification]} = Notification.create_notifications(activity)
+      clear_config([:instance, :moderator_privileges], [:reports_manage_reports])
+      {:ok, activity2} = CommonAPI.report(reporting_user, %{account_id: reported_user.id})
+      {:ok, [notification]} = Notification.create_notifications(activity2)
 
       assert notification.user_id == moderator_user.id
       assert notification.type == "pleroma:report"
     end
 
-    test "suppresses notification to reporter if reporter is an admin" do
+    test "suppresses notifications for own reports" do
+      clear_config([:instance, :admin_privileges], [:reports_manage_reports])
+
       reporting_admin = insert(:user, is_admin: true)
       reported_user = insert(:user)
       other_admin = insert(:user, is_admin: true)
@@ -143,6 +149,28 @@ defmodule Pleroma.NotificationTest do
       assert notification.user_id == subscriber.id
       assert notification.type == "mention"
     end
+
+    test "it sends edited notifications to those who repeated a status" do
+      user = insert(:user)
+      repeated_user = insert(:user)
+      other_user = insert(:user)
+
+      {:ok, activity_one} =
+        CommonAPI.post(user, %{
+          status: "hey @#{other_user.nickname}!"
+        })
+
+      {:ok, _activity_two} = CommonAPI.repeat(activity_one.id, repeated_user)
+
+      {:ok, _edit_activity} =
+        CommonAPI.update(user, activity_one, %{
+          status: "hey @#{other_user.nickname}! mew mew"
+        })
+
+      assert [%{type: "reblog"}] = Notification.for_user(user)
+      assert [%{type: "update"}] = Notification.for_user(repeated_user)
+      assert [%{type: "mention"}] = Notification.for_user(other_user)
+    end
   end
 
   test "create_poll_notifications/1" do
@@ -322,6 +350,32 @@ defmodule Pleroma.NotificationTest do
       refute Notification.create_notification(activity, followed)
     end
 
+    test "it disables notifications from non-followees" do
+      follower = insert(:user)
+
+      followed =
+        insert(:user,
+          notification_settings: %Pleroma.User.NotificationSetting{block_from_strangers: true}
+        )
+
+      CommonAPI.follow(follower, followed)
+      {:ok, activity} = CommonAPI.post(follower, %{status: "hey @#{followed.nickname}"})
+      refute Notification.create_notification(activity, followed)
+    end
+
+    test "it allows notifications from followees" do
+      poster = insert(:user)
+
+      receiver =
+        insert(:user,
+          notification_settings: %Pleroma.User.NotificationSetting{block_from_strangers: true}
+        )
+
+      CommonAPI.follow(receiver, poster)
+      {:ok, activity} = CommonAPI.post(poster, %{status: "hey @#{receiver.nickname}"})
+      assert Notification.create_notification(activity, receiver)
+    end
+
     test "it doesn't create a notification for user if he is the activity author" do
       activity = insert(:note_activity)
       author = User.get_cached_by_ap_id(activity.data["actor"])
@@ -536,25 +590,6 @@ defmodule Pleroma.NotificationTest do
     end
   end
 
-  describe "destroy_multiple_from_types/2" do
-    test "clears all notifications of a certain type for a given user" do
-      report_activity = insert(:report_activity)
-      user1 = insert(:user, is_moderator: true, is_admin: true)
-      user2 = insert(:user, is_moderator: true, is_admin: true)
-      {:ok, _} = Notification.create_notifications(report_activity)
-
-      {:ok, _} =
-        CommonAPI.post(user2, %{
-          status: "hey @#{user1.nickname} !"
-        })
-
-      Notification.destroy_multiple_from_types(user1, ["pleroma:report"])
-
-      assert [%Pleroma.Notification{type: "mention"}] = Notification.for_user(user1)
-      assert [%Pleroma.Notification{type: "pleroma:report"}] = Notification.for_user(user2)
-    end
-  end
-
   describe "set_read_up_to()" do
     test "it sets all notifications as read up to a specified notification ID" do
       user = insert(:user)
@@ -855,6 +890,30 @@ defmodule Pleroma.NotificationTest do
       assert [other_user] == enabled_receivers
       assert [] == disabled_receivers
     end
+
+    test "it sends edited notifications to those who repeated a status" do
+      user = insert(:user)
+      repeated_user = insert(:user)
+      other_user = insert(:user)
+
+      {:ok, activity_one} =
+        CommonAPI.post(user, %{
+          status: "hey @#{other_user.nickname}!"
+        })
+
+      {:ok, _activity_two} = CommonAPI.repeat(activity_one.id, repeated_user)
+
+      {:ok, edit_activity} =
+        CommonAPI.update(user, activity_one, %{
+          status: "hey @#{other_user.nickname}! mew mew"
+        })
+
+      {enabled_receivers, _disabled_receivers} =
+        Notification.get_notified_from_activity(edit_activity)
+
+      assert repeated_user in enabled_receivers
+      assert other_user not in enabled_receivers
+    end
   end
 
   describe "notification lifecycle" do
@@ -1208,5 +1267,32 @@ defmodule Pleroma.NotificationTest do
 
       assert length(Notification.for_user(user)) == 1
     end
+
+    test "it returns notifications when related object is without content and filters are defined",
+         %{user: user} do
+      followed_user = insert(:user, is_locked: true)
+
+      insert(:filter, user: followed_user, phrase: "test", hide: true)
+
+      {:ok, _, _, _activity} = CommonAPI.follow(user, followed_user)
+      refute FollowingRelationship.following?(user, followed_user)
+      assert [notification] = Notification.for_user(followed_user)
+
+      assert %{type: "follow_request"} =
+               NotificationView.render("show.json", %{
+                 notification: notification,
+                 for: followed_user
+               })
+
+      assert {:ok, _} = CommonAPI.accept_follow_request(user, followed_user)
+
+      assert [notification] = Notification.for_user(followed_user)
+
+      assert %{type: "follow"} =
+               NotificationView.render("show.json", %{
+                 notification: notification,
+                 for: followed_user
+               })
+    end
   end
 end

test/pleroma/object/fetcher_test.exs

@@ -6,6 +6,7 @@ defmodule Pleroma.Object.FetcherTest do
   use Pleroma.DataCase
 
   alias Pleroma.Activity
+  alias Pleroma.Instances
   alias Pleroma.Object
   alias Pleroma.Object.Fetcher
 
@@ -159,6 +160,17 @@ defmodule Pleroma.Object.FetcherTest do
                  "https://patch.cx/media/03ca3c8b4ac3ddd08bf0f84be7885f2f88de0f709112131a22d83650819e36c2.json"
                )
     end
+
+    test "it resets instance reachability on successful fetch" do
+      id = "http://mastodon.example.org/@admin/99541947525187367"
+      Instances.set_consistently_unreachable(id)
+      refute Instances.reachable?(id)
+
+      {:ok, _object} =
+        Fetcher.fetch_object_from_id("http://mastodon.example.org/@admin/99541947525187367")
+
+      assert Instances.reachable?(id)
+    end
   end
 
   describe "implementation quirks" do
@@ -269,4 +281,271 @@ defmodule Pleroma.Object.FetcherTest do
       refute called(Pleroma.Signature.sign(:_, :_))
     end
   end
+
+  describe "refetching" do
+    setup do
+      object1 = %{
+        "id" => "https://mastodon.social/1",
+        "actor" => "https://mastodon.social/users/emelie",
+        "attributedTo" => "https://mastodon.social/users/emelie",
+        "type" => "Note",
+        "content" => "test 1",
+        "bcc" => [],
+        "bto" => [],
+        "cc" => [],
+        "to" => [],
+        "summary" => ""
+      }
+
+      object2 = %{
+        "id" => "https://mastodon.social/2",
+        "actor" => "https://mastodon.social/users/emelie",
+        "attributedTo" => "https://mastodon.social/users/emelie",
+        "type" => "Note",
+        "content" => "test 2",
+        "bcc" => [],
+        "bto" => [],
+        "cc" => [],
+        "to" => [],
+        "summary" => "",
+        "formerRepresentations" => %{
+          "type" => "OrderedCollection",
+          "orderedItems" => [
+            %{
+              "type" => "Note",
+              "content" => "orig 2",
+              "actor" => "https://mastodon.social/users/emelie",
+              "attributedTo" => "https://mastodon.social/users/emelie",
+              "bcc" => [],
+              "bto" => [],
+              "cc" => [],
+              "to" => [],
+              "summary" => ""
+            }
+          ],
+          "totalItems" => 1
+        }
+      }
+
+      mock(fn
+        %{
+          method: :get,
+          url: "https://mastodon.social/1"
+        } ->
+          %Tesla.Env{
+            status: 200,
+            headers: [{"content-type", "application/activity+json"}],
+            body: Jason.encode!(object1)
+          }
+
+        %{
+          method: :get,
+          url: "https://mastodon.social/2"
+        } ->
+          %Tesla.Env{
+            status: 200,
+            headers: [{"content-type", "application/activity+json"}],
+            body: Jason.encode!(object2)
+          }
+
+        %{
+          method: :get,
+          url: "https://mastodon.social/users/emelie/collections/featured"
+        } ->
+          %Tesla.Env{
+            status: 200,
+            headers: [{"content-type", "application/activity+json"}],
+            body:
+              Jason.encode!(%{
+                "id" => "https://mastodon.social/users/emelie/collections/featured",
+                "type" => "OrderedCollection",
+                "actor" => "https://mastodon.social/users/emelie",
+                "attributedTo" => "https://mastodon.social/users/emelie",
+                "orderedItems" => [],
+                "totalItems" => 0
+              })
+          }
+
+        env ->
+          apply(HttpRequestMock, :request, [env])
+      end)
+
+      %{object1: object1, object2: object2}
+    end
+
+    test "it keeps formerRepresentations if remote does not have this attr", %{object1: object1} do
+      full_object1 =
+        object1
+        |> Map.merge(%{
+          "formerRepresentations" => %{
+            "type" => "OrderedCollection",
+            "orderedItems" => [
+              %{
+                "type" => "Note",
+                "content" => "orig 2",
+                "actor" => "https://mastodon.social/users/emelie",
+                "attributedTo" => "https://mastodon.social/users/emelie",
+                "bcc" => [],
+                "bto" => [],
+                "cc" => [],
+                "to" => [],
+                "summary" => ""
+              }
+            ],
+            "totalItems" => 1
+          }
+        })
+
+      {:ok, o} = Object.create(full_object1)
+
+      assert {:ok, refetched} = Fetcher.refetch_object(o)
+
+      assert %{"formerRepresentations" => %{"orderedItems" => [%{"content" => "orig 2"}]}} =
+               refetched.data
+    end
+
+    test "it uses formerRepresentations from remote if possible", %{object2: object2} do
+      {:ok, o} = Object.create(object2)
+
+      assert {:ok, refetched} = Fetcher.refetch_object(o)
+
+      assert %{"formerRepresentations" => %{"orderedItems" => [%{"content" => "orig 2"}]}} =
+               refetched.data
+    end
+
+    test "it replaces formerRepresentations with the one from remote", %{object2: object2} do
+      full_object2 =
+        object2
+        |> Map.merge(%{
+          "content" => "mew mew #def",
+          "formerRepresentations" => %{
+            "type" => "OrderedCollection",
+            "orderedItems" => [
+              %{"type" => "Note", "content" => "mew mew 2"}
+            ],
+            "totalItems" => 1
+          }
+        })
+
+      {:ok, o} = Object.create(full_object2)
+
+      assert {:ok, refetched} = Fetcher.refetch_object(o)
+
+      assert %{
+               "content" => "test 2",
+               "formerRepresentations" => %{"orderedItems" => [%{"content" => "orig 2"}]}
+             } = refetched.data
+    end
+
+    test "it adds to formerRepresentations if the remote does not have one and the object has changed",
+         %{object1: object1} do
+      full_object1 =
+        object1
+        |> Map.merge(%{
+          "content" => "mew mew #def",
+          "formerRepresentations" => %{
+            "type" => "OrderedCollection",
+            "orderedItems" => [
+              %{"type" => "Note", "content" => "mew mew 1"}
+            ],
+            "totalItems" => 1
+          }
+        })
+
+      {:ok, o} = Object.create(full_object1)
+
+      assert {:ok, refetched} = Fetcher.refetch_object(o)
+
+      assert %{
+               "content" => "test 1",
+               "formerRepresentations" => %{
+                 "orderedItems" => [
+                   %{"content" => "mew mew #def"},
+                   %{"content" => "mew mew 1"}
+                 ],
+                 "totalItems" => 2
+               }
+             } = refetched.data
+    end
+  end
+
+  describe "fetch with history" do
+    setup do
+      object2 = %{
+        "id" => "https://mastodon.social/2",
+        "actor" => "https://mastodon.social/users/emelie",
+        "attributedTo" => "https://mastodon.social/users/emelie",
+        "type" => "Note",
+        "content" => "test 2",
+        "bcc" => [],
+        "bto" => [],
+        "cc" => ["https://mastodon.social/users/emelie/followers"],
+        "to" => [],
+        "summary" => "",
+        "formerRepresentations" => %{
+          "type" => "OrderedCollection",
+          "orderedItems" => [
+            %{
+              "type" => "Note",
+              "content" => "orig 2",
+              "actor" => "https://mastodon.social/users/emelie",
+              "attributedTo" => "https://mastodon.social/users/emelie",
+              "bcc" => [],
+              "bto" => [],
+              "cc" => ["https://mastodon.social/users/emelie/followers"],
+              "to" => [],
+              "summary" => ""
+            }
+          ],
+          "totalItems" => 1
+        }
+      }
+
+      mock(fn
+        %{
+          method: :get,
+          url: "https://mastodon.social/2"
+        } ->
+          %Tesla.Env{
+            status: 200,
+            headers: [{"content-type", "application/activity+json"}],
+            body: Jason.encode!(object2)
+          }
+
+        %{
+          method: :get,
+          url: "https://mastodon.social/users/emelie/collections/featured"
+        } ->
+          %Tesla.Env{
+            status: 200,
+            headers: [{"content-type", "application/activity+json"}],
+            body:
+              Jason.encode!(%{
+                "id" => "https://mastodon.social/users/emelie/collections/featured",
+                "type" => "OrderedCollection",
+                "actor" => "https://mastodon.social/users/emelie",
+                "attributedTo" => "https://mastodon.social/users/emelie",
+                "orderedItems" => [],
+                "totalItems" => 0
+              })
+          }
+
+        env ->
+          apply(HttpRequestMock, :request, [env])
+      end)
+
+      %{object2: object2}
+    end
+
+    test "it gets history", %{object2: object2} do
+      {:ok, object} = Fetcher.fetch_object_from_id(object2["id"])
+
+      assert %{
+               "formerRepresentations" => %{
+                 "type" => "OrderedCollection",
+                 "orderedItems" => [%{}]
+               }
+             } = object.data
+    end
+  end
 end

test/pleroma/object/updater_test.exs

@@ -0,0 +1,76 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Object.UpdaterTest do
+  use Pleroma.DataCase
+  use Oban.Testing, repo: Pleroma.Repo
+
+  import Pleroma.Factory
+
+  alias Pleroma.Object.Updater
+
+  describe "make_update_object_data/3" do
+    setup do
+      note = insert(:note)
+      %{original_data: note.data}
+    end
+
+    test "it makes an updated field", %{original_data: original_data} do
+      new_data = Map.put(original_data, "content", "new content")
+
+      date = Pleroma.Web.ActivityPub.Utils.make_date()
+      update_object_data = Updater.make_update_object_data(original_data, new_data, date)
+      assert %{"updated" => ^date} = update_object_data
+    end
+
+    test "it creates formerRepresentations", %{original_data: original_data} do
+      new_data = Map.put(original_data, "content", "new content")
+
+      date = Pleroma.Web.ActivityPub.Utils.make_date()
+      update_object_data = Updater.make_update_object_data(original_data, new_data, date)
+
+      history_item = original_data |> Map.drop(["id", "formerRepresentations"])
+
+      assert %{
+               "formerRepresentations" => %{
+                 "totalItems" => 1,
+                 "orderedItems" => [^history_item]
+               }
+             } = update_object_data
+    end
+  end
+
+  describe "make_new_object_data_from_update_object/2" do
+    test "it reuses formerRepresentations if it exists" do
+      %{data: original_data} = insert(:note)
+
+      new_data =
+        original_data
+        |> Map.put("content", "edited")
+
+      date = Pleroma.Web.ActivityPub.Utils.make_date()
+      update_object_data = Updater.make_update_object_data(original_data, new_data, date)
+
+      history = update_object_data["formerRepresentations"]["orderedItems"]
+
+      update_object_data =
+        update_object_data
+        |> put_in(
+          ["formerRepresentations", "orderedItems"],
+          history ++ [Map.put(original_data, "summary", "additional summary")]
+        )
+        |> put_in(["formerRepresentations", "totalItems"], length(history) + 1)
+
+      %{
+        updated_data: updated_data,
+        updated: updated,
+        used_history_in_new_object?: used_history_in_new_object?
+      } = Updater.make_new_object_data_from_update_object(original_data, update_object_data)
+
+      assert updated
+      assert used_history_in_new_object?
+      assert updated_data["formerRepresentations"] == update_object_data["formerRepresentations"]
+    end
+  end
+end

test/pleroma/report_note_test.exs

@@ -13,4 +13,27 @@ defmodule Pleroma.ReportNoteTest do
     assert {:ok, note} = ReportNote.create(user.id, report.id, "naughty boy")
     assert note.content == "naughty boy"
   end
+
+  test "create/3 with very long content" do
+    user = insert(:user)
+    report = insert(:report_activity)
+
+    very_long_content = """
+    ] pwgen 25 15
+    eJ9eeceiquoolei2queeLeimi aiN9ie2iokie8chush7aiph5N ulaNgaighoPiequaipuzoog8F
+    Ohphei0hee6hoo0wah4Aasah9 ziel3Yo3eew4neiy3ekiesh8u ue9ShahTh7oongoPheeneijah
+    ohGheeCh6aloque0Neviopou3 ush2oobohxeec4aequeich3Oo Ze3eighoowiojadohch8iCa1n
+    Yu4yieBie9eengoich8fae4th chohqu6exooSiibogh3iefeez peephahtaik9quie5mohD9nee
+    eeQuur3rie5mei8ieng6iesie wei1meinguv0Heidoov8Ibaed deemo2Poh6ohc3eiBeez1uox2
+    ] pwgen 25 15
+    eJ9eeceiquoolei2queeLeimi aiN9ie2iokie8chush7aiph5N ulaNgaighoPiequaipuzoog8F
+    Ohphei0hee6hoo0wah4Aasah9 ziel3Yo3eew4neiy3ekiesh8u ue9ShahTh7oongoPheeneijah
+    ohGheeCh6aloque0Neviopou3 ush2oobohxeec4aequeich3Oo Ze3eighoowiojadohch8iCa1n
+    Yu4yieBie9eengoich8fae4th chohqu6exooSiibogh3iefeez peephahtaik9quie5mohD9nee
+    eeQuur3rie5mei8ieng6iesie wei1meinguv0Heidoov8Ibaed deemo2Poh6ohc3eiBeez1uox2
+    """
+
+    assert {:ok, note} = ReportNote.create(user.id, report.id, very_long_content)
+    assert note.content == very_long_content
+  end
 end

test/pleroma/resilience_test.exs

@@ -0,0 +1,103 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.ResilienceTest do
+  use Pleroma.Web.ConnCase, async: true
+
+  import Pleroma.Factory
+
+  alias Pleroma.Activity
+  alias Pleroma.Repo
+  alias Pleroma.Web.CommonAPI
+  alias Pleroma.Web.MastodonAPI.StatusView
+
+  setup do
+    # user = insert(:user)
+    %{user: user, conn: conn} = oauth_access(["write", "read"])
+    other_user = insert(:user)
+
+    {:ok, post_one} = CommonAPI.post(user, %{status: "Here is a post"})
+    {:ok, like} = CommonAPI.favorite(other_user, post_one.id)
+
+    %{
+      user: user,
+      other_user: other_user,
+      post_one: post_one,
+      like: like,
+      conn: conn
+    }
+  end
+
+  test "after destruction of like activities, things still work", %{
+    user: user,
+    post_one: post,
+    other_user: other_user,
+    conn: conn,
+    like: like
+  } do
+    post = Repo.get(Activity, post.id)
+
+    # Rendering the liked status
+    rendered_for_user = StatusView.render("show.json", %{activity: post, for: user})
+    assert rendered_for_user.favourites_count == 1
+
+    rendered_for_other_user = StatusView.render("show.json", %{activity: post, for: other_user})
+    assert rendered_for_other_user.favourites_count == 1
+    assert rendered_for_other_user.favourited
+
+    # Getting the favourited by
+    [liking_user] =
+      conn
+      |> get("/api/v1/statuses/#{post.id}/favourited_by")
+      |> json_response(200)
+
+    assert liking_user["id"] == other_user.id
+
+    # We have one notification
+    [notification] =
+      conn
+      |> get("/api/v1/notifications")
+      |> json_response(200)
+
+    assert notification["type"] == "favourite"
+
+    # Destroying the like
+    Repo.delete(like)
+    post = Repo.get(Activity, post.id)
+
+    # Rendering the liked status
+    rendered_for_user = StatusView.render("show.json", %{activity: post, for: user})
+    assert rendered_for_user.favourites_count == 1
+
+    rendered_for_other_user = StatusView.render("show.json", %{activity: post, for: other_user})
+    assert rendered_for_other_user.favourites_count == 1
+    assert rendered_for_other_user.favourited
+
+    # Getting the favourited by
+    [liking_user] =
+      conn
+      |> get("/api/v1/statuses/#{post.id}/favourited_by")
+      |> json_response(200)
+
+    assert liking_user["id"] == other_user.id
+
+    # Notification is removed
+
+    assert [] ==
+             conn
+             |> get("/api/v1/notifications")
+             |> json_response(200)
+
+    # Favoriting again doesn't hurt
+    {:ok, _like_two} = CommonAPI.favorite(other_user, post.id)
+
+    post = Repo.get(Activity, post.id)
+
+    # Rendering the liked status
+    rendered_for_user = StatusView.render("show.json", %{activity: post, for: user})
+    assert rendered_for_user.favourites_count == 1
+
+    # General fallout: Can't unfavorite stuff anymore. Acceptable for remote users.
+  end
+end

test/pleroma/signature_test.exs

@@ -109,6 +109,11 @@ defmodule Pleroma.SignatureTest do
                {:ok, "https://example.com/users/1234"}
     end
 
