Merge remote-tracking branch 'origin/develop' into global-status-expiration

2020-06-01 15:48:51 +04:00 · 2020-06-01 15:48:51 +04:00 · a7627bdc7a
commit a7627bdc7a
parent decaa64f75 e96765df6b
921 changed files with 19145 additions and 8922 deletions
--- a/test/web/activity_pub/activity_pub_controller_test.exs
+++ b/test/web/activity_pub/activity_pub_controller_test.exs
@ -6,7 +6,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
  use Pleroma.Web.ConnCase
  use Oban.Testing, repo: Pleroma.Repo

-  import Pleroma.Factory
  alias Pleroma.Activity
  alias Pleroma.Config
  alias Pleroma.Delivery
@ -14,13 +13,19 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
  alias Pleroma.Object
  alias Pleroma.Tests.ObanHelpers
  alias Pleroma.User
+  alias Pleroma.Web.ActivityPub.ActivityPub
  alias Pleroma.Web.ActivityPub.ObjectView
  alias Pleroma.Web.ActivityPub.Relay
  alias Pleroma.Web.ActivityPub.UserView
  alias Pleroma.Web.ActivityPub.Utils
  alias Pleroma.Web.CommonAPI
+  alias Pleroma.Web.Endpoint
  alias Pleroma.Workers.ReceiverWorker

+  import Pleroma.Factory
+
+  require Pleroma.Constants
+
  setup_all do
    Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
    :ok
@ -168,6 +173,60 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
    end
  end

+  describe "mastodon compatibility routes" do
+    test "it returns a json representation of the object with accept application/json", %{
+      conn: conn
+    } do
+      {:ok, object} =
+        %{
+          "type" => "Note",
+          "content" => "hey",
+          "id" => Endpoint.url() <> "/users/raymoo/statuses/999999999",
+          "actor" => Endpoint.url() <> "/users/raymoo",
+          "to" => [Pleroma.Constants.as_public()]
+        }
+        |> Object.create()
+
+      conn =
+        conn
+        |> put_req_header("accept", "application/json")
+        |> get("/users/raymoo/statuses/999999999")
+
+      assert json_response(conn, 200) == ObjectView.render("object.json", %{object: object})
+    end
+
+    test "it returns a json representation of the activity with accept application/json", %{
+      conn: conn
+    } do
+      {:ok, object} =
+        %{
+          "type" => "Note",
+          "content" => "hey",
+          "id" => Endpoint.url() <> "/users/raymoo/statuses/999999999",
+          "actor" => Endpoint.url() <> "/users/raymoo",
+          "to" => [Pleroma.Constants.as_public()]
+        }
+        |> Object.create()
+
+      {:ok, activity, _} =
+        %{
+          "id" => object.data["id"] <> "/activity",
+          "type" => "Create",
+          "object" => object.data["id"],
+          "actor" => object.data["actor"],
+          "to" => object.data["to"]
+        }
+        |> ActivityPub.persist(local: true)
+
+      conn =
+        conn
+        |> put_req_header("accept", "application/json")
+        |> get("/users/raymoo/statuses/999999999/activity")
+
+      assert json_response(conn, 200) == ObjectView.render("object.json", %{object: activity})
+    end
+  end
+
  describe "/objects/:uuid" do
    test "it returns a json representation of the object with accept application/json", %{
      conn: conn
@ -341,7 +400,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do

    test "cached purged after activity deletion", %{conn: conn} do
      user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "cofe"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "cofe"})

      uuid = String.split(activity.data["id"], "/") |> List.last()

@ -392,6 +451,36 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
      assert Activity.get_by_ap_id(data["id"])
    end

+    @tag capture_log: true
+    test "it inserts an incoming activity into the database" <>
+           "even if we can't fetch the user but have it in our db",
+         %{conn: conn} do
+      user =
+        insert(:user,
+          ap_id: "https://mastodon.example.org/users/raymoo",
+          ap_enabled: true,
+          local: false,
+          last_refreshed_at: nil
+        )
+
+      data =
+        File.read!("test/fixtures/mastodon-post-activity.json")
+        |> Poison.decode!()
+        |> Map.put("actor", user.ap_id)
+        |> put_in(["object", "attridbutedTo"], user.ap_id)
+
+      conn =
+        conn
+        |> assign(:valid_signature, true)
+        |> put_req_header("content-type", "application/activity+json")
+        |> post("/inbox", data)
+
+      assert "ok" == json_response(conn, 200)
+
+      ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
+      assert Activity.get_by_ap_id(data["id"])
+    end
+
    test "it clears `unreachable` federation status of the sender", %{conn: conn} do
      data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!()

@ -815,26 +904,49 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
      assert object["content"] == activity["object"]["content"]
    end

+    test "it rejects anything beyond 'Note' creations", %{conn: conn, activity: activity} do
+      user = insert(:user)
+
+      activity =
+        activity
+        |> put_in(["object", "type"], "Benis")
+
+      _result =
+        conn
+        |> assign(:user, user)
+        |> put_req_header("content-type", "application/activity+json")
+        |> post("/users/#{user.nickname}/outbox", activity)
+        |> json_response(400)
+    end
+
    test "it inserts an incoming sensitive activity into the database", %{
      conn: conn,
      activity: activity
    } do
      user = insert(:user)
+      conn = assign(conn, :user, user)
      object = Map.put(activity["object"], "sensitive", true)
      activity = Map.put(activity, "object", object)

-      result =
+      response =
        conn
-        |> assign(:user, user)
        |> put_req_header("content-type", "application/activity+json")
        |> post("/users/#{user.nickname}/outbox", activity)
        |> json_response(201)

-      assert Activity.get_by_ap_id(result["id"])
-      assert result["object"]
-      assert %Object{data: object} = Object.normalize(result["object"])
-      assert object["sensitive"] == activity["object"]["sensitive"]
-      assert object["content"] == activity["object"]["content"]
+      assert Activity.get_by_ap_id(response["id"])
+      assert response["object"]
+      assert %Object{data: response_object} = Object.normalize(response["object"])
+      assert response_object["sensitive"] == true
+      assert response_object["content"] == activity["object"]["content"]
+
+      representation =
+        conn
+        |> put_req_header("accept", "application/activity+json")
+        |> get(response["id"])
+        |> json_response(200)
+
+      assert representation["object"]["sensitive"] == true
    end

    test "it rejects an incoming activity with bogus type", %{conn: conn, activity: activity} do
--- a/test/web/activity_pub/activity_pub_test.exs
+++ b/test/web/activity_pub/activity_pub_test.exs
--- a/test/web/activity_pub/mrf/steal_emoji_policy_test.exs
+++ b/test/web/activity_pub/mrf/steal_emoji_policy_test.exs
@ -0,0 +1,68 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicyTest do
+  use Pleroma.DataCase
+
+  alias Pleroma.Config
+  alias Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy
+
+  setup_all do
+    Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
+    :ok
+  end
+
+  setup do
+    emoji_path = Path.join(Config.get([:instance, :static_dir]), "emoji/stolen")
+    File.rm_rf!(emoji_path)
+    File.mkdir!(emoji_path)
+
+    Pleroma.Emoji.reload()
+
+    on_exit(fn ->
+      File.rm_rf!(emoji_path)
+    end)
+
+    :ok
+  end
+
+  test "does nothing by default" do
+    installed_emoji = Pleroma.Emoji.get_all() |> Enum.map(fn {k, _} -> k end)
+    refute "firedfox" in installed_emoji
+
+    message = %{
+      "type" => "Create",
+      "object" => %{
+        "emoji" => [{"firedfox", "https://example.org/emoji/firedfox.png"}],
+        "actor" => "https://example.org/users/admin"
+      }
+    }
+
+    assert {:ok, message} == StealEmojiPolicy.filter(message)
+
+    installed_emoji = Pleroma.Emoji.get_all() |> Enum.map(fn {k, _} -> k end)
+    refute "firedfox" in installed_emoji
+  end
+
+  test "Steals emoji on unknown shortcode from allowed remote host" do
+    installed_emoji = Pleroma.Emoji.get_all() |> Enum.map(fn {k, _} -> k end)
+    refute "firedfox" in installed_emoji
+
+    message = %{
+      "type" => "Create",
+      "object" => %{
+        "emoji" => [{"firedfox", "https://example.org/emoji/firedfox.png"}],
+        "actor" => "https://example.org/users/admin"
+      }
+    }
+
+    clear_config([:mrf_steal_emoji, :hosts], ["example.org"])
+    clear_config([:mrf_steal_emoji, :size_limit], 284_468)
+
+    assert {:ok, message} == StealEmojiPolicy.filter(message)
+
+    installed_emoji = Pleroma.Emoji.get_all() |> Enum.map(fn {k, _} -> k end)
+    assert "firedfox" in installed_emoji
+  end
+end
--- a/test/web/activity_pub/object_validator_test.exs
+++ b/test/web/activity_pub/object_validator_test.exs
@ -1,6 +1,8 @@
 defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do
  use Pleroma.DataCase

+  alias Pleroma.Object
+  alias Pleroma.Web.ActivityPub.Builder
  alias Pleroma.Web.ActivityPub.ObjectValidator
  alias Pleroma.Web.ActivityPub.ObjectValidators.LikeValidator
  alias Pleroma.Web.ActivityPub.Utils
@ -8,10 +10,182 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do

  import Pleroma.Factory

+  describe "EmojiReacts" do
+    setup do
+      user = insert(:user)
+      {:ok, post_activity} = CommonAPI.post(user, %{status: "uguu"})
+
+      object = Pleroma.Object.get_by_ap_id(post_activity.data["object"])
+
+      {:ok, valid_emoji_react, []} = Builder.emoji_react(user, object, "👌")
+
+      %{user: user, post_activity: post_activity, valid_emoji_react: valid_emoji_react}
+    end
+
+    test "it validates a valid EmojiReact", %{valid_emoji_react: valid_emoji_react} do
+      assert {:ok, _, _} = ObjectValidator.validate(valid_emoji_react, [])
+    end
+
+    test "it is not valid without a 'content' field", %{valid_emoji_react: valid_emoji_react} do
+      without_content =
+        valid_emoji_react
+        |> Map.delete("content")
+
+      {:error, cng} = ObjectValidator.validate(without_content, [])
+
+      refute cng.valid?
+      assert {:content, {"can't be blank", [validation: :required]}} in cng.errors
+    end
+
+    test "it is not valid with a non-emoji content field", %{valid_emoji_react: valid_emoji_react} do
+      without_emoji_content =
+        valid_emoji_react
+        |> Map.put("content", "x")
+
+      {:error, cng} = ObjectValidator.validate(without_emoji_content, [])
+
+      refute cng.valid?
+
+      assert {:content, {"must be a single character emoji", []}} in cng.errors
+    end
+  end
+
+  describe "Undos" do
+    setup do
+      user = insert(:user)
+      {:ok, post_activity} = CommonAPI.post(user, %{status: "uguu"})
+      {:ok, like} = CommonAPI.favorite(user, post_activity.id)
+      {:ok, valid_like_undo, []} = Builder.undo(user, like)
+
+      %{user: user, like: like, valid_like_undo: valid_like_undo}
+    end
+
+    test "it validates a basic like undo", %{valid_like_undo: valid_like_undo} do
+      assert {:ok, _, _} = ObjectValidator.validate(valid_like_undo, [])
+    end
+
+    test "it does not validate if the actor of the undo is not the actor of the object", %{
+      valid_like_undo: valid_like_undo
+    } do
+      other_user = insert(:user, ap_id: "https://gensokyo.2hu/users/raymoo")
+
+      bad_actor =
+        valid_like_undo
+        |> Map.put("actor", other_user.ap_id)
+
+      {:error, cng} = ObjectValidator.validate(bad_actor, [])
+
+      assert {:actor, {"not the same as object actor", []}} in cng.errors
+    end
+
+    test "it does not validate if the object is missing", %{valid_like_undo: valid_like_undo} do
+      missing_object =
+        valid_like_undo
+        |> Map.put("object", "https://gensokyo.2hu/objects/1")
+
+      {:error, cng} = ObjectValidator.validate(missing_object, [])
+
+      assert {:object, {"can't find object", []}} in cng.errors
+      assert length(cng.errors) == 1
+    end
+  end
+
+  describe "deletes" do
+    setup do
+      user = insert(:user)
+      {:ok, post_activity} = CommonAPI.post(user, %{status: "cancel me daddy"})
+
+      {:ok, valid_post_delete, _} = Builder.delete(user, post_activity.data["object"])
+      {:ok, valid_user_delete, _} = Builder.delete(user, user.ap_id)
+
+      %{user: user, valid_post_delete: valid_post_delete, valid_user_delete: valid_user_delete}
+    end
+
+    test "it is valid for a post deletion", %{valid_post_delete: valid_post_delete} do
+      {:ok, valid_post_delete, _} = ObjectValidator.validate(valid_post_delete, [])
+
+      assert valid_post_delete["deleted_activity_id"]
+    end
+
+    test "it is invalid if the object isn't in a list of certain types", %{
+      valid_post_delete: valid_post_delete
+    } do
+      object = Object.get_by_ap_id(valid_post_delete["object"])
+
+      data =
+        object.data
+        |> Map.put("type", "Like")
+
+      {:ok, _object} =
+        object
+        |> Ecto.Changeset.change(%{data: data})
+        |> Object.update_and_set_cache()
+
+      {:error, cng} = ObjectValidator.validate(valid_post_delete, [])
+      assert {:object, {"object not in allowed types", []}} in cng.errors
+    end
+
+    test "it is valid for a user deletion", %{valid_user_delete: valid_user_delete} do
+      assert match?({:ok, _, _}, ObjectValidator.validate(valid_user_delete, []))
+    end
+
+    test "it's invalid if the id is missing", %{valid_post_delete: valid_post_delete} do
+      no_id =
+        valid_post_delete
+        |> Map.delete("id")
+
+      {:error, cng} = ObjectValidator.validate(no_id, [])
+
+      assert {:id, {"can't be blank", [validation: :required]}} in cng.errors
+    end
+
+    test "it's invalid if the object doesn't exist", %{valid_post_delete: valid_post_delete} do
+      missing_object =
+        valid_post_delete
+        |> Map.put("object", "http://does.not/exist")
+
+      {:error, cng} = ObjectValidator.validate(missing_object, [])
+
+      assert {:object, {"can't find object", []}} in cng.errors
+    end
+
+    test "it's invalid if the actor of the object and the actor of delete are from different domains",
+         %{valid_post_delete: valid_post_delete} do
+      valid_user = insert(:user)
+
+      valid_other_actor =
+        valid_post_delete
+        |> Map.put("actor", valid_user.ap_id)
+
+      assert match?({:ok, _, _}, ObjectValidator.validate(valid_other_actor, []))
+
+      invalid_other_actor =
+        valid_post_delete
+        |> Map.put("actor", "https://gensokyo.2hu/users/raymoo")
+
+      {:error, cng} = ObjectValidator.validate(invalid_other_actor, [])
+
+      assert {:actor, {"is not allowed to delete object", []}} in cng.errors
+    end
+
+    test "it's valid if the actor of the object is a local superuser",
+         %{valid_post_delete: valid_post_delete} do
+      user =
+        insert(:user, local: true, is_moderator: true, ap_id: "https://gensokyo.2hu/users/raymoo")
+
+      valid_other_actor =
+        valid_post_delete
+        |> Map.put("actor", user.ap_id)
+
+      {:ok, _, meta} = ObjectValidator.validate(valid_other_actor, [])
+      assert meta[:do_not_federate]
+    end
+  end
+
  describe "likes" do
    setup do
      user = insert(:user)
-      {:ok, post_activity} = CommonAPI.post(user, %{"status" => "uguu"})
+      {:ok, post_activity} = CommonAPI.post(user, %{status: "uguu"})

      valid_like = %{
        "to" => [user.ap_id],
@ -106,4 +280,96 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do
      assert {:object, valid_like["object"]} in validated.changes
    end
  end
+
+  describe "announces" do
+    setup do
+      user = insert(:user)
+      announcer = insert(:user)
+      {:ok, post_activity} = CommonAPI.post(user, %{status: "uguu"})
+
+      object = Object.normalize(post_activity, false)
+      {:ok, valid_announce, []} = Builder.announce(announcer, object)
+
+      %{
+        valid_announce: valid_announce,
+        user: user,
+        post_activity: post_activity,
+        announcer: announcer
+      }
+    end
+
+    test "returns ok for a valid announce", %{valid_announce: valid_announce} do
+      assert {:ok, _object, _meta} = ObjectValidator.validate(valid_announce, [])
+    end
+
+    test "returns an error if the object can't be found", %{valid_announce: valid_announce} do
+      without_object =
+        valid_announce
+        |> Map.delete("object")
+
+      {:error, cng} = ObjectValidator.validate(without_object, [])
+
+      assert {:object, {"can't be blank", [validation: :required]}} in cng.errors
+
+      nonexisting_object =
+        valid_announce
+        |> Map.put("object", "https://gensokyo.2hu/objects/99999999")
+
+      {:error, cng} = ObjectValidator.validate(nonexisting_object, [])
+
+      assert {:object, {"can't find object", []}} in cng.errors
+    end
+
+    test "returns an error if we don't have the actor", %{valid_announce: valid_announce} do
+      nonexisting_actor =
+        valid_announce
+        |> Map.put("actor", "https://gensokyo.2hu/users/raymoo")
+
+      {:error, cng} = ObjectValidator.validate(nonexisting_actor, [])
+
+      assert {:actor, {"can't find user", []}} in cng.errors
+    end
+
+    test "returns an error if the actor already announced the object", %{
+      valid_announce: valid_announce,
+      announcer: announcer,
+      post_activity: post_activity
+    } do
+      _announce = CommonAPI.repeat(post_activity.id, announcer)
+
+      {:error, cng} = ObjectValidator.validate(valid_announce, [])
+
+      assert {:actor, {"already announced this object", []}} in cng.errors
+      assert {:object, {"already announced by this actor", []}} in cng.errors
+    end
+
+    test "returns an error if the actor can't announce the object", %{
+      announcer: announcer,
+      user: user
+    } do
+      {:ok, post_activity} =
+        CommonAPI.post(user, %{status: "a secret post", visibility: "private"})
+
+      object = Object.normalize(post_activity, false)
+
+      # Another user can't announce it
+      {:ok, announce, []} = Builder.announce(announcer, object, public: false)
+
+      {:error, cng} = ObjectValidator.validate(announce, [])
+
+      assert {:actor, {"can not announce this object", []}} in cng.errors
+
+      # The actor of the object can announce it
+      {:ok, announce, []} = Builder.announce(user, object, public: false)
+
+      assert {:ok, _, _} = ObjectValidator.validate(announce, [])
+
+      # The actor of the object can not announce it publicly
+      {:ok, announce, []} = Builder.announce(user, object, public: true)
+
+      {:error, cng} = ObjectValidator.validate(announce, [])
+
+      assert {:actor, {"can not announce this object publicly", []}} in cng.errors
+    end
+  end
 end
--- a/test/web/activity_pub/object_validators/types/recipients_test.exs
+++ b/test/web/activity_pub/object_validators/types/recipients_test.exs
@ -0,0 +1,27 @@
+defmodule Pleroma.Web.ObjectValidators.Types.RecipientsTest do
+  alias Pleroma.Web.ActivityPub.ObjectValidators.Types.Recipients
+  use Pleroma.DataCase
+
+  test "it asserts that all elements of the list are object ids" do
+    list = ["https://lain.com/users/lain", "invalid"]
+
+    assert :error == Recipients.cast(list)
+  end
+
+  test "it works with a list" do
+    list = ["https://lain.com/users/lain"]
+    assert {:ok, list} == Recipients.cast(list)
+  end
+
+  test "it works with a list with whole objects" do
+    list = ["https://lain.com/users/lain", %{"id" => "https://gensokyo.2hu/users/raymoo"}]
+    resulting_list = ["https://gensokyo.2hu/users/raymoo", "https://lain.com/users/lain"]
+    assert {:ok, resulting_list} == Recipients.cast(list)
+  end
+
+  test "it turns a single string into a list" do
+    recipient = "https://lain.com/users/lain"
+
+    assert {:ok, [recipient]} == Recipients.cast(recipient)
+  end
+end
--- a/test/web/activity_pub/pipeline_test.exs
+++ b/test/web/activity_pub/pipeline_test.exs
@ -9,6 +9,11 @@ defmodule Pleroma.Web.ActivityPub.PipelineTest do
  import Pleroma.Factory

  describe "common_pipeline/2" do
+    setup do
+      clear_config([:instance, :federating], true)
+      :ok
+    end
+
    test "it goes through validation, filtering, persisting, side effects and federation for local activities" do
      activity = insert(:note_activity)
      meta = [local: true]
@ -83,5 +88,44 @@ defmodule Pleroma.Web.ActivityPub.PipelineTest do
        assert_called(Pleroma.Web.ActivityPub.SideEffects.handle(activity, meta))
      end
    end
+
+    test "it goes through validation, filtering, persisting, side effects without federation for local activities if federation is deactivated" do
+      clear_config([:instance, :federating], false)
+
+      activity = insert(:note_activity)
+      meta = [local: true]
+
+      with_mocks([
+        {Pleroma.Web.ActivityPub.ObjectValidator, [], [validate: fn o, m -> {:ok, o, m} end]},
+        {
+          Pleroma.Web.ActivityPub.MRF,
+          [],
+          [filter: fn o -> {:ok, o} end]
+        },
+        {
+          Pleroma.Web.ActivityPub.ActivityPub,
+          [],
+          [persist: fn o, m -> {:ok, o, m} end]
+        },
+        {
+          Pleroma.Web.ActivityPub.SideEffects,
+          [],
+          [handle: fn o, m -> {:ok, o, m} end]
+        },
+        {
+          Pleroma.Web.Federator,
+          [],
+          []
+        }
+      ]) do
+        assert {:ok, ^activity, ^meta} =
+                 Pleroma.Web.ActivityPub.Pipeline.common_pipeline(activity, meta)
+
+        assert_called(Pleroma.Web.ActivityPub.ObjectValidator.validate(activity, meta))
+        assert_called(Pleroma.Web.ActivityPub.MRF.filter(activity))
+        assert_called(Pleroma.Web.ActivityPub.ActivityPub.persist(activity, meta))
+        assert_called(Pleroma.Web.ActivityPub.SideEffects.handle(activity, meta))
+      end
+    end
  end
 end
--- a/test/web/activity_pub/relay_test.exs
+++ b/test/web/activity_pub/relay_test.exs
@ -6,7 +6,6 @@ defmodule Pleroma.Web.ActivityPub.RelayTest do
  use Pleroma.DataCase

  alias Pleroma.Activity
-  alias Pleroma.Object
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.ActivityPub
  alias Pleroma.Web.ActivityPub.Relay
@ -95,21 +94,21 @@ defmodule Pleroma.Web.ActivityPub.RelayTest do
      end)

      assert capture_log(fn ->
-               assert Relay.publish(activity) == {:error, nil}
-             end) =~ "[error] error: nil"
+               assert Relay.publish(activity) == {:error, false}
+             end) =~ "[error] error: false"
    end

    test_with_mock "returns announce activity and publish to federate",
                   Pleroma.Web.Federator,
                   [:passthrough],
                   [] do
-      Pleroma.Config.put([:instance, :federating], true)
+      clear_config([:instance, :federating], true)
      service_actor = Relay.get_actor()
      note = insert(:note_activity)
-      assert {:ok, %Activity{} = activity, %Object{} = obj} = Relay.publish(note)
+      assert {:ok, %Activity{} = activity} = Relay.publish(note)
      assert activity.data["type"] == "Announce"
      assert activity.data["actor"] == service_actor.ap_id
-      assert activity.data["object"] == obj.data["id"]
+      assert activity.data["to"] == [service_actor.follower_address]
      assert called(Pleroma.Web.Federator.publish(activity))
    end