+    test "it deduces the actor id for gotoSocial" do
+      assert Signature.key_id_to_actor_id("https://example.com/users/1234/main-key") ==
+               {:ok, "https://example.com/users/1234"}
+    end
+
     test "it calls webfinger for 'acct:' accounts" do
       with_mock(Pleroma.Web.WebFinger,
         finger: fn _ -> %{"ap_id" => "https://gensokyo.2hu/users/raymoo"} end

test/pleroma/upload/filter/exiftool/read_description_test.exs

@@ -0,0 +1,144 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Upload.Filter.Exiftool.ReadDescriptionTest do
+  use Pleroma.DataCase, async: true
+  alias Pleroma.Upload.Filter
+
+  @uploads %Pleroma.Upload{
+    name: "image_with_imagedescription_and_caption-abstract.jpg",
+    content_type: "image/jpeg",
+    path: Path.absname("test/fixtures/image_with_imagedescription_and_caption-abstract.jpg"),
+    tempfile: Path.absname("test/fixtures/image_with_imagedescription_and_caption-abstract.jpg"),
+    description: nil
+  }
+
+  test "keeps description when not empty" do
+    uploads = %Pleroma.Upload{
+      name: "image_with_imagedescription_and_caption-abstract.jpg",
+      content_type: "image/jpeg",
+      path: Path.absname("test/fixtures/image_with_imagedescription_and_caption-abstract.jpg"),
+      tempfile:
+        Path.absname("test/fixtures/image_with_imagedescription_and_caption-abstract.jpg"),
+      description: "Some description"
+    }
+
+    assert Filter.Exiftool.ReadDescription.filter(uploads) ==
+             {:ok, :noop}
+  end
+
+  test "otherwise returns ImageDescription when present" do
+    uploads_after = %Pleroma.Upload{
+      name: "image_with_imagedescription_and_caption-abstract.jpg",
+      content_type: "image/jpeg",
+      path: Path.absname("test/fixtures/image_with_imagedescription_and_caption-abstract.jpg"),
+      tempfile:
+        Path.absname("test/fixtures/image_with_imagedescription_and_caption-abstract.jpg"),
+      description: "a descriptive white pixel"
+    }
+
+    assert Filter.Exiftool.ReadDescription.filter(@uploads) ==
+             {:ok, :filtered, uploads_after}
+  end
+
+  test "Ignores warnings" do
+    uploads = %Pleroma.Upload{
+      name: "image_with_imagedescription_and_caption-abstract_and_stray_data_after.png",
+      content_type: "image/png",
+      path:
+        Path.absname(
+          "test/fixtures/image_with_imagedescription_and_caption-abstract_and_stray_data_after.png"
+        ),
+      tempfile:
+        Path.absname(
+          "test/fixtures/image_with_imagedescription_and_caption-abstract_and_stray_data_after.png"
+        )
+    }
+
+    assert {:ok, :filtered, %{description: "a descriptive white pixel"}} =
+             Filter.Exiftool.ReadDescription.filter(uploads)
+
+    uploads = %Pleroma.Upload{
+      name: "image_with_stray_data_after.png",
+      content_type: "image/png",
+      path: Path.absname("test/fixtures/image_with_stray_data_after.png"),
+      tempfile: Path.absname("test/fixtures/image_with_stray_data_after.png")
+    }
+
+    assert {:ok, :filtered, %{description: nil}} = Filter.Exiftool.ReadDescription.filter(uploads)
+  end
+
+  test "otherwise returns iptc:Caption-Abstract when present" do
+    upload = %Pleroma.Upload{
+      name: "image_with_caption-abstract.jpg",
+      content_type: "image/jpeg",
+      path: Path.absname("test/fixtures/image_with_caption-abstract.jpg"),
+      tempfile: Path.absname("test/fixtures/image_with_caption-abstract.jpg"),
+      description: nil
+    }
+
+    upload_after = %Pleroma.Upload{
+      name: "image_with_caption-abstract.jpg",
+      content_type: "image/jpeg",
+      path: Path.absname("test/fixtures/image_with_caption-abstract.jpg"),
+      tempfile: Path.absname("test/fixtures/image_with_caption-abstract.jpg"),
+      description: "an abstract white pixel"
+    }
+
+    assert Filter.Exiftool.ReadDescription.filter(upload) ==
+             {:ok, :filtered, upload_after}
+  end
+
+  test "otherwise returns nil" do
+    uploads = %Pleroma.Upload{
+      name: "image_with_no_description.jpg",
+      content_type: "image/jpeg",
+      path: Path.absname("test/fixtures/image_with_no_description.jpg"),
+      tempfile: Path.absname("test/fixtures/image_with_no_description.jpg"),
+      description: nil
+    }
+
+    assert Filter.Exiftool.ReadDescription.filter(uploads) ==
+             {:ok, :filtered, uploads}
+  end
+
+  test "Return nil when image description from EXIF data exceeds the maximum length" do
+    clear_config([:instance, :description_limit], 5)
+
+    assert Filter.Exiftool.ReadDescription.filter(@uploads) ==
+             {:ok, :filtered, @uploads}
+  end
+
+  test "Ignores content with only whitespace" do
+    uploads = %Pleroma.Upload{
+      name: "non-existant.jpg",
+      content_type: "image/jpeg",
+      path:
+        Path.absname(
+          "test/fixtures/image_with_imagedescription_and_caption-abstract_whitespaces.jpg"
+        ),
+      tempfile:
+        Path.absname(
+          "test/fixtures/image_with_imagedescription_and_caption-abstract_whitespaces.jpg"
+        ),
+      description: nil
+    }
+
+    assert Filter.Exiftool.ReadDescription.filter(uploads) ==
+             {:ok, :filtered, uploads}
+  end
+
+  test "Return nil when image description from EXIF data can't be read" do
+    uploads = %Pleroma.Upload{
+      name: "non-existant.jpg",
+      content_type: "image/jpeg",
+      path: Path.absname("test/fixtures/non-existant.jpg"),
+      tempfile: Path.absname("test/fixtures/non-existant_tmp.jpg"),
+      description: nil
+    }
+
+    assert Filter.Exiftool.ReadDescription.filter(uploads) ==
+             {:ok, :filtered, uploads}
+  end
+end

test/pleroma/upload/filter/exiftool/strip_location_test.exs

@@ -2,7 +2,7 @@
 # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
-defmodule Pleroma.Upload.Filter.ExiftoolTest do
+defmodule Pleroma.Upload.Filter.Exiftool.StripLocationTest do
   use Pleroma.DataCase, async: true
   alias Pleroma.Upload.Filter
 
@@ -21,7 +21,7 @@ defmodule Pleroma.Upload.Filter.ExiftoolTest do
       tempfile: Path.absname("test/fixtures/DSCN0010_tmp.jpg")
     }
 
-    assert Filter.Exiftool.filter(upload) == {:ok, :filtered}
+    assert Filter.Exiftool.StripLocation.filter(upload) == {:ok, :filtered}
 
     {exif_original, 0} = System.cmd("exiftool", ["test/fixtures/DSCN0010.jpg"])
     {exif_filtered, 0} = System.cmd("exiftool", ["test/fixtures/DSCN0010_tmp.jpg"])
@@ -31,12 +31,19 @@ defmodule Pleroma.Upload.Filter.ExiftoolTest do
     refute String.match?(exif_filtered, ~r/GPS/)
   end
 
-  test "verify webp files are skipped" do
-    upload = %Pleroma.Upload{
-      name: "sample.webp",
-      content_type: "image/webp"
-    }
+  test "verify webp, heic, svg  files are skipped" do
+    uploads =
+      ~w{webp heic svg svg+xml}
+      |> Enum.map(fn type ->
+        %Pleroma.Upload{
+          name: "sample.#{type}",
+          content_type: "image/#{type}"
+        }
+      end)
 
-    assert Filter.Exiftool.filter(upload) == {:ok, :noop}
+    uploads
+    |> Enum.each(fn upload ->
+      assert Filter.Exiftool.StripLocation.filter(upload) == {:ok, :noop}
+    end)
   end
 end

test/pleroma/upload_test.exs

@@ -49,20 +49,22 @@ defmodule Pleroma.UploadTest do
     test "it returns file" do
       File.cp!("test/fixtures/image.jpg", "test/fixtures/image_tmp.jpg")
 
-      assert Upload.store(@upload_file) ==
-               {:ok,
-                %{
-                  "name" => "image.jpg",
-                  "type" => "Document",
-                  "mediaType" => "image/jpeg",
-                  "url" => [
-                    %{
-                      "href" => "http://localhost:4001/media/post-process-file.jpg",
-                      "mediaType" => "image/jpeg",
-                      "type" => "Link"
-                    }
-                  ]
-                }}
+      assert {:ok, result} = Upload.store(@upload_file)
+
+      assert result ==
+               %{
+                 "id" => result["id"],
+                 "name" => "image.jpg",
+                 "type" => "Document",
+                 "mediaType" => "image/jpeg",
+                 "url" => [
+                   %{
+                     "href" => "http://localhost:4001/media/post-process-file.jpg",
+                     "mediaType" => "image/jpeg",
+                     "type" => "Link"
+                   }
+                 ]
+               }
 
       Task.await(Agent.get(TestUploaderSuccess, fn task_pid -> task_pid end))
     end

test/pleroma/user/backup_test.exs

@@ -22,15 +22,15 @@ defmodule Pleroma.User.BackupTest do
     clear_config([Pleroma.Emails.Mailer, :enabled], true)
   end
 
-  test "it requries enabled email" do
+  test "it does not requrie enabled email" do
     clear_config([Pleroma.Emails.Mailer, :enabled], false)
     user = insert(:user)
-    assert {:error, "Backups require enabled email"} == Backup.create(user)
+    assert {:ok, _} = Backup.create(user)
   end
 
-  test "it requries user's email" do
+  test "it does not require user's email" do
     user = insert(:user, %{email: nil})
-    assert {:error, "Email is required"} == Backup.create(user)
+    assert {:ok, _} = Backup.create(user)
   end
 
   test "it creates a backup record and an Oban job" do
@@ -75,6 +75,43 @@ defmodule Pleroma.User.BackupTest do
     )
   end
 
+  test "it does not send an email if the user does not have an email" do
+    clear_config([Pleroma.Upload, :uploader], Pleroma.Uploaders.Local)
+    %{id: user_id} = user = insert(:user, %{email: nil})
+
+    assert {:ok, %Oban.Job{args: %{"backup_id" => backup_id} = args}} = Backup.create(user)
+    assert {:ok, backup} = perform_job(BackupWorker, args)
+    assert backup.file_size > 0
+    assert %Backup{id: ^backup_id, processed: true, user_id: ^user_id} = backup
+
+    assert_no_email_sent()
+  end
+
+  test "it does not send an email if mailer is not on" do
+    clear_config([Pleroma.Emails.Mailer, :enabled], false)
+    clear_config([Pleroma.Upload, :uploader], Pleroma.Uploaders.Local)
+    %{id: user_id} = user = insert(:user)
+
+    assert {:ok, %Oban.Job{args: %{"backup_id" => backup_id} = args}} = Backup.create(user)
+    assert {:ok, backup} = perform_job(BackupWorker, args)
+    assert backup.file_size > 0
+    assert %Backup{id: ^backup_id, processed: true, user_id: ^user_id} = backup
+
+    assert_no_email_sent()
+  end
+
+  test "it does not send an email if the user has an empty email" do
+    clear_config([Pleroma.Upload, :uploader], Pleroma.Uploaders.Local)
+    %{id: user_id} = user = insert(:user, %{email: ""})
+
+    assert {:ok, %Oban.Job{args: %{"backup_id" => backup_id} = args}} = Backup.create(user)
+    assert {:ok, backup} = perform_job(BackupWorker, args)
+    assert backup.file_size > 0
+    assert %Backup{id: ^backup_id, processed: true, user_id: ^user_id} = backup
+
+    assert_no_email_sent()
+  end
+
   test "it removes outdated backups after creating a fresh one" do
     clear_config([Backup, :limit_days], -1)
     clear_config([Pleroma.Upload, :uploader], Pleroma.Uploaders.Local)

test/pleroma/user/import_test.exs

@@ -3,7 +3,6 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.User.ImportTest do
-  alias Pleroma.Repo
   alias Pleroma.Tests.ObanHelpers
   alias Pleroma.User
 

test/pleroma/user/query_test.exs

@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.User.QueryTest do
-  use Pleroma.DataCase, async: true
+  use Pleroma.DataCase, async: false
 
   alias Pleroma.Repo
   alias Pleroma.User
@@ -44,4 +44,63 @@ defmodule Pleroma.User.QueryTest do
              |> User.Query.build()
              |> Repo.all()
   end
+
+  describe "is_privileged param" do
+    setup do
+      %{
+        user: insert(:user, local: true, is_admin: false, is_moderator: false),
+        moderator_user: insert(:user, local: true, is_admin: false, is_moderator: true),
+        admin_user: insert(:user, local: true, is_admin: true, is_moderator: false),
+        admin_moderator_user: insert(:user, local: true, is_admin: true, is_moderator: true),
+        remote_user: insert(:user, local: false, is_admin: true, is_moderator: true),
+        non_active_user:
+          insert(:user, local: true, is_admin: true, is_moderator: true, is_active: false)
+      }
+    end
+
+    test "doesn't return any users when there are no privileged roles" do
+      clear_config([:instance, :admin_privileges], [])
+      clear_config([:instance, :moderator_privileges], [])
+
+      assert [] = User.Query.build(%{is_privileged: :cofe}) |> Repo.all()
+    end
+
+    test "returns moderator users if they are privileged", %{
+      moderator_user: moderator_user,
+      admin_moderator_user: admin_moderator_user
+    } do
+      clear_config([:instance, :admin_privileges], [])
+      clear_config([:instance, :moderator_privileges], [:cofe])
+
+      assert [_, _] = User.Query.build(%{is_privileged: :cofe}) |> Repo.all()
+      assert moderator_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all())
+      assert admin_moderator_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all())
+    end
+
+    test "returns admin users if they are privileged", %{
+      admin_user: admin_user,
+      admin_moderator_user: admin_moderator_user
+    } do
+      clear_config([:instance, :admin_privileges], [:cofe])
+      clear_config([:instance, :moderator_privileges], [])
+
+      assert [_, _] = User.Query.build(%{is_privileged: :cofe}) |> Repo.all()
+      assert admin_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all())
+      assert admin_moderator_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all())
+    end
+
+    test "returns admin and moderator users if they are both privileged", %{
+      moderator_user: moderator_user,
+      admin_user: admin_user,
+      admin_moderator_user: admin_moderator_user
+    } do
+      clear_config([:instance, :admin_privileges], [:cofe])
+      clear_config([:instance, :moderator_privileges], [:cofe])
+
+      assert [_, _, _] = User.Query.build(%{is_privileged: :cofe}) |> Repo.all()
+      assert admin_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all())
+      assert moderator_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all())
+      assert admin_moderator_user in (User.Query.build(%{is_privileged: :cofe}) |> Repo.all())
+    end
+  end
 end

test/pleroma/user_relationship_test.exs

@@ -5,8 +5,9 @@
 defmodule Pleroma.UserRelationshipTest do
   alias Pleroma.UserRelationship
 
-  use Pleroma.DataCase, async: true
+  use Pleroma.DataCase, async: false
 
+  import Mock
   import Pleroma.Factory
 
   describe "*_exists?/2" do
@@ -79,7 +80,12 @@ defmodule Pleroma.UserRelationshipTest do
     end
 
     test "if record already exists, returns it", %{users: [user1, user2]} do
-      user_block = UserRelationship.create_block(user1, user2)
+      user_block =
+        with_mock NaiveDateTime, [:passthrough], utc_now: fn -> ~N[2017-03-17 17:09:58] end do
+          {:ok, %{inserted_at: ~N[2017-03-17 17:09:58]}} =
+            UserRelationship.create_block(user1, user2)
+        end
+
       assert user_block == UserRelationship.create_block(user1, user2)
     end
   end

test/pleroma/user_search_test.exs

@@ -3,7 +3,6 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.UserSearchTest do
-  alias Pleroma.Repo
   alias Pleroma.User
   use Pleroma.DataCase
 
@@ -65,6 +64,14 @@ defmodule Pleroma.UserSearchTest do
       assert found_user.id == user.id
     end
 
+    test "excludes deactivated users from results" do
+      user = insert(:user, %{nickname: "john t1000"})
+      insert(:user, %{is_active: false, nickname: "john t800"})
+
+      [found_user] = User.search("john")
+      assert found_user.id == user.id
+    end
+
     # Note: as in Mastodon, `is_discoverable` doesn't anyhow relate to user searchability
     test "includes non-discoverable users in results" do
       insert(:user, %{nickname: "john 3000", is_discoverable: false})

test/pleroma/user_test.exs

@@ -5,7 +5,6 @@
 defmodule Pleroma.UserTest do
   alias Pleroma.Activity
   alias Pleroma.Builders.UserBuilder
-  alias Pleroma.Notification
   alias Pleroma.Object
   alias Pleroma.Repo
   alias Pleroma.Tests.ObanHelpers
@@ -13,7 +12,7 @@ defmodule Pleroma.UserTest do
   alias Pleroma.Web.ActivityPub.ActivityPub
   alias Pleroma.Web.CommonAPI
 
-  use Pleroma.DataCase
+  use Pleroma.DataCase, async: false
   use Oban.Testing, repo: Pleroma.Repo
 
   import Pleroma.Factory
@@ -311,7 +310,7 @@ defmodule Pleroma.UserTest do
   describe "unfollow/2" do
     setup do: clear_config([:instance, :external_user_synchronization])
 
-    test "unfollow with syncronizes external user" do
+    test "unfollow with synchronizes external user" do
       clear_config([:instance, :external_user_synchronization], true)
 
       followed =
@@ -473,12 +472,7 @@ defmodule Pleroma.UserTest do
               reject_deletes: []
             )
 
-    setup do:
-            clear_config(:mrf,
-              policies: [
-                Pleroma.Web.ActivityPub.MRF.SimplePolicy
-              ]
-            )
+    setup do: clear_config([:mrf, :policies], [Pleroma.Web.ActivityPub.MRF.SimplePolicy])
 
     test "it sends a welcome chat message when Simple policy applied to local instance" do
       clear_config([:mrf_simple, :media_nsfw], [{"localhost", ""}])
@@ -591,6 +585,21 @@ defmodule Pleroma.UserTest do
       refute_email_sent()
     end
 
+    test "it works when the registering user does not provide an email" do
+      clear_config([Pleroma.Emails.Mailer, :enabled], false)
+      clear_config([:instance, :account_activation_required], false)
+      clear_config([:instance, :account_approval_required], true)
+
+      cng = User.register_changeset(%User{}, @full_user_data |> Map.put(:email, ""))
+
+      # The user is still created
+      assert {:ok, %User{nickname: "nick"}} = User.register(cng)
+
+      # No emails are sent
+      ObanHelpers.perform_all()
+      refute_email_sent()
+    end
+
     test "it requires an email, name, nickname and password, bio is optional when account_activation_required is enabled" do
       clear_config([:instance, :account_activation_required], true)
 
@@ -618,9 +627,10 @@ defmodule Pleroma.UserTest do
     end
 
     test "it restricts certain nicknames" do
+      clear_config([User, :restricted_nicknames], ["about"])
       [restricted_name | _] = Pleroma.Config.get([User, :restricted_nicknames])
 
-      assert is_bitstring(restricted_name)
+      assert is_binary(restricted_name)
 
       params =
         @full_user_data
@@ -631,6 +641,23 @@ defmodule Pleroma.UserTest do
       refute changeset.valid?
     end
 
+    test "it is case-insensitive when restricting nicknames" do
+      clear_config([User, :restricted_nicknames], ["about"])
+      [restricted_name | _] = Pleroma.Config.get([User, :restricted_nicknames])
+
+      assert is_binary(restricted_name)
+
+      restricted_upcase_name = String.upcase(restricted_name)
+
+      params =
+        @full_user_data
+        |> Map.put(:nickname, restricted_upcase_name)
+
+      changeset = User.register_changeset(%User{}, params)
+
+      refute changeset.valid?
+    end
+
     test "it blocks blacklisted email domains" do
       clear_config([User, :email_blacklist], ["trolling.world"])
 
@@ -639,6 +666,11 @@ defmodule Pleroma.UserTest do
       changeset = User.register_changeset(%User{}, params)
       refute changeset.valid?
 
+      # Block with case-insensitive match
+      params = Map.put(@full_user_data, :email, "troll@TrOlLing.wOrld")
+      changeset = User.register_changeset(%User{}, params)
+      refute changeset.valid?
+
       # Block with subdomain match
       params = Map.put(@full_user_data, :email, "troll@gnomes.trolling.world")
       changeset = User.register_changeset(%User{}, params)
@@ -654,14 +686,14 @@ defmodule Pleroma.UserTest do
       assert changeset.valid?
     end
 
-    test "it sets the password_hash and ap_id" do
+    test "it sets the password_hash, ap_id, private key and followers collection address" do
       changeset = User.register_changeset(%User{}, @full_user_data)
 
       assert changeset.valid?
 
       assert is_binary(changeset.changes[:password_hash])
+      assert is_binary(changeset.changes[:keys])
       assert changeset.changes[:ap_id] == User.ap_id(%User{nickname: @full_user_data.nickname})
-
       assert changeset.changes.follower_address == "#{changeset.changes.ap_id}/followers"
     end
 
@@ -827,6 +859,123 @@ defmodule Pleroma.UserTest do
       freshed_user = refresh_record(user)
       assert freshed_user == fetched_user
     end
+
+    test "gets an existing user by nickname starting with http" do
+      user = insert(:user, nickname: "httpssome")
+      {:ok, fetched_user} = User.get_or_fetch("httpssome")
+
+      assert user == fetched_user
+    end
+  end
+
+  describe "get_or_fetch/1 remote users with tld, while BE is runned on subdomain" do
+    setup do: clear_config([Pleroma.Web.WebFinger, :update_nickname_on_user_fetch], true)
+
+    test "for mastodon" do
+      Tesla.Mock.mock(fn
+        %{url: "https://example.com/.well-known/host-meta"} ->
+          %Tesla.Env{
+            status: 302,
+            headers: [{"location", "https://sub.example.com/.well-known/host-meta"}]
+          }
+
+        %{url: "https://sub.example.com/.well-known/host-meta"} ->
+          %Tesla.Env{
+            status: 200,
+            body:
+              "test/fixtures/webfinger/masto-host-meta.xml"
+              |> File.read!()
+              |> String.replace("{{domain}}", "sub.example.com")
+          }
+
+        %{url: "https://sub.example.com/.well-known/webfinger?resource=acct:a@example.com"} ->
+          %Tesla.Env{
+            status: 200,
+            body:
+              "test/fixtures/webfinger/masto-webfinger.json"
+              |> File.read!()
+              |> String.replace("{{nickname}}", "a")
+              |> String.replace("{{domain}}", "example.com")
+              |> String.replace("{{subdomain}}", "sub.example.com"),
+            headers: [{"content-type", "application/jrd+json"}]
+          }
+
+        %{url: "https://sub.example.com/users/a"} ->
+          %Tesla.Env{
+            status: 200,
+            body:
+              "test/fixtures/webfinger/masto-user.json"
+              |> File.read!()
+              |> String.replace("{{nickname}}", "a")
+              |> String.replace("{{domain}}", "sub.example.com"),
+            headers: [{"content-type", "application/activity+json"}]
+          }
+
+        %{url: "https://sub.example.com/users/a/collections/featured"} ->
+          %Tesla.Env{
+            status: 200,
+            body:
+              File.read!("test/fixtures/users_mock/masto_featured.json")
+              |> String.replace("{{domain}}", "sub.example.com")
+              |> String.replace("{{nickname}}", "a"),
+            headers: [{"content-type", "application/activity+json"}]
+          }
+      end)
+
+      ap_id = "a@example.com"
+      {:ok, fetched_user} = User.get_or_fetch(ap_id)
+
+      assert fetched_user.ap_id == "https://sub.example.com/users/a"
+      assert fetched_user.nickname == "a@example.com"
+    end
+
+    test "for pleroma" do
+      Tesla.Mock.mock(fn
+        %{url: "https://example.com/.well-known/host-meta"} ->
+          %Tesla.Env{
+            status: 302,
+            headers: [{"location", "https://sub.example.com/.well-known/host-meta"}]
+          }
+
+        %{url: "https://sub.example.com/.well-known/host-meta"} ->
+          %Tesla.Env{
+            status: 200,
+            body:
+              "test/fixtures/webfinger/pleroma-host-meta.xml"
+              |> File.read!()
+              |> String.replace("{{domain}}", "sub.example.com")
+          }
+
+        %{url: "https://sub.example.com/.well-known/webfinger?resource=acct:a@example.com"} ->
+          %Tesla.Env{
+            status: 200,
+            body:
+              "test/fixtures/webfinger/pleroma-webfinger.json"
+              |> File.read!()
+              |> String.replace("{{nickname}}", "a")
+              |> String.replace("{{domain}}", "example.com")
+              |> String.replace("{{subdomain}}", "sub.example.com"),
+            headers: [{"content-type", "application/jrd+json"}]
+          }
+
+        %{url: "https://sub.example.com/users/a"} ->
+          %Tesla.Env{
+            status: 200,
+            body:
+              "test/fixtures/webfinger/pleroma-user.json"
+              |> File.read!()
+              |> String.replace("{{nickname}}", "a")
+              |> String.replace("{{domain}}", "sub.example.com"),
+            headers: [{"content-type", "application/activity+json"}]
+          }
+      end)
+
+      ap_id = "a@example.com"
+      {:ok, fetched_user} = User.get_or_fetch(ap_id)
+
+      assert fetched_user.ap_id == "https://sub.example.com/users/a"
+      assert fetched_user.nickname == "a@example.com"
+    end
   end
 
   describe "fetching a user from nickname or trying to build one" do
@@ -1123,7 +1272,7 @@ defmodule Pleroma.UserTest do
       user = insert(:user)
       muted_user = insert(:user)
 