@ -117,13 +116,12 @@ defmodule Pleroma.Web.ActivityPub.RelayTest do
                   Pleroma.Web.Federator,
                   [:passthrough],
                   [] do
-      Pleroma.Config.put([:instance, :federating], false)
+      clear_config([:instance, :federating], false)
      service_actor = Relay.get_actor()
      note = insert(:note_activity)
-      assert {:ok, %Activity{} = activity, %Object{} = obj} = Relay.publish(note)
+      assert {:ok, %Activity{} = activity} = Relay.publish(note)
      assert activity.data["type"] == "Announce"
      assert activity.data["actor"] == service_actor.ap_id
-      assert activity.data["object"] == obj.data["id"]
      refute called(Pleroma.Web.Federator.publish(activity))
    end
  end
--- a/test/web/activity_pub/side_effects_test.exs
+++ b/test/web/activity_pub/side_effects_test.exs
@ -3,23 +3,273 @@
 # SPDX-License-Identifier: AGPL-3.0-only

 defmodule Pleroma.Web.ActivityPub.SideEffectsTest do
+  use Oban.Testing, repo: Pleroma.Repo
  use Pleroma.DataCase

+  alias Pleroma.Activity
  alias Pleroma.Notification
  alias Pleroma.Object
  alias Pleroma.Repo
+  alias Pleroma.Tests.ObanHelpers
+  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.ActivityPub
  alias Pleroma.Web.ActivityPub.Builder
  alias Pleroma.Web.ActivityPub.SideEffects
  alias Pleroma.Web.CommonAPI

  import Pleroma.Factory
+  import Mock
+
+  describe "delete objects" do
+    setup do
+      user = insert(:user)
+      other_user = insert(:user)
+
+      {:ok, op} = CommonAPI.post(other_user, %{status: "big oof"})
+      {:ok, post} = CommonAPI.post(user, %{status: "hey", in_reply_to_id: op})
+      {:ok, favorite} = CommonAPI.favorite(user, post.id)
+      object = Object.normalize(post)
+      {:ok, delete_data, _meta} = Builder.delete(user, object.data["id"])
+      {:ok, delete_user_data, _meta} = Builder.delete(user, user.ap_id)
+      {:ok, delete, _meta} = ActivityPub.persist(delete_data, local: true)
+      {:ok, delete_user, _meta} = ActivityPub.persist(delete_user_data, local: true)
+
+      %{
+        user: user,
+        delete: delete,
+        post: post,
+        object: object,
+        delete_user: delete_user,
+        op: op,
+        favorite: favorite
+      }
+    end
+
+    test "it handles object deletions", %{
+      delete: delete,
+      post: post,
+      object: object,
+      user: user,
+      op: op,
+      favorite: favorite
+    } do
+      with_mock Pleroma.Web.ActivityPub.ActivityPub, [:passthrough],
+        stream_out: fn _ -> nil end,
+        stream_out_participations: fn _, _ -> nil end do
+        {:ok, delete, _} = SideEffects.handle(delete)
+        user = User.get_cached_by_ap_id(object.data["actor"])
+
+        assert called(Pleroma.Web.ActivityPub.ActivityPub.stream_out(delete))
+        assert called(Pleroma.Web.ActivityPub.ActivityPub.stream_out_participations(object, user))
+      end
+
+      object = Object.get_by_id(object.id)
+      assert object.data["type"] == "Tombstone"
+      refute Activity.get_by_id(post.id)
+      refute Activity.get_by_id(favorite.id)
+
+      user = User.get_by_id(user.id)
+      assert user.note_count == 0
+
+      object = Object.normalize(op.data["object"], false)
+
+      assert object.data["repliesCount"] == 0
+    end
+
+    test "it handles object deletions when the object itself has been pruned", %{
+      delete: delete,
+      post: post,
+      object: object,
+      user: user,
+      op: op
+    } do
+      with_mock Pleroma.Web.ActivityPub.ActivityPub, [:passthrough],
+        stream_out: fn _ -> nil end,
+        stream_out_participations: fn _, _ -> nil end do
+        {:ok, delete, _} = SideEffects.handle(delete)
+        user = User.get_cached_by_ap_id(object.data["actor"])
+
+        assert called(Pleroma.Web.ActivityPub.ActivityPub.stream_out(delete))
+        assert called(Pleroma.Web.ActivityPub.ActivityPub.stream_out_participations(object, user))
+      end
+
+      object = Object.get_by_id(object.id)
+      assert object.data["type"] == "Tombstone"
+      refute Activity.get_by_id(post.id)
+
+      user = User.get_by_id(user.id)
+      assert user.note_count == 0
+
+      object = Object.normalize(op.data["object"], false)
+
+      assert object.data["repliesCount"] == 0
+    end
+
+    test "it handles user deletions", %{delete_user: delete, user: user} do
+      {:ok, _delete, _} = SideEffects.handle(delete)
+      ObanHelpers.perform_all()
+
+      assert User.get_cached_by_ap_id(user.ap_id).deactivated
+    end
+  end
+
+  describe "EmojiReact objects" do
+    setup do
+      poster = insert(:user)
+      user = insert(:user)
+
+      {:ok, post} = CommonAPI.post(poster, %{status: "hey"})
+
+      {:ok, emoji_react_data, []} = Builder.emoji_react(user, post.object, "👌")
+      {:ok, emoji_react, _meta} = ActivityPub.persist(emoji_react_data, local: true)
+
+      %{emoji_react: emoji_react, user: user, poster: poster}
+    end
+
+    test "adds the reaction to the object", %{emoji_react: emoji_react, user: user} do
+      {:ok, emoji_react, _} = SideEffects.handle(emoji_react)
+      object = Object.get_by_ap_id(emoji_react.data["object"])
+
+      assert object.data["reaction_count"] == 1
+      assert ["👌", [user.ap_id]] in object.data["reactions"]
+    end
+
+    test "creates a notification", %{emoji_react: emoji_react, poster: poster} do
+      {:ok, emoji_react, _} = SideEffects.handle(emoji_react)
+      assert Repo.get_by(Notification, user_id: poster.id, activity_id: emoji_react.id)
+    end
+  end
+
+  describe "delete users with confirmation pending" do
+    setup do
+      user = insert(:user, confirmation_pending: true)
+      {:ok, delete_user_data, _meta} = Builder.delete(user, user.ap_id)
+      {:ok, delete_user, _meta} = ActivityPub.persist(delete_user_data, local: true)
+      {:ok, delete: delete_user, user: user}
+    end
+
+    test "when activation is not required", %{delete: delete, user: user} do
+      clear_config([:instance, :account_activation_required], false)
+      {:ok, _, _} = SideEffects.handle(delete)
+      ObanHelpers.perform_all()
+
+      assert User.get_cached_by_id(user.id).deactivated
+    end
+
+    test "when activation is required", %{delete: delete, user: user} do
+      clear_config([:instance, :account_activation_required], true)
+      {:ok, _, _} = SideEffects.handle(delete)
+      ObanHelpers.perform_all()
+
+      refute User.get_cached_by_id(user.id)
+    end
+  end
+
+  describe "Undo objects" do
+    setup do
+      poster = insert(:user)
+      user = insert(:user)
+      {:ok, post} = CommonAPI.post(poster, %{status: "hey"})
+      {:ok, like} = CommonAPI.favorite(user, post.id)
+      {:ok, reaction} = CommonAPI.react_with_emoji(post.id, user, "👍")
+      {:ok, announce} = CommonAPI.repeat(post.id, user)
+      {:ok, block} = ActivityPub.block(user, poster)
+      User.block(user, poster)
+
+      {:ok, undo_data, _meta} = Builder.undo(user, like)
+      {:ok, like_undo, _meta} = ActivityPub.persist(undo_data, local: true)
+
+      {:ok, undo_data, _meta} = Builder.undo(user, reaction)
+      {:ok, reaction_undo, _meta} = ActivityPub.persist(undo_data, local: true)
+
+      {:ok, undo_data, _meta} = Builder.undo(user, announce)
+      {:ok, announce_undo, _meta} = ActivityPub.persist(undo_data, local: true)
+
+      {:ok, undo_data, _meta} = Builder.undo(user, block)
+      {:ok, block_undo, _meta} = ActivityPub.persist(undo_data, local: true)
+
+      %{
+        like_undo: like_undo,
+        post: post,
+        like: like,
+        reaction_undo: reaction_undo,
+        reaction: reaction,
+        announce_undo: announce_undo,
+        announce: announce,
+        block_undo: block_undo,
+        block: block,
+        poster: poster,
+        user: user
+      }
+    end
+
+    test "deletes the original block", %{block_undo: block_undo, block: block} do
+      {:ok, _block_undo, _} = SideEffects.handle(block_undo)
+      refute Activity.get_by_id(block.id)
+    end
+
+    test "unblocks the blocked user", %{block_undo: block_undo, block: block} do
+      blocker = User.get_by_ap_id(block.data["actor"])
+      blocked = User.get_by_ap_id(block.data["object"])
+
+      {:ok, _block_undo, _} = SideEffects.handle(block_undo)
+      refute User.blocks?(blocker, blocked)
+    end
+
+    test "an announce undo removes the announce from the object", %{
+      announce_undo: announce_undo,
+      post: post
+    } do
+      {:ok, _announce_undo, _} = SideEffects.handle(announce_undo)
+
+      object = Object.get_by_ap_id(post.data["object"])
+
+      assert object.data["announcement_count"] == 0
+      assert object.data["announcements"] == []
+    end
+
+    test "deletes the original announce", %{announce_undo: announce_undo, announce: announce} do
+      {:ok, _announce_undo, _} = SideEffects.handle(announce_undo)
+      refute Activity.get_by_id(announce.id)
+    end
+
+    test "a reaction undo removes the reaction from the object", %{
+      reaction_undo: reaction_undo,
+      post: post
+    } do
+      {:ok, _reaction_undo, _} = SideEffects.handle(reaction_undo)
+
+      object = Object.get_by_ap_id(post.data["object"])
+
+      assert object.data["reaction_count"] == 0
+      assert object.data["reactions"] == []
+    end
+
+    test "deletes the original reaction", %{reaction_undo: reaction_undo, reaction: reaction} do
+      {:ok, _reaction_undo, _} = SideEffects.handle(reaction_undo)
+      refute Activity.get_by_id(reaction.id)
+    end
+
+    test "a like undo removes the like from the object", %{like_undo: like_undo, post: post} do
+      {:ok, _like_undo, _} = SideEffects.handle(like_undo)
+
+      object = Object.get_by_ap_id(post.data["object"])
+
+      assert object.data["like_count"] == 0
+      assert object.data["likes"] == []
+    end
+
+    test "deletes the original like", %{like_undo: like_undo, like: like} do
+      {:ok, _like_undo, _} = SideEffects.handle(like_undo)
+      refute Activity.get_by_id(like.id)
+    end
+  end

  describe "like objects" do
    setup do
      poster = insert(:user)
      user = insert(:user)
-      {:ok, post} = CommonAPI.post(poster, %{"status" => "hey"})
+      {:ok, post} = CommonAPI.post(poster, %{status: "hey"})

      {:ok, like_data, _meta} = Builder.like(user, post.object)
      {:ok, like, _meta} = ActivityPub.persist(like_data, local: true)
@ -39,4 +289,61 @@ defmodule Pleroma.Web.ActivityPub.SideEffectsTest do
      assert Repo.get_by(Notification, user_id: poster.id, activity_id: like.id)
    end
  end
+
+  describe "announce objects" do
+    setup do
+      poster = insert(:user)
+      user = insert(:user)
+      {:ok, post} = CommonAPI.post(poster, %{status: "hey"})
+      {:ok, private_post} = CommonAPI.post(poster, %{status: "hey", visibility: "private"})
+
+      {:ok, announce_data, _meta} = Builder.announce(user, post.object, public: true)
+
+      {:ok, private_announce_data, _meta} =
+        Builder.announce(user, private_post.object, public: false)
+
+      {:ok, relay_announce_data, _meta} =
+        Builder.announce(Pleroma.Web.ActivityPub.Relay.get_actor(), post.object, public: true)
+
+      {:ok, announce, _meta} = ActivityPub.persist(announce_data, local: true)
+      {:ok, private_announce, _meta} = ActivityPub.persist(private_announce_data, local: true)
+      {:ok, relay_announce, _meta} = ActivityPub.persist(relay_announce_data, local: true)
+
+      %{
+        announce: announce,
+        user: user,
+        poster: poster,
+        private_announce: private_announce,
+        relay_announce: relay_announce
+      }
+    end
+
+    test "adds the announce to the original object", %{announce: announce, user: user} do
+      {:ok, announce, _} = SideEffects.handle(announce)
+      object = Object.get_by_ap_id(announce.data["object"])
+      assert object.data["announcement_count"] == 1
+      assert user.ap_id in object.data["announcements"]
+    end
+
+    test "does not add the announce to the original object if the actor is a service actor", %{
+      relay_announce: announce
+    } do
+      {:ok, announce, _} = SideEffects.handle(announce)
+      object = Object.get_by_ap_id(announce.data["object"])
+      assert object.data["announcement_count"] == nil
+    end
+
+    test "creates a notification", %{announce: announce, poster: poster} do
+      {:ok, announce, _} = SideEffects.handle(announce)
+      assert Repo.get_by(Notification, user_id: poster.id, activity_id: announce.id)
+    end
+
+    test "it streams out the announce", %{announce: announce} do
+      with_mock Pleroma.Web.ActivityPub.ActivityPub, [:passthrough], stream_out: fn _ -> nil end do
+        {:ok, announce, _} = SideEffects.handle(announce)
+
+        assert called(Pleroma.Web.ActivityPub.ActivityPub.stream_out(announce))
+      end
+    end
+  end
 end
--- a/test/web/activity_pub/transmogrifier/announce_handling_test.exs
+++ b/test/web/activity_pub/transmogrifier/announce_handling_test.exs
@ -0,0 +1,172 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.Transmogrifier.AnnounceHandlingTest do
+  use Pleroma.DataCase
+
+  alias Pleroma.Activity
+  alias Pleroma.Object
+  alias Pleroma.Web.ActivityPub.Transmogrifier
+  alias Pleroma.Web.CommonAPI
+
+  import Pleroma.Factory
+
+  test "it works for incoming honk announces" do
+    user = insert(:user, ap_id: "https://honktest/u/test", local: false)
+    other_user = insert(:user)
+    {:ok, post} = CommonAPI.post(other_user, %{status: "bonkeronk"})
+
+    announce = %{
+      "@context" => "https://www.w3.org/ns/activitystreams",
+      "actor" => "https://honktest/u/test",
+      "id" => "https://honktest/u/test/bonk/1793M7B9MQ48847vdx",
+      "object" => post.data["object"],
+      "published" => "2019-06-25T19:33:58Z",
+      "to" => "https://www.w3.org/ns/activitystreams#Public",
+      "type" => "Announce"
+    }
+
+    {:ok, %Activity{local: false}} = Transmogrifier.handle_incoming(announce)
+
+    object = Object.get_by_ap_id(post.data["object"])
+
+    assert length(object.data["announcements"]) == 1
+    assert user.ap_id in object.data["announcements"]
+  end
+
+  test "it works for incoming announces with actor being inlined (kroeg)" do
+    data = File.read!("test/fixtures/kroeg-announce-with-inline-actor.json") |> Poison.decode!()
+
+    _user = insert(:user, local: false, ap_id: data["actor"]["id"])
+    other_user = insert(:user)
+
+    {:ok, post} = CommonAPI.post(other_user, %{status: "kroegeroeg"})
+
+    data =
+      data
+      |> put_in(["object", "id"], post.data["object"])
+
+    {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
+
+    assert data["actor"] == "https://puckipedia.com/"
+  end
+
+  test "it works for incoming announces, fetching the announced object" do
+    data =
+      File.read!("test/fixtures/mastodon-announce.json")
+      |> Poison.decode!()
+      |> Map.put("object", "http://mastodon.example.org/users/admin/statuses/99541947525187367")
+
+    Tesla.Mock.mock(fn
+      %{method: :get} ->
+        %Tesla.Env{status: 200, body: File.read!("test/fixtures/mastodon-note-object.json")}
+    end)
+
+    _user = insert(:user, local: false, ap_id: data["actor"])
+
+    {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
+
+    assert data["actor"] == "http://mastodon.example.org/users/admin"
+    assert data["type"] == "Announce"
+
+    assert data["id"] ==
+             "http://mastodon.example.org/users/admin/statuses/99542391527669785/activity"
+
+    assert data["object"] ==
+             "http://mastodon.example.org/users/admin/statuses/99541947525187367"
+
+    assert(Activity.get_create_by_object_ap_id(data["object"]))
+  end
+
+  @tag capture_log: true
+  test "it works for incoming announces with an existing activity" do
+    user = insert(:user)
+    {:ok, activity} = CommonAPI.post(user, %{status: "hey"})
+
+    data =
+      File.read!("test/fixtures/mastodon-announce.json")
+      |> Poison.decode!()
+      |> Map.put("object", activity.data["object"])
+
+    _user = insert(:user, local: false, ap_id: data["actor"])
+
+    {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
+
+    assert data["actor"] == "http://mastodon.example.org/users/admin"
+    assert data["type"] == "Announce"
+
+    assert data["id"] ==
+             "http://mastodon.example.org/users/admin/statuses/99542391527669785/activity"
+
+    assert data["object"] == activity.data["object"]
+
+    assert Activity.get_create_by_object_ap_id(data["object"]).id == activity.id
+  end
+
+  # Ignore inlined activities for now
+  @tag skip: true
+  test "it works for incoming announces with an inlined activity" do
+    data =
+      File.read!("test/fixtures/mastodon-announce-private.json")
+      |> Poison.decode!()
+
+    _user =
+      insert(:user,
+        local: false,
+        ap_id: data["actor"],
+        follower_address: data["actor"] <> "/followers"
+      )
+
+    {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
+
+    assert data["actor"] == "http://mastodon.example.org/users/admin"
+    assert data["type"] == "Announce"
+
+    assert data["id"] ==
+             "http://mastodon.example.org/users/admin/statuses/99542391527669785/activity"
+
+    object = Object.normalize(data["object"])
+
+    assert object.data["id"] == "http://mastodon.example.org/@admin/99541947525187368"
+    assert object.data["content"] == "this is a private toot"
+  end
+
+  @tag capture_log: true
+  test "it rejects incoming announces with an inlined activity from another origin" do
+    Tesla.Mock.mock(fn
+      %{method: :get} -> %Tesla.Env{status: 404, body: ""}
+    end)
+
+    data =
+      File.read!("test/fixtures/bogus-mastodon-announce.json")
+      |> Poison.decode!()
+
+    _user = insert(:user, local: false, ap_id: data["actor"])
+
+    assert {:error, e} = Transmogrifier.handle_incoming(data)
+  end
+
+  test "it does not clobber the addressing on announce activities" do
+    user = insert(:user)
+    {:ok, activity} = CommonAPI.post(user, %{status: "hey"})
+
+    data =
+      File.read!("test/fixtures/mastodon-announce.json")
+      |> Poison.decode!()
+      |> Map.put("object", Object.normalize(activity).data["id"])
+      |> Map.put("to", ["http://mastodon.example.org/users/admin/followers"])
+      |> Map.put("cc", [])
+
+    _user =
+      insert(:user,
+        local: false,
+        ap_id: data["actor"],
+        follower_address: "http://mastodon.example.org/users/admin/followers"
+      )
+
+    {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
+
+    assert data["to"] == ["http://mastodon.example.org/users/admin/followers"]
+  end
+end
--- a/test/web/activity_pub/transmogrifier/delete_handling_test.exs
+++ b/test/web/activity_pub/transmogrifier/delete_handling_test.exs
@ -0,0 +1,114 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.Transmogrifier.DeleteHandlingTest do
+  use Oban.Testing, repo: Pleroma.Repo
+  use Pleroma.DataCase
+
+  alias Pleroma.Activity
+  alias Pleroma.Object
+  alias Pleroma.Tests.ObanHelpers
+  alias Pleroma.User
+  alias Pleroma.Web.ActivityPub.Transmogrifier
+
+  import Pleroma.Factory
+
+  setup_all do
+    Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
+    :ok
+  end
+
+  test "it works for incoming deletes" do
+    activity = insert(:note_activity)
+    deleting_user = insert(:user)
+
+    data =
+      File.read!("test/fixtures/mastodon-delete.json")
+      |> Poison.decode!()
+      |> Map.put("actor", deleting_user.ap_id)
+      |> put_in(["object", "id"], activity.data["object"])
+
+    {:ok, %Activity{actor: actor, local: false, data: %{"id" => id}}} =
+      Transmogrifier.handle_incoming(data)
+
+    assert id == data["id"]
+
+    # We delete the Create activity because we base our timelines on it.
+    # This should be changed after we unify objects and activities
+    refute Activity.get_by_id(activity.id)
+    assert actor == deleting_user.ap_id
+
+    # Objects are replaced by a tombstone object.
+    object = Object.normalize(activity.data["object"])
+    assert object.data["type"] == "Tombstone"
+  end
+
+  test "it works for incoming when the object has been pruned" do
+    activity = insert(:note_activity)
+
+    {:ok, object} =
+      Object.normalize(activity.data["object"])
+      |> Repo.delete()
+
+    Cachex.del(:object_cache, "object:#{object.data["id"]}")
+
+    deleting_user = insert(:user)
+
+    data =
+      File.read!("test/fixtures/mastodon-delete.json")
+      |> Poison.decode!()
+      |> Map.put("actor", deleting_user.ap_id)
+      |> put_in(["object", "id"], activity.data["object"])
+
+    {:ok, %Activity{actor: actor, local: false, data: %{"id" => id}}} =
+      Transmogrifier.handle_incoming(data)
+
+    assert id == data["id"]
+
+    # We delete the Create activity because we base our timelines on it.
+    # This should be changed after we unify objects and activities
+    refute Activity.get_by_id(activity.id)
+    assert actor == deleting_user.ap_id
+  end
+
+  test "it fails for incoming deletes with spoofed origin" do
+    activity = insert(:note_activity)
+    %{ap_id: ap_id} = insert(:user, ap_id: "https://gensokyo.2hu/users/raymoo")
+
+    data =
+      File.read!("test/fixtures/mastodon-delete.json")
+      |> Poison.decode!()
+      |> Map.put("actor", ap_id)
+      |> put_in(["object", "id"], activity.data["object"])
+
+    assert match?({:error, _}, Transmogrifier.handle_incoming(data))
+  end
+
+  @tag capture_log: true
+  test "it works for incoming user deletes" do
+    %{ap_id: ap_id} = insert(:user, ap_id: "http://mastodon.example.org/users/admin")
+
+    data =
+      File.read!("test/fixtures/mastodon-delete-user.json")
+      |> Poison.decode!()
+
+    {:ok, _} = Transmogrifier.handle_incoming(data)
+    ObanHelpers.perform_all()
+
+    assert User.get_cached_by_ap_id(ap_id).deactivated
+  end
+
+  test "it fails for incoming user deletes with spoofed origin" do
+    %{ap_id: ap_id} = insert(:user)
+
+    data =
+      File.read!("test/fixtures/mastodon-delete-user.json")
+      |> Poison.decode!()
+      |> Map.put("actor", ap_id)
+
+    assert match?({:error, _}, Transmogrifier.handle_incoming(data))
+
+    assert User.get_cached_by_ap_id(ap_id)
+  end
+end
--- a/test/web/activity_pub/transmogrifier/emoji_react_handling_test.exs
+++ b/test/web/activity_pub/transmogrifier/emoji_react_handling_test.exs
@ -0,0 +1,61 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.Transmogrifier.EmojiReactHandlingTest do
+  use Pleroma.DataCase
+
+  alias Pleroma.Activity
+  alias Pleroma.Object
+  alias Pleroma.Web.ActivityPub.Transmogrifier
+  alias Pleroma.Web.CommonAPI
+
+  import Pleroma.Factory
+
+  test "it works for incoming emoji reactions" do
+    user = insert(:user)
+    other_user = insert(:user, local: false)
+    {:ok, activity} = CommonAPI.post(user, %{status: "hello"})
+
+    data =
+      File.read!("test/fixtures/emoji-reaction.json")
+      |> Poison.decode!()
+      |> Map.put("object", activity.data["object"])
+      |> Map.put("actor", other_user.ap_id)
+
+    {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
+
+    assert data["actor"] == other_user.ap_id
+    assert data["type"] == "EmojiReact"
+    assert data["id"] == "http://mastodon.example.org/users/admin#reactions/2"
+    assert data["object"] == activity.data["object"]
+    assert data["content"] == "👌"
+
+    object = Object.get_by_ap_id(data["object"])
+
+    assert object.data["reaction_count"] == 1
+    assert match?([["👌", _]], object.data["reactions"])
+  end
+
+  test "it reject invalid emoji reactions" do
+    user = insert(:user)
+    other_user = insert(:user, local: false)
+    {:ok, activity} = CommonAPI.post(user, %{status: "hello"})
+
+    data =
+      File.read!("test/fixtures/emoji-reaction-too-long.json")
+      |> Poison.decode!()
+      |> Map.put("object", activity.data["object"])
+      |> Map.put("actor", other_user.ap_id)
+
+    assert {:error, _} = Transmogrifier.handle_incoming(data)
+
+    data =
+      File.read!("test/fixtures/emoji-reaction-no-emoji.json")
+      |> Poison.decode!()
+      |> Map.put("object", activity.data["object"])
+      |> Map.put("actor", other_user.ap_id)
+
+    assert {:error, _} = Transmogrifier.handle_incoming(data)
+  end
+end
--- a/test/web/activity_pub/transmogrifier/like_handling_test.exs
+++ b/test/web/activity_pub/transmogrifier/like_handling_test.exs
@ -14,7 +14,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier.LikeHandlingTest do
  test "it works for incoming likes" do
    user = insert(:user)