-      {:ok, _user_relationships} = User.mute(user, muted_user, %{expires_in: 60})
+      {:ok, _user_relationships} = User.mute(user, muted_user, %{duration: 60})
       assert User.mutes?(user, muted_user)
 
       worker = Pleroma.Workers.MuteExpireWorker
@@ -1883,31 +2032,82 @@ defmodule Pleroma.UserTest do
     end
   end
 
-  describe "superuser?/1" do
+  describe "privileged?/1" do
+    setup do
+      clear_config([:instance, :admin_privileges], [:cofe, :suya])
+      clear_config([:instance, :moderator_privileges], [:cofe, :suya])
+    end
+
     test "returns false for unprivileged users" do
       user = insert(:user, local: true)
 
-      refute User.superuser?(user)
+      refute User.privileged?(user, :cofe)
     end
 
     test "returns false for remote users" do
       user = insert(:user, local: false)
       remote_admin_user = insert(:user, local: false, is_admin: true)
 
-      refute User.superuser?(user)
-      refute User.superuser?(remote_admin_user)
+      refute User.privileged?(user, :cofe)
+      refute User.privileged?(remote_admin_user, :cofe)
     end
 
-    test "returns true for local moderators" do
+    test "returns true for local moderators if, and only if, they are privileged" do
       user = insert(:user, local: true, is_moderator: true)
 
-      assert User.superuser?(user)
+      assert User.privileged?(user, :cofe)
+
+      clear_config([:instance, :moderator_privileges], [])
+
+      refute User.privileged?(user, :cofe)
     end
 
-    test "returns true for local admins" do
+    test "returns true for local admins if, and only if, they are privileged" do
       user = insert(:user, local: true, is_admin: true)
 
-      assert User.superuser?(user)
+      assert User.privileged?(user, :cofe)
+
+      clear_config([:instance, :admin_privileges], [])
+
+      refute User.privileged?(user, :cofe)
+    end
+  end
+
+  describe "privileges/1" do
+    setup do
+      clear_config([:instance, :moderator_privileges], [:cofe, :only_moderator])
+      clear_config([:instance, :admin_privileges], [:cofe, :only_admin])
+    end
+
+    test "returns empty list for users without roles" do
+      user = insert(:user, local: true)
+
+      assert [] == User.privileges(user)
+    end
+
+    test "returns list of privileges for moderators" do
+      moderator = insert(:user, is_moderator: true, local: true)
+
+      assert [:cofe, :only_moderator] == User.privileges(moderator) |> Enum.sort()
+    end
+
+    test "returns list of privileges for admins" do
+      admin = insert(:user, is_admin: true, local: true)
+
+      assert [:cofe, :only_admin] == User.privileges(admin) |> Enum.sort()
+    end
+
+    test "returns list of unique privileges for users who are both moderator and admin" do
+      moderator_admin = insert(:user, is_moderator: true, is_admin: true, local: true)
+
+      assert [:cofe, :only_admin, :only_moderator] ==
+               User.privileges(moderator_admin) |> Enum.sort()
+    end
+
+    test "returns empty list for remote users" do
+      remote_moderator_admin = insert(:user, is_moderator: true, is_admin: true, local: false)
+
+      assert [] == User.privileges(remote_moderator_admin)
     end
   end
 
@@ -1950,13 +2150,77 @@ defmodule Pleroma.UserTest do
       assert User.visible_for(user, other_user) == :visible
     end
 
-    test "returns true when the account is unconfirmed and being viewed by a privileged account (confirmation required)" do
+    test "returns true when the account is unconfirmed and being viewed by a privileged account (privilege :users_manage_activation_state, confirmation required)" do
       clear_config([:instance, :account_activation_required], true)
+      clear_config([:instance, :admin_privileges], [:users_manage_activation_state])
 
       user = insert(:user, local: true, is_confirmed: false)
       other_user = insert(:user, local: true, is_admin: true)
 
       assert User.visible_for(user, other_user) == :visible
+
+      clear_config([:instance, :admin_privileges], [])
+
+      refute User.visible_for(user, other_user) == :visible
+    end
+  end
+
+  describe "all_users_with_privilege/1" do
+    setup do
+      %{
+        user: insert(:user, local: true, is_admin: false, is_moderator: false),
+        moderator_user: insert(:user, local: true, is_admin: false, is_moderator: true),
+        admin_user: insert(:user, local: true, is_admin: true, is_moderator: false),
+        admin_moderator_user: insert(:user, local: true, is_admin: true, is_moderator: true),
+        remote_user: insert(:user, local: false, is_admin: true, is_moderator: true),
+        non_active_user:
+          insert(:user, local: true, is_admin: true, is_moderator: true, is_active: false)
+      }
+    end
+
+    test "doesn't return any users when there are no privileged roles" do
+      clear_config([:instance, :admin_privileges], [])
+      clear_config([:instance, :moderator_privileges], [])
+
+      assert [] = User.Query.build(%{is_privileged: :cofe}) |> Repo.all()
+    end
+
+    test "returns moderator users if they are privileged", %{
+      moderator_user: moderator_user,
+      admin_moderator_user: admin_moderator_user
+    } do
+      clear_config([:instance, :admin_privileges], [])
+      clear_config([:instance, :moderator_privileges], [:cofe])
+
+      assert [_, _] = User.Query.build(%{is_privileged: :cofe}) |> Repo.all()
+      assert moderator_user in User.all_users_with_privilege(:cofe)
+      assert admin_moderator_user in User.all_users_with_privilege(:cofe)
+    end
+
+    test "returns admin users if they are privileged", %{
+      admin_user: admin_user,
+      admin_moderator_user: admin_moderator_user
+    } do
+      clear_config([:instance, :admin_privileges], [:cofe])
+      clear_config([:instance, :moderator_privileges], [])
+
+      assert [_, _] = User.Query.build(%{is_privileged: :cofe}) |> Repo.all()
+      assert admin_user in User.all_users_with_privilege(:cofe)
+      assert admin_moderator_user in User.all_users_with_privilege(:cofe)
+    end
+
+    test "returns admin and moderator users if they are both privileged", %{
+      moderator_user: moderator_user,
+      admin_user: admin_user,
+      admin_moderator_user: admin_moderator_user
+    } do
+      clear_config([:instance, :admin_privileges], [:cofe])
+      clear_config([:instance, :moderator_privileges], [:cofe])
+
+      assert [_, _, _] = User.Query.build(%{is_privileged: :cofe}) |> Repo.all()
+      assert admin_user in User.all_users_with_privilege(:cofe)
+      assert moderator_user in User.all_users_with_privilege(:cofe)
+      assert admin_moderator_user in User.all_users_with_privilege(:cofe)
     end
   end
 
@@ -2108,21 +2372,6 @@ defmodule Pleroma.UserTest do
     end
   end
 
-  describe "ensure_keys_present" do
-    test "it creates keys for a user and stores them in info" do
-      user = insert(:user)
-      refute is_binary(user.keys)
-      {:ok, user} = User.ensure_keys_present(user)
-      assert is_binary(user.keys)
-    end
-
-    test "it doesn't create keys if there already are some" do
-      user = insert(:user, keys: "xxx")
-      {:ok, user} = User.ensure_keys_present(user)
-      assert user.keys == "xxx"
-    end
-  end
-
   describe "get_ap_ids_by_nicknames" do
     test "it returns a list of AP ids for a given set of nicknames" do
       user = insert(:user)
@@ -2211,26 +2460,6 @@ defmodule Pleroma.UserTest do
       assert {:ok, user} = Cachex.get(:user_cache, "ap_id:#{user.ap_id}")
       assert %User{bio: "test-bio"} = User.get_cached_by_ap_id(user.ap_id)
     end
-
-    test "removes report notifs when user isn't superuser any more" do
-      report_activity = insert(:report_activity)
-      user = insert(:user, is_moderator: true, is_admin: true)
-      {:ok, _} = Notification.create_notifications(report_activity)
-
-      assert [%Pleroma.Notification{type: "pleroma:report"}] = Notification.for_user(user)
-
-      {:ok, user} = user |> User.admin_api_update(%{is_moderator: false})
-      # is still superuser because still admin
-      assert [%Pleroma.Notification{type: "pleroma:report"}] = Notification.for_user(user)
-
-      {:ok, user} = user |> User.admin_api_update(%{is_moderator: true, is_admin: false})
-      # is still superuser because still moderator
-      assert [%Pleroma.Notification{type: "pleroma:report"}] = Notification.for_user(user)
-
-      {:ok, user} = user |> User.admin_api_update(%{is_moderator: false})
-      # is not a superuser any more
-      assert [] = Notification.for_user(user)
-    end
   end
 
   describe "following/followers synchronization" do
@@ -2257,7 +2486,7 @@ defmodule Pleroma.UserTest do
       assert other_user.follower_count == 1
     end
 
-    test "syncronizes the counters with the remote instance for the followed when enabled" do
+    test "synchronizes the counters with the remote instance for the followed when enabled" do
       clear_config([:instance, :external_user_synchronization], false)
 
       user = insert(:user)
@@ -2279,7 +2508,7 @@ defmodule Pleroma.UserTest do
       assert other_user.follower_count == 437
     end
 
-    test "syncronizes the counters with the remote instance for the follower when enabled" do
+    test "synchronizes the counters with the remote instance for the follower when enabled" do
       clear_config([:instance, :external_user_synchronization], false)
 
       user = insert(:user)
@@ -2579,6 +2808,82 @@ defmodule Pleroma.UserTest do
     object_id
   end
 
+  describe "add_alias/2" do
+    test "should add alias for another user" do
+      user = insert(:user)
+      user2 = insert(:user)
+
+      assert {:ok, user_updated} = user |> User.add_alias(user2)
+
+      assert user_updated.also_known_as |> length() == 1
+      assert user2.ap_id in user_updated.also_known_as
+    end
+
+    test "should add multiple aliases" do
+      user = insert(:user)
+      user2 = insert(:user)
+      user3 = insert(:user)
+
+      assert {:ok, user} = user |> User.add_alias(user2)
+      assert {:ok, user_updated} = user |> User.add_alias(user3)
+
+      assert user_updated.also_known_as |> length() == 2
+      assert user2.ap_id in user_updated.also_known_as
+      assert user3.ap_id in user_updated.also_known_as
+    end
+
+    test "should not add duplicate aliases" do
+      user = insert(:user)
+      user2 = insert(:user)
+
+      assert {:ok, user} = user |> User.add_alias(user2)
+
+      assert {:ok, user_updated} = user |> User.add_alias(user2)
+
+      assert user_updated.also_known_as |> length() == 1
+      assert user2.ap_id in user_updated.also_known_as
+    end
+  end
+
+  describe "alias_users/1" do
+    test "should get aliases for a user" do
+      user = insert(:user)
+      user2 = insert(:user, also_known_as: [user.ap_id])
+
+      aliases = user2 |> User.alias_users()
+
+      assert aliases |> length() == 1
+
+      alias_user = aliases |> Enum.at(0)
+
+      assert alias_user.ap_id == user.ap_id
+    end
+  end
+
+  describe "delete_alias/2" do
+    test "should delete existing alias" do
+      user = insert(:user)
+      user2 = insert(:user, also_known_as: [user.ap_id])
+
+      assert {:ok, user_updated} = user2 |> User.delete_alias(user)
+
+      assert user_updated.also_known_as == []
+    end
+
+    test "should report error on non-existing alias" do
+      user = insert(:user)
+      user2 = insert(:user)
+      user3 = insert(:user, also_known_as: [user.ap_id])
+
+      assert {:error, :no_such_alias} = user3 |> User.delete_alias(user2)
+
+      user3_updated = User.get_cached_by_ap_id(user3.ap_id)
+
+      assert user3_updated.also_known_as |> length() == 1
+      assert user.ap_id in user3_updated.also_known_as
+    end
+  end
+
   describe "account endorsements" do
     test "it pins people" do
       user = insert(:user)

test/pleroma/web/activity_pub/activity_pub_controller_test.exs

@@ -247,6 +247,27 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
       assert json_response(response, 200) == ObjectView.render("object.json", %{object: object})
     end
 
+    test "does not return local-only objects for remote users", %{conn: conn} do
+      user = insert(:user)
+      reader = insert(:user, local: false)
+
+      {:ok, post} =
+        CommonAPI.post(user, %{status: "test @#{reader.nickname}", visibility: "local"})
+
+      assert Pleroma.Web.ActivityPub.Visibility.is_local_public?(post)
+
+      object = Object.normalize(post, fetch: false)
+      uuid = String.split(object.data["id"], "/") |> List.last()
+
+      assert response =
+               conn
+               |> assign(:user, reader)
+               |> put_req_header("accept", "application/activity+json")
+               |> get("/objects/#{uuid}")
+
+      json_response(response, 404)
+    end
+
     test "it returns a json representation of the object with accept application/json", %{
       conn: conn
     } do
@@ -291,6 +312,30 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
       assert json_response(conn, 200) == ObjectView.render("object.json", %{object: note})
     end
 
+    test "does not cache authenticated response", %{conn: conn} do
+      user = insert(:user)
+      reader = insert(:user)
+
+      {:ok, post} =
+        CommonAPI.post(user, %{status: "test @#{reader.nickname}", visibility: "local"})
+
+      object = Object.normalize(post, fetch: false)
+      uuid = String.split(object.data["id"], "/") |> List.last()
+
+      assert response =
+               conn
+               |> assign(:user, reader)
+               |> put_req_header("accept", "application/activity+json")
+               |> get("/objects/#{uuid}")
+
+      json_response(response, 200)
+
+      conn
+      |> put_req_header("accept", "application/activity+json")
+      |> get("/objects/#{uuid}")
+      |> json_response(404)
+    end
+
     test "it returns 404 for non-public messages", %{conn: conn} do
       note = insert(:direct_note)
       uuid = String.split(note.data["id"], "/") |> List.last()
@@ -1273,6 +1318,35 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
       assert outbox_endpoint == result["id"]
     end
 
+    test "it returns a local note activity when authenticated as local user", %{conn: conn} do
+      user = insert(:user)
+      reader = insert(:user)
+      {:ok, note_activity} = CommonAPI.post(user, %{status: "mew mew", visibility: "local"})
+      ap_id = note_activity.data["id"]
+
+      resp =
+        conn
+        |> assign(:user, reader)
+        |> put_req_header("accept", "application/activity+json")
+        |> get("/users/#{user.nickname}/outbox?page=true")
+        |> json_response(200)
+
+      assert %{"orderedItems" => [%{"id" => ^ap_id}]} = resp
+    end
+
+    test "it does not return a local note activity when unauthenticated", %{conn: conn} do
+      user = insert(:user)
+      {:ok, _note_activity} = CommonAPI.post(user, %{status: "mew mew", visibility: "local"})
+
+      resp =
+        conn
+        |> put_req_header("accept", "application/activity+json")
+        |> get("/users/#{user.nickname}/outbox?page=true")
+        |> json_response(200)
+
+      assert %{"orderedItems" => []} = resp
+    end
+
     test "it returns a note activity in a collection", %{conn: conn} do
       note_activity = insert(:note_activity)
       note_object = Object.normalize(note_activity, fetch: false)

test/pleroma/web/activity_pub/activity_pub_test.exs

@@ -554,7 +554,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
       assert activity.data["ok"] == data["ok"]
       assert activity.data["id"] == given_id
       assert activity.data["context"] == "blabla"
-      assert activity.data["context_id"]
     end
 
     test "adds a context when none is there" do
@@ -576,8 +575,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
 
       assert is_binary(activity.data["context"])
       assert is_binary(object.data["context"])
-      assert activity.data["context_id"]
-      assert object.data["context_id"]
     end
 
     test "adds an id to a given object if it lacks one and is a note and inserts it to the object database" do
@@ -1507,6 +1504,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
       reporter_ap_id = reporter.ap_id
       target_ap_id = target_account.ap_id
       activity_ap_id = activity.data["id"]
+      object_ap_id = activity.object.data["id"]
 
       activity_with_object = Activity.get_by_ap_id_with_object(activity_ap_id)
 
@@ -1518,6 +1516,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
          reported_activity: activity,
          content: content,
          activity_ap_id: activity_ap_id,
+         object_ap_id: object_ap_id,
          activity_with_object: activity_with_object,
          reporter_ap_id: reporter_ap_id,
          target_ap_id: target_ap_id
@@ -1531,7 +1530,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
            target_account: target_account,
            reported_activity: reported_activity,
            content: content,
-           activity_ap_id: activity_ap_id,
+           object_ap_id: object_ap_id,
            activity_with_object: activity_with_object,
            reporter_ap_id: reporter_ap_id,
            target_ap_id: target_ap_id
@@ -1547,7 +1546,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
 
       note_obj = %{
         "type" => "Note",
-        "id" => activity_ap_id,
+        "id" => object_ap_id,
         "content" => content,
         "published" => activity_with_object.object.data["published"],
         "actor" =>
@@ -1571,6 +1570,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
                      context: context,
                      target_account: target_account,
                      reported_activity: reported_activity,
+                     object_ap_id: object_ap_id,
                      content: content
                    },
                    Utils,
@@ -1585,8 +1585,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
           content: content
         })
 
-      new_data =
-        put_in(activity.data, ["object"], [target_account.ap_id, reported_activity.data["id"]])
+      new_data = put_in(activity.data, ["object"], [target_account.ap_id, object_ap_id])
 
       assert_called(Utils.maybe_federate(%{activity | data: new_data}))
     end
@@ -1612,7 +1611,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
                })
 
       assert Repo.aggregate(Activity, :count, :id) == 1
-      assert Repo.aggregate(Object, :count, :id) == 2
+      assert Repo.aggregate(Object, :count, :id) == 1
       assert Repo.aggregate(Notification, :count, :id) == 0
     end
   end
@@ -1665,7 +1664,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
   end
 
   describe "fetch_follow_information_for_user" do
-    test "syncronizes following/followers counters" do
+    test "synchronizes following/followers counters" do
       user =
         insert(:user,
           local: false,
@@ -1836,9 +1835,12 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
                  "target" => ^new_ap_id,
                  "type" => "Move"
                },
-               local: true
+               local: true,
+               recipients: recipients
              } = activity
 
+      assert old_user.follower_address in recipients
+
       params = %{
         "op" => "move_following",
         "origin_id" => old_user.id,
@@ -1869,6 +1871,42 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
       assert {:error, "Target account must have the origin in `alsoKnownAs`"} =
                ActivityPub.move(old_user, new_user)
     end
+
+    test "do not move remote user following relationships" do
+      %{ap_id: old_ap_id} = old_user = insert(:user)
+      %{ap_id: new_ap_id} = new_user = insert(:user, also_known_as: [old_ap_id])
+      follower_remote = insert(:user, local: false)
+
+      User.follow(follower_remote, old_user)
+
+      assert User.following?(follower_remote, old_user)
+
+      assert {:ok, activity} = ActivityPub.move(old_user, new_user)
+
+      assert %Activity{
+               actor: ^old_ap_id,
+               data: %{
+                 "actor" => ^old_ap_id,
+                 "object" => ^old_ap_id,
+                 "target" => ^new_ap_id,
+                 "type" => "Move"
+               },
+               local: true
+             } = activity
+
+      params = %{
+        "op" => "move_following",
+        "origin_id" => old_user.id,
+        "target_id" => new_user.id
+      }
+
+      assert_enqueued(worker: Pleroma.Workers.BackgroundWorker, args: params)
+
+      Pleroma.Workers.BackgroundWorker.perform(%Oban.Job{args: params})
+
+      assert User.following?(follower_remote, old_user)
+      refute User.following?(follower_remote, new_user)
+    end
   end
 
   test "doesn't retrieve replies activities with exclude_replies" do

test/pleroma/web/activity_pub/mrf/anti_followbot_policy_test.exs

@@ -6,6 +6,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.AntiFollowbotPolicyTest do
   use Pleroma.DataCase, async: true
   import Pleroma.Factory
 
+  alias Pleroma.User
   alias Pleroma.Web.ActivityPub.MRF.AntiFollowbotPolicy
 
   describe "blocking based on attributes" do
@@ -38,21 +39,55 @@ defmodule Pleroma.Web.ActivityPub.MRF.AntiFollowbotPolicyTest do
 
       assert {:reject, "[AntiFollowbotPolicy]" <> _} = AntiFollowbotPolicy.filter(message)
     end
+
+    test "matches followbots by actor_type" do
+      actor = insert(:user, %{actor_type: "Service"})
+      target = insert(:user)
+
+      message = %{
+        "@context" => "https://www.w3.org/ns/activitystreams",
+        "type" => "Follow",
+        "actor" => actor.ap_id,
+        "object" => target.ap_id,
+        "id" => "https://example.com/activities/1234"
+      }
+
+      assert {:reject, "[AntiFollowbotPolicy]" <> _} = AntiFollowbotPolicy.filter(message)
+    end
   end
 
-  test "it allows non-followbots" do
-    actor = insert(:user)
-    target = insert(:user)
+  describe "it allows" do
+    test "non-followbots" do
+      actor = insert(:user)
+      target = insert(:user)
 
-    message = %{
-      "@context" => "https://www.w3.org/ns/activitystreams",
-      "type" => "Follow",
-      "actor" => actor.ap_id,
-      "object" => target.ap_id,
-      "id" => "https://example.com/activities/1234"
-    }
+      message = %{
+        "@context" => "https://www.w3.org/ns/activitystreams",
+        "type" => "Follow",
+        "actor" => actor.ap_id,
+        "object" => target.ap_id,
+        "id" => "https://example.com/activities/1234"
+      }
 
-    {:ok, _} = AntiFollowbotPolicy.filter(message)
+      {:ok, _} = AntiFollowbotPolicy.filter(message)
+    end
+
+    test "bots if the target follows the bots" do
+      actor = insert(:user, %{actor_type: "Service"})
+      target = insert(:user)
+
+      User.follow(target, actor)
+
+      message = %{
+        "@context" => "https://www.w3.org/ns/activitystreams",
+        "type" => "Follow",
+        "actor" => actor.ap_id,
+        "object" => target.ap_id,
+        "id" => "https://example.com/activities/1234"
+      }
+
+      {:ok, _} = AntiFollowbotPolicy.filter(message)
+    end
   end
 
   test "it gracefully handles nil display names" do

test/pleroma/web/activity_pub/mrf/anti_link_spam_policy_test.exs

@@ -7,6 +7,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.AntiLinkSpamPolicyTest do
   import Pleroma.Factory
   import ExUnit.CaptureLog
 
+  alias Pleroma.Web.ActivityPub.MRF
   alias Pleroma.Web.ActivityPub.MRF.AntiLinkSpamPolicy
 
   @linkless_message %{
@@ -49,11 +50,23 @@ defmodule Pleroma.Web.ActivityPub.MRF.AntiLinkSpamPolicyTest do
 
       assert user.note_count == 0
 
-      message =
-        @linkful_message
-        |> Map.put("actor", user.ap_id)
+      message = %{
+        "type" => "Create",
+        "actor" => user.ap_id,
+        "object" => %{
+          "formerRepresentations" => %{
+            "type" => "OrderedCollection",
+            "orderedItems" => [
+              %{
+                "content" => "<a href='https://example.com'>hi world!</a>"
+              }
+            ]
+          },
+          "content" => "mew"
+        }
+      }
 
-      {:reject, _} = AntiLinkSpamPolicy.filter(message)
+      {:reject, _} = MRF.filter_one(AntiLinkSpamPolicy, message)
     end
 
     test "it allows posts with links for local users" do
@@ -67,6 +80,18 @@ defmodule Pleroma.Web.ActivityPub.MRF.AntiLinkSpamPolicyTest do
 