-    {:ok, activity} = CommonAPI.post(user, %{"status" => "hello"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "hello"})

    data =
      File.read!("test/fixtures/mastodon-like.json")
@ -36,7 +36,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier.LikeHandlingTest do
  test "it works for incoming misskey likes, turning them into EmojiReacts" do
    user = insert(:user)

-    {:ok, activity} = CommonAPI.post(user, %{"status" => "hello"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "hello"})

    data =
      File.read!("test/fixtures/misskey-like.json")
@ -57,7 +57,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier.LikeHandlingTest do
  test "it works for incoming misskey likes that contain unicode emojis, turning them into EmojiReacts" do
    user = insert(:user)

-    {:ok, activity} = CommonAPI.post(user, %{"status" => "hello"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "hello"})

    data =
      File.read!("test/fixtures/misskey-like.json")
--- a/test/web/activity_pub/transmogrifier/undo_handling_test.exs
+++ b/test/web/activity_pub/transmogrifier/undo_handling_test.exs
@ -0,0 +1,185 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.Transmogrifier.UndoHandlingTest do
+  use Pleroma.DataCase
+
+  alias Pleroma.Activity
+  alias Pleroma.Object
+  alias Pleroma.User
+  alias Pleroma.Web.ActivityPub.Transmogrifier
+  alias Pleroma.Web.CommonAPI
+
+  import Pleroma.Factory
+
+  test "it works for incoming emoji reaction undos" do
+    user = insert(:user)
+
+    {:ok, activity} = CommonAPI.post(user, %{status: "hello"})
+    {:ok, reaction_activity} = CommonAPI.react_with_emoji(activity.id, user, "👌")
+
+    data =
+      File.read!("test/fixtures/mastodon-undo-like.json")
+      |> Poison.decode!()
+      |> Map.put("object", reaction_activity.data["id"])
+      |> Map.put("actor", user.ap_id)
+
+    {:ok, activity} = Transmogrifier.handle_incoming(data)
+
+    assert activity.actor == user.ap_id
+    assert activity.data["id"] == data["id"]
+    assert activity.data["type"] == "Undo"
+  end
+
+  test "it returns an error for incoming unlikes wihout a like activity" do
+    user = insert(:user)
+    {:ok, activity} = CommonAPI.post(user, %{status: "leave a like pls"})
+
+    data =
+      File.read!("test/fixtures/mastodon-undo-like.json")
+      |> Poison.decode!()
+      |> Map.put("object", activity.data["object"])
+
+    assert Transmogrifier.handle_incoming(data) == :error
+  end
+
+  test "it works for incoming unlikes with an existing like activity" do
+    user = insert(:user)
+    {:ok, activity} = CommonAPI.post(user, %{status: "leave a like pls"})
+
+    like_data =
+      File.read!("test/fixtures/mastodon-like.json")
+      |> Poison.decode!()
+      |> Map.put("object", activity.data["object"])
+
+    _liker = insert(:user, ap_id: like_data["actor"], local: false)
+
+    {:ok, %Activity{data: like_data, local: false}} = Transmogrifier.handle_incoming(like_data)
+
+    data =
+      File.read!("test/fixtures/mastodon-undo-like.json")
+      |> Poison.decode!()
+      |> Map.put("object", like_data)
+      |> Map.put("actor", like_data["actor"])
+
+    {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
+
+    assert data["actor"] == "http://mastodon.example.org/users/admin"
+    assert data["type"] == "Undo"
+    assert data["id"] == "http://mastodon.example.org/users/admin#likes/2/undo"
+    assert data["object"] == "http://mastodon.example.org/users/admin#likes/2"
+
+    note = Object.get_by_ap_id(like_data["object"])
+    assert note.data["like_count"] == 0
+    assert note.data["likes"] == []
+  end
+
+  test "it works for incoming unlikes with an existing like activity and a compact object" do
+    user = insert(:user)
+    {:ok, activity} = CommonAPI.post(user, %{status: "leave a like pls"})
+
+    like_data =
+      File.read!("test/fixtures/mastodon-like.json")
+      |> Poison.decode!()
+      |> Map.put("object", activity.data["object"])
+
+    _liker = insert(:user, ap_id: like_data["actor"], local: false)
+
+    {:ok, %Activity{data: like_data, local: false}} = Transmogrifier.handle_incoming(like_data)
+
+    data =
+      File.read!("test/fixtures/mastodon-undo-like.json")
+      |> Poison.decode!()
+      |> Map.put("object", like_data["id"])
+      |> Map.put("actor", like_data["actor"])
+
+    {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
+
+    assert data["actor"] == "http://mastodon.example.org/users/admin"
+    assert data["type"] == "Undo"
+    assert data["id"] == "http://mastodon.example.org/users/admin#likes/2/undo"
+    assert data["object"] == "http://mastodon.example.org/users/admin#likes/2"
+  end
+
+  test "it works for incoming unannounces with an existing notice" do
+    user = insert(:user)
+    {:ok, activity} = CommonAPI.post(user, %{status: "hey"})
+
+    announce_data =
+      File.read!("test/fixtures/mastodon-announce.json")
+      |> Poison.decode!()
+      |> Map.put("object", activity.data["object"])
+
+    _announcer = insert(:user, ap_id: announce_data["actor"], local: false)
+
+    {:ok, %Activity{data: announce_data, local: false}} =
+      Transmogrifier.handle_incoming(announce_data)
+
+    data =
+      File.read!("test/fixtures/mastodon-undo-announce.json")
+      |> Poison.decode!()
+      |> Map.put("object", announce_data)
+      |> Map.put("actor", announce_data["actor"])
+
+    {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
+
+    assert data["type"] == "Undo"
+
+    assert data["object"] ==
+             "http://mastodon.example.org/users/admin/statuses/99542391527669785/activity"
+  end
+
+  test "it works for incomming unfollows with an existing follow" do
+    user = insert(:user)
+
+    follow_data =
+      File.read!("test/fixtures/mastodon-follow-activity.json")
+      |> Poison.decode!()
+      |> Map.put("object", user.ap_id)
+
+    _follower = insert(:user, ap_id: follow_data["actor"], local: false)
+
+    {:ok, %Activity{data: _, local: false}} = Transmogrifier.handle_incoming(follow_data)
+
+    data =
+      File.read!("test/fixtures/mastodon-unfollow-activity.json")
+      |> Poison.decode!()
+      |> Map.put("object", follow_data)
+
+    {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
+
+    assert data["type"] == "Undo"
+    assert data["object"]["type"] == "Follow"
+    assert data["object"]["object"] == user.ap_id
+    assert data["actor"] == "http://mastodon.example.org/users/admin"
+
+    refute User.following?(User.get_cached_by_ap_id(data["actor"]), user)
+  end
+
+  test "it works for incoming unblocks with an existing block" do
+    user = insert(:user)
+
+    block_data =
+      File.read!("test/fixtures/mastodon-block-activity.json")
+      |> Poison.decode!()
+      |> Map.put("object", user.ap_id)
+
+    _blocker = insert(:user, ap_id: block_data["actor"], local: false)
+
+    {:ok, %Activity{data: _, local: false}} = Transmogrifier.handle_incoming(block_data)
+
+    data =
+      File.read!("test/fixtures/mastodon-unblock-activity.json")
+      |> Poison.decode!()
+      |> Map.put("object", block_data)
+
+    {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
+    assert data["type"] == "Undo"
+    assert data["object"] == block_data["id"]
+
+    blocker = User.get_cached_by_ap_id(data["actor"])
+
+    refute User.blocks?(blocker, user)
+  end
+end
--- a/test/web/activity_pub/transmogrifier_test.exs
+++ b/test/web/activity_pub/transmogrifier_test.exs
@ -28,6 +28,63 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
  setup do: clear_config([:instance, :max_remote_account_fields])

  describe "handle_incoming" do
+    test "it works for incoming notices with tag not being an array (kroeg)" do
+      data = File.read!("test/fixtures/kroeg-array-less-emoji.json") |> Poison.decode!()
+
+      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
+      object = Object.normalize(data["object"])
+
+      assert object.data["emoji"] == %{
+               "icon_e_smile" => "https://puckipedia.com/forum/images/smilies/icon_e_smile.png"
+             }
+
+      data = File.read!("test/fixtures/kroeg-array-less-hashtag.json") |> Poison.decode!()
+
+      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
+      object = Object.normalize(data["object"])
+
+      assert "test" in object.data["tag"]
+    end
+
+    test "it works for incoming notices with url not being a string (prismo)" do
+      data = File.read!("test/fixtures/prismo-url-map.json") |> Poison.decode!()
+
+      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
+      object = Object.normalize(data["object"])
+
+      assert object.data["url"] == "https://prismo.news/posts/83"
+    end
+
+    test "it cleans up incoming notices which are not really DMs" do
+      user = insert(:user)
+      other_user = insert(:user)
+
+      to = [user.ap_id, other_user.ap_id]
+
+      data =
+        File.read!("test/fixtures/mastodon-post-activity.json")
+        |> Poison.decode!()
+        |> Map.put("to", to)
+        |> Map.put("cc", [])
+
+      object =
+        data["object"]
+        |> Map.put("to", to)
+        |> Map.put("cc", [])
+
+      data = Map.put(data, "object", object)
+
+      {:ok, %Activity{data: data, local: false} = activity} = Transmogrifier.handle_incoming(data)
+
+      assert data["to"] == []
+      assert data["cc"] == to
+
+      object_data = Object.normalize(activity).data
+
+      assert object_data["to"] == []
+      assert object_data["cc"] == to
+    end
+
    test "it ignores an incoming notice if we already have it" do
      activity = insert(:note_activity)

@ -212,8 +269,8 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do

      {:ok, activity} =
        CommonAPI.post(user, %{
-          "status" => "suya...",
-          "poll" => %{"options" => ["suya", "suya.", "suya.."], "expires_in" => 10}
+          status: "suya...",
+          poll: %{options: ["suya", "suya.", "suya.."], expires_in: 10}
        })

      object = Object.normalize(activity)
@ -260,272 +317,6 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
               "<p>henlo from my Psion netBook</p><p>message sent from my Psion netBook</p>"
    end

-    test "it works for incoming announces with actor being inlined (kroeg)" do
-      data = File.read!("test/fixtures/kroeg-announce-with-inline-actor.json") |> Poison.decode!()
-
-      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
-
-      assert data["actor"] == "https://puckipedia.com/"
-    end
-
-    test "it works for incoming notices with tag not being an array (kroeg)" do
-      data = File.read!("test/fixtures/kroeg-array-less-emoji.json") |> Poison.decode!()
-
-      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
-      object = Object.normalize(data["object"])
-
-      assert object.data["emoji"] == %{
-               "icon_e_smile" => "https://puckipedia.com/forum/images/smilies/icon_e_smile.png"
-             }
-
-      data = File.read!("test/fixtures/kroeg-array-less-hashtag.json") |> Poison.decode!()
-
-      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
-      object = Object.normalize(data["object"])
-
-      assert "test" in object.data["tag"]
-    end
-
-    test "it works for incoming notices with url not being a string (prismo)" do
-      data = File.read!("test/fixtures/prismo-url-map.json") |> Poison.decode!()
-
-      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
-      object = Object.normalize(data["object"])
-
-      assert object.data["url"] == "https://prismo.news/posts/83"
-    end
-
-    test "it cleans up incoming notices which are not really DMs" do
-      user = insert(:user)
-      other_user = insert(:user)
-
-      to = [user.ap_id, other_user.ap_id]
-
-      data =
-        File.read!("test/fixtures/mastodon-post-activity.json")
-        |> Poison.decode!()
-        |> Map.put("to", to)
-        |> Map.put("cc", [])
-
-      object =
-        data["object"]
-        |> Map.put("to", to)
-        |> Map.put("cc", [])
-
-      data = Map.put(data, "object", object)
-
-      {:ok, %Activity{data: data, local: false} = activity} = Transmogrifier.handle_incoming(data)
-
-      assert data["to"] == []
-      assert data["cc"] == to
-
-      object_data = Object.normalize(activity).data
-
-      assert object_data["to"] == []
-      assert object_data["cc"] == to
-    end
-
-    test "it works for incoming emoji reactions" do
-      user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "hello"})
-
-      data =
-        File.read!("test/fixtures/emoji-reaction.json")
-        |> Poison.decode!()
-        |> Map.put("object", activity.data["object"])
-
-      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
-
-      assert data["actor"] == "http://mastodon.example.org/users/admin"
-      assert data["type"] == "EmojiReact"
-      assert data["id"] == "http://mastodon.example.org/users/admin#reactions/2"
-      assert data["object"] == activity.data["object"]
-      assert data["content"] == "👌"
-    end
-
-    test "it reject invalid emoji reactions" do
-      user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "hello"})
-
-      data =
-        File.read!("test/fixtures/emoji-reaction-too-long.json")
-        |> Poison.decode!()
-        |> Map.put("object", activity.data["object"])
-
-      assert :error = Transmogrifier.handle_incoming(data)
-
-      data =
-        File.read!("test/fixtures/emoji-reaction-no-emoji.json")
-        |> Poison.decode!()
-        |> Map.put("object", activity.data["object"])
-
-      assert :error = Transmogrifier.handle_incoming(data)
-    end
-
-    test "it works for incoming emoji reaction undos" do
-      user = insert(:user)
-
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "hello"})
-      {:ok, reaction_activity, _object} = CommonAPI.react_with_emoji(activity.id, user, "👌")
-
-      data =
-        File.read!("test/fixtures/mastodon-undo-like.json")
-        |> Poison.decode!()
-        |> Map.put("object", reaction_activity.data["id"])
-        |> Map.put("actor", user.ap_id)
-
-      {:ok, activity} = Transmogrifier.handle_incoming(data)
-
-      assert activity.actor == user.ap_id
-      assert activity.data["id"] == data["id"]
-      assert activity.data["type"] == "Undo"
-    end
-
-    test "it returns an error for incoming unlikes wihout a like activity" do
-      user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "leave a like pls"})
-
-      data =
-        File.read!("test/fixtures/mastodon-undo-like.json")
-        |> Poison.decode!()
-        |> Map.put("object", activity.data["object"])
-
-      assert Transmogrifier.handle_incoming(data) == :error
-    end
-
-    test "it works for incoming unlikes with an existing like activity" do
-      user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "leave a like pls"})
-
-      like_data =
-        File.read!("test/fixtures/mastodon-like.json")
-        |> Poison.decode!()
-        |> Map.put("object", activity.data["object"])
-
-      {:ok, %Activity{data: like_data, local: false}} = Transmogrifier.handle_incoming(like_data)
-
-      data =
-        File.read!("test/fixtures/mastodon-undo-like.json")
-        |> Poison.decode!()
-        |> Map.put("object", like_data)
-        |> Map.put("actor", like_data["actor"])
-
-      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
-
-      assert data["actor"] == "http://mastodon.example.org/users/admin"
-      assert data["type"] == "Undo"
-      assert data["id"] == "http://mastodon.example.org/users/admin#likes/2/undo"
-      assert data["object"]["id"] == "http://mastodon.example.org/users/admin#likes/2"
-    end
-
-    test "it works for incoming unlikes with an existing like activity and a compact object" do
-      user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "leave a like pls"})
-
-      like_data =
-        File.read!("test/fixtures/mastodon-like.json")
-        |> Poison.decode!()
-        |> Map.put("object", activity.data["object"])
-
-      {:ok, %Activity{data: like_data, local: false}} = Transmogrifier.handle_incoming(like_data)
-
-      data =
-        File.read!("test/fixtures/mastodon-undo-like.json")
-        |> Poison.decode!()
-        |> Map.put("object", like_data["id"])
-        |> Map.put("actor", like_data["actor"])
-
-      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
-
-      assert data["actor"] == "http://mastodon.example.org/users/admin"
-      assert data["type"] == "Undo"
-      assert data["id"] == "http://mastodon.example.org/users/admin#likes/2/undo"
-      assert data["object"]["id"] == "http://mastodon.example.org/users/admin#likes/2"
-    end
-
-    test "it works for incoming announces" do
-      data = File.read!("test/fixtures/mastodon-announce.json") |> Poison.decode!()
-
-      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
-
-      assert data["actor"] == "http://mastodon.example.org/users/admin"
-      assert data["type"] == "Announce"
-
-      assert data["id"] ==
-               "http://mastodon.example.org/users/admin/statuses/99542391527669785/activity"
-
-      assert data["object"] ==
-               "http://mastodon.example.org/users/admin/statuses/99541947525187367"
-
-      assert Activity.get_create_by_object_ap_id(data["object"])
-    end
-
-    test "it works for incoming announces with an existing activity" do
-      user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "hey"})
-
-      data =
-        File.read!("test/fixtures/mastodon-announce.json")
-        |> Poison.decode!()
-        |> Map.put("object", activity.data["object"])
-
-      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
-
-      assert data["actor"] == "http://mastodon.example.org/users/admin"
-      assert data["type"] == "Announce"
-
-      assert data["id"] ==
-               "http://mastodon.example.org/users/admin/statuses/99542391527669785/activity"
-
-      assert data["object"] == activity.data["object"]
-
-      assert Activity.get_create_by_object_ap_id(data["object"]).id == activity.id
-    end
-
-    test "it works for incoming announces with an inlined activity" do
-      data =
-        File.read!("test/fixtures/mastodon-announce-private.json")
-        |> Poison.decode!()
-
-      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
-
-      assert data["actor"] == "http://mastodon.example.org/users/admin"
-      assert data["type"] == "Announce"
-
-      assert data["id"] ==
-               "http://mastodon.example.org/users/admin/statuses/99542391527669785/activity"
-
-      object = Object.normalize(data["object"])
-
-      assert object.data["id"] == "http://mastodon.example.org/@admin/99541947525187368"
-      assert object.data["content"] == "this is a private toot"
-    end
-
-    @tag capture_log: true
-    test "it rejects incoming announces with an inlined activity from another origin" do
-      data =
-        File.read!("test/fixtures/bogus-mastodon-announce.json")
-        |> Poison.decode!()
-
-      assert :error = Transmogrifier.handle_incoming(data)
-    end
-
-    test "it does not clobber the addressing on announce activities" do
-      user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "hey"})
-
-      data =
-        File.read!("test/fixtures/mastodon-announce.json")
-        |> Poison.decode!()
-        |> Map.put("object", Object.normalize(activity).data["id"])
-        |> Map.put("to", ["http://mastodon.example.org/users/admin/followers"])
-        |> Map.put("cc", [])
-
-      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
-
-      assert data["to"] == ["http://mastodon.example.org/users/admin/followers"]
-    end
-
    test "it ensures that as:Public activities make it to their followers collection" do
      user = insert(:user)

@ -598,8 +389,8 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do

    test "it strips internal reactions" do
      user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "#cofe"})
-      {:ok, _, _} = CommonAPI.react_with_emoji(activity.id, user, "📢")
+      {:ok, activity} = CommonAPI.post(user, %{status: "#cofe"})
+      {:ok, _} = CommonAPI.react_with_emoji(activity.id, user, "📢")

      %{object: object} = Activity.get_by_id_with_object(activity.id)
      assert Map.has_key?(object.data, "reactions")
@ -766,113 +557,6 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
      assert user.locked == true
    end

-    test "it works for incoming deletes" do
-      activity = insert(:note_activity)
-      deleting_user = insert(:user)
-
-      data =
-        File.read!("test/fixtures/mastodon-delete.json")
-        |> Poison.decode!()
-
-      object =
-        data["object"]
-        |> Map.put("id", activity.data["object"])
-
-      data =
-        data
-        |> Map.put("object", object)
-        |> Map.put("actor", deleting_user.ap_id)
-
-      {:ok, %Activity{actor: actor, local: false, data: %{"id" => id}}} =
-        Transmogrifier.handle_incoming(data)
-
-      assert id == data["id"]
-      refute Activity.get_by_id(activity.id)
-      assert actor == deleting_user.ap_id
-    end
-
-    test "it fails for incoming deletes with spoofed origin" do
-      activity = insert(:note_activity)
-
-      data =
-        File.read!("test/fixtures/mastodon-delete.json")
-        |> Poison.decode!()
-
-      object =
-        data["object"]
-        |> Map.put("id", activity.data["object"])
-
-      data =
-        data
-        |> Map.put("object", object)
-
-      assert capture_log(fn ->
-               :error = Transmogrifier.handle_incoming(data)
-             end) =~
-               "[error] Could not decode user at fetch http://mastodon.example.org/users/gargron, {:error, :nxdomain}"
-
-      assert Activity.get_by_id(activity.id)
-    end
-
-    @tag capture_log: true
-    test "it works for incoming user deletes" do
-      %{ap_id: ap_id} =
-        insert(:user, ap_id: "http://mastodon.example.org/users/admin", local: false)
-
-      data =
-        File.read!("test/fixtures/mastodon-delete-user.json")
-        |> Poison.decode!()
-
-      {:ok, _} = Transmogrifier.handle_incoming(data)
-      ObanHelpers.perform_all()
-
-      refute User.get_cached_by_ap_id(ap_id)
-    end
-
-    test "it fails for incoming user deletes with spoofed origin" do
-      %{ap_id: ap_id} = insert(:user)
-
-      data =
-        File.read!("test/fixtures/mastodon-delete-user.json")
-        |> Poison.decode!()
-        |> Map.put("actor", ap_id)
-
-      assert capture_log(fn ->
-               assert :error == Transmogrifier.handle_incoming(data)
-             end) =~ "Object containment failed"
-
-      assert User.get_cached_by_ap_id(ap_id)
-    end
-
-    test "it works for incoming unannounces with an existing notice" do
-      user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "hey"})
-
-      announce_data =
-        File.read!("test/fixtures/mastodon-announce.json")
-        |> Poison.decode!()
-        |> Map.put("object", activity.data["object"])
-
-      {:ok, %Activity{data: announce_data, local: false}} =
-        Transmogrifier.handle_incoming(announce_data)
-
-      data =
-        File.read!("test/fixtures/mastodon-undo-announce.json")
-        |> Poison.decode!()
-        |> Map.put("object", announce_data)
-        |> Map.put("actor", announce_data["actor"])
-
-      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
-
-      assert data["type"] == "Undo"
-      assert object_data = data["object"]
-      assert object_data["type"] == "Announce"
-      assert object_data["object"] == activity.data["object"]
-
-      assert object_data["id"] ==
-               "http://mastodon.example.org/users/admin/statuses/99542391527669785/activity"
-    end
-
    test "it works for incomming unfollows with an existing follow" do
      user = insert(:user)