       {:ok, _message} = AntiLinkSpamPolicy.filter(message)
     end
+
+    test "it disallows posts with links in history" do
+      user = insert(:user, local: false)
+
+      assert user.note_count == 0
+
+      message =
+        @linkful_message
+        |> Map.put("actor", user.ap_id)
+
+      {:reject, _} = AntiLinkSpamPolicy.filter(message)
+    end
   end
 
   describe "with old user" do

test/pleroma/web/activity_pub/mrf/ensure_re_prepended_test.exs

@@ -7,6 +7,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.EnsureRePrependedTest do
 
   alias Pleroma.Activity
   alias Pleroma.Object
+  alias Pleroma.Web.ActivityPub.MRF
   alias Pleroma.Web.ActivityPub.MRF.EnsureRePrepended
 
   describe "rewrites summary" do
@@ -35,10 +36,58 @@ defmodule Pleroma.Web.ActivityPub.MRF.EnsureRePrependedTest do
       assert {:ok, res} = EnsureRePrepended.filter(message)
       assert res["object"]["summary"] == "re: object-summary"
     end
+
+    test "it adds `re:` to history" do
+      message = %{
+        "type" => "Create",
+        "object" => %{
+          "summary" => "object-summary",
+          "inReplyTo" => %Activity{object: %Object{data: %{"summary" => "object-summary"}}},
+          "formerRepresentations" => %{
+            "orderedItems" => [
+              %{
+                "summary" => "object-summary",
+                "inReplyTo" => %Activity{object: %Object{data: %{"summary" => "object-summary"}}}
+              }
+            ]
+          }
+        }
+      }
+
+      assert {:ok, res} = MRF.filter_one(EnsureRePrepended, message)
+      assert res["object"]["summary"] == "re: object-summary"
+
+      assert Enum.at(res["object"]["formerRepresentations"]["orderedItems"], 0)["summary"] ==
+               "re: object-summary"
+    end
+
+    test "it accepts Updates" do
+      message = %{
+        "type" => "Update",
+        "object" => %{
+          "summary" => "object-summary",
+          "inReplyTo" => %Activity{object: %Object{data: %{"summary" => "object-summary"}}},
+          "formerRepresentations" => %{
+            "orderedItems" => [
+              %{
+                "summary" => "object-summary",
+                "inReplyTo" => %Activity{object: %Object{data: %{"summary" => "object-summary"}}}
+              }
+            ]
+          }
+        }
+      }
+
+      assert {:ok, res} = MRF.filter_one(EnsureRePrepended, message)
+      assert res["object"]["summary"] == "re: object-summary"
+
+      assert Enum.at(res["object"]["formerRepresentations"]["orderedItems"], 0)["summary"] ==
+               "re: object-summary"
+    end
   end
 
   describe "skip filter" do
-    test "it skip if type isn't 'Create'" do
+    test "it skip if type isn't 'Create' or 'Update'" do
       message = %{
         "type" => "Annotation",
         "object" => %{"summary" => "object-summary"}

test/pleroma/web/activity_pub/mrf/force_mentions_in_content_test.exs

@@ -8,6 +8,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.ForceMentionsInContentTest do
 
   alias Pleroma.Constants
   alias Pleroma.Object
+  alias Pleroma.Web.ActivityPub.MRF
   alias Pleroma.Web.ActivityPub.MRF.ForceMentionsInContent
   alias Pleroma.Web.CommonAPI
 
@@ -161,4 +162,98 @@ defmodule Pleroma.Web.ActivityPub.MRF.ForceMentionsInContentTest do
     assert filtered ==
              "<p><span class=\"recipients-inline\"><span class=\"h-card\"><a class=\"u-url mention\" data-user=\"#{luigi.id}\" href=\"#{luigi.ap_id}\" rel=\"ugc\">@<span>luigi</span></a></span> </span>I'ma tired...</p>"
   end
+
+  test "aware of history" do
+    mario = insert(:user, nickname: "mario")
+    wario = insert(:user, nickname: "wario")
+
+    {:ok, post1} = CommonAPI.post(mario, %{status: "Letsa go!"})
+
+    activity = %{
+      "type" => "Create",
+      "actor" => wario.ap_id,
+      "object" => %{
+        "type" => "Note",
+        "actor" => wario.ap_id,
+        "content" => "WHA-HA!",
+        "to" => [
+          mario.ap_id,
+          Constants.as_public()
+        ],
+        "inReplyTo" => post1.object.data["id"],
+        "formerRepresentations" => %{
+          "orderedItems" => [
+            %{
+              "type" => "Note",
+              "actor" => wario.ap_id,
+              "content" => "WHA-HA!",
+              "to" => [
+                mario.ap_id,
+                Constants.as_public()
+              ],
+              "inReplyTo" => post1.object.data["id"]
+            }
+          ]
+        }
+      }
+    }
+
+    expected =
+      "<span class=\"recipients-inline\"><span class=\"h-card\"><a class=\"u-url mention\" data-user=\"#{mario.id}\" href=\"#{mario.ap_id}\" rel=\"ugc\">@<span>mario</span></a></span> </span>WHA-HA!"
+
+    assert {:ok,
+            %{
+              "object" => %{
+                "content" => ^expected,
+                "formerRepresentations" => %{"orderedItems" => [%{"content" => ^expected}]}
+              }
+            }} = MRF.filter_one(ForceMentionsInContent, activity)
+  end
+
+  test "works with Updates" do
+    mario = insert(:user, nickname: "mario")
+    wario = insert(:user, nickname: "wario")
+
+    {:ok, post1} = CommonAPI.post(mario, %{status: "Letsa go!"})
+
+    activity = %{
+      "type" => "Update",
+      "actor" => wario.ap_id,
+      "object" => %{
+        "type" => "Note",
+        "actor" => wario.ap_id,
+        "content" => "WHA-HA!",
+        "to" => [
+          mario.ap_id,
+          Constants.as_public()
+        ],
+        "inReplyTo" => post1.object.data["id"],
+        "formerRepresentations" => %{
+          "orderedItems" => [
+            %{
+              "type" => "Note",
+              "actor" => wario.ap_id,
+              "content" => "WHA-HA!",
+              "to" => [
+                mario.ap_id,
+                Constants.as_public()
+              ],
+              "inReplyTo" => post1.object.data["id"]
+            }
+          ]
+        }
+      }
+    }
+
+    expected =
+      "<span class=\"recipients-inline\"><span class=\"h-card\"><a class=\"u-url mention\" data-user=\"#{mario.id}\" href=\"#{mario.ap_id}\" rel=\"ugc\">@<span>mario</span></a></span> </span>WHA-HA!"
+
+    assert {:ok,
+            %{
+              "object" => %{
+                "content" => ^expected,
+                "formerRepresentations" => %{"orderedItems" => [%{"content" => ^expected}]}
+              }
+            }} = MRF.filter_one(ForceMentionsInContent, activity)
+  end
 end

test/pleroma/web/activity_pub/mrf/hashtag_policy_test.exs

@@ -20,6 +20,76 @@ defmodule Pleroma.Web.ActivityPub.MRF.HashtagPolicyTest do
     assert modified["object"]["sensitive"]
   end
 
+  test "it is history-aware" do
+    activity = %{
+      "type" => "Create",
+      "object" => %{
+        "content" => "hey",
+        "tag" => []
+      }
+    }
+
+    activity_data =
+      activity
+      |> put_in(
+        ["object", "formerRepresentations"],
+        %{
+          "type" => "OrderedCollection",
+          "orderedItems" => [
+            Map.put(
+              activity["object"],
+              "tag",
+              [%{"type" => "Hashtag", "name" => "#nsfw"}]
+            )
+          ]
+        }
+      )
+
+    {:ok, modified} =
+      Pleroma.Web.ActivityPub.MRF.filter_one(
+        Pleroma.Web.ActivityPub.MRF.HashtagPolicy,
+        activity_data
+      )
+
+    refute modified["object"]["sensitive"]
+    assert Enum.at(modified["object"]["formerRepresentations"]["orderedItems"], 0)["sensitive"]
+  end
+
+  test "it works with Update" do
+    activity = %{
+      "type" => "Update",
+      "object" => %{
+        "content" => "hey",
+        "tag" => []
+      }
+    }
+
+    activity_data =
+      activity
+      |> put_in(
+        ["object", "formerRepresentations"],
+        %{
+          "type" => "OrderedCollection",
+          "orderedItems" => [
+            Map.put(
+              activity["object"],
+              "tag",
+              [%{"type" => "Hashtag", "name" => "#nsfw"}]
+            )
+          ]
+        }
+      )
+
+    {:ok, modified} =
+      Pleroma.Web.ActivityPub.MRF.filter_one(
+        Pleroma.Web.ActivityPub.MRF.HashtagPolicy,
+        activity_data
+      )
+
+    refute modified["object"]["sensitive"]
+    assert Enum.at(modified["object"]["formerRepresentations"]["orderedItems"], 0)["sensitive"]
+  end
+
   test "it doesn't sets the sensitive property with irrelevant hashtags" do
     user = insert(:user)
 

test/pleroma/web/activity_pub/mrf/keyword_policy_test.exs

@@ -79,6 +79,54 @@ defmodule Pleroma.Web.ActivityPub.MRF.KeywordPolicyTest do
                    KeywordPolicy.filter(message)
                end)
     end
+
+    test "rejects if string matches in history" do
+      clear_config([:mrf_keyword, :reject], ["pun"])
+
+      message = %{
+        "type" => "Create",
+        "object" => %{
+          "content" => "just a daily reminder that compLAINer is a good",
+          "summary" => "",
+          "formerRepresentations" => %{
+            "type" => "OrderedCollection",
+            "orderedItems" => [
+              %{
+                "content" => "just a daily reminder that compLAINer is a good pun",
+                "summary" => ""
+              }
+            ]
+          }
+        }
+      }
+
+      assert {:reject, "[KeywordPolicy] Matches with rejected keyword"} =
+               KeywordPolicy.filter(message)
+    end
+
+    test "rejects Updates" do
+      clear_config([:mrf_keyword, :reject], ["pun"])
+
+      message = %{
+        "type" => "Update",
+        "object" => %{
+          "content" => "just a daily reminder that compLAINer is a good",
+          "summary" => "",
+          "formerRepresentations" => %{
+            "type" => "OrderedCollection",
+            "orderedItems" => [
+              %{
+                "content" => "just a daily reminder that compLAINer is a good pun",
+                "summary" => ""
+              }
+            ]
+          }
+        }
+      }
+
+      assert {:reject, "[KeywordPolicy] Matches with rejected keyword"} =
+               KeywordPolicy.filter(message)
+    end
   end
 
   describe "delisting from ftl based on keywords" do
@@ -157,6 +205,31 @@ defmodule Pleroma.Web.ActivityPub.MRF.KeywordPolicyTest do
                    not (["https://www.w3.org/ns/activitystreams#Public"] == result["to"])
                end)
     end
+
+    test "delists if string matches in history" do
+      clear_config([:mrf_keyword, :federated_timeline_removal], ["pun"])
+
+      message = %{
+        "to" => ["https://www.w3.org/ns/activitystreams#Public"],
+        "type" => "Create",
+        "object" => %{
+          "content" => "just a daily reminder that compLAINer is a good",
+          "summary" => "",
+          "formerRepresentations" => %{
+            "orderedItems" => [
+              %{
+                "content" => "just a daily reminder that compLAINer is a good pun",
+                "summary" => ""
+              }
+            ]
+          }
+        }
+      }
+
+      {:ok, result} = KeywordPolicy.filter(message)
+      assert ["https://www.w3.org/ns/activitystreams#Public"] == result["cc"]
+      refute ["https://www.w3.org/ns/activitystreams#Public"] == result["to"]
+    end
   end
 
   describe "replacing keywords" do
@@ -221,5 +294,63 @@ defmodule Pleroma.Web.ActivityPub.MRF.KeywordPolicyTest do
                  result == "ZFS is free software"
                end)
     end
+
+    test "replaces keyword if string matches in history" do
+      clear_config([:mrf_keyword, :replace], [{"opensource", "free software"}])
+
+      message = %{
+        "type" => "Create",
+        "to" => ["https://www.w3.org/ns/activitystreams#Public"],
+        "object" => %{
+          "content" => "ZFS is opensource",
+          "summary" => "",
+          "formerRepresentations" => %{
+            "type" => "OrderedCollection",
+            "orderedItems" => [
+              %{"content" => "ZFS is opensource mew mew", "summary" => ""}
+            ]
+          }
+        }
+      }
+
+      {:ok,
+       %{
+         "object" => %{
+           "content" => "ZFS is free software",
+           "formerRepresentations" => %{
+             "orderedItems" => [%{"content" => "ZFS is free software mew mew"}]
+           }
+         }
+       }} = KeywordPolicy.filter(message)
+    end
+
+    test "replaces keyword in Updates" do
+      clear_config([:mrf_keyword, :replace], [{"opensource", "free software"}])
+
+      message = %{
+        "type" => "Update",
+        "to" => ["https://www.w3.org/ns/activitystreams#Public"],
+        "object" => %{
+          "content" => "ZFS is opensource",
+          "summary" => "",
+          "formerRepresentations" => %{
+            "type" => "OrderedCollection",
+            "orderedItems" => [
+              %{"content" => "ZFS is opensource mew mew", "summary" => ""}
+            ]
+          }
+        }
+      }
+
+      {:ok,
+       %{
+         "object" => %{
+           "content" => "ZFS is free software",
+           "formerRepresentations" => %{
+             "orderedItems" => [%{"content" => "ZFS is free software mew mew"}]
+           }
+         }
+       }} = KeywordPolicy.filter(message)
+    end
   end
 end

test/pleroma/web/activity_pub/mrf/media_proxy_warming_policy_test.exs

@@ -7,6 +7,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicyTest do
   use Pleroma.Tests.Helpers
 
   alias Pleroma.HTTP
+  alias Pleroma.Web.ActivityPub.MRF
   alias Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy
 
   import Mock
@@ -22,6 +23,25 @@ defmodule Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicyTest do
     }
   }
 
+  @message_with_history %{
+    "type" => "Create",
+    "object" => %{
+      "type" => "Note",
+      "content" => "content",
+      "formerRepresentations" => %{
+        "orderedItems" => [
+          %{
+            "type" => "Note",
+            "content" => "content",
+            "attachment" => [
+              %{"url" => [%{"href" => "http://example.com/image.jpg"}]}
+            ]
+          }
+        ]
+      }
+    }
+  }
+
   setup do: clear_config([:media_proxy, :enabled], true)
 
   test "it prefetches media proxy URIs" do
@@ -50,4 +70,28 @@ defmodule Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicyTest do
       refute called(HTTP.get(:_, :_, :_))
     end
   end
+
+  test "history-aware" do
+    Tesla.Mock.mock(fn %{method: :get, url: "http://example.com/image.jpg"} ->
+      {:ok, %Tesla.Env{status: 200, body: ""}}
+    end)
+
+    with_mock HTTP, get: fn _, _, _ -> {:ok, []} end do
+      MRF.filter_one(MediaProxyWarmingPolicy, @message_with_history)
+
+      assert called(HTTP.get(:_, :_, :_))
+    end
+  end
+
+  test "works with Updates" do
+    Tesla.Mock.mock(fn %{method: :get, url: "http://example.com/image.jpg"} ->
+      {:ok, %Tesla.Env{status: 200, body: ""}}
+    end)
+
+    with_mock HTTP, get: fn _, _, _ -> {:ok, []} end do
+      MRF.filter_one(MediaProxyWarmingPolicy, @message_with_history |> Map.put("type", "Update"))
+
+      assert called(HTTP.get(:_, :_, :_))
+    end
+  end
 end

test/pleroma/web/activity_pub/mrf/no_empty_policy_test.exs

@@ -151,4 +151,27 @@ defmodule Pleroma.Web.ActivityPub.MRF.NoEmptyPolicyTest do
 
     assert NoEmptyPolicy.filter(message) == {:reject, "[NoEmptyPolicy]"}
   end
+
+  test "works with Update" do
+    message = %{
+      "actor" => "http://localhost:4001/users/testuser",
+      "cc" => ["http://localhost:4001/users/testuser/followers"],
+      "object" => %{
+        "actor" => "http://localhost:4001/users/testuser",
+        "attachment" => [],
+        "cc" => ["http://localhost:4001/users/testuser/followers"],
+        "source" => "",
+        "to" => [
+          "https://www.w3.org/ns/activitystreams#Public"
+        ],
+        "type" => "Note"
+      },
+      "to" => [
+        "https://www.w3.org/ns/activitystreams#Public"
+      ],
+      "type" => "Update"
+    }
+
+    assert NoEmptyPolicy.filter(message) == {:reject, "[NoEmptyPolicy]"}
+  end
 end

test/pleroma/web/activity_pub/mrf/no_placeholder_text_policy_test.exs

@@ -4,6 +4,7 @@
 
 defmodule Pleroma.Web.ActivityPub.MRF.NoPlaceholderTextPolicyTest do
   use Pleroma.DataCase, async: true
+  alias Pleroma.Web.ActivityPub.MRF
   alias Pleroma.Web.ActivityPub.MRF.NoPlaceholderTextPolicy
 
   test "it clears content object" do
@@ -20,6 +21,46 @@ defmodule Pleroma.Web.ActivityPub.MRF.NoPlaceholderTextPolicyTest do
     assert res["object"]["content"] == ""
   end
 
+  test "history-aware" do
+    message = %{
+      "type" => "Create",
+      "object" => %{
+        "content" => ".",
+        "attachment" => "image",
+        "formerRepresentations" => %{
+          "orderedItems" => [%{"content" => ".", "attachment" => "image"}]
+        }
+      }
+    }
+
+    assert {:ok, res} = MRF.filter_one(NoPlaceholderTextPolicy, message)
+
+    assert %{
+             "content" => "",
+             "formerRepresentations" => %{"orderedItems" => [%{"content" => ""}]}
+           } = res["object"]
+  end
+
+  test "works with Updates" do
+    message = %{
+      "type" => "Update",
+      "object" => %{
+        "content" => ".",
+        "attachment" => "image",
+        "formerRepresentations" => %{
+          "orderedItems" => [%{"content" => ".", "attachment" => "image"}]
+        }
+      }
+    }
+
+    assert {:ok, res} = MRF.filter_one(NoPlaceholderTextPolicy, message)
+
+    assert %{
+             "content" => "",
+             "formerRepresentations" => %{"orderedItems" => [%{"content" => ""}]}
+           } = res["object"]
+  end
+
   @messages [
     %{
       "type" => "Create",

test/pleroma/web/activity_pub/mrf/normalize_markup_test.exs

@@ -4,6 +4,7 @@
 
 defmodule Pleroma.Web.ActivityPub.MRF.NormalizeMarkupTest do
   use Pleroma.DataCase, async: true
+  alias Pleroma.Web.ActivityPub.MRF
   alias Pleroma.Web.ActivityPub.MRF.NormalizeMarkup
 
   @html_sample """
@@ -16,24 +17,58 @@ defmodule Pleroma.Web.ActivityPub.MRF.NormalizeMarkupTest do
   <script>alert('hacked')</script>
   """
 
-  test "it filter html tags" do
-    expected = """
-    <b>this is in bold</b>
-    <p>this is a paragraph</p>
-    this is a linebreak<br/>
-    this is a link with allowed &quot;rel&quot; attribute: <a href="http://example.com/" rel="tag">example.com</a>
-    this is a link with not allowed &quot;rel&quot; attribute: <a href="http://example.com/">example.com</a>
-    this is an image: <img src="http://example.com/image.jpg"/><br/>
-    alert(&#39;hacked&#39;)
-    """
+  @expected """
+  <b>this is in bold</b>
+  <p>this is a paragraph</p>
+  this is a linebreak<br/>
+  this is a link with allowed &quot;rel&quot; attribute: <a href="http://example.com/" rel="tag">example.com</a>
+  this is a link with not allowed &quot;rel&quot; attribute: <a href="http://example.com/">example.com</a>
+  this is an image: <img src="http://example.com/image.jpg"/><br/>
+  alert(&#39;hacked&#39;)
+  """
 
+  test "it filter html tags" do
     message = %{"type" => "Create", "object" => %{"content" => @html_sample}}
 
     assert {:ok, res} = NormalizeMarkup.filter(message)
-    assert res["object"]["content"] == expected
+    assert res["object"]["content"] == @expected
   end
 
-  test "it skips filter if type isn't `Create`" do
+  test "history-aware" do
+    message = %{
+      "type" => "Create",
+      "object" => %{
+        "content" => @html_sample,
+        "formerRepresentations" => %{"orderedItems" => [%{"content" => @html_sample}]}
+      }
+    }
+
+    assert {:ok, res} = MRF.filter_one(NormalizeMarkup, message)
+
+    assert %{
+             "content" => @expected,
+             "formerRepresentations" => %{"orderedItems" => [%{"content" => @expected}]}
+           } = res["object"]
+  end
+
+  test "works with Updates" do
+    message = %{
+      "type" => "Update",
+      "object" => %{
+        "content" => @html_sample,
+        "formerRepresentations" => %{"orderedItems" => [%{"content" => @html_sample}]}
+      }
+    }
+
+    assert {:ok, res} = MRF.filter_one(NormalizeMarkup, message)
+
+    assert %{
+             "content" => @expected,
+             "formerRepresentations" => %{"orderedItems" => [%{"content" => @expected}]}
+           } = res["object"]
+  end
+
+  test "it skips filter if type isn't `Create` or `Update`" do
     message = %{"type" => "Note", "object" => %{}}
 
     assert {:ok, res} = NormalizeMarkup.filter(message)

test/pleroma/web/activity_pub/mrf/simple_policy_test.exs

@@ -57,6 +57,16 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
 
       assert SimplePolicy.filter(local_message) == {:ok, local_message}
     end
+
+    test "works with Updates" do
+      clear_config([:mrf_simple, :media_removal], [{"remote.instance", "Some reason"}])
+      media_message = build_media_message(type: "Update")
+
+      assert SimplePolicy.filter(media_message) ==
+               {:ok,
+                media_message
+                |> Map.put("object", Map.delete(media_message["object"], "attachment"))}
+    end
   end
 
   describe "when :media_nsfw" do
@@ -90,12 +100,20 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
 
       assert SimplePolicy.filter(local_message) == {:ok, local_message}
     end
+
+    test "works with Updates" do
+      clear_config([:mrf_simple, :media_nsfw], [{"remote.instance", "Whetever"}])
+      media_message = build_media_message(type: "Update")
+
+      assert SimplePolicy.filter(media_message) ==
+               {:ok, put_in(media_message, ["object", "sensitive"], true)}
+    end
   end
 
-  defp build_media_message do
+  defp build_media_message(opts \\ []) do
     %{
       "actor" => "https://remote.instance/users/bob",
-      "type" => "Create",
+      "type" => opts[:type] || "Create",
       "object" => %{
         "attachment" => [%{}],
         "tag" => ["foo"],

test/pleroma/web/activity_pub/mrf/steal_emoji_policy_test.exs

@@ -60,7 +60,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicyTest do
            |> File.exists?()
   end
 
-  test "reject shortcode", %{message: message} do
+  test "reject regex shortcode", %{message: message} do
     refute "firedfox" in installed()
 
     clear_config(:mrf_steal_emoji,
@@ -74,6 +74,20 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicyTest do
     refute "firedfox" in installed()
   end
 
+  test "reject string shortcode", %{message: message} do
+    refute "firedfox" in installed()
+
+    clear_config(:mrf_steal_emoji,
+      hosts: ["example.org"],
+      size_limit: 284_468,
+      rejected_shortcodes: ["firedfox"]
+    )
+
+    assert {:ok, _message} = StealEmojiPolicy.filter(message)
+
+    refute "firedfox" in installed()
+  end
+
   test "reject if size is above the limit", %{message: message} do
     refute "firedfox" in installed()
 

test/pleroma/web/activity_pub/mrf/tag_policy_test.exs

@@ -99,6 +99,24 @@ defmodule Pleroma.Web.ActivityPub.MRF.TagPolicyTest do
 
       assert TagPolicy.filter(message) == {:ok, except_message}
     end
+
+    test "removes attachments in Updates" do
+      actor = insert(:user, tags: ["mrf_tag:media-strip"])
+
+      message = %{
+        "actor" => actor.ap_id,
+        "type" => "Update",
+        "object" => %{"attachment" => ["file1"]}
+      }
+
+      except_message = %{
+        "actor" => actor.ap_id,
+        "type" => "Update",
+        "object" => %{}
+      }
+
+      assert TagPolicy.filter(message) == {:ok, except_message}
+    end
   end
 
   describe "mrf_tag:media-force-nsfw" do
@@ -119,5 +137,23 @@ defmodule Pleroma.Web.ActivityPub.MRF.TagPolicyTest do
 
       assert TagPolicy.filter(message) == {:ok, except_message}
     end
+
+    test "Mark as sensitive on presence of attachments in Updates" do
+      actor = insert(:user, tags: ["mrf_tag:media-force-nsfw"])
+
+      message = %{
+        "actor" => actor.ap_id,
+        "type" => "Update",
+        "object" => %{"tag" => ["test"], "attachment" => ["file1"]}
+      }
+
+      except_message = %{
+        "actor" => actor.ap_id,
+        "type" => "Update",
+        "object" => %{"tag" => ["test"], "attachment" => ["file1"], "sensitive" => true}
+      }
+
+      assert TagPolicy.filter(message) == {:ok, except_message}
+    end
   end
 end

test/pleroma/web/activity_pub/object_validators/article_note_page_validator_test.exs