@ -967,32 +651,6 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
      refute User.following?(blocked, blocker)
    end

-    test "it works for incoming unblocks with an existing block" do
-      user = insert(:user)
-
-      block_data =
-        File.read!("test/fixtures/mastodon-block-activity.json")
-        |> Poison.decode!()
-        |> Map.put("object", user.ap_id)
-
-      {:ok, %Activity{data: _, local: false}} = Transmogrifier.handle_incoming(block_data)
-
-      data =
-        File.read!("test/fixtures/mastodon-unblock-activity.json")
-        |> Poison.decode!()
-        |> Map.put("object", block_data)
-
-      {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data)
-      assert data["type"] == "Undo"
-      assert data["object"]["type"] == "Block"
-      assert data["object"]["object"] == user.ap_id
-      assert data["actor"] == "http://mastodon.example.org/users/admin"
-
-      blocker = User.get_cached_by_ap_id(data["actor"])
-
-      refute User.blocks?(blocker, user)
-    end
-
    test "it works for incoming accepts which were pre-accepted" do
      follower = insert(:user)
      followed = insert(:user)
@ -1066,6 +724,12 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
      follower = User.get_cached_by_id(follower.id)

      assert User.following?(follower, followed) == true
+
+      follower = User.get_by_id(follower.id)
+      assert follower.following_count == 1
+
+      followed = User.get_by_id(followed.id)
+      assert followed.follower_count == 1
    end

    test "it fails for incoming accepts which cannot be correlated" do
@ -1223,7 +887,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
      user = insert(:user)
      other_user = insert(:user)

-      {:ok, activity} = CommonAPI.post(user, %{"status" => "test post"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "test post"})
      object = Object.normalize(activity)

      note_obj = %{
@ -1367,13 +1031,13 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
    setup do
      user = insert(:user)

-      {:ok, activity} = CommonAPI.post(user, %{"status" => "post1"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "post1"})

      {:ok, reply1} =
-        CommonAPI.post(user, %{"status" => "reply1", "in_reply_to_status_id" => activity.id})
+        CommonAPI.post(user, %{status: "reply1", in_reply_to_status_id: activity.id})

      {:ok, reply2} =
-        CommonAPI.post(user, %{"status" => "reply2", "in_reply_to_status_id" => activity.id})
+        CommonAPI.post(user, %{status: "reply2", in_reply_to_status_id: activity.id})

      replies_uris = Enum.map([reply1, reply2], fn a -> a.object.data["id"] end)

@ -1413,9 +1077,9 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
    test "it inlines private announced objects" do
      user = insert(:user)

-      {:ok, activity} = CommonAPI.post(user, %{"status" => "hey", "visibility" => "private"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "hey", visibility: "private"})

-      {:ok, announce_activity, _} = CommonAPI.repeat(activity.id, user)
+      {:ok, announce_activity} = CommonAPI.repeat(activity.id, user)

      {:ok, modified} = Transmogrifier.prepare_outgoing(announce_activity.data)

@ -1428,31 +1092,36 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
      other_user = insert(:user)

      {:ok, activity} =
-        CommonAPI.post(user, %{"status" => "hey, @#{other_user.nickname}, how are ya? #2hu"})
+        CommonAPI.post(user, %{status: "hey, @#{other_user.nickname}, how are ya? #2hu"})

-      {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)
-      object = modified["object"]
+      with_mock Pleroma.Notification,
+        get_notified_from_activity: fn _, _ -> [] end do
+        {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)

-      expected_mention = %{
-        "href" => other_user.ap_id,
-        "name" => "@#{other_user.nickname}",
-        "type" => "Mention"
-      }
+        object = modified["object"]

-      expected_tag = %{
-        "href" => Pleroma.Web.Endpoint.url() <> "/tags/2hu",
-        "type" => "Hashtag",
-        "name" => "#2hu"
-      }
+        expected_mention = %{
+          "href" => other_user.ap_id,
+          "name" => "@#{other_user.nickname}",
+          "type" => "Mention"
+        }

-      assert Enum.member?(object["tag"], expected_tag)
-      assert Enum.member?(object["tag"], expected_mention)
+        expected_tag = %{
+          "href" => Pleroma.Web.Endpoint.url() <> "/tags/2hu",
+          "type" => "Hashtag",
+          "name" => "#2hu"
+        }
+
+        refute called(Pleroma.Notification.get_notified_from_activity(:_, :_))
+        assert Enum.member?(object["tag"], expected_tag)
+        assert Enum.member?(object["tag"], expected_mention)
+      end
    end

    test "it adds the sensitive property" do
      user = insert(:user)

-      {:ok, activity} = CommonAPI.post(user, %{"status" => "#nsfw hey"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "#nsfw hey"})
      {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)

      assert modified["object"]["sensitive"]
@ -1461,7 +1130,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
    test "it adds the json-ld context and the conversation property" do
      user = insert(:user)

-      {:ok, activity} = CommonAPI.post(user, %{"status" => "hey"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "hey"})
      {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)

      assert modified["@context"] ==
@ -1473,7 +1142,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
    test "it sets the 'attributedTo' property to the actor of the object if it doesn't have one" do
      user = insert(:user)

-      {:ok, activity} = CommonAPI.post(user, %{"status" => "hey"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "hey"})
      {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)

      assert modified["object"]["actor"] == modified["object"]["attributedTo"]
@ -1482,7 +1151,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
    test "it strips internal hashtag data" do
      user = insert(:user)

-      {:ok, activity} = CommonAPI.post(user, %{"status" => "#2hu"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "#2hu"})

      expected_tag = %{
        "href" => Pleroma.Web.Endpoint.url() <> "/tags/2hu",
@ -1498,7 +1167,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
    test "it strips internal fields" do
      user = insert(:user)

-      {:ok, activity} = CommonAPI.post(user, %{"status" => "#2hu :firefox:"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "#2hu :firefox:"})

      {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)

@ -1530,14 +1199,13 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
      user = insert(:user)
      other_user = insert(:user)

-      {:ok, activity} = CommonAPI.post(user, %{"status" => "2hu :moominmamma:"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "2hu :moominmamma:"})

      {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)

      assert modified["directMessage"] == false

-      {:ok, activity} =
-        CommonAPI.post(user, %{"status" => "@#{other_user.nickname} :moominmamma:"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "@#{other_user.nickname} :moominmamma:"})

      {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)

@ -1545,8 +1213,8 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do

      {:ok, activity} =
        CommonAPI.post(user, %{
-          "status" => "@#{other_user.nickname} :moominmamma:",
-          "visibility" => "direct"
+          status: "@#{other_user.nickname} :moominmamma:",
+          visibility: "direct"
        })

      {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)
@ -1558,8 +1226,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
      user = insert(:user)
      {:ok, list} = Pleroma.List.create("foo", user)

-      {:ok, activity} =
-        CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "foobar", visibility: "list:#{list.id}"})

      {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)

@ -1594,8 +1261,8 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
      user_two = insert(:user)
      Pleroma.FollowingRelationship.follow(user_two, user, :follow_accept)

-      {:ok, activity} = CommonAPI.post(user, %{"status" => "test"})
-      {:ok, unrelated_activity} = CommonAPI.post(user_two, %{"status" => "test"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "test"})
+      {:ok, unrelated_activity} = CommonAPI.post(user_two, %{status: "test"})
      assert "http://localhost:4001/users/rye@niu.moe/followers" in activity.recipients

      user = User.get_cached_by_id(user.id)
@ -1667,7 +1334,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
      }

      assert capture_log(fn ->
-               :error = Transmogrifier.handle_incoming(data)
+               {:error, _} = Transmogrifier.handle_incoming(data)
             end) =~ "Object containment failed"
    end

@ -1682,7 +1349,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
      }

      assert capture_log(fn ->
-               :error = Transmogrifier.handle_incoming(data)
+               {:error, _} = Transmogrifier.handle_incoming(data)
             end) =~ "Object containment failed"
    end

@ -1697,7 +1364,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
      }

      assert capture_log(fn ->
-               :error = Transmogrifier.handle_incoming(data)
+               {:error, _} = Transmogrifier.handle_incoming(data)
             end) =~ "Object containment failed"
    end
  end
@ -1761,8 +1428,8 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do

    {:ok, poll_activity} =
      CommonAPI.post(user, %{
-        "status" => "suya...",
-        "poll" => %{"options" => ["suya", "suya.", "suya.."], "expires_in" => 10}
+        status: "suya...",
+        poll: %{options: ["suya", "suya.", "suya.."], expires_in: 10}
      })

    poll_object = Object.normalize(poll_activity)
@ -2105,28 +1772,27 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
    test "sets `replies` collection with a limited number of self-replies" do
      [user, another_user] = insert_list(2, :user)

-      {:ok, %{id: id1} = activity} = CommonAPI.post(user, %{"status" => "1"})
+      {:ok, %{id: id1} = activity} = CommonAPI.post(user, %{status: "1"})

      {:ok, %{id: id2} = self_reply1} =
-        CommonAPI.post(user, %{"status" => "self-reply 1", "in_reply_to_status_id" => id1})
+        CommonAPI.post(user, %{status: "self-reply 1", in_reply_to_status_id: id1})

      {:ok, self_reply2} =
-        CommonAPI.post(user, %{"status" => "self-reply 2", "in_reply_to_status_id" => id1})
+        CommonAPI.post(user, %{status: "self-reply 2", in_reply_to_status_id: id1})

      # Assuming to _not_ be present in `replies` due to :note_replies_output_limit is set to 2
-      {:ok, _} =
-        CommonAPI.post(user, %{"status" => "self-reply 3", "in_reply_to_status_id" => id1})
+      {:ok, _} = CommonAPI.post(user, %{status: "self-reply 3", in_reply_to_status_id: id1})

      {:ok, _} =
        CommonAPI.post(user, %{
-          "status" => "self-reply to self-reply",
-          "in_reply_to_status_id" => id2
+          status: "self-reply to self-reply",
+          in_reply_to_status_id: id2
        })

      {:ok, _} =
        CommonAPI.post(another_user, %{
-          "status" => "another user's reply",
-          "in_reply_to_status_id" => id1
+          status: "another user's reply",
+          in_reply_to_status_id: id1
        })

      object = Object.normalize(activity)
--- a/test/web/activity_pub/utils_test.exs
+++ b/test/web/activity_pub/utils_test.exs
@ -102,34 +102,6 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
    end
  end

-  describe "make_unlike_data/3" do
-    test "returns data for unlike activity" do
-      user = insert(:user)
-      like_activity = insert(:like_activity, data_attrs: %{"context" => "test context"})
-
-      object = Object.normalize(like_activity.data["object"])
-
-      assert Utils.make_unlike_data(user, like_activity, nil) == %{
-               "type" => "Undo",
-               "actor" => user.ap_id,
-               "object" => like_activity.data,
-               "to" => [user.follower_address, object.data["actor"]],
-               "cc" => [Pleroma.Constants.as_public()],
-               "context" => like_activity.data["context"]
-             }
-
-      assert Utils.make_unlike_data(user, like_activity, "9mJEZK0tky1w2xD2vY") == %{
-               "type" => "Undo",
-               "actor" => user.ap_id,
-               "object" => like_activity.data,
-               "to" => [user.follower_address, object.data["actor"]],
-               "cc" => [Pleroma.Constants.as_public()],
-               "context" => like_activity.data["context"],
-               "id" => "9mJEZK0tky1w2xD2vY"
-             }
-    end
-  end
-
  describe "make_like_data" do
    setup do
      user = insert(:user)
@ -148,7 +120,7 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do

      {:ok, activity} =
        CommonAPI.post(user, %{
-          "status" =>
+          status:
            "hey @#{other_user.nickname}, @#{third_user.nickname} how about beering together this weekend?"
        })

@ -167,8 +139,8 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do

      {:ok, activity} =
        CommonAPI.post(user, %{
-          "status" => "@#{other_user.nickname} @#{third_user.nickname} bought a new swimsuit!",
-          "visibility" => "private"
+          status: "@#{other_user.nickname} @#{third_user.nickname} bought a new swimsuit!",
+          visibility: "private"
        })

      %{"to" => to, "cc" => cc} = Utils.make_like_data(other_user, activity, nil)
@ -196,11 +168,11 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do

      {:ok, activity} =
        CommonAPI.post(user, %{
-          "status" => "How do I pronounce LaTeX?",
-          "poll" => %{
-            "options" => ["laytekh", "lahtekh", "latex"],
-            "expires_in" => 20,
-            "multiple" => true
+          status: "How do I pronounce LaTeX?",
+          poll: %{
+            options: ["laytekh", "lahtekh", "latex"],
+            expires_in: 20,
+            multiple: true
          }
        })

@ -215,10 +187,10 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do

      {:ok, activity} =
        CommonAPI.post(user, %{
-          "status" => "Are we living in a society?",
-          "poll" => %{
-            "options" => ["yes", "no"],
-            "expires_in" => 20
+          status: "Are we living in a society?",
+          poll: %{
+            options: ["yes", "no"],
+            expires_in: 20
          }
        })

@ -362,7 +334,7 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
      assert object = Object.normalize(note_activity)
      actor = insert(:user)

-      {:ok, announce, _object} = ActivityPub.announce(actor, object)
+      {:ok, announce} = CommonAPI.repeat(note_activity.id, actor)
      assert Utils.get_existing_announce(actor.ap_id, object) == announce
    end
  end
@ -497,7 +469,7 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
    test "returns map with Flag object" do
      reporter = insert(:user)
      target_account = insert(:user)
-      {:ok, activity} = CommonAPI.post(target_account, %{"status" => "foobar"})
+      {:ok, activity} = CommonAPI.post(target_account, %{status: "foobar"})
      context = Utils.generate_context_id()
      content = "foobar"

--- a/test/web/activity_pub/views/object_view_test.exs
+++ b/test/web/activity_pub/views/object_view_test.exs
@ -44,7 +44,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectViewTest do
      activity = insert(:note_activity, user: user)

      {:ok, self_reply1} =
-        CommonAPI.post(user, %{"status" => "self-reply 1", "in_reply_to_status_id" => activity.id})
+        CommonAPI.post(user, %{status: "self-reply 1", in_reply_to_status_id: activity.id})

      replies_uris = [self_reply1.object.data["id"]]
      result = ObjectView.render("object.json", %{object: refresh_record(activity)})
@ -73,7 +73,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectViewTest do
    object = Object.normalize(note)
    user = insert(:user)

-    {:ok, announce_activity, _} = CommonAPI.repeat(note.id, user)
+    {:ok, announce_activity} = CommonAPI.repeat(note.id, user)

    result = ObjectView.render("object.json", %{object: announce_activity})

--- a/test/web/activity_pub/views/user_view_test.exs
+++ b/test/web/activity_pub/views/user_view_test.exs
@ -164,7 +164,7 @@ defmodule Pleroma.Web.ActivityPub.UserViewTest do

    posts =
      for i <- 0..25 do
-        {:ok, activity} = CommonAPI.post(user, %{"status" => "post #{i}"})
+        {:ok, activity} = CommonAPI.post(user, %{status: "post #{i}"})
        activity
      end

--- a/test/web/activity_pub/visibilty_test.exs
+++ b/test/web/activity_pub/visibilty_test.exs
@ -21,21 +21,21 @@ defmodule Pleroma.Web.ActivityPub.VisibilityTest do
    Pleroma.List.follow(list, unrelated)

    {:ok, public} =
-      CommonAPI.post(user, %{"status" => "@#{mentioned.nickname}", "visibility" => "public"})
+      CommonAPI.post(user, %{status: "@#{mentioned.nickname}", visibility: "public"})

    {:ok, private} =
-      CommonAPI.post(user, %{"status" => "@#{mentioned.nickname}", "visibility" => "private"})
+      CommonAPI.post(user, %{status: "@#{mentioned.nickname}", visibility: "private"})

    {:ok, direct} =
-      CommonAPI.post(user, %{"status" => "@#{mentioned.nickname}", "visibility" => "direct"})
+      CommonAPI.post(user, %{status: "@#{mentioned.nickname}", visibility: "direct"})

    {:ok, unlisted} =
-      CommonAPI.post(user, %{"status" => "@#{mentioned.nickname}", "visibility" => "unlisted"})
+      CommonAPI.post(user, %{status: "@#{mentioned.nickname}", visibility: "unlisted"})

    {:ok, list} =
      CommonAPI.post(user, %{
-        "status" => "@#{mentioned.nickname}",
-        "visibility" => "list:#{list.id}"
+        status: "@#{mentioned.nickname}",
+        visibility: "list:#{list.id}"
      })

    %{
--- a/test/web/admin_api/controllers/admin_api_controller_test.exs
+++ b/test/web/admin_api/controllers/admin_api_controller_test.exs
@ -6,19 +6,22 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
  use Pleroma.Web.ConnCase
  use Oban.Testing, repo: Pleroma.Repo

-  import Pleroma.Factory
  import ExUnit.CaptureLog
+  import Mock
+  import Pleroma.Factory

  alias Pleroma.Activity
  alias Pleroma.Config
  alias Pleroma.ConfigDB
  alias Pleroma.HTML
+  alias Pleroma.MFA
  alias Pleroma.ModerationLog
  alias Pleroma.Repo
  alias Pleroma.ReportNote
  alias Pleroma.Tests.ObanHelpers
  alias Pleroma.User
  alias Pleroma.UserInviteToken
+  alias Pleroma.Web
  alias Pleroma.Web.ActivityPub.Relay
  alias Pleroma.Web.CommonAPI
  alias Pleroma.Web.MediaProxy
@ -145,18 +148,28 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
  describe "DELETE /api/pleroma/admin/users" do
    test "single user", %{admin: admin, conn: conn} do
      user = insert(:user)
+      clear_config([:instance, :federating], true)

-      conn =
-        conn
-        |> put_req_header("accept", "application/json")
-        |> delete("/api/pleroma/admin/users?nickname=#{user.nickname}")
+      with_mock Pleroma.Web.Federator,
+        publish: fn _ -> nil end do
+        conn =
+          conn
+          |> put_req_header("accept", "application/json")
+          |> delete("/api/pleroma/admin/users?nickname=#{user.nickname}")

-      log_entry = Repo.one(ModerationLog)
+        ObanHelpers.perform_all()

-      assert ModerationLog.get_log_entry_message(log_entry) ==
-               "@#{admin.nickname} deleted users: @#{user.nickname}"
+        assert User.get_by_nickname(user.nickname).deactivated

-      assert json_response(conn, 200) == user.nickname
+        log_entry = Repo.one(ModerationLog)
+
+        assert ModerationLog.get_log_entry_message(log_entry) ==
+                 "@#{admin.nickname} deleted users: @#{user.nickname}"
+
+        assert json_response(conn, 200) == [user.nickname]
+
+        assert called(Pleroma.Web.Federator.publish(:_))
+      end
    end

    test "multiple users", %{admin: admin, conn: conn} do
@ -338,7 +351,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do

      conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}")

-      assert "Not found" == json_response(conn, 404)
+      assert %{"error" => "Not found"} == json_response(conn, 404)
    end
  end

@ -671,7 +684,10 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
      conn = post(conn, "/api/pleroma/admin/users/email_invite?email=foo@bar.com&name=JD")

      assert json_response(conn, :bad_request) ==
-               "To send invites you need to set the `invites_enabled` option to true."
+               %{
+                 "error" =>
+                   "To send invites you need to set the `invites_enabled` option to true."
+               }
    end

    test "it returns 500 if `registrations_open` is enabled", %{conn: conn} do
@ -681,7 +697,10 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
      conn = post(conn, "/api/pleroma/admin/users/email_invite?email=foo@bar.com&name=JD")

      assert json_response(conn, :bad_request) ==
-               "To send invites you need to set the `registrations_open` option to false."
+               %{
+                 "error" =>
+                   "To send invites you need to set the `registrations_open` option to false."
+               }
    end
  end

@ -737,6 +756,39 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
             }
    end

+    test "pagination works correctly with service users", %{conn: conn} do
+      service1 = insert(:user, ap_id: Web.base_url() <> "/relay")
+      service2 = insert(:user, ap_id: Web.base_url() <> "/internal/fetch")
+      insert_list(25, :user)
+
+      assert %{"count" => 26, "page_size" => 10, "users" => users1} =
+               conn
+               |> get("/api/pleroma/admin/users?page=1&filters=", %{page_size: "10"})
+               |> json_response(200)
+
+      assert Enum.count(users1) == 10
+      assert service1 not in [users1]
+      assert service2 not in [users1]
+
+      assert %{"count" => 26, "page_size" => 10, "users" => users2} =
+               conn
+               |> get("/api/pleroma/admin/users?page=2&filters=", %{page_size: "10"})
+               |> json_response(200)
+
+      assert Enum.count(users2) == 10
+      assert service1 not in [users2]
+      assert service2 not in [users2]
+
+      assert %{"count" => 26, "page_size" => 10, "users" => users3} =
+               conn
+               |> get("/api/pleroma/admin/users?page=3&filters=", %{page_size: "10"})
+               |> json_response(200)
+
+      assert Enum.count(users3) == 6
+      assert service1 not in [users3]
+      assert service2 not in [users3]
+    end
+
    test "renders empty array for the second page", %{conn: conn} do
      insert(:user)

@ -1234,6 +1286,38 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
             "@#{admin.nickname} deactivated users: @#{user.nickname}"
  end

+  describe "PUT disable_mfa" do
+    test "returns 200 and disable 2fa", %{conn: conn} do
+      user =
+        insert(:user,
+          multi_factor_authentication_settings: %MFA.Settings{
+            enabled: true,
+            totp: %MFA.Settings.TOTP{secret: "otp_secret", confirmed: true}
+          }
+        )
+
+      response =
+        conn
+        |> put("/api/pleroma/admin/users/disable_mfa", %{nickname: user.nickname})
+        |> json_response(200)
+
+      assert response == user.nickname
+      mfa_settings = refresh_record(user).multi_factor_authentication_settings
+
+      refute mfa_settings.enabled
+      refute mfa_settings.totp.confirmed
+    end
+
+    test "returns 404 if user not found", %{conn: conn} do
+      response =
+        conn
+        |> put("/api/pleroma/admin/users/disable_mfa", %{nickname: "nickname"})
+        |> json_response(404)
+
+      assert response == %{"error" => "Not found"}
+    end
+  end
+
  describe "POST /api/pleroma/admin/users/invite_token" do
    test "without options", %{conn: conn} do
      conn = post(conn, "/api/pleroma/admin/users/invite_token")
@ -1336,7 +1420,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
    test "with invalid token", %{conn: conn} do
      conn = post(conn, "/api/pleroma/admin/users/revoke_invite", %{"token" => "foo"})

-      assert json_response(conn, :not_found) == "Not found"
+      assert json_response(conn, :not_found) == %{"error" => "Not found"}
    end
  end

@ -1363,7 +1447,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
    test "returns 404 when report id is invalid", %{conn: conn} do
      conn = get(conn, "/api/pleroma/admin/reports/test")

-      assert json_response(conn, :not_found) == "Not found"
+      assert json_response(conn, :not_found) == %{"error" => "Not found"}
    end
  end

@ -1620,96 +1704,6 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
    end
  end