@@ -5,6 +5,7 @@
 defmodule Pleroma.Web.ActivityPub.ObjectValidators.ArticleNotePageValidatorTest do
   use Pleroma.DataCase, async: true
 
+  alias Pleroma.Web.ActivityPub.ObjectValidator
   alias Pleroma.Web.ActivityPub.ObjectValidators.ArticleNotePageValidator
   alias Pleroma.Web.ActivityPub.Utils
 
@@ -31,6 +32,54 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.ArticleNotePageValidatorTest
     test "a basic note validates", %{note: note} do
       %{valid?: true} = ArticleNotePageValidator.cast_and_validate(note)
     end
+
+    test "a note from factory validates" do
+      note = insert(:note)
+      %{valid?: true} = ArticleNotePageValidator.cast_and_validate(note.data)
+    end
+  end
+
+  describe "Note with history" do
+    setup do
+      user = insert(:user)
+      {:ok, activity} = Pleroma.Web.CommonAPI.post(user, %{status: "mew mew :dinosaur:"})
+      {:ok, edit} = Pleroma.Web.CommonAPI.update(user, activity, %{status: "edited :blank:"})
+
+      {:ok, %{"object" => external_rep}} =
+        Pleroma.Web.ActivityPub.Transmogrifier.prepare_outgoing(edit.data)
+
+      %{external_rep: external_rep}
+    end
+
+    test "edited note", %{external_rep: external_rep} do
+      assert %{"formerRepresentations" => %{"orderedItems" => [%{"tag" => [_]}]}} = external_rep
+
+      {:ok, validate_res, []} = ObjectValidator.validate(external_rep, [])
+
+      assert %{"formerRepresentations" => %{"orderedItems" => [%{"emoji" => %{"dinosaur" => _}}]}} =
+               validate_res
+    end
+
+    test "edited note, badly-formed formerRepresentations", %{external_rep: external_rep} do
+      external_rep = Map.put(external_rep, "formerRepresentations", %{})
+
+      assert {:error, _} = ObjectValidator.validate(external_rep, [])
+    end
+
+    test "edited note, badly-formed history item", %{external_rep: external_rep} do
+      history_item =
+        Enum.at(external_rep["formerRepresentations"]["orderedItems"], 0)
+        |> Map.put("type", "Foo")
+
+      external_rep =
+        put_in(
+          external_rep,
+          ["formerRepresentations", "orderedItems"],
+          [history_item]
+        )
+
+      assert {:error, _} = ObjectValidator.validate(external_rep, [])
+    end
   end
 
   test "a Note from Roadhouse validates" do
@@ -43,4 +92,28 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.ArticleNotePageValidatorTest
 
     %{valid?: true} = ArticleNotePageValidator.cast_and_validate(note)
   end
+
+  test "a note with an attachment should work", _ do
+    insert(:user, %{ap_id: "https://owncast.localhost.localdomain/federation/user/streamer"})
+
+    note =
+      "test/fixtures/owncast-note-with-attachment.json"
+      |> File.read!()
+      |> Jason.decode!()
+
+    %{valid?: true} = ArticleNotePageValidator.cast_and_validate(note)
+  end
+
+  test "a Note without replies/first/items validates" do
+    insert(:user, ap_id: "https://mastodon.social/users/emelie")
+
+    note =
+      "test/fixtures/tesla_mock/status.emelie.json"
+      |> File.read!()
+      |> Jason.decode!()
+      |> pop_in(["replies", "first", "items"])
+      |> elem(1)
+
+    %{valid?: true} = ArticleNotePageValidator.cast_and_validate(note)
+  end
 end

test/pleroma/web/activity_pub/object_validators/attachment_validator_test.exs

@@ -11,6 +11,19 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.AttachmentValidatorTest do
   import Pleroma.Factory
 
   describe "attachments" do
+    test "fails without url" do
+      attachment = %{
+        "mediaType" => "",
+        "name" => "",
+        "summary" => "298p3RG7j27tfsZ9RQ.jpg",
+        "type" => "Document"
+      }
+
+      assert {:error, _cng} =
+               AttachmentValidator.cast_and_validate(attachment)
+               |> Ecto.Changeset.apply_action(:insert)
+    end
+
     test "works with honkerific attachments" do
       attachment = %{
         "mediaType" => "",
@@ -27,6 +40,46 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.AttachmentValidatorTest do
       assert attachment.mediaType == "application/octet-stream"
     end
 
+    test "works with an unknown but valid mime type" do
+      attachment = %{
+        "mediaType" => "x-custom/x-type",
+        "type" => "Document",
+        "url" => "https://example.org"
+      }
+
+      assert {:ok, attachment} =
+               AttachmentValidator.cast_and_validate(attachment)
+               |> Ecto.Changeset.apply_action(:insert)
+
+      assert attachment.mediaType == "x-custom/x-type"
+    end
+
+    test "works with invalid mime types" do
+      attachment = %{
+        "mediaType" => "x-customx-type",
+        "type" => "Document",
+        "url" => "https://example.org"
+      }
+
+      assert {:ok, attachment} =
+               AttachmentValidator.cast_and_validate(attachment)
+               |> Ecto.Changeset.apply_action(:insert)
+
+      assert attachment.mediaType == "application/octet-stream"
+
+      attachment = %{
+        "mediaType" => "https://example.org",
+        "type" => "Document",
+        "url" => "https://example.org"
+      }
+
+      assert {:ok, attachment} =
+               AttachmentValidator.cast_and_validate(attachment)
+               |> Ecto.Changeset.apply_action(:insert)
+
+      assert attachment.mediaType == "application/octet-stream"
+    end
+
     test "it turns mastodon attachments into our attachments" do
       attachment = %{
         "url" =>

test/pleroma/web/activity_pub/object_validators/create_generic_validator_test.exs

@@ -23,10 +23,10 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.CreateGenericValidatorTest do
     {:ok, object_data} = ObjectValidator.cast_and_apply(note_activity["object"])
     meta = [object_data: ObjectValidator.stringify_keys(object_data)]
 
-    %{valid?: true} = CreateGenericValidator.cast_and_validate(note_activity, meta)
+    assert %{valid?: true} = CreateGenericValidator.cast_and_validate(note_activity, meta)
   end
 
-  test "a Create/Note with mismatched context is invalid" do
+  test "a Create/Note with mismatched context uses the Note's context" do
     user = insert(:user)
 
     note = %{
@@ -54,6 +54,9 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.CreateGenericValidatorTest do
     {:ok, object_data} = ObjectValidator.cast_and_apply(note_activity["object"])
     meta = [object_data: ObjectValidator.stringify_keys(object_data)]
 
-    %{valid?: false} = CreateGenericValidator.cast_and_validate(note_activity, meta)
+    validated = CreateGenericValidator.cast_and_validate(note_activity, meta)
+
+    assert validated.valid?
+    assert {:context, note["context"]} in validated.changes
   end
 end

test/pleroma/web/activity_pub/object_validators/delete_validation_test.exs

@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.ActivityPub.ObjectValidators.DeleteValidationTest do
-  use Pleroma.DataCase, async: true
+  use Pleroma.DataCase, async: false
 
   alias Pleroma.Object
   alias Pleroma.Web.ActivityPub.Builder
@@ -90,17 +90,26 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.DeleteValidationTest do
       assert {:actor, {"is not allowed to modify object", []}} in cng.errors
     end
 
-    test "it's valid if the actor of the object is a local superuser",
+    test "it's only valid if the actor of the object is a privileged local user",
          %{valid_post_delete: valid_post_delete} do
+      clear_config([:instance, :moderator_privileges], [:messages_delete])
+
       user =
         insert(:user, local: true, is_moderator: true, ap_id: "https://gensokyo.2hu/users/raymoo")
 
-      valid_other_actor =
+      post_delete_with_moderator_actor =
         valid_post_delete
         |> Map.put("actor", user.ap_id)
 
-      {:ok, _, meta} = ObjectValidator.validate(valid_other_actor, [])
+      {:ok, _, meta} = ObjectValidator.validate(post_delete_with_moderator_actor, [])
+
       assert meta[:do_not_federate]
+
+      clear_config([:instance, :moderator_privileges], [])
+
+      {:error, cng} = ObjectValidator.validate(post_delete_with_moderator_actor, [])
+
+      assert {:actor, {"is not allowed to modify object", []}} in cng.errors
     end
   end
 end

test/pleroma/web/activity_pub/object_validators/update_handling_test.exs

@@ -32,7 +32,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.UpdateHandlingTest do
     test "returns an error if the object can't be updated by the actor", %{
       valid_update: valid_update
     } do
-      other_user = insert(:user)
+      other_user = insert(:user, local: false)
 
       update =
         valid_update
@@ -40,5 +40,129 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.UpdateHandlingTest do
 
       assert {:error, _cng} = ObjectValidator.validate(update, [])
     end
+
+    test "validates as long as the object is same-origin with the actor", %{
+      valid_update: valid_update
+    } do
+      other_user = insert(:user)
+
+      update =
+        valid_update
+        |> Map.put("actor", other_user.ap_id)
+
+      assert {:ok, _update, []} = ObjectValidator.validate(update, [])
+    end
+
+    test "validates if the object is not of an Actor type" do
+      note = insert(:note)
+      updated_note = note.data |> Map.put("content", "edited content")
+      other_user = insert(:user)
+
+      {:ok, update, _} = Builder.update(other_user, updated_note)
+
+      assert {:ok, _update, _} = ObjectValidator.validate(update, [])
+    end
+  end
+
+  describe "update note" do
+    test "converts object into Pleroma's format" do
+      mastodon_tags = [
+        %{
+          "icon" => %{
+            "mediaType" => "image/png",
+            "type" => "Image",
+            "url" => "https://somewhere.org/emoji/url/1.png"
+          },
+          "id" => "https://somewhere.org/emoji/1",
+          "name" => ":some_emoji:",
+          "type" => "Emoji",
+          "updated" => "2021-04-07T11:00:00Z"
+        }
+      ]
+
+      user = insert(:user)
+      note = insert(:note, user: user)
+
+      updated_note =
+        note.data
+        |> Map.put("content", "edited content")
+        |> Map.put("tag", mastodon_tags)
+
+      {:ok, update, _} = Builder.update(user, updated_note)
+
+      assert {:ok, _update, meta} = ObjectValidator.validate(update, [])
+
+      assert %{"emoji" => %{"some_emoji" => "https://somewhere.org/emoji/url/1.png"}} =
+               meta[:object_data]
+    end
+
+    test "returns no object_data in meta for a local Update" do
+      user = insert(:user)
+      note = insert(:note, user: user)
+
+      updated_note =
+        note.data
+        |> Map.put("content", "edited content")
+
+      {:ok, update, _} = Builder.update(user, updated_note)
+
+      assert {:ok, _update, meta} = ObjectValidator.validate(update, local: true)
+      assert is_nil(meta[:object_data])
+    end
+
+    test "returns object_data in meta for a remote Update" do
+      user = insert(:user)
+      note = insert(:note, user: user)
+
+      updated_note =
+        note.data
+        |> Map.put("content", "edited content")
+
+      {:ok, update, _} = Builder.update(user, updated_note)
+
+      assert {:ok, _update, meta} = ObjectValidator.validate(update, local: false)
+      assert meta[:object_data]
+
+      assert {:ok, _update, meta} = ObjectValidator.validate(update, [])
+      assert meta[:object_data]
+    end
+  end
+
+  describe "update with history" do
+    setup do
+      user = insert(:user)
+      {:ok, activity} = Pleroma.Web.CommonAPI.post(user, %{status: "mew mew :dinosaur:"})
+      {:ok, edit} = Pleroma.Web.CommonAPI.update(user, activity, %{status: "edited :blank:"})
+      {:ok, external_rep} = Pleroma.Web.ActivityPub.Transmogrifier.prepare_outgoing(edit.data)
+      %{external_rep: external_rep}
+    end
+
+    test "edited note", %{external_rep: external_rep} do
+      {:ok, _validate_res, meta} = ObjectValidator.validate(external_rep, [])
+
+      assert %{"formerRepresentations" => %{"orderedItems" => [%{"emoji" => %{"dinosaur" => _}}]}} =
+               meta[:object_data]
+    end
+
+    test "edited note, badly-formed formerRepresentations", %{external_rep: external_rep} do
+      external_rep = put_in(external_rep, ["object", "formerRepresentations"], %{})
+
+      assert {:error, _} = ObjectValidator.validate(external_rep, [])
+    end
+
+    test "edited note, badly-formed history item", %{external_rep: external_rep} do
+      history_item =
+        Enum.at(external_rep["object"]["formerRepresentations"]["orderedItems"], 0)
+        |> Map.put("type", "Foo")
+
+      external_rep =
+        put_in(
+          external_rep,
+          ["object", "formerRepresentations", "orderedItems"],
+          [history_item]
+        )
+
+      assert {:error, _} = ObjectValidator.validate(external_rep, [])
+    end
   end
 end

test/pleroma/web/activity_pub/side_effects_test.exs

@@ -118,7 +118,10 @@ defmodule Pleroma.Web.ActivityPub.SideEffectsTest do
   describe "update users" do
     setup do
       user = insert(:user, local: false)
-      {:ok, update_data, []} = Builder.update(user, %{"id" => user.ap_id, "name" => "new name!"})
+
+      {:ok, update_data, []} =
+        Builder.update(user, %{"id" => user.ap_id, "type" => "Person", "name" => "new name!"})
+
       {:ok, update, _meta} = ActivityPub.persist(update_data, local: true)
 
       %{user: user, update_data: update_data, update: update}
@@ -140,6 +143,298 @@ defmodule Pleroma.Web.ActivityPub.SideEffectsTest do
     end
   end
 
+  describe "update notes" do
+    setup do
+      make_time = fn ->
+        Pleroma.Web.ActivityPub.Utils.make_date()
+      end
+
+      user = insert(:user)
+      note = insert(:note, user: user, data: %{"published" => make_time.()})
+      _note_activity = insert(:note_activity, note: note)
+
+      updated_note =
+        note.data
+        |> Map.put("summary", "edited summary")
+        |> Map.put("content", "edited content")
+        |> Map.put("updated", make_time.())
+
+      {:ok, update_data, []} = Builder.update(user, updated_note)
+      {:ok, update, _meta} = ActivityPub.persist(update_data, local: true)
+
+      %{
+        user: user,
+        note: note,
+        object_id: note.id,
+        update_data: update_data,
+        update: update,
+        updated_note: updated_note
+      }
+    end
+
+    test "it updates the note", %{
+      object_id: object_id,
+      update: update,
+      updated_note: updated_note
+    } do
+      {:ok, _, _} = SideEffects.handle(update, object_data: updated_note)
+      updated_time = updated_note["updated"]
+
+      new_note = Pleroma.Object.get_by_id(object_id)
+
+      assert %{
+               "summary" => "edited summary",
+               "content" => "edited content",
+               "updated" => ^updated_time
+             } = new_note.data
+    end
+
+    test "it rejects updates with no updated attribute in object", %{
+      object_id: object_id,
+      update: update,
+      updated_note: updated_note
+    } do
+      old_note = Pleroma.Object.get_by_id(object_id)
+      updated_note = Map.drop(updated_note, ["updated"])
+      {:ok, _, _} = SideEffects.handle(update, object_data: updated_note)
+      new_note = Pleroma.Object.get_by_id(object_id)
+      assert old_note.data == new_note.data
+    end
+
+    test "it rejects updates with updated attribute older than what we have in the original object",
+         %{
+           object_id: object_id,
+           update: update,
+           updated_note: updated_note
+         } do
+      old_note = Pleroma.Object.get_by_id(object_id)
+      {:ok, creation_time, _} = DateTime.from_iso8601(old_note.data["published"])
+
+      updated_note =
+        Map.put(updated_note, "updated", DateTime.to_iso8601(DateTime.add(creation_time, -10)))
+
+      {:ok, _, _} = SideEffects.handle(update, object_data: updated_note)
+      new_note = Pleroma.Object.get_by_id(object_id)
+      assert old_note.data == new_note.data
+    end
+
+    test "it rejects updates with updated attribute older than the last Update", %{
+      object_id: object_id,
+      update: update,
+      updated_note: updated_note
+    } do
+      old_note = Pleroma.Object.get_by_id(object_id)
+      {:ok, creation_time, _} = DateTime.from_iso8601(old_note.data["published"])
+
+      updated_note =
+        Map.put(updated_note, "updated", DateTime.to_iso8601(DateTime.add(creation_time, +10)))
+
+      {:ok, _, _} = SideEffects.handle(update, object_data: updated_note)
+
+      old_note = Pleroma.Object.get_by_id(object_id)
+      {:ok, update_time, _} = DateTime.from_iso8601(old_note.data["updated"])
+
+      updated_note =
+        Map.put(updated_note, "updated", DateTime.to_iso8601(DateTime.add(update_time, -5)))
+
+      {:ok, _, _} = SideEffects.handle(update, object_data: updated_note)
+
+      new_note = Pleroma.Object.get_by_id(object_id)
+      assert old_note.data == new_note.data
+    end
+
+    test "it updates using object_data", %{
+      object_id: object_id,
+      update: update,
+      updated_note: updated_note
+    } do
+      updated_note = Map.put(updated_note, "summary", "mew mew")
+      {:ok, _, _} = SideEffects.handle(update, object_data: updated_note)
+      new_note = Pleroma.Object.get_by_id(object_id)
+      assert %{"summary" => "mew mew", "content" => "edited content"} = new_note.data
+    end
+
+    test "it records the original note in formerRepresentations", %{
+      note: note,
+      object_id: object_id,
+      update: update,
+      updated_note: updated_note
+    } do
+      {:ok, _, _} = SideEffects.handle(update, object_data: updated_note)
+      %{data: new_note} = Pleroma.Object.get_by_id(object_id)
+      assert %{"summary" => "edited summary", "content" => "edited content"} = new_note
+
+      assert [Map.drop(note.data, ["id", "formerRepresentations"])] ==
+               new_note["formerRepresentations"]["orderedItems"]
+
+      assert new_note["formerRepresentations"]["totalItems"] == 1
+    end
+
+    test "it puts the original note at the front of formerRepresentations", %{
+      user: user,
+      note: note,
+      object_id: object_id,
+      update: update,
+      updated_note: updated_note
+    } do
+      {:ok, _, _} = SideEffects.handle(update, object_data: updated_note)
+      %{data: first_edit} = Pleroma.Object.get_by_id(object_id)
+
+      second_updated_note =
+        note.data
+        |> Map.put("summary", "edited summary 2")
+        |> Map.put("content", "edited content 2")
+        |> Map.put(
+          "updated",
+          first_edit["updated"]
+          |> DateTime.from_iso8601()
+          |> elem(1)
+          |> DateTime.add(10)
+          |> DateTime.to_iso8601()
+        )
+
+      {:ok, second_update_data, []} = Builder.update(user, second_updated_note)
+      {:ok, update, _meta} = ActivityPub.persist(second_update_data, local: true)
+      {:ok, _, _} = SideEffects.handle(update, object_data: second_updated_note)
+      %{data: new_note} = Pleroma.Object.get_by_id(object_id)
+      assert %{"summary" => "edited summary 2", "content" => "edited content 2"} = new_note
+
+      original_version = Map.drop(note.data, ["id", "formerRepresentations"])
+      first_edit = Map.drop(first_edit, ["id", "formerRepresentations"])
+
+      assert [first_edit, original_version] ==
+               new_note["formerRepresentations"]["orderedItems"]
+
+      assert new_note["formerRepresentations"]["totalItems"] == 2
+    end
+
+    test "it does not prepend to formerRepresentations if no actual changes are made", %{
+      note: note,
+      object_id: object_id,
+      update: update,
+      updated_note: updated_note
+    } do
+      {:ok, _, _} = SideEffects.handle(update, object_data: updated_note)
+      %{data: first_edit} = Pleroma.Object.get_by_id(object_id)
+
+      updated_note =
+        updated_note
+        |> Map.put(
+          "updated",
+          first_edit["updated"]
+          |> DateTime.from_iso8601()
+          |> elem(1)
+          |> DateTime.add(10)
+          |> DateTime.to_iso8601()
+        )
+
+      {:ok, _, _} = SideEffects.handle(update, object_data: updated_note)
+      %{data: new_note} = Pleroma.Object.get_by_id(object_id)
+      assert %{"summary" => "edited summary", "content" => "edited content"} = new_note
+
+      original_version = Map.drop(note.data, ["id", "formerRepresentations"])
+
+      assert [original_version] ==
+               new_note["formerRepresentations"]["orderedItems"]
+
+      assert new_note["formerRepresentations"]["totalItems"] == 1
+    end
+  end
+
+  describe "update questions" do
+    setup do
+      user = insert(:user)
+
+      question =
+        insert(:question,
+          user: user,
+          data: %{"published" => Pleroma.Web.ActivityPub.Utils.make_date()}
+        )
+
+      %{user: user, data: question.data, id: question.id}
+    end
+
+    test "allows updating choice count without generating edit history", %{
+      user: user,
+      data: data,
+      id: id
+    } do
+      new_choices =
+        data["oneOf"]
+        |> Enum.map(fn choice -> put_in(choice, ["replies", "totalItems"], 5) end)
+
+      updated_question =
+        data
+        |> Map.put("oneOf", new_choices)
+        |> Map.put("updated", Pleroma.Web.ActivityPub.Utils.make_date())
+
+      {:ok, update_data, []} = Builder.update(user, updated_question)
+      {:ok, update, _meta} = ActivityPub.persist(update_data, local: true)
+
+      {:ok, _, _} = SideEffects.handle(update, object_data: updated_question)
+
+      %{data: new_question} = Pleroma.Object.get_by_id(id)
+
+      assert [%{"replies" => %{"totalItems" => 5}}, %{"replies" => %{"totalItems" => 5}}] =
+               new_question["oneOf"]
+
+      refute Map.has_key?(new_question, "formerRepresentations")
+    end
+
+    test "allows updating choice count without updated field", %{
+      user: user,
+      data: data,
+      id: id
+    } do
+      new_choices =
+        data["oneOf"]
+        |> Enum.map(fn choice -> put_in(choice, ["replies", "totalItems"], 5) end)
+
+      updated_question =
+        data
+        |> Map.put("oneOf", new_choices)
+
+      {:ok, update_data, []} = Builder.update(user, updated_question)
+      {:ok, update, _meta} = ActivityPub.persist(update_data, local: true)
+
+      {:ok, _, _} = SideEffects.handle(update, object_data: updated_question)
+
+      %{data: new_question} = Pleroma.Object.get_by_id(id)
+
+      assert [%{"replies" => %{"totalItems" => 5}}, %{"replies" => %{"totalItems" => 5}}] =
+               new_question["oneOf"]
+
+      refute Map.has_key?(new_question, "formerRepresentations")
+    end
+
+    test "allows updating choice count with updated field same as the creation date", %{
+      user: user,
+      data: data,
+      id: id
+    } do
+      new_choices =
+        data["oneOf"]
+        |> Enum.map(fn choice -> put_in(choice, ["replies", "totalItems"], 5) end)
+
+      updated_question =
+        data
+        |> Map.put("oneOf", new_choices)
+        |> Map.put("updated", data["published"])
+
+      {:ok, update_data, []} = Builder.update(user, updated_question)
+      {:ok, update, _meta} = ActivityPub.persist(update_data, local: true)
+
+      {:ok, _, _} = SideEffects.handle(update, object_data: updated_question)
+
+      %{data: new_question} = Pleroma.Object.get_by_id(id)
+
+      assert [%{"replies" => %{"totalItems" => 5}}, %{"replies" => %{"totalItems" => 5}}] =
+               new_question["oneOf"]
+
+      refute Map.has_key?(new_question, "formerRepresentations")
+    end
+  end
+
   describe "EmojiReact objects" do
     setup do
       poster = insert(:user)
@@ -544,9 +839,7 @@ defmodule Pleroma.Web.ActivityPub.SideEffectsTest do
       ]) do
         {:ok, announce, _} = SideEffects.handle(announce)
 