-  describe "PUT /api/pleroma/admin/statuses/:id" do
-    setup do
-      activity = insert(:note_activity)
-
-      %{id: activity.id}
-    end
-
-    test "toggle sensitive flag", %{conn: conn, id: id, admin: admin} do
-      response =
-        conn
-        |> put("/api/pleroma/admin/statuses/#{id}", %{"sensitive" => "true"})
-        |> json_response(:ok)
-
-      assert response["sensitive"]
-
-      log_entry = Repo.one(ModerationLog)
-
-      assert ModerationLog.get_log_entry_message(log_entry) ==
-               "@#{admin.nickname} updated status ##{id}, set sensitive: 'true'"
-
-      response =
-        conn
-        |> put("/api/pleroma/admin/statuses/#{id}", %{"sensitive" => "false"})
-        |> json_response(:ok)
-
-      refute response["sensitive"]
-    end
-
-    test "change visibility flag", %{conn: conn, id: id, admin: admin} do
-      response =
-        conn
-        |> put("/api/pleroma/admin/statuses/#{id}", %{"visibility" => "public"})
-        |> json_response(:ok)
-
-      assert response["visibility"] == "public"
-
-      log_entry = Repo.one(ModerationLog)
-
-      assert ModerationLog.get_log_entry_message(log_entry) ==
-               "@#{admin.nickname} updated status ##{id}, set visibility: 'public'"
-
-      response =
-        conn
-        |> put("/api/pleroma/admin/statuses/#{id}", %{"visibility" => "private"})
-        |> json_response(:ok)
-
-      assert response["visibility"] == "private"
-
-      response =
-        conn
-        |> put("/api/pleroma/admin/statuses/#{id}", %{"visibility" => "unlisted"})
-        |> json_response(:ok)
-
-      assert response["visibility"] == "unlisted"
-    end
-
-    test "returns 400 when visibility is unknown", %{conn: conn, id: id} do
-      conn = put(conn, "/api/pleroma/admin/statuses/#{id}", %{"visibility" => "test"})
-
-      assert json_response(conn, :bad_request) == "Unsupported visibility"
-    end
-  end
-
-  describe "DELETE /api/pleroma/admin/statuses/:id" do
-    setup do
-      activity = insert(:note_activity)
-
-      %{id: activity.id}
-    end
-
-    test "deletes status", %{conn: conn, id: id, admin: admin} do
-      conn
-      |> delete("/api/pleroma/admin/statuses/#{id}")
-      |> json_response(:ok)
-
-      refute Activity.get_by_id(id)
-
-      log_entry = Repo.one(ModerationLog)
-
-      assert ModerationLog.get_log_entry_message(log_entry) ==
-               "@#{admin.nickname} deleted status ##{id}"
-    end
-
-    test "returns 404 when the status does not exist", %{conn: conn} do
-      conn = delete(conn, "/api/pleroma/admin/statuses/test")
-
-      assert json_response(conn, :not_found) == "Not found"
-    end
-  end
-
  describe "GET /api/pleroma/admin/config" do
    setup do: clear_config(:configurable_from_database, true)

@ -1718,7 +1712,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
      conn = get(conn, "/api/pleroma/admin/config")

      assert json_response(conn, 400) ==
-               "To use this endpoint you need to enable configuration from database."
+               %{
+                 "error" => "To use this endpoint you need to enable configuration from database."
+               }
    end

    test "with settings only in db", %{conn: conn} do
@ -1840,7 +1836,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
    conn = post(conn, "/api/pleroma/admin/config", %{"configs" => []})

    assert json_response(conn, 400) ==
-             "To use this endpoint you need to enable configuration from database."
+             %{"error" => "To use this endpoint you need to enable configuration from database."}
  end

  describe "POST /api/pleroma/admin/config" do
@ -2413,6 +2409,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
                %{"tuple" => [":seconds_valid", 60]},
                %{"tuple" => [":path", ""]},
                %{"tuple" => [":key1", nil]},
+                %{"tuple" => [":partial_chain", "&:hackney_connect.partial_chain/1"]},
                %{"tuple" => [":regex1", "~r/https:\/\/example.com/"]},
                %{"tuple" => [":regex2", "~r/https:\/\/example.com/u"]},
                %{"tuple" => [":regex3", "~r/https:\/\/example.com/i"]},
@ -2436,6 +2433,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
                     %{"tuple" => [":seconds_valid", 60]},
                     %{"tuple" => [":path", ""]},
                     %{"tuple" => [":key1", nil]},
+                     %{"tuple" => [":partial_chain", "&:hackney_connect.partial_chain/1"]},
                     %{"tuple" => [":regex1", "~r/https:\\/\\/example.com/"]},
                     %{"tuple" => [":regex2", "~r/https:\\/\\/example.com/u"]},
                     %{"tuple" => [":regex3", "~r/https:\\/\\/example.com/i"]},
@ -2448,6 +2446,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
                     ":seconds_valid",
                     ":path",
                     ":key1",
+                     ":partial_chain",
                     ":regex1",
                     ":regex2",
                     ":regex3",
@ -2766,26 +2765,25 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
              group: ":pleroma",
              key: ":http",
              value: [
-                %{"tuple" => [":proxy_url", %{"tuple" => [":socks5", "localhost", 1234]}]},
-                %{"tuple" => [":send_user_agent", false]}
+                %{"tuple" => [":proxy_url", %{"tuple" => [":socks5", "localhost", 1234]}]}
              ]
            }
          ]
        })

-      assert json_response(conn, 200) == %{
+      assert %{
               "configs" => [
                 %{
                   "group" => ":pleroma",
                   "key" => ":http",
-                   "value" => [
-                     %{"tuple" => [":proxy_url", %{"tuple" => [":socks5", "localhost", 1234]}]},
-                     %{"tuple" => [":send_user_agent", false]}
-                   ],
-                   "db" => [":proxy_url", ":send_user_agent"]
+                   "value" => value,
+                   "db" => db
                 }
               ]
-             }
+             } = json_response(conn, 200)
+
+      assert %{"tuple" => [":proxy_url", %{"tuple" => [":socks5", "localhost", 1234]}]} in value
+      assert ":proxy_url" in db
    end

    test "proxy tuple domain", %{conn: conn} do
@ -2796,26 +2794,25 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
              group: ":pleroma",
              key: ":http",
              value: [
-                %{"tuple" => [":proxy_url", %{"tuple" => [":socks5", "domain.com", 1234]}]},
-                %{"tuple" => [":send_user_agent", false]}
+                %{"tuple" => [":proxy_url", %{"tuple" => [":socks5", "domain.com", 1234]}]}
              ]
            }
          ]
        })

-      assert json_response(conn, 200) == %{
+      assert %{
               "configs" => [
                 %{
                   "group" => ":pleroma",
                   "key" => ":http",
-                   "value" => [
-                     %{"tuple" => [":proxy_url", %{"tuple" => [":socks5", "domain.com", 1234]}]},
-                     %{"tuple" => [":send_user_agent", false]}
-                   ],
-                   "db" => [":proxy_url", ":send_user_agent"]
+                   "value" => value,
+                   "db" => db
                 }
               ]
-             }
+             } = json_response(conn, 200)
+
+      assert %{"tuple" => [":proxy_url", %{"tuple" => [":socks5", "domain.com", 1234]}]} in value
+      assert ":proxy_url" in db
    end

    test "proxy tuple ip", %{conn: conn} do
@ -2826,26 +2823,53 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
              group: ":pleroma",
              key: ":http",
              value: [
-                %{"tuple" => [":proxy_url", %{"tuple" => [":socks5", "127.0.0.1", 1234]}]},
-                %{"tuple" => [":send_user_agent", false]}
+                %{"tuple" => [":proxy_url", %{"tuple" => [":socks5", "127.0.0.1", 1234]}]}
              ]
            }
          ]
        })

-      assert json_response(conn, 200) == %{
+      assert %{
               "configs" => [
                 %{
                   "group" => ":pleroma",
                   "key" => ":http",
-                   "value" => [
-                     %{"tuple" => [":proxy_url", %{"tuple" => [":socks5", "127.0.0.1", 1234]}]},
-                     %{"tuple" => [":send_user_agent", false]}
-                   ],
-                   "db" => [":proxy_url", ":send_user_agent"]
+                   "value" => value,
+                   "db" => db
                 }
               ]
-             }
+             } = json_response(conn, 200)
+
+      assert %{"tuple" => [":proxy_url", %{"tuple" => [":socks5", "127.0.0.1", 1234]}]} in value
+      assert ":proxy_url" in db
+    end
+
+    @tag capture_log: true
+    test "doesn't set keys not in the whitelist", %{conn: conn} do
+      clear_config(:database_config_whitelist, [
+        {:pleroma, :key1},
+        {:pleroma, :key2},
+        {:pleroma, Pleroma.Captcha.NotReal},
+        {:not_real}
+      ])
+
+      post(conn, "/api/pleroma/admin/config", %{
+        configs: [
+          %{group: ":pleroma", key: ":key1", value: "value1"},
+          %{group: ":pleroma", key: ":key2", value: "value2"},
+          %{group: ":pleroma", key: ":key3", value: "value3"},
+          %{group: ":pleroma", key: "Pleroma.Web.Endpoint.NotReal", value: "value4"},
+          %{group: ":pleroma", key: "Pleroma.Captcha.NotReal", value: "value5"},
+          %{group: ":not_real", key: ":anything", value: "value6"}
+        ]
+      })
+
+      assert Application.get_env(:pleroma, :key1) == "value1"
+      assert Application.get_env(:pleroma, :key2) == "value2"
+      assert Application.get_env(:pleroma, :key3) == nil
+      assert Application.get_env(:pleroma, Pleroma.Web.Endpoint.NotReal) == nil
+      assert Application.get_env(:pleroma, Pleroma.Captcha.NotReal) == "value5"
+      assert Application.get_env(:not_real, :anything) == "value6"
    end
  end

@ -2875,56 +2899,6 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
    on_exit(fn -> Restarter.Pleroma.refresh() end)
  end

-  describe "GET /api/pleroma/admin/statuses" do
-    test "returns all public and unlisted statuses", %{conn: conn, admin: admin} do
-      blocked = insert(:user)
-      user = insert(:user)
-      User.block(admin, blocked)
-
-      {:ok, _} =
-        CommonAPI.post(user, %{"status" => "@#{admin.nickname}", "visibility" => "direct"})
-
-      {:ok, _} = CommonAPI.post(user, %{"status" => ".", "visibility" => "unlisted"})
-      {:ok, _} = CommonAPI.post(user, %{"status" => ".", "visibility" => "private"})
-      {:ok, _} = CommonAPI.post(user, %{"status" => ".", "visibility" => "public"})
-      {:ok, _} = CommonAPI.post(blocked, %{"status" => ".", "visibility" => "public"})
-
-      response =
-        conn
-        |> get("/api/pleroma/admin/statuses")
-        |> json_response(200)
-
-      refute "private" in Enum.map(response, & &1["visibility"])
-      assert length(response) == 3
-    end
-
-    test "returns only local statuses with local_only on", %{conn: conn} do
-      user = insert(:user)
-      remote_user = insert(:user, local: false, nickname: "archaeme@archae.me")
-      insert(:note_activity, user: user, local: true)
-      insert(:note_activity, user: remote_user, local: false)
-
-      response =
-        conn
-        |> get("/api/pleroma/admin/statuses?local_only=true")
-        |> json_response(200)
-
-      assert length(response) == 1
-    end
-
-    test "returns private and direct statuses with godmode on", %{conn: conn, admin: admin} do
-      user = insert(:user)
-
-      {:ok, _} =
-        CommonAPI.post(user, %{"status" => "@#{admin.nickname}", "visibility" => "direct"})
-
-      {:ok, _} = CommonAPI.post(user, %{"status" => ".", "visibility" => "private"})
-      {:ok, _} = CommonAPI.post(user, %{"status" => ".", "visibility" => "public"})
-      conn = get(conn, "/api/pleroma/admin/statuses?godmode=true")
-      assert json_response(conn, 200) |> length() == 3
-    end
-  end
-
  describe "GET /api/pleroma/admin/users/:nickname/statuses" do
    setup do
      user = insert(:user)
@ -2953,11 +2927,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
    end

    test "doesn't return private statuses by default", %{conn: conn, user: user} do
-      {:ok, _private_status} =
-        CommonAPI.post(user, %{"status" => "private", "visibility" => "private"})
+      {:ok, _private_status} = CommonAPI.post(user, %{status: "private", visibility: "private"})

-      {:ok, _public_status} =
-        CommonAPI.post(user, %{"status" => "public", "visibility" => "public"})
+      {:ok, _public_status} = CommonAPI.post(user, %{status: "public", visibility: "public"})

      conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/statuses")

@ -2965,11 +2937,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
    end

    test "returns private statuses with godmode on", %{conn: conn, user: user} do
-      {:ok, _private_status} =
-        CommonAPI.post(user, %{"status" => "private", "visibility" => "private"})
+      {:ok, _private_status} = CommonAPI.post(user, %{status: "private", visibility: "private"})

-      {:ok, _public_status} =
-        CommonAPI.post(user, %{"status" => "public", "visibility" => "public"})
+      {:ok, _public_status} = CommonAPI.post(user, %{status: "public", visibility: "public"})

      conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/statuses?godmode=true")

@ -2978,8 +2948,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do

    test "excludes reblogs by default", %{conn: conn, user: user} do
      other_user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "."})
-      {:ok, %Activity{}, _} = CommonAPI.repeat(activity.id, other_user)
+      {:ok, activity} = CommonAPI.post(user, %{status: "."})
+      {:ok, %Activity{}} = CommonAPI.repeat(activity.id, other_user)

      conn_res = get(conn, "/api/pleroma/admin/users/#{other_user.nickname}/statuses")
      assert json_response(conn_res, 200) |> length() == 0
@ -3221,8 +3191,12 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
  end

  describe "PATCH /users/:nickname/credentials" do
-    test "changes password and email", %{conn: conn, admin: admin} do
+    setup do
      user = insert(:user)
+      [user: user]
+    end
+
+    test "changes password and email", %{conn: conn, admin: admin, user: user} do
      assert user.password_reset_pending == false

      conn =
@ -3252,9 +3226,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
               "@#{admin.nickname} forced password reset for users: @#{user.nickname}"
    end

-    test "returns 403 if requested by a non-admin" do
-      user = insert(:user)
-
+    test "returns 403 if requested by a non-admin", %{user: user} do
      conn =
        build_conn()
        |> assign(:user, user)
@ -3266,6 +3238,31 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do

      assert json_response(conn, :forbidden)
    end
+
+    test "changes actor type from permitted list", %{conn: conn, user: user} do
+      assert user.actor_type == "Person"
+
+      assert patch(conn, "/api/pleroma/admin/users/#{user.nickname}/credentials", %{
+               "actor_type" => "Service"
+             })
+             |> json_response(200) == %{"status" => "success"}
+
+      updated_user = User.get_by_id(user.id)
+
+      assert updated_user.actor_type == "Service"
+
+      assert patch(conn, "/api/pleroma/admin/users/#{user.nickname}/credentials", %{
+               "actor_type" => "Application"
+             })
+             |> json_response(200) == %{"errors" => %{"actor_type" => "is invalid"}}
+    end
+
+    test "update non existing user", %{conn: conn} do
+      assert patch(conn, "/api/pleroma/admin/users/non-existing/credentials", %{
+               "password" => "new_password"
+             })
+             |> json_response(200) == %{"error" => "Unable to update user."}
+    end
  end

  describe "PATCH /users/:nickname/force_password_reset" do
@ -3484,28 +3481,63 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
    end
  end

-  test "GET /api/pleroma/admin/config/descriptions", %{conn: conn} do
-    admin = insert(:user, is_admin: true)
+  describe "GET /api/pleroma/admin/config/descriptions" do
+    test "structure", %{conn: conn} do
+      admin = insert(:user, is_admin: true)

-    conn =
-      assign(conn, :user, admin)
-      |> get("/api/pleroma/admin/config/descriptions")
+      conn =
+        assign(conn, :user, admin)
+        |> get("/api/pleroma/admin/config/descriptions")

-    assert [child | _others] = json_response(conn, 200)
+      assert [child | _others] = json_response(conn, 200)

-    assert child["children"]
-    assert child["key"]
-    assert String.starts_with?(child["group"], ":")
-    assert child["description"]
+      assert child["children"]
+      assert child["key"]
+      assert String.starts_with?(child["group"], ":")
+      assert child["description"]
+    end
+
+    test "filters by database configuration whitelist", %{conn: conn} do
+      clear_config(:database_config_whitelist, [
+        {:pleroma, :instance},
+        {:pleroma, :activitypub},
+        {:pleroma, Pleroma.Upload},
+        {:esshd}
+      ])
+
+      admin = insert(:user, is_admin: true)
+
+      conn =
+        assign(conn, :user, admin)
+        |> get("/api/pleroma/admin/config/descriptions")
+
+      children = json_response(conn, 200)
+
+      assert length(children) == 4
+
+      assert Enum.count(children, fn c -> c["group"] == ":pleroma" end) == 3
+
+      instance = Enum.find(children, fn c -> c["key"] == ":instance" end)
+      assert instance["children"]
+
+      activitypub = Enum.find(children, fn c -> c["key"] == ":activitypub" end)
+      assert activitypub["children"]
+
+      web_endpoint = Enum.find(children, fn c -> c["key"] == "Pleroma.Upload" end)
+      assert web_endpoint["children"]
+
+      esshd = Enum.find(children, fn c -> c["group"] == ":esshd" end)
+      assert esshd["children"]
+    end
  end

  describe "/api/pleroma/admin/stats" do
    test "status visibility count", %{conn: conn} do
      admin = insert(:user, is_admin: true)
      user = insert(:user)
-      CommonAPI.post(user, %{"visibility" => "public", "status" => "hey"})
-      CommonAPI.post(user, %{"visibility" => "unlisted", "status" => "hey"})
-      CommonAPI.post(user, %{"visibility" => "unlisted", "status" => "hey"})
+      CommonAPI.post(user, %{visibility: "public", status: "hey"})
+      CommonAPI.post(user, %{visibility: "unlisted", status: "hey"})
+      CommonAPI.post(user, %{visibility: "unlisted", status: "hey"})

      response =
        conn
@ -3526,7 +3558,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
    end

    test "success", %{conn: conn} do
-      base_url = Pleroma.Web.base_url()
+      base_url = Web.base_url()
      app_name = "Trusted app"

      response =
@ -3547,7 +3579,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
    end

    test "with trusted", %{conn: conn} do
-      base_url = Pleroma.Web.base_url()
+      base_url = Web.base_url()
      app_name = "Trusted app"

      response =
--- a/test/web/admin_api/controllers/status_controller_test.exs
+++ b/test/web/admin_api/controllers/status_controller_test.exs
@ -0,0 +1,194 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.AdminAPI.StatusControllerTest do
+  use Pleroma.Web.ConnCase
+
+  import Pleroma.Factory
+
+  alias Pleroma.Activity
+  alias Pleroma.Config
+  alias Pleroma.ModerationLog
+  alias Pleroma.Repo
+  alias Pleroma.User
+  alias Pleroma.Web.CommonAPI
+
+  setup do
+    admin = insert(:user, is_admin: true)
+    token = insert(:oauth_admin_token, user: admin)
+
+    conn =
+      build_conn()
+      |> assign(:user, admin)
+      |> assign(:token, token)
+
+    {:ok, %{admin: admin, token: token, conn: conn}}
+  end
+
+  describe "GET /api/pleroma/admin/statuses/:id" do
+    test "not found", %{conn: conn} do
+      assert conn
+             |> get("/api/pleroma/admin/statuses/not_found")
+             |> json_response_and_validate_schema(:not_found)
+    end
+
+    test "shows activity", %{conn: conn} do
+      activity = insert(:note_activity)
+
+      response =
+        conn
+        |> get("/api/pleroma/admin/statuses/#{activity.id}")
+        |> json_response_and_validate_schema(200)
+
+      assert response["id"] == activity.id
+    end
+  end
+
+  describe "PUT /api/pleroma/admin/statuses/:id" do
+    setup do
+      activity = insert(:note_activity)
+
+      %{id: activity.id}
+    end
+
+    test "toggle sensitive flag", %{conn: conn, id: id, admin: admin} do
+      response =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> put("/api/pleroma/admin/statuses/#{id}", %{"sensitive" => "true"})
+        |> json_response_and_validate_schema(:ok)
+
+      assert response["sensitive"]
+
+      log_entry = Repo.one(ModerationLog)
+
+      assert ModerationLog.get_log_entry_message(log_entry) ==
+               "@#{admin.nickname} updated status ##{id}, set sensitive: 'true'"
+
+      response =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> put("/api/pleroma/admin/statuses/#{id}", %{"sensitive" => "false"})
+        |> json_response_and_validate_schema(:ok)
+
+      refute response["sensitive"]
+    end
+
+    test "change visibility flag", %{conn: conn, id: id, admin: admin} do
+      response =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> put("/api/pleroma/admin/statuses/#{id}", %{visibility: "public"})
+        |> json_response_and_validate_schema(:ok)
+
+      assert response["visibility"] == "public"
+
+      log_entry = Repo.one(ModerationLog)
+
+      assert ModerationLog.get_log_entry_message(log_entry) ==
+               "@#{admin.nickname} updated status ##{id}, set visibility: 'public'"
+
+      response =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> put("/api/pleroma/admin/statuses/#{id}", %{visibility: "private"})
+        |> json_response_and_validate_schema(:ok)
+
+      assert response["visibility"] == "private"
+
+      response =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> put("/api/pleroma/admin/statuses/#{id}", %{visibility: "unlisted"})
+        |> json_response_and_validate_schema(:ok)
+
+      assert response["visibility"] == "unlisted"
+    end
+
+    test "returns 400 when visibility is unknown", %{conn: conn, id: id} do
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> put("/api/pleroma/admin/statuses/#{id}", %{visibility: "test"})
+
+      assert %{"error" => "test - Invalid value for enum."} =
+               json_response_and_validate_schema(conn, :bad_request)
+    end
+  end
+
+  describe "DELETE /api/pleroma/admin/statuses/:id" do
+    setup do
+      activity = insert(:note_activity)
+
+      %{id: activity.id}
+    end
+
+    test "deletes status", %{conn: conn, id: id, admin: admin} do
+      conn
+      |> delete("/api/pleroma/admin/statuses/#{id}")
+      |> json_response_and_validate_schema(:ok)
+
+      refute Activity.get_by_id(id)
+
+      log_entry = Repo.one(ModerationLog)
+
+      assert ModerationLog.get_log_entry_message(log_entry) ==
+               "@#{admin.nickname} deleted status ##{id}"
+    end
+
+    test "returns 404 when the status does not exist", %{conn: conn} do
+      conn = delete(conn, "/api/pleroma/admin/statuses/test")
+
+      assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"}
+    end
+  end
+
+  describe "GET /api/pleroma/admin/statuses" do
+    test "returns all public and unlisted statuses", %{conn: conn, admin: admin} do
+      blocked = insert(:user)
+      user = insert(:user)
+      User.block(admin, blocked)
+
+      {:ok, _} = CommonAPI.post(user, %{status: "@#{admin.nickname}", visibility: "direct"})
+
+      {:ok, _} = CommonAPI.post(user, %{status: ".", visibility: "unlisted"})
+      {:ok, _} = CommonAPI.post(user, %{status: ".", visibility: "private"})
+      {:ok, _} = CommonAPI.post(user, %{status: ".", visibility: "public"})
+      {:ok, _} = CommonAPI.post(blocked, %{status: ".", visibility: "public"})
+
+      response =
+        conn
+        |> get("/api/pleroma/admin/statuses")
+        |> json_response_and_validate_schema(200)
+
+      refute "private" in Enum.map(response, & &1["visibility"])
+      assert length(response) == 3
+    end
+
+    test "returns only local statuses with local_only on", %{conn: conn} do
+      user = insert(:user)
+      remote_user = insert(:user, local: false, nickname: "archaeme@archae.me")
+      insert(:note_activity, user: user, local: true)
+      insert(:note_activity, user: remote_user, local: false)
+
+      response =
+        conn
+        |> get("/api/pleroma/admin/statuses?local_only=true")
+        |> json_response_and_validate_schema(200)
+
+      assert length(response) == 1
+    end
+
+    test "returns private and direct statuses with godmode on", %{conn: conn, admin: admin} do
+      user = insert(:user)
+
+      {:ok, _} = CommonAPI.post(user, %{status: "@#{admin.nickname}", visibility: "direct"})
+
+      {:ok, _} = CommonAPI.post(user, %{status: ".", visibility: "private"})
+      {:ok, _} = CommonAPI.post(user, %{status: ".", visibility: "public"})
+      conn = get(conn, "/api/pleroma/admin/statuses?godmode=true")
+      assert json_response_and_validate_schema(conn, 200) |> length() == 3
+    end
+  end
+end
--- a/test/web/admin_api/views/report_view_test.exs
+++ b/test/web/admin_api/views/report_view_test.exs
@ -45,7 +45,7 @@ defmodule Pleroma.Web.AdminAPI.ReportViewTest do
  test "includes reported statuses" do
    user = insert(:user)
    other_user = insert(:user)
-    {:ok, activity} = CommonAPI.post(other_user, %{"status" => "toot"})
+    {:ok, activity} = CommonAPI.post(other_user, %{status: "toot"})