-        assert called(
-                 Pleroma.Web.Streamer.stream(["user", "list", "public", "public:local"], announce)
-               )
+        assert called(Pleroma.Web.Streamer.stream(["user", "list"], announce))
 
         assert called(Pleroma.Web.Push.send(:_))
       end

test/pleroma/web/activity_pub/transmogrifier/emoji_react_handling_test.exs

@@ -37,6 +37,37 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier.EmojiReactHandlingTest do
     assert match?([["👌", _]], object.data["reactions"])
   end
 
+  test "it works for incoming unqualified emoji reactions" do
+    user = insert(:user)
+    other_user = insert(:user, local: false)
+    {:ok, activity} = CommonAPI.post(user, %{status: "hello"})
+
+    # woman detective emoji, unqualified
+    unqualified_emoji = [0x1F575, 0x200D, 0x2640] |> List.to_string()
+
+    data =
+      File.read!("test/fixtures/emoji-reaction.json")
+      |> Jason.decode!()
+      |> Map.put("object", activity.data["object"])
+      |> Map.put("actor", other_user.ap_id)
+      |> Map.put("content", unqualified_emoji)
+
+    {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
+
+    assert data["actor"] == other_user.ap_id
+    assert data["type"] == "EmojiReact"
+    assert data["id"] == "http://mastodon.example.org/users/admin#reactions/2"
+    assert data["object"] == activity.data["object"]
+    # woman detective emoji, fully qualified
+    emoji = [0x1F575, 0xFE0F, 0x200D, 0x2640, 0xFE0F] |> List.to_string()
+    assert data["content"] == emoji
+
+    object = Object.get_by_ap_id(data["object"])
+
+    assert object.data["reaction_count"] == 1
+    assert match?([[^emoji, _]], object.data["reactions"])
+  end
+
   test "it reject invalid emoji reactions" do
     user = insert(:user)
     other_user = insert(:user, local: false)

test/pleroma/web/activity_pub/transmogrifier/note_handling_test.exs

@@ -104,6 +104,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier.NoteHandlingTest do
       end
     end
 
+    @tag capture_log: true
     test "it does not crash if the object in inReplyTo can't be fetched" do
       data =
         File.read!("test/fixtures/mastodon-post-activity.json")
@@ -707,4 +708,43 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier.NoteHandlingTest do
              }
            ]
   end
+
+  test "the standalone note uses its own ID when context is missing" do
+    insert(:user, ap_id: "https://mk.absturztau.be/users/8ozbzjs3o8")
+
+    activity =
+      "test/fixtures/tesla_mock/mk.absturztau.be-93e7nm8wqg-activity.json"
+      |> File.read!()
+      |> Jason.decode!()
+
+    {:ok, %Activity{} = modified} = Transmogrifier.handle_incoming(activity)
+    object = Object.normalize(modified, fetch: false)
+
+    assert object.data["context"] == object.data["id"]
+    assert modified.data["context"] == object.data["id"]
+  end
+
+  @tag capture_log: true
+  test "the reply note uses its parent's ID when context is missing and reply is unreachable" do
+    insert(:user, ap_id: "https://mk.absturztau.be/users/8ozbzjs3o8")
+
+    activity =
+      "test/fixtures/tesla_mock/mk.absturztau.be-93e7nm8wqg-activity.json"
+      |> File.read!()
+      |> Jason.decode!()
+
+    object =
+      activity["object"]
+      |> Map.put("inReplyTo", "https://404.site/object/went-to-buy-milk")
+
+    activity =
+      activity
+      |> Map.put("object", object)
+
+    {:ok, %Activity{} = modified} = Transmogrifier.handle_incoming(activity)
+    object = Object.normalize(modified, fetch: false)
+
+    assert object.data["context"] == object.data["inReplyTo"]
+    assert modified.data["context"] == object.data["inReplyTo"]
+  end
 end

test/pleroma/web/activity_pub/transmogrifier/question_handling_test.exs

@@ -33,8 +33,6 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier.QuestionHandlingTest do
     assert object.data["context"] ==
              "tag:mastodon.sdf.org,2019-05-10:objectId=15095122:objectType=Conversation"
 
-    assert object.data["context_id"]
-
     assert object.data["anyOf"] == []
 
     assert Enum.sort(object.data["oneOf"]) ==
@@ -68,7 +66,6 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier.QuestionHandlingTest do
     reply_object = Object.normalize(reply_activity, fetch: false)
 
     assert reply_object.data["context"] == object.data["context"]
-    assert reply_object.data["context_id"] == object.data["context_id"]
   end
 
   test "Mastodon Question activity with HTML tags in plaintext" do

test/pleroma/web/activity_pub/transmogrifier_test.exs

@@ -61,7 +61,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
 
       note_obj = %{
         "type" => "Note",
-        "id" => activity.data["id"],
+        "id" => activity.object.data["id"],
         "content" => "test post",
         "published" => object.data["published"],
         "actor" => AccountView.render("show.json", %{user: user, skip_visibility_check: true})
@@ -108,15 +108,20 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
       assert activity.data["type"] == "Move"
     end
 
-    test "a reply with mismatched context is rejected" do
-      insert(:user, ap_id: "https://macgirvin.com/channel/mike")
+    test "it fixes both the Create and object contexts in a reply" do
+      insert(:user, ap_id: "https://mk.absturztau.be/users/8ozbzjs3o8")
+      insert(:user, ap_id: "https://p.helene.moe/users/helene")
 
-      note_activity =
-        "test/fixtures/roadhouse-create-activity.json"
+      create_activity =
+        "test/fixtures/create-pleroma-reply-to-misskey-thread.json"
         |> File.read!()
         |> Jason.decode!()
 
-      assert {:error, _} = Transmogrifier.handle_incoming(note_activity)
+      assert {:ok, %Activity{} = activity} = Transmogrifier.handle_incoming(create_activity)
+
+      object = Object.normalize(activity, fetch: false)
+
+      assert activity.data["context"] == object.data["context"]
     end
   end
 
@@ -227,7 +232,6 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
       assert is_nil(modified["object"]["like_count"])
       assert is_nil(modified["object"]["announcements"])
       assert is_nil(modified["object"]["announcement_count"])
-      assert is_nil(modified["object"]["context_id"])
       assert is_nil(modified["object"]["generator"])
     end
 
@@ -242,7 +246,6 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
       assert is_nil(modified["object"]["like_count"])
       assert is_nil(modified["object"]["announcements"])
       assert is_nil(modified["object"]["announcement_count"])
-      assert is_nil(modified["object"]["context_id"])
       assert is_nil(modified["object"]["likes"])
     end
 
@@ -312,6 +315,28 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
 
       assert url == "http://localhost:4001/emoji/dino%20walking.gif"
     end
+
+    test "Updates of Notes are handled" do
+      user = insert(:user)
+
+      {:ok, activity} = CommonAPI.post(user, %{status: "everybody do the dinosaur :dinosaur:"})
+      {:ok, update} = CommonAPI.update(user, activity, %{status: "mew mew :blank:"})
+
+      {:ok, prepared} = Transmogrifier.prepare_outgoing(update.data)
+
+      assert %{
+               "content" => "mew mew :blank:",
+               "tag" => [%{"name" => ":blank:", "type" => "Emoji"}],
+               "formerRepresentations" => %{
+                 "orderedItems" => [
+                   %{
+                     "content" => "everybody do the dinosaur :dinosaur:",
+                     "tag" => [%{"name" => ":dinosaur:", "type" => "Emoji"}]
+                   }
+                 ]
+               }
+             } = prepared["object"]
+    end
   end
 
   describe "user upgrade" do
@@ -575,4 +600,43 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
       assert Transmogrifier.fix_attachments(object) == expected
     end
   end
+
+  describe "prepare_object/1" do
+    test "it processes history" do
+      original = %{
+        "formerRepresentations" => %{
+          "orderedItems" => [
+            %{
+              "generator" => %{},
+              "emoji" => %{"blobcat" => "http://localhost:4001/emoji/blobcat.png"}
+            }
+          ]
+        }
+      }
+
+      processed = Transmogrifier.prepare_object(original)
+
+      history_item = Enum.at(processed["formerRepresentations"]["orderedItems"], 0)
+
+      refute Map.has_key?(history_item, "generator")
+
+      assert [%{"name" => ":blobcat:"}] = history_item["tag"]
+    end
+
+    test "it works when there is no or bad history" do
+      original = %{
+        "formerRepresentations" => %{
+          "items" => [
+            %{
+              "generator" => %{},
+              "emoji" => %{"blobcat" => "http://localhost:4001/emoji/blobcat.png"}
+            }
+          ]
+        }
+      }
+
+      processed = Transmogrifier.prepare_object(original)
+      assert processed["formerRepresentations"] == original["formerRepresentations"]
+    end
+  end
 end

test/pleroma/web/activity_pub/utils_test.exs

@@ -429,7 +429,6 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
       object = Object.normalize(note_activity, fetch: false)
       res = Utils.lazy_put_activity_defaults(%{"context" => object.data["id"]})
       assert res["context"] == object.data["id"]
-      assert res["context_id"] == object.id
       assert res["id"]
       assert res["published"]
     end
@@ -437,7 +436,6 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
     test "returns map with fake id and published data" do
       assert %{
                "context" => "pleroma:fakecontext",
-               "context_id" => -1,
                "id" => "pleroma:fakeid",
                "published" => _
              } = Utils.lazy_put_activity_defaults(%{}, true)
@@ -454,13 +452,11 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
         })
 
       assert res["context"] == object.data["id"]
-      assert res["context_id"] == object.id
       assert res["id"]
       assert res["published"]
       assert res["object"]["id"]
       assert res["object"]["published"]
       assert res["object"]["context"] == object.data["id"]
-      assert res["object"]["context_id"] == object.id
     end
   end
 
@@ -477,7 +473,7 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
       content = "foobar"
 
       target_ap_id = target_account.ap_id
-      activity_ap_id = activity.data["id"]
+      object_ap_id = activity.object.data["id"]
 
       res =
         Utils.make_flag_data(
@@ -493,7 +489,7 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
 
       note_obj = %{
         "type" => "Note",
-        "id" => activity_ap_id,
+        "id" => object_ap_id,
         "content" => content,
         "published" => activity.object.data["published"],
         "actor" =>
@@ -508,6 +504,49 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
                "state" => "open"
              } = res
     end
+
+    test "returns map with Flag object with a non-Create Activity" do
+      reporter = insert(:user)
+      posting_account = insert(:user)
+      target_account = insert(:user)
+
+      {:ok, activity} = CommonAPI.post(posting_account, %{status: "foobar"})
+      {:ok, like} = CommonAPI.favorite(target_account, activity.id)
+      context = Utils.generate_context_id()
+      content = "foobar"
+
+      target_ap_id = target_account.ap_id
+      object_ap_id = activity.object.data["id"]
+
+      res =
+        Utils.make_flag_data(
+          %{
+            actor: reporter,
+            context: context,
+            account: target_account,
+            statuses: [%{"id" => like.data["id"]}],
+            content: content
+          },
+          %{}
+        )
+
+      note_obj = %{
+        "type" => "Note",
+        "id" => object_ap_id,
+        "content" => content,
+        "published" => activity.object.data["published"],
+        "actor" =>
+          AccountView.render("show.json", %{user: posting_account, skip_visibility_check: true})
+      }
+
+      assert %{
+               "type" => "Flag",
+               "content" => ^content,
+               "context" => ^context,
+               "object" => [^target_ap_id, ^note_obj],
+               "state" => "open"
+             } = res
+    end
   end
 
   describe "add_announce_to_object/2" do

test/pleroma/web/activity_pub/views/object_view_test.exs

@@ -81,4 +81,18 @@ defmodule Pleroma.Web.ActivityPub.ObjectViewTest do
     assert result["object"] == object.data["id"]
     assert result["type"] == "Announce"
   end
+
+  test "renders an undo announce activity" do
+    note = insert(:note_activity)
+    user = insert(:user)
+
+    {:ok, announce} = CommonAPI.repeat(note.id, user)
+    {:ok, undo} = CommonAPI.unrepeat(note.id, user)
+
+    result = ObjectView.render("object.json", %{object: undo})
+
+    assert result["id"] == undo.data["id"]
+    assert result["object"] == announce.data["id"]
+    assert result["type"] == "Undo"
+  end
 end

test/pleroma/web/activity_pub/views/user_view_test.exs

@@ -12,7 +12,6 @@ defmodule Pleroma.Web.ActivityPub.UserViewTest do
 
   test "Renders a user, including the public key" do
     user = insert(:user)
-    {:ok, user} = User.ensure_keys_present(user)
 
     result = UserView.render("user.json", %{user: user})
 
@@ -55,7 +54,6 @@ defmodule Pleroma.Web.ActivityPub.UserViewTest do
 
   test "Does not add an avatar image if the user hasn't set one" do
     user = insert(:user)
-    {:ok, user} = User.ensure_keys_present(user)
 
     result = UserView.render("user.json", %{user: user})
     refute result["icon"]
@@ -67,8 +65,6 @@ defmodule Pleroma.Web.ActivityPub.UserViewTest do
         banner: %{"url" => [%{"href" => "https://somebanner"}]}
       )
 
-    {:ok, user} = User.ensure_keys_present(user)
-
     result = UserView.render("user.json", %{user: user})
     assert result["icon"]["url"] == "https://someurl"
     assert result["image"]["url"] == "https://somebanner"
@@ -89,7 +85,6 @@ defmodule Pleroma.Web.ActivityPub.UserViewTest do
   describe "endpoints" do
     test "local users have a usable endpoints structure" do
       user = insert(:user)
-      {:ok, user} = User.ensure_keys_present(user)
 
       result = UserView.render("user.json", %{user: user})
 
@@ -105,7 +100,6 @@ defmodule Pleroma.Web.ActivityPub.UserViewTest do
 
     test "remote users have an empty endpoints structure" do
       user = insert(:user, local: false)
-      {:ok, user} = User.ensure_keys_present(user)
 
       result = UserView.render("user.json", %{user: user})
 
@@ -115,7 +109,6 @@ defmodule Pleroma.Web.ActivityPub.UserViewTest do
 
     test "instance users do not expose oAuth endpoints" do
       user = insert(:user, nickname: nil, local: true)
-      {:ok, user} = User.ensure_keys_present(user)
 
       result = UserView.render("user.json", %{user: user})
 

test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs

@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
-  use Pleroma.Web.ConnCase
+  use Pleroma.Web.ConnCase, async: false
   use Oban.Testing, repo: Pleroma.Repo
 
   import ExUnit.CaptureLog
@@ -92,18 +92,12 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
 
   describe "PUT /api/pleroma/admin/users/tag" do
     setup %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [:users_manage_tags])
+
       user1 = insert(:user, %{tags: ["x"]})
       user2 = insert(:user, %{tags: ["y"]})
       user3 = insert(:user, %{tags: ["unchanged"]})
 
-      conn =
-        conn
-        |> put_req_header("accept", "application/json")
-        |> put(
-          "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=" <>
-            "#{user2.nickname}&tags[]=foo&tags[]=bar"
-        )
-
       %{conn: conn, user1: user1, user2: user2, user3: user3}
     end
 
@@ -113,6 +107,14 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
       user1: user1,
       user2: user2
     } do
+      conn =
+        conn
+        |> put_req_header("accept", "application/json")
+        |> put(
+          "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=" <>
+            "#{user2.nickname}&tags[]=foo&tags[]=bar"
+        )
+
       assert empty_json_response(conn)
       assert User.get_cached_by_id(user1.id).tags == ["x", "foo", "bar"]
       assert User.get_cached_by_id(user2.id).tags == ["y", "foo", "bar"]
@@ -130,26 +132,43 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
                "@#{admin.nickname} added tags: #{tags} to users: #{users}"
     end
 
-    test "it does not modify tags of not specified users", %{conn: conn, user3: user3} do
+    test "it does not modify tags of not specified users", %{
+      conn: conn,
+      user1: user1,
+      user2: user2,
+      user3: user3
+    } do
+      conn =
+        conn
+        |> put_req_header("accept", "application/json")
+        |> put(
+          "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=" <>
+            "#{user2.nickname}&tags[]=foo&tags[]=bar"
+        )
+
       assert empty_json_response(conn)
       assert User.get_cached_by_id(user3.id).tags == ["unchanged"]
     end
+
+    test "it requires privileged role :users_manage_tags", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      response =
+        conn
+        |> put_req_header("accept", "application/json")
+        |> put("/api/pleroma/admin/users/tag?nicknames[]=nickname&tags[]=foo&tags[]=bar")
+
+      assert json_response(response, :forbidden)
+    end
   end
 
   describe "DELETE /api/pleroma/admin/users/tag" do
     setup %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [:users_manage_tags])
       user1 = insert(:user, %{tags: ["x"]})
       user2 = insert(:user, %{tags: ["y", "z"]})
       user3 = insert(:user, %{tags: ["unchanged"]})
 
-      conn =
-        conn
-        |> put_req_header("accept", "application/json")
-        |> delete(
-          "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=" <>
-            "#{user2.nickname}&tags[]=x&tags[]=z"
-        )
-
       %{conn: conn, user1: user1, user2: user2, user3: user3}
     end
 
@@ -159,6 +178,14 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
       user1: user1,
       user2: user2
     } do
+      conn =
+        conn
+        |> put_req_header("accept", "application/json")
+        |> delete(
+          "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=" <>
+            "#{user2.nickname}&tags[]=x&tags[]=z"
+        )
+
       assert empty_json_response(conn)
       assert User.get_cached_by_id(user1.id).tags == []
       assert User.get_cached_by_id(user2.id).tags == ["y"]
@@ -176,10 +203,34 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
                "@#{admin.nickname} removed tags: #{tags} from users: #{users}"
     end
 
-    test "it does not modify tags of not specified users", %{conn: conn, user3: user3} do
+    test "it does not modify tags of not specified users", %{
+      conn: conn,
+      user1: user1,
+      user2: user2,
+      user3: user3
+    } do
+      conn =
+        conn
+        |> put_req_header("accept", "application/json")
+        |> delete(
+          "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=" <>
+            "#{user2.nickname}&tags[]=x&tags[]=z"
+        )
+
       assert empty_json_response(conn)
       assert User.get_cached_by_id(user3.id).tags == ["unchanged"]
     end
+
+    test "it requires privileged role :users_manage_tags", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      response =
+        conn
+        |> put_req_header("accept", "application/json")
+        |> delete("/api/pleroma/admin/users/tag?nicknames[]=nickname&tags[]=foo&tags[]=bar")
+
+      assert json_response(response, :forbidden)
+    end
   end
 
   describe "/api/pleroma/admin/users/:nickname/permission_group" do
@@ -271,21 +322,38 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
     end
   end
 
-  test "/api/pleroma/admin/users/:nickname/password_reset", %{conn: conn} do
-    user = insert(:user)
+  describe "/api/pleroma/admin/users/:nickname/password_reset" do
+    test "it returns a password reset link", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [:users_manage_credentials])
 
-    conn =
-      conn
-      |> put_req_header("accept", "application/json")
-      |> get("/api/pleroma/admin/users/#{user.nickname}/password_reset")
+      user = insert(:user)
 
-    resp = json_response(conn, 200)
+      conn =
+        conn
+        |> put_req_header("accept", "application/json")
+        |> get("/api/pleroma/admin/users/#{user.nickname}/password_reset")
 
-    assert Regex.match?(~r/(http:\/\/|https:\/\/)/, resp["link"])
+      resp = json_response(conn, 200)
+
+      assert Regex.match?(~r/(http:\/\/|https:\/\/)/, resp["link"])
+    end
+
+    test "it requires privileged role :users_manage_credentials", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      response =
+        conn
+        |> put_req_header("accept", "application/json")
+        |> get("/api/pleroma/admin/users/nickname/password_reset")
+
+      assert json_response(response, :forbidden)
+    end
   end
 
   describe "PUT disable_mfa" do
     test "returns 200 and disable 2fa", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [:users_manage_credentials])
+
       user =
         insert(:user,
           multi_factor_authentication_settings: %MFA.Settings{
@@ -307,6 +375,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
     end
 
     test "returns 404 if user not found", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [:users_manage_credentials])
+
       response =
         conn
         |> put("/api/pleroma/admin/users/disable_mfa", %{nickname: "nickname"})
@@ -314,6 +384,16 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
 
       assert response == %{"error" => "Not found"}
     end
+
+    test "it requires privileged role :users_manage_credentials", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      response =
+        conn
+        |> put("/api/pleroma/admin/users/disable_mfa", %{nickname: "nickname"})
+
+      assert json_response(response, :forbidden)
+    end
   end
 
   describe "GET /api/pleroma/admin/restart" do
@@ -344,6 +424,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
 
   describe "GET /api/pleroma/admin/users/:nickname/statuses" do
     setup do
+      clear_config([:instance, :admin_privileges], [:messages_read])
+
       user = insert(:user)
 
       insert(:note_activity, user: user)
@@ -360,6 +442,14 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
       assert length(activities) == 3
     end
 
+    test "it requires privileged role :messages_read", %{conn: conn, user: user} do
+      clear_config([:instance, :admin_privileges], [])
+
+      conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/statuses")
+
+      assert json_response(conn, :forbidden)
+    end
+
     test "renders user's statuses with pagination", %{conn: conn, user: user} do
       %{"total" => 3, "activities" => [activity1]} =
         conn
@@ -421,21 +511,32 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
 
   describe "GET /api/pleroma/admin/users/:nickname/chats" do
     setup do
+      clear_config([:instance, :admin_privileges], [:messages_read])
+
       user = insert(:user)
+
+      %{user: user}
+    end
+
+    test "renders user's chats", %{conn: conn, user: user} do
       recipients = insert_list(3, :user)
 
       Enum.each(recipients, fn recipient ->
         CommonAPI.post_chat_message(user, recipient, "yo")
       end)
 
-      %{user: user}
-    end
-
-    test "renders user's chats", %{conn: conn, user: user} do
       conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/chats")
 
       assert json_response(conn, 200) |> length() == 3
     end
+
+    test "it requires privileged role :messages_read", %{conn: conn, user: user} do
+      clear_config([:instance, :admin_privileges], [])
+
+      conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/chats")
+
+      assert json_response(conn, :forbidden)
+    end
   end
 
   describe "GET /api/pleroma/admin/users/:nickname/chats unauthorized" do
@@ -471,6 +572,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
 
   describe "GET /api/pleroma/admin/moderation_log" do
     setup do
+      clear_config([:instance, :admin_privileges], [:moderation_log_read])
       moderator = insert(:user, is_moderator: true)
 
       %{moderator: moderator}
@@ -675,6 +777,15 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
       assert get_in(first_entry, ["data", "message"]) ==
                "@#{moderator.nickname} unfollowed relay: https://example.org/relay"
     end
+
+    test "it requires privileged role :moderation_log_read", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      assert conn
+             |> put_req_header("content-type", "multipart/form-data")
+             |> get("/api/pleroma/admin/moderation_log")
+             |> json_response(:forbidden)
+    end
   end
 
   test "gets a remote users when [:instance, :limit_to_local_content] is set to :unauthenticated",
@@ -688,6 +799,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
 
   describe "GET /users/:nickname/credentials" do
     test "gets the user credentials", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [:users_manage_credentials])
       user = insert(:user)
       conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/credentials")
 
@@ -696,6 +808,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
     end
 
     test "returns 403 if requested by a non-admin" do
+      clear_config([:instance, :admin_privileges], [:users_manage_credentials])
       user = insert(:user)
 
       conn =
@@ -705,6 +818,16 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
 
       assert json_response(conn, :forbidden)
     end
+
+    test "it requires privileged role :users_manage_credentials", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      response =
+        conn
+        |> get("/api/pleroma/admin/users/nickname/credentials")
+
+      assert json_response(response, :forbidden)
+    end
   end
 
   describe "PATCH /users/:nickname/credentials" do
@@ -714,6 +837,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
     end
 
     test "changes password and email", %{conn: conn, admin: admin, user: user} do
+      clear_config([:instance, :admin_privileges], [:users_manage_credentials])
+
       assert user.password_reset_pending == false
 
       conn =
@@ -756,6 +881,19 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
       assert json_response(conn, :forbidden)
     end
 
+    test "returns 403 if not privileged with :users_manage_credentials", %{conn: conn, user: user} do
+      clear_config([:instance, :admin_privileges], [])
+
+      conn =
+        patch(conn, "/api/pleroma/admin/users/#{user.nickname}/credentials", %{
+          "password" => "new_password",
+          "email" => "new_email@example.com",
+          "name" => "new_name"
+        })
+
+      assert json_response(conn, :forbidden)
+    end
+
     test "changes actor type from permitted list", %{conn: conn, user: user} do
       assert user.actor_type == "Person"
 