    {:ok, report_activity} =
      CommonAPI.report(user, %{account_id: other_user.id, status_ids: [activity.id]})
--- a/test/web/api_spec/schema_examples_test.exs
+++ b/test/web/api_spec/schema_examples_test.exs
@ -28,7 +28,7 @@ defmodule Pleroma.Web.ApiSpec.SchemaExamplesTest do
      end
    end

-    for {status, response} <- operation.responses do
+    for {status, response} <- operation.responses, is_map(response.content[@content_type]) do
      describe "#{operation.operationId} - #{status} Response" do
        @schema resolve_schema(response.content[@content_type].schema)

--- a/test/web/auth/basic_auth_test.exs
+++ b/test/web/auth/basic_auth_test.exs
@ -11,7 +11,7 @@ defmodule Pleroma.Web.Auth.BasicAuthTest do
    conn: conn
  } do
    user = insert(:user)
-    assert Comeonin.Pbkdf2.checkpw("test", user.password_hash)
+    assert Pbkdf2.verify_pass("test", user.password_hash)

    basic_auth_contents =
      (URI.encode_www_form(user.nickname) <> ":" <> URI.encode_www_form("test"))
--- a/test/web/auth/pleroma_authenticator_test.exs
+++ b/test/web/auth/pleroma_authenticator_test.exs
@ -0,0 +1,48 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.Auth.PleromaAuthenticatorTest do
+  use Pleroma.Web.ConnCase
+
+  alias Pleroma.Web.Auth.PleromaAuthenticator
+  import Pleroma.Factory
+
+  setup do
+    password = "testpassword"
+    name = "AgentSmith"
+    user = insert(:user, nickname: name, password_hash: Pbkdf2.hash_pwd_salt(password))
+    {:ok, [user: user, name: name, password: password]}
+  end
+
+  test "get_user/authorization", %{name: name, password: password} do
+    name = name <> "1"
+    user = insert(:user, nickname: name, password_hash: Bcrypt.hash_pwd_salt(password))
+
+    params = %{"authorization" => %{"name" => name, "password" => password}}
+    res = PleromaAuthenticator.get_user(%Plug.Conn{params: params})
+
+    assert {:ok, returned_user} = res
+    assert returned_user.id == user.id
+    assert "$pbkdf2" <> _ = returned_user.password_hash
+  end
+
+  test "get_user/authorization with invalid password", %{name: name} do
+    params = %{"authorization" => %{"name" => name, "password" => "password"}}
+    res = PleromaAuthenticator.get_user(%Plug.Conn{params: params})
+
+    assert {:error, {:checkpw, false}} == res
+  end
+
+  test "get_user/grant_type_password", %{user: user, name: name, password: password} do
+    params = %{"grant_type" => "password", "username" => name, "password" => password}
+    res = PleromaAuthenticator.get_user(%Plug.Conn{params: params})
+
+    assert {:ok, user} == res
+  end
+
+  test "error credintails" do
+    res = PleromaAuthenticator.get_user(%Plug.Conn{params: %{}})
+    assert {:error, :invalid_credentials} == res
+  end
+end
--- a/test/web/auth/totp_authenticator_test.exs
+++ b/test/web/auth/totp_authenticator_test.exs
@ -0,0 +1,51 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.Auth.TOTPAuthenticatorTest do
+  use Pleroma.Web.ConnCase
+
+  alias Pleroma.MFA
+  alias Pleroma.MFA.BackupCodes
+  alias Pleroma.MFA.TOTP
+  alias Pleroma.Web.Auth.TOTPAuthenticator
+
+  import Pleroma.Factory
+
+  test "verify token" do
+    otp_secret = TOTP.generate_secret()
+    otp_token = TOTP.generate_token(otp_secret)
+
+    user =
+      insert(:user,
+        multi_factor_authentication_settings: %MFA.Settings{
+          enabled: true,
+          totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
+        }
+      )
+
+    assert TOTPAuthenticator.verify(otp_token, user) == {:ok, :pass}
+    assert TOTPAuthenticator.verify(nil, user) == {:error, :invalid_token}
+    assert TOTPAuthenticator.verify("", user) == {:error, :invalid_token}
+  end
+
+  test "checks backup codes" do
+    [code | _] = backup_codes = BackupCodes.generate()
+
+    hashed_codes =
+      backup_codes
+      |> Enum.map(&Pbkdf2.hash_pwd_salt(&1))
+
+    user =
+      insert(:user,
+        multi_factor_authentication_settings: %MFA.Settings{
+          enabled: true,
+          backup_codes: hashed_codes,
+          totp: %MFA.Settings.TOTP{secret: "otp_secret", confirmed: true}
+        }
+      )
+
+    assert TOTPAuthenticator.verify_recovery_code(user, code) == {:ok, :pass}
+    refute TOTPAuthenticator.verify_recovery_code(code, refresh_record(user)) == {:ok, :pass}
+  end
+end
--- a/test/web/common_api/common_api_test.exs
+++ b/test/web/common_api/common_api_test.exs
@ -9,11 +9,13 @@ defmodule Pleroma.Web.CommonAPITest do
  alias Pleroma.Object
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.ActivityPub
+  alias Pleroma.Web.ActivityPub.Transmogrifier
  alias Pleroma.Web.ActivityPub.Visibility
  alias Pleroma.Web.AdminAPI.AccountView
  alias Pleroma.Web.CommonAPI

  import Pleroma.Factory
+  import Mock

  require Pleroma.Constants

@ -21,12 +23,124 @@ defmodule Pleroma.Web.CommonAPITest do
  setup do: clear_config([:instance, :limit])
  setup do: clear_config([:instance, :max_pinned_statuses])

+  describe "unblocking" do
+    test "it works even without an existing block activity" do
+      blocked = insert(:user)
+      blocker = insert(:user)
+      User.block(blocker, blocked)
+
+      assert User.blocks?(blocker, blocked)
+      assert {:ok, :no_activity} == CommonAPI.unblock(blocker, blocked)
+      refute User.blocks?(blocker, blocked)
+    end
+  end
+
+  describe "deletion" do
+    test "it works with pruned objects" do
+      user = insert(:user)
+
+      {:ok, post} = CommonAPI.post(user, %{status: "namu amida butsu"})
+
+      clear_config([:instance, :federating], true)
+
+      Object.normalize(post, false)
+      |> Object.prune()
+
+      with_mock Pleroma.Web.Federator,
+        publish: fn _ -> nil end do
+        assert {:ok, delete} = CommonAPI.delete(post.id, user)
+        assert delete.local
+        assert called(Pleroma.Web.Federator.publish(delete))
+      end
+
+      refute Activity.get_by_id(post.id)
+    end
+
+    test "it allows users to delete their posts" do
+      user = insert(:user)
+
+      {:ok, post} = CommonAPI.post(user, %{status: "namu amida butsu"})
+
+      clear_config([:instance, :federating], true)
+
+      with_mock Pleroma.Web.Federator,
+        publish: fn _ -> nil end do
+        assert {:ok, delete} = CommonAPI.delete(post.id, user)
+        assert delete.local
+        assert called(Pleroma.Web.Federator.publish(delete))
+      end
+
+      refute Activity.get_by_id(post.id)
+    end
+
+    test "it does not allow a user to delete their posts" do
+      user = insert(:user)
+      other_user = insert(:user)
+
+      {:ok, post} = CommonAPI.post(user, %{status: "namu amida butsu"})
+
+      assert {:error, "Could not delete"} = CommonAPI.delete(post.id, other_user)
+      assert Activity.get_by_id(post.id)
+    end
+
+    test "it allows moderators to delete other user's posts" do
+      user = insert(:user)
+      moderator = insert(:user, is_moderator: true)
+
+      {:ok, post} = CommonAPI.post(user, %{status: "namu amida butsu"})
+
+      assert {:ok, delete} = CommonAPI.delete(post.id, moderator)
+      assert delete.local
+
+      refute Activity.get_by_id(post.id)
+    end
+
+    test "it allows admins to delete other user's posts" do
+      user = insert(:user)
+      moderator = insert(:user, is_admin: true)
+
+      {:ok, post} = CommonAPI.post(user, %{status: "namu amida butsu"})
+
+      assert {:ok, delete} = CommonAPI.delete(post.id, moderator)
+      assert delete.local
+
+      refute Activity.get_by_id(post.id)
+    end
+
+    test "superusers deleting non-local posts won't federate the delete" do
+      # This is the user of the ingested activity
+      _user =
+        insert(:user,
+          local: false,
+          ap_id: "http://mastodon.example.org/users/admin",
+          last_refreshed_at: NaiveDateTime.utc_now()
+        )
+
+      moderator = insert(:user, is_admin: true)
+
+      data =
+        File.read!("test/fixtures/mastodon-post-activity.json")
+        |> Jason.decode!()
+
+      {:ok, post} = Transmogrifier.handle_incoming(data)
+
+      with_mock Pleroma.Web.Federator,
+        publish: fn _ -> nil end do
+        assert {:ok, delete} = CommonAPI.delete(post.id, moderator)
+        assert delete.local
+        refute called(Pleroma.Web.Federator.publish(:_))
+      end
+
+      refute Activity.get_by_id(post.id)
+    end
+  end
+
  test "favoriting race condition" do
    user = insert(:user)
    users_serial = insert_list(10, :user)
    users = insert_list(10, :user)

-    {:ok, activity} = CommonAPI.post(user, %{"status" => "."})
+    {:ok, activity} = CommonAPI.post(user, %{status: "."})

    users_serial
    |> Enum.map(fn user ->
@ -53,7 +167,7 @@ defmodule Pleroma.Web.CommonAPITest do
    users_serial = insert_list(10, :user)
    users = insert_list(10, :user)

-    {:ok, activity} = CommonAPI.post(user, %{"status" => "."})
+    {:ok, activity} = CommonAPI.post(user, %{status: "."})

    users_serial
    |> Enum.map(fn user ->
@ -77,12 +191,12 @@ defmodule Pleroma.Web.CommonAPITest do

  test "when replying to a conversation / participation, it will set the correct context id even if no explicit reply_to is given" do
    user = insert(:user)
-    {:ok, activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "direct"})
+    {:ok, activity} = CommonAPI.post(user, %{status: ".", visibility: "direct"})

    [participation] = Participation.for_user(user)

    {:ok, convo_reply} =
-      CommonAPI.post(user, %{"status" => ".", "in_reply_to_conversation_id" => participation.id})
+      CommonAPI.post(user, %{status: ".", in_reply_to_conversation_id: participation.id})

    assert Visibility.is_direct?(convo_reply)

@ -96,8 +210,8 @@ defmodule Pleroma.Web.CommonAPITest do

    {:ok, activity} =
      CommonAPI.post(har, %{
-        "status" => "@#{jafnhar.nickname} hey",
-        "visibility" => "direct"
+        status: "@#{jafnhar.nickname} hey",
+        visibility: "direct"
      })

    assert har.ap_id in activity.recipients
@ -107,10 +221,10 @@ defmodule Pleroma.Web.CommonAPITest do

    {:ok, activity} =
      CommonAPI.post(har, %{
-        "status" => "I don't really like @#{tridi.nickname}",
-        "visibility" => "direct",
-        "in_reply_to_status_id" => activity.id,
-        "in_reply_to_conversation_id" => participation.id
+        status: "I don't really like @#{tridi.nickname}",
+        visibility: "direct",
+        in_reply_to_status_id: activity.id,
+        in_reply_to_conversation_id: participation.id
      })

    assert har.ap_id in activity.recipients
@ -127,8 +241,8 @@ defmodule Pleroma.Web.CommonAPITest do

    {:ok, activity} =
      CommonAPI.post(har, %{
-        "status" => "@#{jafnhar.nickname} hey, i never want to see @#{tridi.nickname} again",
-        "visibility" => "direct"
+        status: "@#{jafnhar.nickname} hey, i never want to see @#{tridi.nickname} again",
+        visibility: "direct"
      })

    refute tridi.ap_id in activity.recipients
@ -137,7 +251,7 @@ defmodule Pleroma.Web.CommonAPITest do

  test "it de-duplicates tags" do
    user = insert(:user)
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "#2hu #2HU"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "#2hu #2HU"})

    object = Object.normalize(activity)

@ -146,7 +260,7 @@ defmodule Pleroma.Web.CommonAPITest do

  test "it adds emoji in the object" do
    user = insert(:user)
-    {:ok, activity} = CommonAPI.post(user, %{"status" => ":firefox:"})
+    {:ok, activity} = CommonAPI.post(user, %{status: ":firefox:"})

    assert Object.normalize(activity).data["emoji"]["firefox"]
  end
@ -160,9 +274,9 @@ defmodule Pleroma.Web.CommonAPITest do

      {:ok, activity} =
        CommonAPI.post(user, %{
-          "status" =>
+          status:
            "Hey, I think @#{user_three.nickname} is ugly. @#{user_four.nickname} is alright though.",
-          "to" => [user_two.nickname, user_four.nickname, "nonexistent"]
+          to: [user_two.nickname, user_four.nickname, "nonexistent"]
        })

      assert user.ap_id in activity.recipients
@ -178,8 +292,8 @@ defmodule Pleroma.Web.CommonAPITest do

      {:ok, activity} =
        CommonAPI.post(user, %{
-          "status" => post,
-          "content_type" => "text/html"
+          status: post,
+          content_type: "text/html"
        })

      object = Object.normalize(activity)
@ -194,8 +308,8 @@ defmodule Pleroma.Web.CommonAPITest do

      {:ok, activity} =
        CommonAPI.post(user, %{
-          "status" => post,
-          "content_type" => "text/markdown"
+          status: post,
+          content_type: "text/markdown"
        })

      object = Object.normalize(activity)
@ -206,31 +320,56 @@ defmodule Pleroma.Web.CommonAPITest do
    test "it does not allow replies to direct messages that are not direct messages themselves" do
      user = insert(:user)

-      {:ok, activity} = CommonAPI.post(user, %{"status" => "suya..", "visibility" => "direct"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "suya..", visibility: "direct"})

      assert {:ok, _} =
               CommonAPI.post(user, %{
-                 "status" => "suya..",
-                 "visibility" => "direct",
-                 "in_reply_to_status_id" => activity.id
+                 status: "suya..",
+                 visibility: "direct",
+                 in_reply_to_status_id: activity.id
               })

      Enum.each(["public", "private", "unlisted"], fn visibility ->
        assert {:error, "The message visibility must be direct"} =
                 CommonAPI.post(user, %{
-                   "status" => "suya..",
-                   "visibility" => visibility,
-                   "in_reply_to_status_id" => activity.id
+                   status: "suya..",
+                   visibility: visibility,
+                   in_reply_to_status_id: activity.id
                 })
      end)
    end

+    test "replying with a direct message will NOT auto-add the author of the reply to the recipient list" do
+      user = insert(:user)
+      other_user = insert(:user)
+      third_user = insert(:user)
+
+      {:ok, post} = CommonAPI.post(user, %{status: "I'm stupid"})
+
+      {:ok, open_answer} =
+        CommonAPI.post(other_user, %{status: "No ur smart", in_reply_to_status_id: post.id})
+
+      # The OP is implicitly added
+      assert user.ap_id in open_answer.recipients
+
+      {:ok, secret_answer} =
+        CommonAPI.post(other_user, %{
+          status: "lol, that guy really is stupid, right, @#{third_user.nickname}?",
+          in_reply_to_status_id: post.id,
+          visibility: "direct"
+        })
+
+      assert third_user.ap_id in secret_answer.recipients
+
+      # The OP is not added
+      refute user.ap_id in secret_answer.recipients
+    end
+
    test "it allows to address a list" do
      user = insert(:user)
      {:ok, list} = Pleroma.List.create("foo", user)

-      {:ok, activity} =
-        CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "foobar", visibility: "list:#{list.id}"})

      assert activity.data["bcc"] == [list.ap_id]
      assert activity.recipients == [list.ap_id, user.ap_id]
@ -241,7 +380,7 @@ defmodule Pleroma.Web.CommonAPITest do
      user = insert(:user)

      assert {:error, "Cannot post an empty status without attachments"} =
-               CommonAPI.post(user, %{"status" => ""})
+               CommonAPI.post(user, %{status: ""})
    end

    test "it validates character limits are correctly enforced" do
@ -250,9 +389,9 @@ defmodule Pleroma.Web.CommonAPITest do
      user = insert(:user)

      assert {:error, "The status is over the character limit"} =
-               CommonAPI.post(user, %{"status" => "foobar"})
+               CommonAPI.post(user, %{status: "foobar"})

-      assert {:ok, activity} = CommonAPI.post(user, %{"status" => "12345"})
+      assert {:ok, activity} = CommonAPI.post(user, %{status: "12345"})
    end

    test "it can handle activities that expire" do
@ -263,8 +402,7 @@ defmodule Pleroma.Web.CommonAPITest do
        |> NaiveDateTime.truncate(:second)
        |> NaiveDateTime.add(1_000_000, :second)

-      assert {:ok, activity} =
-               CommonAPI.post(user, %{"status" => "chai", "expires_in" => 1_000_000})
+      assert {:ok, activity} = CommonAPI.post(user, %{status: "chai", expires_in: 1_000_000})

      assert expiration = Pleroma.ActivityExpiration.get_by_activity_id(activity.id)
      assert expiration.scheduled_at == expires_at
@ -276,14 +414,14 @@ defmodule Pleroma.Web.CommonAPITest do
      user = insert(:user)
      other_user = insert(:user)

-      {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
+      {:ok, activity} = CommonAPI.post(other_user, %{status: "cofe"})

-      {:ok, reaction, _} = CommonAPI.react_with_emoji(activity.id, user, "👍")
+      {:ok, reaction} = CommonAPI.react_with_emoji(activity.id, user, "👍")

      assert reaction.data["actor"] == user.ap_id
      assert reaction.data["content"] == "👍"

-      {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
+      {:ok, activity} = CommonAPI.post(other_user, %{status: "cofe"})

      {:error, _} = CommonAPI.react_with_emoji(activity.id, user, ".")
    end
@ -292,51 +430,54 @@ defmodule Pleroma.Web.CommonAPITest do
      user = insert(:user)
      other_user = insert(:user)

-      {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
-      {:ok, reaction, _} = CommonAPI.react_with_emoji(activity.id, user, "👍")
+      {:ok, activity} = CommonAPI.post(other_user, %{status: "cofe"})
+      {:ok, reaction} = CommonAPI.react_with_emoji(activity.id, user, "👍")

-      {:ok, unreaction, _} = CommonAPI.unreact_with_emoji(activity.id, user, "👍")
+      {:ok, unreaction} = CommonAPI.unreact_with_emoji(activity.id, user, "👍")

      assert unreaction.data["type"] == "Undo"
      assert unreaction.data["object"] == reaction.data["id"]
+      assert unreaction.local
    end

    test "repeating a status" do
      user = insert(:user)
      other_user = insert(:user)

-      {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
+      {:ok, activity} = CommonAPI.post(other_user, %{status: "cofe"})

-      {:ok, %Activity{}, _} = CommonAPI.repeat(activity.id, user)
+      {:ok, %Activity{} = announce_activity} = CommonAPI.repeat(activity.id, user)
+      assert Visibility.is_public?(announce_activity)
    end

    test "can't repeat a repeat" do
      user = insert(:user)
      other_user = insert(:user)
-      {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
+      {:ok, activity} = CommonAPI.post(other_user, %{status: "cofe"})

-      {:ok, %Activity{} = announce, _} = CommonAPI.repeat(activity.id, other_user)
+      {:ok, %Activity{} = announce} = CommonAPI.repeat(activity.id, other_user)

-      refute match?({:ok, %Activity{}, _}, CommonAPI.repeat(announce.id, user))
+      refute match?({:ok, %Activity{}}, CommonAPI.repeat(announce.id, user))
    end

    test "repeating a status privately" do
      user = insert(:user)
      other_user = insert(:user)

-      {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
+      {:ok, activity} = CommonAPI.post(other_user, %{status: "cofe"})

-      {:ok, %Activity{} = announce_activity, _} =
-        CommonAPI.repeat(activity.id, user, %{"visibility" => "private"})
+      {:ok, %Activity{} = announce_activity} =
+        CommonAPI.repeat(activity.id, user, %{visibility: "private"})

      assert Visibility.is_private?(announce_activity)
+      refute Visibility.visible_for_user?(announce_activity, nil)
    end

    test "favoriting a status" do
      user = insert(:user)
      other_user = insert(:user)

-      {:ok, post_activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
+      {:ok, post_activity} = CommonAPI.post(other_user, %{status: "cofe"})

      {:ok, %Activity{data: data}} = CommonAPI.favorite(user, post_activity.id)
      assert data["type"] == "Like"
@ -348,16 +489,16 @@ defmodule Pleroma.Web.CommonAPITest do
      user = insert(:user)
      other_user = insert(:user)

-      {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
-      {:ok, %Activity{} = announce, object} = CommonAPI.repeat(activity.id, user)
-      {:ok, ^announce, ^object} = CommonAPI.repeat(activity.id, user)
+      {:ok, activity} = CommonAPI.post(other_user, %{status: "cofe"})
+      {:ok, %Activity{} = announce} = CommonAPI.repeat(activity.id, user)
+      {:ok, ^announce} = CommonAPI.repeat(activity.id, user)
    end

    test "favoriting a status twice returns ok, but without the like activity" do
      user = insert(:user)
      other_user = insert(:user)

-      {:ok, activity} = CommonAPI.post(other_user, %{"status" => "cofe"})
+      {:ok, activity} = CommonAPI.post(other_user, %{status: "cofe"})
      {:ok, %Activity{}} = CommonAPI.favorite(user, activity.id)
      assert {:ok, :already_liked} = CommonAPI.favorite(user, activity.id)
    end
@ -368,7 +509,7 @@ defmodule Pleroma.Web.CommonAPITest do
      Pleroma.Config.put([:instance, :max_pinned_statuses], 1)

      user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "HI!!!"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "HI!!!"})

      [user: user, activity: activity]
    end
@ -385,8 +526,8 @@ defmodule Pleroma.Web.CommonAPITest do
    test "pin poll", %{user: user} do
      {:ok, activity} =
        CommonAPI.post(user, %{
-          "status" => "How is fediverse today?",
-          "poll" => %{"options" => ["Absolutely outstanding", "Not good"], "expires_in" => 20}
+          status: "How is fediverse today?",
+          poll: %{options: ["Absolutely outstanding", "Not good"], expires_in: 20}
        })

      assert {:ok, ^activity} = CommonAPI.pin(activity.id, user)
@ -398,7 +539,7 @@ defmodule Pleroma.Web.CommonAPITest do
    end

    test "unlisted statuses can be pinned", %{user: user} do
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "HI!!!", "visibility" => "unlisted"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "HI!!!", visibility: "unlisted"})
      assert {:ok, ^activity} = CommonAPI.pin(activity.id, user)
    end

@ -409,7 +550,7 @@ defmodule Pleroma.Web.CommonAPITest do
    end

    test "max pinned statuses", %{user: user, activity: activity_one} do
-      {:ok, activity_two} = CommonAPI.post(user, %{"status" => "HI!!!"})
+      {:ok, activity_two} = CommonAPI.post(user, %{status: "HI!!!"})

      assert {:ok, ^activity_one} = CommonAPI.pin(activity_one.id, user)

@ -477,7 +618,7 @@ defmodule Pleroma.Web.CommonAPITest do
      reporter = insert(:user)
      target_user = insert(:user)

-      {:ok, activity} = CommonAPI.post(target_user, %{"status" => "foobar"})
+      {:ok, activity} = CommonAPI.post(target_user, %{status: "foobar"})

      reporter_ap_id = reporter.ap_id
      target_ap_id = target_user.ap_id
@ -714,8 +855,8 @@ defmodule Pleroma.Web.CommonAPITest do

      {:ok, activity} =
        CommonAPI.post(user, %{
-          "status" => "Am I cute?",
-          "poll" => %{"options" => ["Yes", "No"], "expires_in" => 20}
+          status: "Am I cute?",
+          poll: %{options: ["Yes", "No"], expires_in: 20}
        })

      object = Object.normalize(activity)
@ -732,10 +873,10 @@ defmodule Pleroma.Web.CommonAPITest do

      {:ok, activity} =
        CommonAPI.listen(user, %{
-          "title" => "lain radio episode 1",
-          "album" => "lain radio",
-          "artist" => "lain",
-          "length" => 180_000
+          title: "lain radio episode 1",
+          album: "lain radio",
+          artist: "lain",
+          length: 180_000
        })

      object = Object.normalize(activity)
@ -750,11 +891,11 @@ defmodule Pleroma.Web.CommonAPITest do

      {:ok, activity} =
        CommonAPI.listen(user, %{
-          "title" => "lain radio episode 1",
-          "album" => "lain radio",
-          "artist" => "lain",
-          "length" => 180_000,
-          "visibility" => "private"
+          title: "lain radio episode 1",
+          album: "lain radio",
+          artist: "lain",
+          length: 180_000,
+          visibility: "private"
        })

      object = Object.normalize(activity)
--- a/test/web/common_api/common_api_utils_test.exs
+++ b/test/web/common_api/common_api_utils_test.exs
@ -14,18 +14,41 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do

  @public_address "https://www.w3.org/ns/activitystreams#Public"

-  test "it adds attachment links to a given text and attachment set" do
-    name =
-      "Sakura%20Mana%20%E2%80%93%20Turned%20on%20by%20a%20Senior%20OL%20with%20a%20Temptating%20Tight%20Skirt-s%20Full%20Hipline%20and%20Panty%20Shot-%20Beautiful%20Thick%20Thighs-%20and%20Erotic%20Ass-%20-2015-%20--%20Oppaitime%208-28-2017%206-50-33%20PM.png"
+  describe "add_attachments/2" do
+    setup do
+      name =
+        "Sakura Mana – Turned on by a Senior OL with a Temptating Tight Skirt-s Full Hipline and Panty Shot- Beautiful Thick Thighs- and Erotic Ass- -2015- -- Oppaitime 8-28-2017 6-50-33 PM.png"

-    attachment = %{
-      "url" => [%{"href" => name}]
-    }
+      attachment = %{
+        "url" => [%{"href" => URI.encode(name)}]
+      }

-    res = Utils.add_attachments("", [attachment])
+      %{name: name, attachment: attachment}
+    end

-    assert res ==
-             "<br><a href=\"#{name}\" class='attachment'>Sakura Mana – Turned on by a Se…</a>"
+    test "it adds attachment links to a given text and attachment set", %{
+      name: name,
+      attachment: attachment
+    } do
+      len = 10
+      clear_config([Pleroma.Upload, :filename_display_max_length], len)
+
+      expected =
+        "<br><a href=\"#{URI.encode(name)}\" class='attachment'>#{String.slice(name, 0..len)}…</a>"
+
+      assert Utils.add_attachments("", [attachment]) == expected
+    end
+
+    test "doesn't truncate file name if config for truncate is set to 0", %{
+      name: name,
+      attachment: attachment
+    } do
+      clear_config([Pleroma.Upload, :filename_display_max_length], 0)
+
+      expected = "<br><a href=\"#{URI.encode(name)}\" class='attachment'>#{name}</a>"
+
+      assert Utils.add_attachments("", [attachment]) == expected
+    end
  end

  describe "it confirms the password given is the current users password" do
@ -228,7 +251,7 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
      user = insert(:user)
      mentioned_user = insert(:user)
      third_user = insert(:user)
-      {:ok, activity} = CommonAPI.post(third_user, %{"status" => "uguu"})
+      {:ok, activity} = CommonAPI.post(third_user, %{status: "uguu"})
      mentions = [mentioned_user.ap_id]

      {to, cc} = Utils.get_to_and_cc(user, mentions, activity, "public", nil)
@ -261,7 +284,7 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
      user = insert(:user)
      mentioned_user = insert(:user)
      third_user = insert(:user)
-      {:ok, activity} = CommonAPI.post(third_user, %{"status" => "uguu"})
+      {:ok, activity} = CommonAPI.post(third_user, %{status: "uguu"})
      mentions = [mentioned_user.ap_id]

      {to, cc} = Utils.get_to_and_cc(user, mentions, activity, "unlisted", nil)
@ -292,16 +315,15 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
      user = insert(:user)
      mentioned_user = insert(:user)
      third_user = insert(:user)
-      {:ok, activity} = CommonAPI.post(third_user, %{"status" => "uguu"})
+      {:ok, activity} = CommonAPI.post(third_user, %{status: "uguu"})
      mentions = [mentioned_user.ap_id]

      {to, cc} = Utils.get_to_and_cc(user, mentions, activity, "private", nil)

-      assert length(to) == 3
+      assert length(to) == 2
      assert Enum.empty?(cc)

      assert mentioned_user.ap_id in to
-      assert third_user.ap_id in to
      assert user.follower_address in to
    end

@ -322,11 +344,20 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
      user = insert(:user)
      mentioned_user = insert(:user)
      third_user = insert(:user)
-      {:ok, activity} = CommonAPI.post(third_user, %{"status" => "uguu"})
+      {:ok, activity} = CommonAPI.post(third_user, %{status: "uguu"})
      mentions = [mentioned_user.ap_id]

      {to, cc} = Utils.get_to_and_cc(user, mentions, activity, "direct", nil)

+      assert length(to) == 1
+      assert Enum.empty?(cc)
+
+      assert mentioned_user.ap_id in to
+
+      {:ok, direct_activity} = CommonAPI.post(third_user, %{status: "uguu", visibility: "direct"})
+
+      {to, cc} = Utils.get_to_and_cc(user, mentions, direct_activity, "direct", nil)
+
      assert length(to) == 2
      assert Enum.empty?(cc)

@ -463,8 +494,8 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
      desc = Jason.encode!(%{object.id => "test-desc"})

      assert Utils.attachments_from_ids(%{
-               "media_ids" => ["#{object.id}"],
-               "descriptions" => desc
+               media_ids: ["#{object.id}"],
+               descriptions: desc
             }) == [
               Map.merge(object.data, %{"name" => "test-desc"})
             ]
@ -472,7 +503,7 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do

    test "returns attachments without descs" do
      object = insert(:note)
-      assert Utils.attachments_from_ids(%{"media_ids" => ["#{object.id}"]}) == [object.data]
+      assert Utils.attachments_from_ids(%{media_ids: ["#{object.id}"]}) == [object.data]
    end

    test "returns [] when not pass media_ids" do
--- a/test/web/federator_test.exs
+++ b/test/web/federator_test.exs
@ -29,7 +29,7 @@ defmodule Pleroma.Web.FederatorTest do
  describe "Publish an activity" do
    setup do
      user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "HI"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "HI"})

      relay_mock = {
        Pleroma.Web.ActivityPub.Relay,
@ -96,7 +96,7 @@ defmodule Pleroma.Web.FederatorTest do
      Instances.set_consistently_unreachable(URI.parse(inbox2).host)

      {:ok, _activity} =
-        CommonAPI.post(user, %{"status" => "HI @nick1@domain.com, @nick2@domain2.com!"})
+        CommonAPI.post(user, %{status: "HI @nick1@domain.com, @nick2@domain2.com!"})

      expected_dt = NaiveDateTime.to_iso8601(dt)

--- a/test/web/feed/tag_controller_test.exs
+++ b/test/web/feed/tag_controller_test.exs
@ -21,7 +21,7 @@ defmodule Pleroma.Web.Feed.TagControllerTest do
    )

    user = insert(:user)
-    {:ok, activity1} = CommonAPI.post(user, %{"status" => "yeah #PleromaArt"})
+    {:ok, activity1} = CommonAPI.post(user, %{status: "yeah #PleromaArt"})

    object = Object.normalize(activity1)

@ -43,9 +43,9 @@ defmodule Pleroma.Web.Feed.TagControllerTest do
    |> Ecto.Changeset.change(data: object_data)
    |> Pleroma.Repo.update()

-    {:ok, activity2} = CommonAPI.post(user, %{"status" => "42 This is :moominmamma #PleromaArt"})
+    {:ok, activity2} = CommonAPI.post(user, %{status: "42 This is :moominmamma #PleromaArt"})

-    {:ok, _activity3} = CommonAPI.post(user, %{"status" => "This is :moominmamma"})
+    {:ok, _activity3} = CommonAPI.post(user, %{status: "This is :moominmamma"})

    response =
      conn
@ -88,7 +88,7 @@ defmodule Pleroma.Web.Feed.TagControllerTest do
    )

    user = insert(:user)
-    {:ok, activity1} = CommonAPI.post(user, %{"status" => "yeah #PleromaArt"})
+    {:ok, activity1} = CommonAPI.post(user, %{status: "yeah #PleromaArt"})

    object = Object.normalize(activity1)

@ -110,9 +110,9 @@ defmodule Pleroma.Web.Feed.TagControllerTest do
    |> Ecto.Changeset.change(data: object_data)
    |> Pleroma.Repo.update()

-    {:ok, activity2} = CommonAPI.post(user, %{"status" => "42 This is :moominmamma #PleromaArt"})
+    {:ok, activity2} = CommonAPI.post(user, %{status: "42 This is :moominmamma #PleromaArt"})

-    {:ok, _activity3} = CommonAPI.post(user, %{"status" => "This is :moominmamma"})
+    {:ok, _activity3} = CommonAPI.post(user, %{status: "This is :moominmamma"})

    response =
      conn
@ -138,8 +138,8 @@ defmodule Pleroma.Web.Feed.TagControllerTest do
           ]

    assert xpath(xml, ~x"//channel/item/pubDate/text()"sl) == [
-             FeedView.pub_date(activity1.data["published"]),
-             FeedView.pub_date(activity2.data["published"])
+             FeedView.pub_date(activity2.data["published"]),
+             FeedView.pub_date(activity1.data["published"])
           ]

    assert xpath(xml, ~x"//channel/item/enclosure/@url"sl) == [
--- a/test/web/feed/user_controller_test.exs
+++ b/test/web/feed/user_controller_test.exs
@ -11,13 +11,14 @@ defmodule Pleroma.Web.Feed.UserControllerTest do
  alias Pleroma.Config
  alias Pleroma.Object
  alias Pleroma.User
+  alias Pleroma.Web.CommonAPI

  setup do: clear_config([:instance, :federating], true)

  describe "feed" do
    setup do: clear_config([:feed])

-    test "gets a feed", %{conn: conn} do
+    test "gets an atom feed", %{conn: conn} do
      Config.put(
        [:feed, :post_title],
        %{max_length: 10, omission: "..."}
@ -157,6 +158,29 @@ defmodule Pleroma.Web.Feed.UserControllerTest do

      assert response(conn, 404)
    end
+
+    test "returns feed with public and unlisted activities", %{conn: conn} do
+      user = insert(:user)
+
+      {:ok, _} = CommonAPI.post(user, %{status: "public", visibility: "public"})
+      {:ok, _} = CommonAPI.post(user, %{status: "direct", visibility: "direct"})
+      {:ok, _} = CommonAPI.post(user, %{status: "unlisted", visibility: "unlisted"})
+      {:ok, _} = CommonAPI.post(user, %{status: "private", visibility: "private"})
+
+      resp =
+        conn
+        |> put_req_header("accept", "application/atom+xml")
+        |> get(user_feed_path(conn, :feed, user.nickname))
+        |> response(200)
+
+      activity_titles =
+        resp
+        |> SweetXml.parse()
+        |> SweetXml.xpath(~x"//entry/title/text()"l)
+        |> Enum.sort()
+
+      assert activity_titles == ['public', 'unlisted']
+    end
  end

  # Note: see ActivityPubControllerTest for JSON format tests
--- a/test/web/mastodon_api/controllers/account_controller/update_credentials_test.exs
+++ b/test/web/mastodon_api/controllers/account_controller/update_credentials_test.exs
@ -112,6 +112,13 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
      assert user_data["source"]["privacy"] == "unlisted"
    end

+    test "updates the user's privacy", %{conn: conn} do
+      conn = patch(conn, "/api/v1/accounts/update_credentials", %{source: %{privacy: "unlisted"}})
+
+      assert user_data = json_response_and_validate_schema(conn, 200)
+      assert user_data["source"]["privacy"] == "unlisted"
+    end
+
    test "updates the user's hide_followers status", %{conn: conn} do
      conn = patch(conn, "/api/v1/accounts/update_credentials", %{hide_followers: "true"})

--- a/test/web/mastodon_api/controllers/account_controller_test.exs
+++ b/test/web/mastodon_api/controllers/account_controller_test.exs
@ -222,14 +222,41 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
  describe "user timelines" do
    setup do: oauth_access(["read:statuses"])

+    test "works with announces that are just addressed to public", %{conn: conn} do
+      user = insert(:user, ap_id: "https://honktest/u/test", local: false)
+      other_user = insert(:user)
+
+      {:ok, post} = CommonAPI.post(other_user, %{status: "bonkeronk"})
+
+      {:ok, announce, _} =
+        %{
+          "@context" => "https://www.w3.org/ns/activitystreams",
+          "actor" => "https://honktest/u/test",
+          "id" => "https://honktest/u/test/bonk/1793M7B9MQ48847vdx",
+          "object" => post.data["object"],
+          "published" => "2019-06-25T19:33:58Z",
+          "to" => ["https://www.w3.org/ns/activitystreams#Public"],
+          "type" => "Announce"
+        }
+        |> ActivityPub.persist(local: false)
+
+      assert resp =
+               conn
+               |> get("/api/v1/accounts/#{user.id}/statuses")
+               |> json_response_and_validate_schema(200)
+
+      assert [%{"id" => id}] = resp
+      assert id == announce.id
+    end
+
    test "respects blocks", %{user: user_one, conn: conn} do
      user_two = insert(:user)
      user_three = insert(:user)

      User.block(user_one, user_two)

-      {:ok, activity} = CommonAPI.post(user_two, %{"status" => "User one sux0rz"})
-      {:ok, repeat, _} = CommonAPI.repeat(activity.id, user_three)
+      {:ok, activity} = CommonAPI.post(user_two, %{status: "User one sux0rz"})
+      {:ok, repeat} = CommonAPI.repeat(activity.id, user_three)

      assert resp =
               conn
@ -271,16 +298,16 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do

      {:ok, _user_three} = User.follow(user_three, user_one)

-      {:ok, activity} = CommonAPI.post(user_one, %{"status" => "HI!!!"})
+      {:ok, activity} = CommonAPI.post(user_one, %{status: "HI!!!"})

      {:ok, direct_activity} =
        CommonAPI.post(user_one, %{
-          "status" => "Hi, @#{user_two.nickname}.",
-          "visibility" => "direct"
+          status: "Hi, @#{user_two.nickname}.",
+          visibility: "direct"
        })

      {:ok, private_activity} =
-        CommonAPI.post(user_one, %{"status" => "private", "visibility" => "private"})
+        CommonAPI.post(user_one, %{status: "private", visibility: "private"})

      # TODO!!!
      resp =
@ -335,8 +362,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do

      {:ok, %{id: media_id}} = ActivityPub.upload(file, actor: user.ap_id)

-      {:ok, %{id: image_post_id}} =
-        CommonAPI.post(user, %{"status" => "cofe", "media_ids" => [media_id]})
+      {:ok, %{id: image_post_id}} = CommonAPI.post(user, %{status: "cofe", media_ids: [media_id]})

      conn = get(conn, "/api/v1/accounts/#{user.id}/statuses?only_media=true")

@ -348,8 +374,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
    end

    test "gets a user's statuses without reblogs", %{user: user, conn: conn} do
-      {:ok, %{id: post_id}} = CommonAPI.post(user, %{"status" => "HI!!!"})
-      {:ok, _, _} = CommonAPI.repeat(post_id, user)
+      {:ok, %{id: post_id}} = CommonAPI.post(user, %{status: "HI!!!"})
+      {:ok, _} = CommonAPI.repeat(post_id, user)

      conn = get(conn, "/api/v1/accounts/#{user.id}/statuses?exclude_reblogs=true")
      assert [%{"id" => ^post_id}] = json_response_and_validate_schema(conn, 200)
@ -359,8 +385,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
    end

    test "filters user's statuses by a hashtag", %{user: user, conn: conn} do
-      {:ok, %{id: post_id}} = CommonAPI.post(user, %{"status" => "#hashtag"})
-      {:ok, _post} = CommonAPI.post(user, %{"status" => "hashtag"})
+      {:ok, %{id: post_id}} = CommonAPI.post(user, %{status: "#hashtag"})
+      {:ok, _post} = CommonAPI.post(user, %{status: "hashtag"})

      conn = get(conn, "/api/v1/accounts/#{user.id}/statuses?tagged=hashtag")
      assert [%{"id" => ^post_id}] = json_response_and_validate_schema(conn, 200)
@ -371,9 +397,9 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
      conn: conn
    } do
      {:ok, %{id: public_activity_id}} =
-        CommonAPI.post(user, %{"status" => ".", "visibility" => "public"})
+        CommonAPI.post(user, %{status: ".", visibility: "public"})

-      {:ok, _direct_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "direct"})
+      {:ok, _direct_activity} = CommonAPI.post(user, %{status: ".", visibility: "direct"})

      conn = get(conn, "/api/v1/accounts/#{user.id}/statuses?exclude_visibilities[]=direct")
      assert [%{"id" => ^public_activity_id}] = json_response_and_validate_schema(conn, 200)
@ -651,8 +677,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do

      assert %{"showing_reblogs" => false} = json_response_and_validate_schema(ret_conn, 200)

-      {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hey"})
-      {:ok, %{id: reblog_id}, _} = CommonAPI.repeat(activity.id, followed)
+      {:ok, activity} = CommonAPI.post(other_user, %{status: "hey"})
+      {:ok, %{id: reblog_id}} = CommonAPI.repeat(activity.id, followed)

      assert [] ==
               conn
@ -750,7 +776,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
  describe "pinned statuses" do
    setup do
      user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "HI!!!"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "HI!!!"})
      %{conn: conn} = oauth_access(["read:statuses"], user: user)

      [conn: conn, user: user, activity: activity]
@ -1196,12 +1222,15 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
  describe "verify_credentials" do
    test "verify_credentials" do
      %{user: user, conn: conn} = oauth_access(["read:accounts"])
+      [notification | _] = insert_list(7, :notification, user: user)
+      Pleroma.Notification.set_read_up_to(user, notification.id)
      conn = get(conn, "/api/v1/accounts/verify_credentials")

      response = json_response_and_validate_schema(conn, 200)

      assert %{"id" => id, "source" => %{"privacy" => "public"}} = response
      assert response["pleroma"]["chat_token"]
+      assert response["pleroma"]["unread_notifications_count"] == 6
      assert id == to_string(user.id)
    end

--- a/test/web/mastodon_api/controllers/conversation_controller_test.exs
+++ b/test/web/mastodon_api/controllers/conversation_controller_test.exs
@ -12,133 +12,127 @@ defmodule Pleroma.Web.MastodonAPI.ConversationControllerTest do

  setup do: oauth_access(["read:statuses"])

-  test "returns a list of conversations", %{user: user_one, conn: conn} do
-    user_two = insert(:user)
-    user_three = insert(:user)
+  describe "returns a list of conversations" do
+    setup(%{user: user_one, conn: conn}) do
+      user_two = insert(:user)
+      user_three = insert(:user)

-    {:ok, user_two} = User.follow(user_two, user_one)
+      {:ok, user_two} = User.follow(user_two, user_one)

-    assert User.get_cached_by_id(user_two.id).unread_conversation_count == 0
+      {:ok, %{user: user_one, user_two: user_two, user_three: user_three, conn: conn}}
+    end

-    {:ok, direct} =
-      CommonAPI.post(user_one, %{
-        "status" => "Hi @#{user_two.nickname}, @#{user_three.nickname}!",
-        "visibility" => "direct"
-      })
+    test "returns correct conversations", %{
+      user: user_one,
+      user_two: user_two,
+      user_three: user_three,
+      conn: conn
+    } do
+      assert User.get_cached_by_id(user_two.id).unread_conversation_count == 0
+      {:ok, direct} = create_direct_message(user_one, [user_two, user_three])

-    assert User.get_cached_by_id(user_two.id).unread_conversation_count == 1
+      assert User.get_cached_by_id(user_two.id).unread_conversation_count == 1

-    {:ok, _follower_only} =
-      CommonAPI.post(user_one, %{
-        "status" => "Hi @#{user_two.nickname}!",
-        "visibility" => "private"
-      })
+      {:ok, _follower_only} =
+        CommonAPI.post(user_one, %{
+          status: "Hi @#{user_two.nickname}!",
+          visibility: "private"
+        })

-    res_conn = get(conn, "/api/v1/conversations")
+      res_conn = get(conn, "/api/v1/conversations")

-    assert response = json_response(res_conn, 200)
+      assert response = json_response_and_validate_schema(res_conn, 200)

-    assert [
-             %{
-               "id" => res_id,
-               "accounts" => res_accounts,
-               "last_status" => res_last_status,
-               "unread" => unread
-             }
-           ] = response
+      assert [
+               %{
+                 "id" => res_id,
+                 "accounts" => res_accounts,
+                 "last_status" => res_last_status,
+                 "unread" => unread
+               }
+             ] = response

-    account_ids = Enum.map(res_accounts, & &1["id"])
-    assert length(res_accounts) == 2
-    assert user_two.id in account_ids
-    assert user_three.id in account_ids
-    assert is_binary(res_id)
-    assert unread == false
-    assert res_last_status["id"] == direct.id
-    assert User.get_cached_by_id(user_one.id).unread_conversation_count == 0
+      account_ids = Enum.map(res_accounts, & &1["id"])
+      assert length(res_accounts) == 2
+      assert user_two.id in account_ids
+      assert user_three.id in account_ids
+      assert is_binary(res_id)
+      assert unread == false
+      assert res_last_status["id"] == direct.id
+      assert User.get_cached_by_id(user_one.id).unread_conversation_count == 0
+    end
+
+    test "observes limit params", %{
+      user: user_one,
+      user_two: user_two,
+      user_three: user_three,
+      conn: conn
+    } do
+      {:ok, _} = create_direct_message(user_one, [user_two, user_three])
+      {:ok, _} = create_direct_message(user_two, [user_one, user_three])
+      {:ok, _} = create_direct_message(user_three, [user_two, user_one])
+
+      res_conn = get(conn, "/api/v1/conversations?limit=1")
+
+      assert response = json_response_and_validate_schema(res_conn, 200)
+
+      assert Enum.count(response) == 1
+
+      res_conn = get(conn, "/api/v1/conversations?limit=2")
+
+      assert response = json_response_and_validate_schema(res_conn, 200)
+
+      assert Enum.count(response) == 2
+    end
  end

  test "filters conversations by recipients", %{user: user_one, conn: conn} do
    user_two = insert(:user)
    user_three = insert(:user)
+    {:ok, direct1} = create_direct_message(user_one, [user_two])
+    {:ok, _direct2} = create_direct_message(user_one, [user_three])
+    {:ok, direct3} = create_direct_message(user_one, [user_two, user_three])
+    {:ok, _direct4} = create_direct_message(user_two, [user_three])
+    {:ok, direct5} = create_direct_message(user_two, [user_one])