@@ -784,6 +922,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
 
   describe "PATCH /users/:nickname/force_password_reset" do
     test "sets password_reset_pending to true", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [:users_manage_credentials])
       user = insert(:user)
       assert user.password_reset_pending == false
 
@@ -796,10 +935,21 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
 
       assert User.get_by_id(user.id).password_reset_pending == true
     end
+
+    test "it requires privileged role :users_manage_credentials", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      response =
+        conn
+        |> patch("/api/pleroma/admin/users/force_password_reset", %{nickname: "nickname"})
+
+      assert json_response(response, :forbidden)
+    end
   end
 
   describe "PATCH /confirm_email" do
     test "it confirms emails of two users", %{conn: conn, admin: admin} do
+      clear_config([:instance, :admin_privileges], [:users_manage_credentials])
       [first_user, second_user] = insert_pair(:user, is_confirmed: false)
 
       refute first_user.is_confirmed
@@ -826,10 +976,21 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
       assert ModerationLog.get_log_entry_message(log_entry) ==
                "@#{admin.nickname} confirmed email for users: @#{first_user.nickname}, @#{second_user.nickname}"
     end
+
+    test "it requires privileged role :users_manage_credentials", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      response =
+        conn
+        |> patch("/api/pleroma/admin/users/confirm_email", %{nicknames: ["nickname"]})
+
+      assert json_response(response, :forbidden)
+    end
   end
 
   describe "PATCH /resend_confirmation_email" do
     test "it resend emails for two users", %{conn: conn, admin: admin} do
+      clear_config([:instance, :admin_privileges], [:users_manage_credentials])
       [first_user, second_user] = insert_pair(:user, is_confirmed: false)
 
       ret_conn =
@@ -855,9 +1016,23 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
       |> Swoosh.Email.put_private(:hackney_options, ssl_options: [versions: [:"tlsv1.2"]])
       |> assert_email_sent()
     end
+
+    test "it requires privileged role :users_manage_credentials", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      response =
+        conn
+        |> patch("/api/pleroma/admin/users/resend_confirmation_email", %{nicknames: ["nickname"]})
+
+      assert json_response(response, :forbidden)
+    end
   end
 
   describe "/api/pleroma/admin/stats" do
+    setup do
+      clear_config([:instance, :admin_privileges], [:statistics_read])
+    end
+
     test "status visibility count", %{conn: conn} do
       user = insert(:user)
       CommonAPI.post(user, %{visibility: "public", status: "hey"})
@@ -890,6 +1065,14 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
       assert %{"direct" => 0, "private" => 1, "public" => 0, "unlisted" => 1} =
                response["status_visibility"]
     end
+
+    test "it requires privileged role :statistics_read", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      assert conn
+             |> get("/api/pleroma/admin/stats", instance: "lain.wired")
+             |> json_response(:forbidden)
+    end
   end
 
   describe "/api/pleroma/backups" do
@@ -958,6 +1141,34 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
       assert Repo.aggregate(Pleroma.User.Backup, :count) == 2
     end
   end
+
+  describe "POST /api/v1/pleroma/admin/reload_emoji" do
+    setup do
+      clear_config([:instance, :admin_privileges], [:emoji_manage_emoji])
+
+      admin = insert(:user, is_admin: true)
+      token = insert(:oauth_admin_token, user: admin)
+
+      conn =
+        build_conn()
+        |> assign(:user, admin)
+        |> assign(:token, token)
+
+      {:ok, %{conn: conn, admin: admin}}
+    end
+
+    test "it requires privileged role :emoji_manage_emoji", %{conn: conn} do
+      assert conn
+             |> post("/api/v1/pleroma/admin/reload_emoji")
+             |> json_response(200)
+
+      clear_config([:instance, :admin_privileges], [])
+
+      assert conn
+             |> post("/api/v1/pleroma/admin/reload_emoji")
+             |> json_response(:forbidden)
+    end
+  end
 end
 
 # Needed for testing

test/pleroma/web/admin_api/controllers/announcement_controller_test.exs

@@ -0,0 +1,375 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.AdminAPI.AnnouncementControllerTest do
+  use Pleroma.Web.ConnCase, async: false
+
+  import Pleroma.Factory
+
+  setup do
+    clear_config([:instance, :admin_privileges], [:announcements_manage_announcements])
+    admin = insert(:user, is_admin: true)
+    token = insert(:oauth_admin_token, user: admin)
+
+    conn =
+      build_conn()
+      |> assign(:user, admin)
+      |> assign(:token, token)
+
+    {:ok, %{admin: admin, token: token, conn: conn}}
+  end
+
+  describe "GET /api/v1/pleroma/admin/announcements" do
+    test "it lists all announcements", %{conn: conn} do
+      %{id: id} = insert(:announcement)
+
+      response =
+        conn
+        |> get("/api/v1/pleroma/admin/announcements")
+        |> json_response_and_validate_schema(:ok)
+
+      assert [%{"id" => ^id}] = response
+    end
+
+    test "it requires privileged role :announcements_manage_announcements", %{conn: conn} do
+      conn
+      |> get("/api/v1/pleroma/admin/announcements")
+      |> json_response_and_validate_schema(:ok)
+
+      clear_config([:instance, :admin_privileges], [])
+
+      conn
+      |> get("/api/v1/pleroma/admin/announcements")
+      |> json_response(:forbidden)
+    end
+
+    test "it paginates announcements", %{conn: conn} do
+      _announcements = Enum.map(0..20, fn _ -> insert(:announcement) end)
+
+      response =
+        conn
+        |> get("/api/v1/pleroma/admin/announcements")
+        |> json_response_and_validate_schema(:ok)
+
+      assert length(response) == 20
+    end
+
+    test "it paginates announcements with custom params", %{conn: conn} do
+      announcements = Enum.map(0..20, fn _ -> insert(:announcement) end)
+
+      response =
+        conn
+        |> get("/api/v1/pleroma/admin/announcements", limit: 5, offset: 7)
+        |> json_response_and_validate_schema(:ok)
+
+      assert length(response) == 5
+      assert Enum.at(response, 0)["id"] == Enum.at(announcements, 7).id
+    end
+
+    test "it returns empty list with out-of-bounds offset", %{conn: conn} do
+      _announcements = Enum.map(0..20, fn _ -> insert(:announcement) end)
+
+      response =
+        conn
+        |> get("/api/v1/pleroma/admin/announcements", offset: 21)
+        |> json_response_and_validate_schema(:ok)
+
+      assert [] = response
+    end
+
+    test "it rejects invalid pagination params", %{conn: conn} do
+      conn
+      |> get("/api/v1/pleroma/admin/announcements", limit: 0)
+      |> json_response_and_validate_schema(400)
+
+      conn
+      |> get("/api/v1/pleroma/admin/announcements", limit: -1)
+      |> json_response_and_validate_schema(400)
+
+      conn
+      |> get("/api/v1/pleroma/admin/announcements", offset: -1)
+      |> json_response_and_validate_schema(400)
+    end
+  end
+
+  describe "GET /api/v1/pleroma/admin/announcements/:id" do
+    test "it displays one announcement", %{conn: conn} do
+      %{id: id} = insert(:announcement)
+
+      response =
+        conn
+        |> get("/api/v1/pleroma/admin/announcements/#{id}")
+        |> json_response_and_validate_schema(:ok)
+
+      assert %{"id" => ^id} = response
+    end
+
+    test "it requires privileged role :announcements_manage_announcements", %{conn: conn} do
+      %{id: id} = insert(:announcement)
+
+      conn
+      |> get("/api/v1/pleroma/admin/announcements/#{id}")
+      |> json_response_and_validate_schema(:ok)
+
+      clear_config([:instance, :admin_privileges], [])
+
+      conn
+      |> get("/api/v1/pleroma/admin/announcements/#{id}")
+      |> json_response(:forbidden)
+    end
+
+    test "it returns not found for non-existent id", %{conn: conn} do
+      %{id: id} = insert(:announcement)
+
+      _response =
+        conn
+        |> get("/api/v1/pleroma/admin/announcements/#{id}xxx")
+        |> json_response_and_validate_schema(:not_found)
+    end
+  end
+
+  describe "DELETE /api/v1/pleroma/admin/announcements/:id" do
+    test "it deletes specified announcement", %{conn: conn} do
+      %{id: id} = insert(:announcement)
+
+      _response =
+        conn
+        |> delete("/api/v1/pleroma/admin/announcements/#{id}")
+        |> json_response_and_validate_schema(:ok)
+    end
+
+    test "it requires privileged role :announcements_manage_announcements", %{conn: conn} do
+      %{id: id} = insert(:announcement)
+
+      conn
+      |> delete("/api/v1/pleroma/admin/announcements/#{id}")
+      |> json_response_and_validate_schema(:ok)
+
+      clear_config([:instance, :admin_privileges], [])
+
+      conn
+      |> delete("/api/v1/pleroma/admin/announcements/#{id}")
+      |> json_response(:forbidden)
+    end
+
+    test "it returns not found for non-existent id", %{conn: conn} do
+      %{id: id} = insert(:announcement)
+
+      _response =
+        conn
+        |> delete("/api/v1/pleroma/admin/announcements/#{id}xxx")
+        |> json_response_and_validate_schema(:not_found)
+
+      assert %{id: ^id} = Pleroma.Announcement.get_by_id(id)
+    end
+  end
+
+  describe "PATCH /api/v1/pleroma/admin/announcements/:id" do
+    test "it returns not found for non-existent id", %{conn: conn} do
+      %{id: id} = insert(:announcement)
+
+      _response =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> patch("/api/v1/pleroma/admin/announcements/#{id}xxx", %{})
+        |> json_response_and_validate_schema(:not_found)
+
+      assert %{id: ^id} = Pleroma.Announcement.get_by_id(id)
+    end
+
+    test "it updates a field", %{conn: conn} do
+      %{id: id} = insert(:announcement)
+
+      now = NaiveDateTime.utc_now() |> NaiveDateTime.truncate(:second)
+      starts_at = NaiveDateTime.add(now, -10, :second)
+
+      _response =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> patch("/api/v1/pleroma/admin/announcements/#{id}", %{
+          starts_at: NaiveDateTime.to_iso8601(starts_at)
+        })
+        |> json_response_and_validate_schema(:ok)
+
+      new = Pleroma.Announcement.get_by_id(id)
+
+      assert NaiveDateTime.compare(new.starts_at, starts_at) == :eq
+    end
+
+    test "it requires privileged role :announcements_manage_announcements", %{conn: conn} do
+      %{id: id} = insert(:announcement)
+
+      now = NaiveDateTime.utc_now() |> NaiveDateTime.truncate(:second)
+      starts_at = NaiveDateTime.add(now, -10, :second)
+
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> patch("/api/v1/pleroma/admin/announcements/#{id}", %{
+        starts_at: NaiveDateTime.to_iso8601(starts_at)
+      })
+      |> json_response_and_validate_schema(:ok)
+
+      clear_config([:instance, :admin_privileges], [])
+
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> patch("/api/v1/pleroma/admin/announcements/#{id}", %{
+        starts_at: NaiveDateTime.to_iso8601(starts_at)
+      })
+      |> json_response(:forbidden)
+    end
+
+    test "it updates with time with utc timezone", %{conn: conn} do
+      %{id: id} = insert(:announcement)
+
+      now = DateTime.now("Etc/UTC") |> elem(1) |> DateTime.truncate(:second)
+      starts_at = DateTime.add(now, -10, :second)
+
+      _response =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> patch("/api/v1/pleroma/admin/announcements/#{id}", %{
+          starts_at: DateTime.to_iso8601(starts_at)
+        })
+        |> json_response_and_validate_schema(:ok)
+
+      new = Pleroma.Announcement.get_by_id(id)
+
+      assert DateTime.compare(new.starts_at, starts_at) == :eq
+    end
+
+    test "it updates a data field", %{conn: conn} do
+      %{id: id} = announcement = insert(:announcement, data: %{"all_day" => true})
+
+      assert announcement.data["all_day"] == true
+
+      new_content = "new content"
+
+      response =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> patch("/api/v1/pleroma/admin/announcements/#{id}", %{
+          content: new_content
+        })
+        |> json_response_and_validate_schema(:ok)
+
+      assert response["content"] == new_content
+      assert response["all_day"] == true
+
+      new = Pleroma.Announcement.get_by_id(id)
+
+      assert new.data["content"] == new_content
+      assert new.data["all_day"] == true
+    end
+
+    test "it nullifies a nullable field", %{conn: conn} do
+      now = NaiveDateTime.utc_now() |> NaiveDateTime.truncate(:second)
+      starts_at = NaiveDateTime.add(now, -10, :second)
+
+      %{id: id} = insert(:announcement, starts_at: starts_at)
+
+      response =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> patch("/api/v1/pleroma/admin/announcements/#{id}", %{
+          starts_at: nil
+        })
+        |> json_response_and_validate_schema(:ok)
+
+      assert response["starts_at"] == nil
+
+      new = Pleroma.Announcement.get_by_id(id)
+
+      assert new.starts_at == nil
+    end
+  end
+
+  describe "POST /api/v1/pleroma/admin/announcements" do
+    test "it creates an announcement", %{conn: conn} do
+      content = "test post announcement api"
+
+      now = NaiveDateTime.utc_now() |> NaiveDateTime.truncate(:second)
+      starts_at = NaiveDateTime.add(now, -10, :second)
+      ends_at = NaiveDateTime.add(now, 10, :second)
+
+      response =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/pleroma/admin/announcements", %{
+          "content" => content,
+          "starts_at" => NaiveDateTime.to_iso8601(starts_at),
+          "ends_at" => NaiveDateTime.to_iso8601(ends_at),
+          "all_day" => true
+        })
+        |> json_response_and_validate_schema(:ok)
+
+      assert %{"content" => ^content, "all_day" => true} = response
+
+      announcement = Pleroma.Announcement.get_by_id(response["id"])
+
+      assert not is_nil(announcement)
+
+      assert NaiveDateTime.compare(announcement.starts_at, starts_at) == :eq
+      assert NaiveDateTime.compare(announcement.ends_at, ends_at) == :eq
+    end
+
+    test "it requires privileged role :announcements_manage_announcements", %{conn: conn} do
+      content = "test post announcement api"
+
+      now = NaiveDateTime.utc_now() |> NaiveDateTime.truncate(:second)
+      starts_at = NaiveDateTime.add(now, -10, :second)
+      ends_at = NaiveDateTime.add(now, 10, :second)
+
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> post("/api/v1/pleroma/admin/announcements", %{
+        "content" => content,
+        "starts_at" => NaiveDateTime.to_iso8601(starts_at),
+        "ends_at" => NaiveDateTime.to_iso8601(ends_at),
+        "all_day" => true
+      })
+      |> json_response_and_validate_schema(:ok)
+
+      clear_config([:instance, :admin_privileges], [])
+
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> post("/api/v1/pleroma/admin/announcements", %{
+        "content" => content,
+        "starts_at" => NaiveDateTime.to_iso8601(starts_at),
+        "ends_at" => NaiveDateTime.to_iso8601(ends_at),
+        "all_day" => true
+      })
+      |> json_response(:forbidden)
+    end
+
+    test "creating with time with utc timezones", %{conn: conn} do
+      content = "test post announcement api"
+
+      now = DateTime.now("Etc/UTC") |> elem(1) |> DateTime.truncate(:second)
+      starts_at = DateTime.add(now, -10, :second)
+      ends_at = DateTime.add(now, 10, :second)
+
+      response =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/pleroma/admin/announcements", %{
+          "content" => content,
+          "starts_at" => DateTime.to_iso8601(starts_at),
+          "ends_at" => DateTime.to_iso8601(ends_at),
+          "all_day" => true
+        })
+        |> json_response_and_validate_schema(:ok)
+
+      assert %{"content" => ^content, "all_day" => true} = response
+
+      announcement = Pleroma.Announcement.get_by_id(response["id"])
+
+      assert not is_nil(announcement)
+
+      assert DateTime.compare(announcement.starts_at, starts_at) == :eq
+      assert DateTime.compare(announcement.ends_at, ends_at) == :eq
+    end
+  end
+end

test/pleroma/web/admin_api/controllers/chat_controller_test.exs

@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
-  use Pleroma.Web.ConnCase, async: true
+  use Pleroma.Web.ConnCase, async: false
 
   import Pleroma.Factory
 
@@ -27,7 +27,10 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
   end
 
   describe "DELETE /api/pleroma/admin/chats/:id/messages/:message_id" do
-    setup do: admin_setup()
+    setup do
+      clear_config([:instance, :admin_privileges], [:messages_delete])
+      admin_setup()
+    end
 
     test "it deletes a message from the chat", %{conn: conn, admin: admin} do
       user = insert(:user)
@@ -53,17 +56,29 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
       log_entry = Repo.one(ModerationLog)
 
       assert ModerationLog.get_log_entry_message(log_entry) ==
-               "@#{admin.nickname} deleted chat message ##{cm_ref.id}"
+               "@#{admin.nickname} deleted chat message ##{message.id}"
 
       assert result["id"] == cm_ref.id
       refute MessageReference.get_by_id(cm_ref.id)
       refute MessageReference.get_by_id(recipient_cm_ref.id)
       assert %{data: %{"type" => "Tombstone"}} = Object.get_by_id(object.id)
     end
+
+    test "it requires privileged role :messages_delete", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      assert conn
+             |> put_req_header("content-type", "application/json")
+             |> delete("/api/pleroma/admin/chats/some_id/messages/some_ref_id")
+             |> json_response(:forbidden)
+    end
   end
 
   describe "GET /api/pleroma/admin/chats/:id/messages" do
-    setup do: admin_setup()
+    setup do
+      clear_config([:instance, :admin_privileges], [:messages_read])
+      admin_setup()
+    end
 
     test "it paginates", %{conn: conn} do
       user = insert(:user)
@@ -114,10 +129,21 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
 
       assert length(result) == 3
     end
+
+    test "it requires privileged role :messages_read", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      conn = get(conn, "/api/pleroma/admin/chats/some_id/messages")
+
+      assert json_response(conn, :forbidden)
+    end
   end
 
   describe "GET /api/pleroma/admin/chats/:id" do
-    setup do: admin_setup()
+    setup do
+      clear_config([:instance, :admin_privileges], [:messages_read])
+      admin_setup()
+    end
 
     test "it returns a chat", %{conn: conn} do
       user = insert(:user)
@@ -135,6 +161,14 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do
       assert %{} = result["receiver"]
       refute result["account"]
     end
+
+    test "it requires privileged role :messages_read", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      conn = get(conn, "/api/pleroma/admin/chats/some_id")
+
+      assert json_response(conn, :forbidden)
+    end
   end
 
   describe "unauthorized chat moderation" do

test/pleroma/web/admin_api/controllers/config_controller_test.exs

@@ -316,15 +316,16 @@ defmodule Pleroma.Web.AdminAPI.ConfigControllerTest do
       assert Application.get_env(:idna, :key5) == {"string", Pleroma.Captcha.NotReal, []}
     end
 
+    @tag capture_log: true
     test "save configs setting without explicit key", %{conn: conn} do
-      level = Application.get_env(:quack, :level)
-      meta = Application.get_env(:quack, :meta)
-      webhook_url = Application.get_env(:quack, :webhook_url)
+      adapter = Application.get_env(:http, :adapter)
+      send_user_agent = Application.get_env(:http, :send_user_agent)
+      user_agent = Application.get_env(:http, :user_agent)
 
       on_exit(fn ->
-        Application.put_env(:quack, :level, level)
-        Application.put_env(:quack, :meta, meta)
-        Application.put_env(:quack, :webhook_url, webhook_url)
+        Application.put_env(:http, :adapter, adapter)
+        Application.put_env(:http, :send_user_agent, send_user_agent)
+        Application.put_env(:http, :user_agent, user_agent)
       end)
 
       conn =
@@ -333,19 +334,19 @@ defmodule Pleroma.Web.AdminAPI.ConfigControllerTest do
         |> post("/api/pleroma/admin/config", %{
           configs: [
             %{
-              group: ":quack",
-              key: ":level",
-              value: ":info"
+              group: ":http",
+              key: ":adapter",
+              value: [":someval"]
             },
             %{
-              group: ":quack",
-              key: ":meta",
-              value: [":none"]
+              group: ":http",
+              key: ":send_user_agent",
+              value: true
             },
             %{
-              group: ":quack",
-              key: ":webhook_url",
-              value: "https://hooks.slack.com/services/KEY"
+              group: ":http",
+              key: ":user_agent",
+              value: [":default"]
             }
           ]
         })
@@ -353,30 +354,30 @@ defmodule Pleroma.Web.AdminAPI.ConfigControllerTest do
       assert json_response_and_validate_schema(conn, 200) == %{
                "configs" => [
                  %{
-                   "group" => ":quack",
-                   "key" => ":level",
-                   "value" => ":info",
-                   "db" => [":level"]
+                   "group" => ":http",
+                   "key" => ":adapter",
+                   "value" => [":someval"],
+                   "db" => [":adapter"]
                  },
                  %{
-                   "group" => ":quack",
-                   "key" => ":meta",
-                   "value" => [":none"],
-                   "db" => [":meta"]
+                   "group" => ":http",
+                   "key" => ":send_user_agent",
+                   "value" => true,
+                   "db" => [":send_user_agent"]
                  },
                  %{
-                   "group" => ":quack",
-                   "key" => ":webhook_url",
-                   "value" => "https://hooks.slack.com/services/KEY",
-                   "db" => [":webhook_url"]
+                   "group" => ":http",
+                   "key" => ":user_agent",
+                   "value" => [":default"],
+                   "db" => [":user_agent"]
                  }
                ],
                "need_reboot" => false
              }
 
-      assert Application.get_env(:quack, :level) == :info
-      assert Application.get_env(:quack, :meta) == [:none]
-      assert Application.get_env(:quack, :webhook_url) == "https://hooks.slack.com/services/KEY"
+      assert Application.get_env(:http, :adapter) == [:someval]
+      assert Application.get_env(:http, :send_user_agent) == true
+      assert Application.get_env(:http, :user_agent) == [:default]
     end
 
     test "saving config with partial update", %{conn: conn} do

test/pleroma/web/admin_api/controllers/instance_controller_test.exs

@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.AdminAPI.InstanceControllerTest do
-  use Pleroma.Web.ConnCase
+  use Pleroma.Web.ConnCase, async: false
   use Oban.Testing, repo: Pleroma.Repo
 
   import Pleroma.Factory
@@ -31,6 +31,7 @@ defmodule Pleroma.Web.AdminAPI.InstanceControllerTest do
   end
 
   test "GET /instances/:instance/statuses", %{conn: conn} do
+    clear_config([:instance, :admin_privileges], [:messages_read])
     user = insert(:user, local: false, ap_id: "https://archae.me/users/archaeme")
     user2 = insert(:user, local: false, ap_id: "https://test.com/users/test")
     insert_pair(:note_activity, user: user)
@@ -60,9 +61,14 @@ defmodule Pleroma.Web.AdminAPI.InstanceControllerTest do
       |> json_response(200)
 
     assert length(activities) == 3
+
+    clear_config([:instance, :admin_privileges], [])
+
+    conn |> get("/api/pleroma/admin/instances/archae.me/statuses") |> json_response(:forbidden)
   end
 
   test "DELETE /instances/:instance", %{conn: conn} do
+    clear_config([:instance, :admin_privileges], [:instances_delete])
     user = insert(:user, nickname: "lain@lain.com")
     post = insert(:note_activity, user: user)
 
@@ -76,5 +82,11 @@ defmodule Pleroma.Web.AdminAPI.InstanceControllerTest do
     assert response == "lain.com"
     refute Repo.reload(user).is_active
     refute Repo.reload(post)
+
+    clear_config([:instance, :admin_privileges], [])
+
+    conn
+    |> delete("/api/pleroma/admin/instances/lain.com")
+    |> json_response(:forbidden)
   end
 end

test/pleroma/web/admin_api/controllers/instance_document_controller_test.exs

@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.AdminAPI.InstanceDocumentControllerTest do
-  use Pleroma.Web.ConnCase, async: true
+  use Pleroma.Web.ConnCase
   import Pleroma.Factory
 
   @dir "test/tmp/instance_static"

test/pleroma/web/admin_api/controllers/invite_controller_test.exs

@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.AdminAPI.InviteControllerTest do
-  use Pleroma.Web.ConnCase, async: true
+  use Pleroma.Web.ConnCase, async: false
 
   import Pleroma.Factory
 
@@ -23,8 +23,25 @@ defmodule Pleroma.Web.AdminAPI.InviteControllerTest do
   end
 
   describe "POST /api/pleroma/admin/users/email_invite, with valid config" do
-    setup do: clear_config([:instance, :registrations_open], false)
-    setup do: clear_config([:instance, :invites_enabled], true)
+    setup do
+      clear_config([:instance, :registrations_open], false)
+      clear_config([:instance, :invites_enabled], true)
+      clear_config([:instance, :admin_privileges], [:users_manage_invites])
+    end
+
+    test "returns 403 if not privileged with :users_manage_invites", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json;charset=utf-8")
+        |> post("/api/pleroma/admin/users/email_invite", %{
+          email: "foo@bar.com",
+          name: "J. D."
+        })
+
+      assert json_response(conn, :forbidden)
+    end
 
     test "sends invitation and returns 204", %{admin: admin, conn: conn} do
       recipient_email = "foo@bar.com"
@@ -114,8 +131,11 @@ defmodule Pleroma.Web.AdminAPI.InviteControllerTest do
   end
 
   describe "POST /api/pleroma/admin/users/email_invite, with invalid config" do
-    setup do: clear_config([:instance, :registrations_open])
-    setup do: clear_config([:instance, :invites_enabled])
+    setup do
+      clear_config([:instance, :registrations_open])
+      clear_config([:instance, :invites_enabled])
+      clear_config([:instance, :admin_privileges], [:users_manage_invites])
+    end
 
     test "it returns 500 if `invites_enabled` is not enabled", %{conn: conn} do
       clear_config([:instance, :registrations_open], false)
@@ -157,6 +177,21 @@ defmodule Pleroma.Web.AdminAPI.InviteControllerTest do
   end
 
   describe "POST /api/pleroma/admin/users/invite_token" do
+    setup do
+      clear_config([:instance, :admin_privileges], [:users_manage_invites])
+    end
+
+    test "returns 403 if not privileged with :users_manage_invites", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/pleroma/admin/users/invite_token")
+
+      assert json_response(conn, :forbidden)
+    end
+
     test "without options", %{conn: conn} do
       conn =
         conn
@@ -221,6 +256,18 @@ defmodule Pleroma.Web.AdminAPI.InviteControllerTest do
   end
 
   describe "GET /api/pleroma/admin/users/invites" do
+    setup do
+      clear_config([:instance, :admin_privileges], [:users_manage_invites])
+    end
+
+    test "returns 403 if not privileged with :users_manage_invites", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      conn = get(conn, "/api/pleroma/admin/users/invites")
+
+      assert json_response(conn, :forbidden)
+    end
+
     test "no invites", %{conn: conn} do
       conn = get(conn, "/api/pleroma/admin/users/invites")
 
@@ -249,6 +296,21 @@ defmodule Pleroma.Web.AdminAPI.InviteControllerTest do
   end
 
   describe "POST /api/pleroma/admin/users/revoke_invite" do
+    setup do
+      clear_config([:instance, :admin_privileges], [:users_manage_invites])
+    end
+
+    test "returns 403 if not privileged with :users_manage_invites", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/pleroma/admin/users/revoke_invite", %{"token" => "foo"})
+
+      assert json_response(conn, :forbidden)
+    end
+
     test "with token", %{conn: conn} do
       {:ok, invite} = UserInviteToken.create_invite()
 

test/pleroma/web/admin_api/controllers/report_controller_test.exs

@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
-  use Pleroma.Web.ConnCase, async: true
+  use Pleroma.Web.ConnCase, async: false
 
   import Pleroma.Factory
 
@@ -26,6 +26,20 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
   end
 
   describe "GET /api/pleroma/admin/reports/:id" do
+    setup do
+      clear_config([:instance, :admin_privileges], [:reports_manage_reports])
+    end
+
+    test "returns 403 if not privileged with :reports_manage_reports", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      conn =
+        conn
+        |> get("/api/pleroma/admin/reports/report_id")
+
+      assert json_response(conn, :forbidden)
+    end
+
     test "returns report by its id", %{conn: conn} do
       [reporter, target_user] = insert_pair(:user)
       activity = insert(:note_activity, user: target_user)
@@ -54,6 +68,32 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
       assert notes["content"] == "this is an admin note"
     end
 
+    test "renders reported content even if the status is deleted", %{conn: conn} do
+      [reporter, target_user] = insert_pair(:user)
+      activity = insert(:note_activity, user: target_user)
+      activity = Activity.normalize(activity)
+
+      {:ok, %{id: report_id}} =
+        CommonAPI.report(reporter, %{
+          account_id: target_user.id,
+          comment: "I feel offended",
+          status_ids: [activity.id]
+        })
+
+      CommonAPI.delete(activity.id, target_user)
+
+      response =
+        conn
+        |> get("/api/pleroma/admin/reports/#{report_id}")
+        |> json_response_and_validate_schema(:ok)
+
+      assert response["id"] == report_id
+
+      assert [status] = response["statuses"]
+      assert activity.object.data["id"] == status["uri"]
+      assert activity.object.data["content"] == status["content"]
+    end
+
     test "returns 404 when report id is invalid", %{conn: conn} do
       conn = get(conn, "/api/pleroma/admin/reports/test")
 
@@ -63,6 +103,8 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
 
   describe "PATCH /api/pleroma/admin/reports" do
     setup do
+      clear_config([:instance, :admin_privileges], [:reports_manage_reports])
+
       [reporter, target_user] = insert_pair(:user)
       activity = insert(:note_activity, user: target_user)
 
@@ -86,6 +128,24 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
       }
     end
 
+    test "returns 403 if not privileged with :reports_manage_reports", %{
+      conn: conn,
+      id: id,
+      admin: admin
+    } do
+      clear_config([:instance, :admin_privileges], [])
+
+      conn =
+        conn
+        |> assign(:token, insert(:oauth_token, user: admin, scopes: ["admin:write:reports"]))
+        |> put_req_header("content-type", "application/json")
+        |> patch("/api/pleroma/admin/reports", %{
+          "reports" => [%{"state" => "resolved", "id" => id}]
+        })
+
+      assert json_response(conn, :forbidden)
+    end
+
     test "requires admin:write:reports scope", %{conn: conn, id: id, admin: admin} do
       read_token = insert(:oauth_token, user: admin, scopes: ["admin:read"])
       write_token = insert(:oauth_token, user: admin, scopes: ["admin:write:reports"])
@@ -209,6 +269,20 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
   end
 
   describe "GET /api/pleroma/admin/reports" do
+    setup do
+      clear_config([:instance, :admin_privileges], [:reports_manage_reports])
+    end
+
+    test "returns 403 if not privileged with :reports_manage_reports", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      conn =
+        conn
+        |> get(report_path(conn, :index))
+
+      assert json_response(conn, :forbidden)
+    end
+
     test "returns empty response when no reports created", %{conn: conn} do
       response =
         conn
@@ -292,6 +366,34 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
                |> json_response_and_validate_schema(:ok)
     end
 
+    test "renders content correctly", %{conn: conn} do
+      [reporter, target_user] = insert_pair(:user)
+      note = insert(:note, user: target_user, data: %{"content" => "mew 1"})
+      note2 = insert(:note, user: target_user, data: %{"content" => "mew 2"})
+      activity = insert(:note_activity, user: target_user, note: note)
+      activity2 = insert(:note_activity, user: target_user, note: note2)
+
+      {:ok, _report} =
+        CommonAPI.report(reporter, %{
+          account_id: target_user.id,
+          comment: "I feel offended",
+          status_ids: [activity.id, activity2.id]
+        })
+
+      CommonAPI.delete(activity.id, target_user)
+      CommonAPI.delete(activity2.id, target_user)
+
+      response =
+        conn
+        |> get(report_path(conn, :index))
+        |> json_response_and_validate_schema(:ok)
+
+      assert [open_report] = response["reports"]
+      assert %{"statuses" => [s1, s2]} = open_report
+      assert "mew 1" in [s1["content"], s2["content"]]
+      assert "mew 2" in [s1["content"], s2["content"]]
+    end
+
     test "returns 403 when requested by a non-admin" do
       user = insert(:user)
       token = insert(:oauth_token, user: user)
@@ -317,6 +419,8 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
 
   describe "POST /api/pleroma/admin/reports/:id/notes" do
     setup %{conn: conn, admin: admin} do
+      clear_config([:instance, :admin_privileges], [:reports_manage_reports])
+
       [reporter, target_user] = insert_pair(:user)
       activity = insert(:note_activity, user: target_user)
 
@@ -345,6 +449,25 @@ defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
       }
     end
 
+    test "returns 403 if not privileged with :reports_manage_reports", %{
+      conn: conn,
+      report_id: report_id
+    } do
+      clear_config([:instance, :admin_privileges], [])
+
+      post_conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/pleroma/admin/reports/#{report_id}/notes", %{
+          content: "this is disgusting2!"
+        })
+
+      delete_conn = delete(conn, "/api/pleroma/admin/reports/#{report_id}/notes/note.id")
+
+      assert json_response(post_conn, :forbidden)
+      assert json_response(delete_conn, :forbidden)
+    end
+
     test "it creates report note", %{admin_id: admin_id, report_id: report_id} do
       assert [note, _] = Repo.all(ReportNote)
 

test/pleroma/web/admin_api/controllers/status_controller_test.exs

@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.AdminAPI.StatusControllerTest do
-  use Pleroma.Web.ConnCase, async: true
+  use Pleroma.Web.ConnCase, async: false
 
   import Pleroma.Factory
 
@@ -26,6 +26,10 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do
   end
 
   describe "GET /api/pleroma/admin/statuses/:id" do
+    setup do
+      clear_config([:instance, :admin_privileges], [:messages_read])
+    end
+
     test "not found", %{conn: conn} do
       assert conn
              |> get("/api/pleroma/admin/statuses/not_found")
@@ -50,10 +54,17 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do
       assert account["is_active"] == actor.is_active
       assert account["is_confirmed"] == actor.is_confirmed
     end
+
+    test "denies reading activity when not privileged", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      assert conn |> get("/api/pleroma/admin/statuses/some_id") |> json_response(:forbidden)
+    end
   end
 
   describe "PUT /api/pleroma/admin/statuses/:id" do
     setup do
+      clear_config([:instance, :admin_privileges], [:messages_delete])
       activity = insert(:note_activity)
 
       %{id: activity.id}
@@ -122,10 +133,20 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do
       assert %{"error" => "test - Invalid value for enum."} =
                json_response_and_validate_schema(conn, :bad_request)
     end
+
+    test "it requires privileged role :messages_delete", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      assert conn
+             |> put_req_header("content-type", "application/json")
+             |> put("/api/pleroma/admin/statuses/some_id", %{})
+             |> json_response(:forbidden)
+    end
   end
 
   describe "DELETE /api/pleroma/admin/statuses/:id" do
     setup do
+      clear_config([:instance, :admin_privileges], [:messages_delete])
       activity = insert(:note_activity)
 
       %{id: activity.id}
@@ -149,9 +170,22 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do
 
       assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"}
     end
+
+    test "it requires privileged role :messages_delete", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      assert conn
+             |> put_req_header("content-type", "application/json")
+             |> delete("/api/pleroma/admin/statuses/some_id")
+             |> json_response(:forbidden)
+    end
   end
 
   describe "GET /api/pleroma/admin/statuses" do
+    setup do
+      clear_config([:instance, :admin_privileges], [:messages_read])
+    end
+
     test "returns all public and unlisted statuses", %{conn: conn, admin: admin} do
       blocked = insert(:user)
       user = insert(:user)
@@ -197,5 +231,13 @@ defmodule Pleroma.Web.AdminAPI.StatusControllerTest do
       conn = get(conn, "/api/pleroma/admin/statuses?godmode=true")
       assert json_response_and_validate_schema(conn, 200) |> length() == 3
     end
+
+    test "it requires privileged role :messages_read", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      conn = get(conn, "/api/pleroma/admin/statuses")
+
+      assert json_response(conn, :forbidden)
+    end
   end
 end

test/pleroma/web/admin_api/controllers/user_controller_test.exs

@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.AdminAPI.UserControllerTest do
-  use Pleroma.Web.ConnCase
+  use Pleroma.Web.ConnCase, async: false
   use Oban.Testing, repo: Pleroma.Repo
 
   import Mock
@@ -38,6 +38,7 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
   end
 
   test "with valid `admin_token` query parameter, skips OAuth scopes check" do
+    clear_config([:instance, :admin_privileges], [:users_read])
     clear_config([:admin_token], "password123")
 
     user = insert(:user)
@@ -47,53 +48,10 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
     assert json_response_and_validate_schema(conn, 200)
   end
 
-  test "GET /api/pleroma/admin/users/:nickname requires admin:read:accounts or broader scope",
-       %{admin: admin} do
-    user = insert(:user)
-    url = "/api/pleroma/admin/users/#{user.nickname}"
-
-    good_token1 = insert(:oauth_token, user: admin, scopes: ["admin"])
-    good_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read"])
-    good_token3 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts"])
-
-    bad_token1 = insert(:oauth_token, user: admin, scopes: ["read:accounts"])
-    bad_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts:partial"])
-    bad_token3 = nil
-
-    for good_token <- [good_token1, good_token2, good_token3] do
-      conn =
-        build_conn()
-        |> assign(:user, admin)
-        |> assign(:token, good_token)
-        |> get(url)
-
-      assert json_response_and_validate_schema(conn, 200)
-    end
-
-    for good_token <- [good_token1, good_token2, good_token3] do
-      conn =
-        build_conn()
-        |> assign(:user, nil)
-        |> assign(:token, good_token)
-        |> get(url)
-
-      assert json_response(conn, :forbidden)
-    end
-
-    for bad_token <- [bad_token1, bad_token2, bad_token3] do
-      conn =
-        build_conn()
-        |> assign(:user, admin)
-        |> assign(:token, bad_token)
-        |> get(url)
-
-      assert json_response_and_validate_schema(conn, :forbidden)
-    end
-  end
-
   describe "DELETE /api/pleroma/admin/users" do
     test "single user", %{admin: admin, conn: conn} do
       clear_config([:instance, :federating], true)
+      clear_config([:instance, :admin_privileges], [:users_delete])
 
       user =
         insert(:user,
@@ -149,6 +107,8 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
     end
 
     test "multiple users", %{admin: admin, conn: conn} do
+      clear_config([:instance, :admin_privileges], [:users_delete])
+
       user_one = insert(:user)
       user_two = insert(:user)
 
@@ -168,6 +128,17 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
 
       assert response -- [user_one.nickname, user_two.nickname] == []
     end
+
+    test "Needs privileged role", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      response =
+        conn
+        |> put_req_header("accept", "application/json")
+        |> delete("/api/pleroma/admin/users?nickname=nickname")
+
+      assert json_response(response, :forbidden)
+    end
   end
 
   describe "/api/pleroma/admin/users" do
@@ -307,7 +278,19 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
     end
   end
 
-  describe "/api/pleroma/admin/users/:nickname" do
+  describe "GET /api/pleroma/admin/users/:nickname" do
+    setup do
+      clear_config([:instance, :admin_privileges], [:users_read])
+    end
+
+    test "returns 403 if not privileged with :users_read", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      conn = get(conn, "/api/pleroma/admin/users/user.nickname")
+
+      assert json_response(conn, :forbidden)
+    end
+
     test "Show", %{conn: conn} do
       user = insert(:user)
 
@@ -323,6 +306,50 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
 
       assert %{"error" => "Not found"} == json_response_and_validate_schema(conn, 404)
     end
+
+    test "requires admin:read:accounts or broader scope",
+         %{admin: admin} do
+      user = insert(:user)
+      url = "/api/pleroma/admin/users/#{user.nickname}"
+
+      good_token1 = insert(:oauth_token, user: admin, scopes: ["admin"])
+      good_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read"])
+      good_token3 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts"])
+
+      bad_token1 = insert(:oauth_token, user: admin, scopes: ["read:accounts"])
+      bad_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts:partial"])
+      bad_token3 = nil
+
+      for good_token <- [good_token1, good_token2, good_token3] do
+        conn =
+          build_conn()
+          |> assign(:user, admin)
+          |> assign(:token, good_token)
+          |> get(url)
+
+        assert json_response_and_validate_schema(conn, 200)
+      end
+
+      for good_token <- [good_token1, good_token2, good_token3] do
+        conn =
+          build_conn()
+          |> assign(:user, nil)
+          |> assign(:token, good_token)
+          |> get(url)
+
+        assert json_response(conn, :forbidden)
+      end
+
+      for bad_token <- [bad_token1, bad_token2, bad_token3] do
+        conn =
+          build_conn()
+          |> assign(:user, admin)
+          |> assign(:token, bad_token)
+          |> get(url)
+
+        assert json_response_and_validate_schema(conn, :forbidden)
+      end
+    end
   end
 
   describe "/api/pleroma/admin/users/follow" do
@@ -378,6 +405,18 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
   end
 
   describe "GET /api/pleroma/admin/users" do
+    setup do
+      clear_config([:instance, :admin_privileges], [:users_read])
+    end
+
+    test "returns 403 if not privileged with :users_read", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      conn = get(conn, "/api/pleroma/admin/users?page=1")
+
+      assert json_response(conn, :forbidden)
+    end
+
     test "renders users array for the first page", %{conn: conn, admin: admin} do
       user = insert(:user, local: false, tags: ["foo", "bar"])
       user2 = insert(:user, is_approved: false, registration_reason: "I'm a chill dude")
@@ -810,49 +849,9 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
     end
   end
 
-  test "PATCH /api/pleroma/admin/users/activate", %{admin: admin, conn: conn} do
-    user_one = insert(:user, is_active: false)
-    user_two = insert(:user, is_active: false)
-
-    conn =
-      conn
-      |> put_req_header("content-type", "application/json")
-      |> patch(
-        "/api/pleroma/admin/users/activate",
-        %{nicknames: [user_one.nickname, user_two.nickname]}
-      )
-
-    response = json_response_and_validate_schema(conn, 200)
-    assert Enum.map(response["users"], & &1["is_active"]) == [true, true]
-
-    log_entry = Repo.one(ModerationLog)
-
-    assert ModerationLog.get_log_entry_message(log_entry) ==
-             "@#{admin.nickname} activated users: @#{user_one.nickname}, @#{user_two.nickname}"
-  end
-
-  test "PATCH /api/pleroma/admin/users/deactivate", %{admin: admin, conn: conn} do
-    user_one = insert(:user, is_active: true)
-    user_two = insert(:user, is_active: true)
-
-    conn =
-      conn
-      |> put_req_header("content-type", "application/json")
-      |> patch(
-        "/api/pleroma/admin/users/deactivate",
-        %{nicknames: [user_one.nickname, user_two.nickname]}
-      )
-
-    response = json_response_and_validate_schema(conn, 200)
-    assert Enum.map(response["users"], & &1["is_active"]) == [false, false]
-
-    log_entry = Repo.one(ModerationLog)
-
-    assert ModerationLog.get_log_entry_message(log_entry) ==
-             "@#{admin.nickname} deactivated users: @#{user_one.nickname}, @#{user_two.nickname}"
-  end
-
   test "PATCH /api/pleroma/admin/users/approve", %{admin: admin, conn: conn} do
+    clear_config([:instance, :admin_privileges], [:users_manage_invites])
+
     user_one = insert(:user, is_approved: false)
     user_two = insert(:user, is_approved: false)
 
@@ -873,6 +872,21 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
              "@#{admin.nickname} approved users: @#{user_one.nickname}, @#{user_two.nickname}"
   end
 
+  test "PATCH /api/pleroma/admin/users/approve returns 403 if not privileged with :users_manage_invites",
+       %{conn: conn} do
+    clear_config([:instance, :admin_privileges], [])
+
+    conn =
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> patch(
+        "/api/pleroma/admin/users/approve",
+        %{nicknames: ["user_one.nickname", "user_two.nickname"]}
+      )
+
+    assert json_response(conn, :forbidden)
+  end
+
   test "PATCH /api/pleroma/admin/users/suggest", %{admin: admin, conn: conn} do
     user1 = insert(:user, is_suggested: false)
     user2 = insert(:user, is_suggested: false)
@@ -923,24 +937,113 @@ defmodule Pleroma.Web.AdminAPI.UserControllerTest do
              "@#{admin.nickname} removed suggested users: @#{user1.nickname}, @#{user2.nickname}"
   end
 
-  test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation", %{admin: admin, conn: conn} do
-    user = insert(:user)
+  describe "user activation" do
+    test "PATCH /api/pleroma/admin/users/activate", %{admin: admin, conn: conn} do
+      clear_config([:instance, :admin_privileges], [:users_manage_activation_state])
 
-    conn =
-      conn
-      |> put_req_header("content-type", "application/json")
-      |> patch("/api/pleroma/admin/users/#{user.nickname}/toggle_activation")
+      user_one = insert(:user, is_active: false)
+      user_two = insert(:user, is_active: false)
 
-    assert json_response_and_validate_schema(conn, 200) ==
-             user_response(
-               user,
-               %{"is_active" => !user.is_active}
-             )
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> patch(
+          "/api/pleroma/admin/users/activate",
+          %{nicknames: [user_one.nickname, user_two.nickname]}
+        )
 
-    log_entry = Repo.one(ModerationLog)
+      response = json_response_and_validate_schema(conn, 200)
+      assert Enum.map(response["users"], & &1["is_active"]) == [true, true]
 
-    assert ModerationLog.get_log_entry_message(log_entry) ==
-             "@#{admin.nickname} deactivated users: @#{user.nickname}"
+      log_entry = Repo.one(ModerationLog)
+
+      assert ModerationLog.get_log_entry_message(log_entry) ==
+               "@#{admin.nickname} activated users: @#{user_one.nickname}, @#{user_two.nickname}"
+    end
+
+    test "PATCH /api/pleroma/admin/users/deactivate", %{admin: admin, conn: conn} do
+      clear_config([:instance, :admin_privileges], [:users_manage_activation_state])
+
+      user_one = insert(:user, is_active: true)
+      user_two = insert(:user, is_active: true)
+
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> patch(
+          "/api/pleroma/admin/users/deactivate",
+          %{nicknames: [user_one.nickname, user_two.nickname]}
+        )
+
+      response = json_response_and_validate_schema(conn, 200)
+      assert Enum.map(response["users"], & &1["is_active"]) == [false, false]
+
+      log_entry = Repo.one(ModerationLog)
+
+      assert ModerationLog.get_log_entry_message(log_entry) ==
+               "@#{admin.nickname} deactivated users: @#{user_one.nickname}, @#{user_two.nickname}"
+    end
+
+    test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation", %{admin: admin, conn: conn} do
+      clear_config([:instance, :admin_privileges], [:users_manage_activation_state])
+
+      user = insert(:user)
+
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> patch("/api/pleroma/admin/users/#{user.nickname}/toggle_activation")
+
+      assert json_response_and_validate_schema(conn, 200) ==
+               user_response(
+                 user,
+                 %{"is_active" => !user.is_active}
+               )
+
+      log_entry = Repo.one(ModerationLog)
+
+      assert ModerationLog.get_log_entry_message(log_entry) ==
+               "@#{admin.nickname} deactivated users: @#{user.nickname}"
+    end
+
+    test "it requires privileged role :statuses_activation to activate", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> patch(
+          "/api/pleroma/admin/users/activate",
+          %{nicknames: ["user_one.nickname", "user_two.nickname"]}
+        )
+
+      assert json_response(conn, :forbidden)
+    end
+
+    test "it requires privileged role :statuses_activation to deactivate", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> patch(
+          "/api/pleroma/admin/users/deactivate",
+          %{nicknames: ["user_one.nickname", "user_two.nickname"]}
+        )
+
+      assert json_response(conn, :forbidden)
+    end
+
+    test "it requires privileged role :statuses_activation to toggle activation", %{conn: conn} do
+      clear_config([:instance, :admin_privileges], [])
+
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> patch("/api/pleroma/admin/users/user.nickname/toggle_activation")
+
+      assert json_response(conn, :forbidden)
+    end
   end
 
   defp user_response(user, attrs \\ %{}) do