-    {:ok, direct1} =
-      CommonAPI.post(user_one, %{
-        "status" => "Hi @#{user_two.nickname}!",
-        "visibility" => "direct"
-      })
-
-    {:ok, _direct2} =
-      CommonAPI.post(user_one, %{
-        "status" => "Hi @#{user_three.nickname}!",
-        "visibility" => "direct"
-      })
-
-    {:ok, direct3} =
-      CommonAPI.post(user_one, %{
-        "status" => "Hi @#{user_two.nickname}, @#{user_three.nickname}!",
-        "visibility" => "direct"
-      })
-
-    {:ok, _direct4} =
-      CommonAPI.post(user_two, %{
-        "status" => "Hi @#{user_three.nickname}!",
-        "visibility" => "direct"
-      })
-
-    {:ok, direct5} =
-      CommonAPI.post(user_two, %{
-        "status" => "Hi @#{user_one.nickname}!",
-        "visibility" => "direct"
-      })
-
-    [conversation1, conversation2] =
-      conn
-      |> get("/api/v1/conversations", %{"recipients" => [user_two.id]})
-      |> json_response(200)
+    assert [conversation1, conversation2] =
+             conn
+             |> get("/api/v1/conversations?recipients[]=#{user_two.id}")
+             |> json_response_and_validate_schema(200)

    assert conversation1["last_status"]["id"] == direct5.id
    assert conversation2["last_status"]["id"] == direct1.id

    [conversation1] =
      conn
-      |> get("/api/v1/conversations", %{"recipients" => [user_two.id, user_three.id]})
-      |> json_response(200)
+      |> get("/api/v1/conversations?recipients[]=#{user_two.id}&recipients[]=#{user_three.id}")
+      |> json_response_and_validate_schema(200)

    assert conversation1["last_status"]["id"] == direct3.id
  end

  test "updates the last_status on reply", %{user: user_one, conn: conn} do
    user_two = insert(:user)
-
-    {:ok, direct} =
-      CommonAPI.post(user_one, %{
-        "status" => "Hi @#{user_two.nickname}",
-        "visibility" => "direct"
-      })
+    {:ok, direct} = create_direct_message(user_one, [user_two])

    {:ok, direct_reply} =
      CommonAPI.post(user_two, %{
-        "status" => "reply",
-        "visibility" => "direct",
-        "in_reply_to_status_id" => direct.id
+        status: "reply",
+        visibility: "direct",
+        in_reply_to_status_id: direct.id
      })

    [%{"last_status" => res_last_status}] =
      conn
      |> get("/api/v1/conversations")
-      |> json_response(200)
+      |> json_response_and_validate_schema(200)

    assert res_last_status["id"] == direct_reply.id
  end

  test "the user marks a conversation as read", %{user: user_one, conn: conn} do
    user_two = insert(:user)
-
-    {:ok, direct} =
-      CommonAPI.post(user_one, %{
-        "status" => "Hi @#{user_two.nickname}",
-        "visibility" => "direct"
-      })
+    {:ok, direct} = create_direct_message(user_one, [user_two])

    assert User.get_cached_by_id(user_one.id).unread_conversation_count == 0
    assert User.get_cached_by_id(user_two.id).unread_conversation_count == 1
@ -154,12 +148,12 @@ defmodule Pleroma.Web.MastodonAPI.ConversationControllerTest do
    [%{"id" => direct_conversation_id, "unread" => true}] =
      user_two_conn
      |> get("/api/v1/conversations")
-      |> json_response(200)
+      |> json_response_and_validate_schema(200)

    %{"unread" => false} =
      user_two_conn
      |> post("/api/v1/conversations/#{direct_conversation_id}/read")
-      |> json_response(200)
+      |> json_response_and_validate_schema(200)

    assert User.get_cached_by_id(user_one.id).unread_conversation_count == 0
    assert User.get_cached_by_id(user_two.id).unread_conversation_count == 0
@ -167,15 +161,15 @@ defmodule Pleroma.Web.MastodonAPI.ConversationControllerTest do
    # The conversation is marked as unread on reply
    {:ok, _} =
      CommonAPI.post(user_two, %{
-        "status" => "reply",
-        "visibility" => "direct",
-        "in_reply_to_status_id" => direct.id
+        status: "reply",
+        visibility: "direct",
+        in_reply_to_status_id: direct.id
      })

    [%{"unread" => true}] =
      conn
      |> get("/api/v1/conversations")
-      |> json_response(200)
+      |> json_response_and_validate_schema(200)

    assert User.get_cached_by_id(user_one.id).unread_conversation_count == 1
    assert User.get_cached_by_id(user_two.id).unread_conversation_count == 0
@ -183,9 +177,9 @@ defmodule Pleroma.Web.MastodonAPI.ConversationControllerTest do
    # A reply doesn't increment the user's unread_conversation_count if the conversation is unread
    {:ok, _} =
      CommonAPI.post(user_two, %{
-        "status" => "reply",
-        "visibility" => "direct",
-        "in_reply_to_status_id" => direct.id
+        status: "reply",
+        visibility: "direct",
+        in_reply_to_status_id: direct.id
      })

    assert User.get_cached_by_id(user_one.id).unread_conversation_count == 1
@ -194,15 +188,22 @@ defmodule Pleroma.Web.MastodonAPI.ConversationControllerTest do

  test "(vanilla) Mastodon frontend behaviour", %{user: user_one, conn: conn} do
    user_two = insert(:user)
-
-    {:ok, direct} =
-      CommonAPI.post(user_one, %{
-        "status" => "Hi @#{user_two.nickname}!",
-        "visibility" => "direct"
-      })
+    {:ok, direct} = create_direct_message(user_one, [user_two])

    res_conn = get(conn, "/api/v1/statuses/#{direct.id}/context")

    assert %{"ancestors" => [], "descendants" => []} == json_response(res_conn, 200)
  end
+
+  defp create_direct_message(sender, recips) do
+    hellos =
+      recips
+      |> Enum.map(fn s -> "@#{s.nickname}" end)
+      |> Enum.join(", ")
+
+    CommonAPI.post(sender, %{
+      status: "Hi #{hellos}!",
+      visibility: "direct"
+    })
+  end
 end
--- a/test/web/mastodon_api/controllers/filter_controller_test.exs
+++ b/test/web/mastodon_api/controllers/filter_controller_test.exs
@ -15,9 +15,12 @@ defmodule Pleroma.Web.MastodonAPI.FilterControllerTest do
      context: ["home"]
    }

-    conn = post(conn, "/api/v1/filters", %{"phrase" => filter.phrase, context: filter.context})
+    conn =
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> post("/api/v1/filters", %{"phrase" => filter.phrase, context: filter.context})

-    assert response = json_response(conn, 200)
+    assert response = json_response_and_validate_schema(conn, 200)
    assert response["phrase"] == filter.phrase
    assert response["context"] == filter.context
    assert response["irreversible"] == false
@ -48,12 +51,12 @@ defmodule Pleroma.Web.MastodonAPI.FilterControllerTest do
    response =
      conn
      |> get("/api/v1/filters")
-      |> json_response(200)
+      |> json_response_and_validate_schema(200)

    assert response ==
             render_json(
               FilterView,
-               "filters.json",
+               "index.json",
               filters: [filter_two, filter_one]
             )
  end
@ -72,7 +75,7 @@ defmodule Pleroma.Web.MastodonAPI.FilterControllerTest do

    conn = get(conn, "/api/v1/filters/#{filter.filter_id}")

-    assert _response = json_response(conn, 200)
+    assert response = json_response_and_validate_schema(conn, 200)
  end

  test "update a filter" do
@ -82,7 +85,8 @@ defmodule Pleroma.Web.MastodonAPI.FilterControllerTest do
      user_id: user.id,
      filter_id: 2,
      phrase: "knight",
-      context: ["home"]
+      context: ["home"],
+      hide: true
    }

    {:ok, _filter} = Pleroma.Filter.create(query)
@ -93,14 +97,17 @@ defmodule Pleroma.Web.MastodonAPI.FilterControllerTest do
    }

    conn =
-      put(conn, "/api/v1/filters/#{query.filter_id}", %{
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> put("/api/v1/filters/#{query.filter_id}", %{
        phrase: new.phrase,
        context: new.context
      })

-    assert response = json_response(conn, 200)
+    assert response = json_response_and_validate_schema(conn, 200)
    assert response["phrase"] == new.phrase
    assert response["context"] == new.context
+    assert response["irreversible"] == true
  end

  test "delete a filter" do
@ -117,7 +124,6 @@ defmodule Pleroma.Web.MastodonAPI.FilterControllerTest do

    conn = delete(conn, "/api/v1/filters/#{filter.filter_id}")

-    assert response = json_response(conn, 200)
-    assert response == %{}
+    assert json_response_and_validate_schema(conn, 200) == %{}
  end
 end
--- a/test/web/mastodon_api/controllers/follow_request_controller_test.exs
+++ b/test/web/mastodon_api/controllers/follow_request_controller_test.exs
@ -27,7 +27,7 @@ defmodule Pleroma.Web.MastodonAPI.FollowRequestControllerTest do

      conn = get(conn, "/api/v1/follow_requests")

-      assert [relationship] = json_response(conn, 200)
+      assert [relationship] = json_response_and_validate_schema(conn, 200)
      assert to_string(other_user.id) == relationship["id"]
    end

@ -44,7 +44,7 @@ defmodule Pleroma.Web.MastodonAPI.FollowRequestControllerTest do

      conn = post(conn, "/api/v1/follow_requests/#{other_user.id}/authorize")

-      assert relationship = json_response(conn, 200)
+      assert relationship = json_response_and_validate_schema(conn, 200)
      assert to_string(other_user.id) == relationship["id"]

      user = User.get_cached_by_id(user.id)
@ -62,7 +62,7 @@ defmodule Pleroma.Web.MastodonAPI.FollowRequestControllerTest do

      conn = post(conn, "/api/v1/follow_requests/#{other_user.id}/reject")

-      assert relationship = json_response(conn, 200)
+      assert relationship = json_response_and_validate_schema(conn, 200)
      assert to_string(other_user.id) == relationship["id"]

      user = User.get_cached_by_id(user.id)
--- a/test/web/mastodon_api/controllers/instance_controller_test.exs
+++ b/test/web/mastodon_api/controllers/instance_controller_test.exs
@ -10,7 +10,7 @@ defmodule Pleroma.Web.MastodonAPI.InstanceControllerTest do

  test "get instance information", %{conn: conn} do
    conn = get(conn, "/api/v1/instance")
-    assert result = json_response(conn, 200)
+    assert result = json_response_and_validate_schema(conn, 200)

    email = Pleroma.Config.get([:instance, :email])
    # Note: not checking for "max_toot_chars" since it's optional
@ -31,7 +31,8 @@ defmodule Pleroma.Web.MastodonAPI.InstanceControllerTest do
             "upload_limit" => _,
             "avatar_upload_limit" => _,
             "background_upload_limit" => _,
-             "banner_upload_limit" => _
+             "banner_upload_limit" => _,
+             "background_image" => _
           } = result

    assert result["pleroma"]["metadata"]["features"]
@ -50,13 +51,13 @@ defmodule Pleroma.Web.MastodonAPI.InstanceControllerTest do
    insert(:user, %{local: false, nickname: "u@peer1.com"})
    insert(:user, %{local: false, nickname: "u@peer2.com"})

-    {:ok, _} = Pleroma.Web.CommonAPI.post(user, %{"status" => "cofe"})
+    {:ok, _} = Pleroma.Web.CommonAPI.post(user, %{status: "cofe"})

    Pleroma.Stats.force_update()

    conn = get(conn, "/api/v1/instance")

-    assert result = json_response(conn, 200)
+    assert result = json_response_and_validate_schema(conn, 200)

    stats = result["stats"]

@ -74,7 +75,7 @@ defmodule Pleroma.Web.MastodonAPI.InstanceControllerTest do

    conn = get(conn, "/api/v1/instance/peers")

-    assert result = json_response(conn, 200)
+    assert result = json_response_and_validate_schema(conn, 200)

    assert ["peer1.com", "peer2.com"] == Enum.sort(result)
  end
--- a/test/web/mastodon_api/controllers/list_controller_test.exs
+++ b/test/web/mastodon_api/controllers/list_controller_test.exs
@ -12,37 +12,44 @@ defmodule Pleroma.Web.MastodonAPI.ListControllerTest do
  test "creating a list" do
    %{conn: conn} = oauth_access(["write:lists"])

-    conn = post(conn, "/api/v1/lists", %{"title" => "cuties"})
-
-    assert %{"title" => title} = json_response(conn, 200)
-    assert title == "cuties"
+    assert %{"title" => "cuties"} =
+             conn
+             |> put_req_header("content-type", "application/json")
+             |> post("/api/v1/lists", %{"title" => "cuties"})
+             |> json_response_and_validate_schema(:ok)
  end

  test "renders error for invalid params" do
    %{conn: conn} = oauth_access(["write:lists"])

-    conn = post(conn, "/api/v1/lists", %{"title" => nil})
+    conn =
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> post("/api/v1/lists", %{"title" => nil})

-    assert %{"error" => "can't be blank"} == json_response(conn, :unprocessable_entity)
+    assert %{"error" => "title - null value where string expected."} =
+             json_response_and_validate_schema(conn, 400)
  end

  test "listing a user's lists" do
    %{conn: conn} = oauth_access(["read:lists", "write:lists"])

    conn
+    |> put_req_header("content-type", "application/json")
    |> post("/api/v1/lists", %{"title" => "cuties"})
-    |> json_response(:ok)
+    |> json_response_and_validate_schema(:ok)

    conn
+    |> put_req_header("content-type", "application/json")
    |> post("/api/v1/lists", %{"title" => "cofe"})
-    |> json_response(:ok)
+    |> json_response_and_validate_schema(:ok)

    conn = get(conn, "/api/v1/lists")

    assert [
             %{"id" => _, "title" => "cofe"},
             %{"id" => _, "title" => "cuties"}
-           ] = json_response(conn, :ok)
+           ] = json_response_and_validate_schema(conn, :ok)
  end

  test "adding users to a list" do
@ -50,9 +57,12 @@ defmodule Pleroma.Web.MastodonAPI.ListControllerTest do
    other_user = insert(:user)
    {:ok, list} = Pleroma.List.create("name", user)

-    conn = post(conn, "/api/v1/lists/#{list.id}/accounts", %{"account_ids" => [other_user.id]})
+    assert %{} ==
+             conn
+             |> put_req_header("content-type", "application/json")
+             |> post("/api/v1/lists/#{list.id}/accounts", %{"account_ids" => [other_user.id]})
+             |> json_response_and_validate_schema(:ok)

-    assert %{} == json_response(conn, 200)
    %Pleroma.List{following: following} = Pleroma.List.get(list.id, user)
    assert following == [other_user.follower_address]
  end
@ -65,9 +75,12 @@ defmodule Pleroma.Web.MastodonAPI.ListControllerTest do
    {:ok, list} = Pleroma.List.follow(list, other_user)
    {:ok, list} = Pleroma.List.follow(list, third_user)

-    conn = delete(conn, "/api/v1/lists/#{list.id}/accounts", %{"account_ids" => [other_user.id]})
+    assert %{} ==
+             conn
+             |> put_req_header("content-type", "application/json")
+             |> delete("/api/v1/lists/#{list.id}/accounts", %{"account_ids" => [other_user.id]})
+             |> json_response_and_validate_schema(:ok)

-    assert %{} == json_response(conn, 200)
    %Pleroma.List{following: following} = Pleroma.List.get(list.id, user)
    assert following == [third_user.follower_address]
  end
@ -83,7 +96,7 @@ defmodule Pleroma.Web.MastodonAPI.ListControllerTest do
      |> assign(:user, user)
      |> get("/api/v1/lists/#{list.id}/accounts", %{"account_ids" => [other_user.id]})

-    assert [%{"id" => id}] = json_response(conn, 200)
+    assert [%{"id" => id}] = json_response_and_validate_schema(conn, 200)
    assert id == to_string(other_user.id)
  end

@ -96,7 +109,7 @@ defmodule Pleroma.Web.MastodonAPI.ListControllerTest do
      |> assign(:user, user)
      |> get("/api/v1/lists/#{list.id}")

-    assert %{"id" => id} = json_response(conn, 200)
+    assert %{"id" => id} = json_response_and_validate_schema(conn, 200)
    assert id == to_string(list.id)
  end

@ -105,17 +118,18 @@ defmodule Pleroma.Web.MastodonAPI.ListControllerTest do

    conn = get(conn, "/api/v1/lists/666")

-    assert %{"error" => "List not found"} = json_response(conn, :not_found)
+    assert %{"error" => "List not found"} = json_response_and_validate_schema(conn, :not_found)
  end

  test "renaming a list" do
    %{user: user, conn: conn} = oauth_access(["write:lists"])
    {:ok, list} = Pleroma.List.create("name", user)

-    conn = put(conn, "/api/v1/lists/#{list.id}", %{"title" => "newname"})
-
-    assert %{"title" => name} = json_response(conn, 200)
-    assert name == "newname"
+    assert %{"title" => "newname"} =
+             conn
+             |> put_req_header("content-type", "application/json")
+             |> put("/api/v1/lists/#{list.id}", %{"title" => "newname"})
+             |> json_response_and_validate_schema(:ok)
  end

  test "validates title when renaming a list" do
@ -125,9 +139,11 @@ defmodule Pleroma.Web.MastodonAPI.ListControllerTest do
    conn =
      conn
      |> assign(:user, user)
+      |> put_req_header("content-type", "application/json")
      |> put("/api/v1/lists/#{list.id}", %{"title" => "  "})

-    assert %{"error" => "can't be blank"} == json_response(conn, :unprocessable_entity)
+    assert %{"error" => "can't be blank"} ==
+             json_response_and_validate_schema(conn, :unprocessable_entity)
  end

  test "deleting a list" do
@ -136,7 +152,7 @@ defmodule Pleroma.Web.MastodonAPI.ListControllerTest do

    conn = delete(conn, "/api/v1/lists/#{list.id}")

-    assert %{} = json_response(conn, 200)
+    assert %{} = json_response_and_validate_schema(conn, 200)
    assert is_nil(Repo.get(Pleroma.List, list.id))
  end
 end
--- a/test/web/mastodon_api/controllers/marker_controller_test.exs
+++ b/test/web/mastodon_api/controllers/marker_controller_test.exs
@ -11,6 +11,7 @@ defmodule Pleroma.Web.MastodonAPI.MarkerControllerTest do
    test "gets markers with correct scopes", %{conn: conn} do
      user = insert(:user)
      token = insert(:oauth_token, user: user, scopes: ["read:statuses"])
+      insert_list(7, :notification, user: user)

      {:ok, %{"notifications" => marker}} =
        Pleroma.Marker.upsert(
@ -22,14 +23,15 @@ defmodule Pleroma.Web.MastodonAPI.MarkerControllerTest do
        conn
        |> assign(:user, user)
        |> assign(:token, token)
-        |> get("/api/v1/markers", %{timeline: ["notifications"]})
-        |> json_response(200)
+        |> get("/api/v1/markers?timeline[]=notifications")
+        |> json_response_and_validate_schema(200)

      assert response == %{
               "notifications" => %{
                 "last_read_id" => "69420",
                 "updated_at" => NaiveDateTime.to_iso8601(marker.updated_at),
-                 "version" => 0
+                 "version" => 0,
+                 "pleroma" => %{"unread_count" => 7}
               }
             }
    end
@ -45,7 +47,7 @@ defmodule Pleroma.Web.MastodonAPI.MarkerControllerTest do
        |> assign(:user, user)
        |> assign(:token, token)
        |> get("/api/v1/markers", %{timeline: ["notifications"]})
-        |> json_response(403)
+        |> json_response_and_validate_schema(403)

      assert response == %{"error" => "Insufficient permissions: read:statuses."}
    end
@ -60,17 +62,19 @@ defmodule Pleroma.Web.MastodonAPI.MarkerControllerTest do
        conn
        |> assign(:user, user)
        |> assign(:token, token)
+        |> put_req_header("content-type", "application/json")
        |> post("/api/v1/markers", %{
          home: %{last_read_id: "777"},
          notifications: %{"last_read_id" => "69420"}
        })
-        |> json_response(200)
+        |> json_response_and_validate_schema(200)

      assert %{
               "notifications" => %{
                 "last_read_id" => "69420",
                 "updated_at" => _,
-                 "version" => 0
+                 "version" => 0,
+                 "pleroma" => %{"unread_count" => 0}
               }
             } = response
    end
@ -89,17 +93,19 @@ defmodule Pleroma.Web.MastodonAPI.MarkerControllerTest do
        conn
        |> assign(:user, user)
        |> assign(:token, token)
+        |> put_req_header("content-type", "application/json")
        |> post("/api/v1/markers", %{
          home: %{last_read_id: "777"},
          notifications: %{"last_read_id" => "69888"}
        })
-        |> json_response(200)
+        |> json_response_and_validate_schema(200)

      assert response == %{
               "notifications" => %{
                 "last_read_id" => "69888",
                 "updated_at" => NaiveDateTime.to_iso8601(marker.updated_at),
-                 "version" => 0
+                 "version" => 0,
+                 "pleroma" => %{"unread_count" => 0}
               }
             }
    end
@ -112,11 +118,12 @@ defmodule Pleroma.Web.MastodonAPI.MarkerControllerTest do
        conn
        |> assign(:user, user)
        |> assign(:token, token)
+        |> put_req_header("content-type", "application/json")
        |> post("/api/v1/markers", %{
          home: %{last_read_id: "777"},
          notifications: %{"last_read_id" => "69420"}
        })
-        |> json_response(403)
+        |> json_response_and_validate_schema(403)

      assert response == %{"error" => "Insufficient permissions: write:statuses."}
    end
--- a/test/web/mastodon_api/controllers/media_controller_test.exs
+++ b/test/web/mastodon_api/controllers/media_controller_test.exs
@ -9,9 +9,9 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.ActivityPub

-  setup do: oauth_access(["write:media"])
+  describe "Upload media" do
+    setup do: oauth_access(["write:media"])

-  describe "media upload" do
    setup do
      image = %Plug.Upload{
        content_type: "image/jpg",
@ -25,13 +25,14 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do
    setup do: clear_config([:media_proxy])
    setup do: clear_config([Pleroma.Upload])

-    test "returns uploaded image", %{conn: conn, image: image} do
+    test "/api/v1/media", %{conn: conn, image: image} do
      desc = "Description of the image"

      media =
        conn
+        |> put_req_header("content-type", "multipart/form-data")
        |> post("/api/v1/media", %{"file" => image, "description" => desc})
-        |> json_response(:ok)
+        |> json_response_and_validate_schema(:ok)

      assert media["type"] == "image"
      assert media["description"] == desc
@ -40,9 +41,37 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do
      object = Object.get_by_id(media["id"])
      assert object.data["actor"] == User.ap_id(conn.assigns[:user])
    end
+
+    test "/api/v2/media", %{conn: conn, user: user, image: image} do
+      desc = "Description of the image"
+
+      response =
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> post("/api/v2/media", %{"file" => image, "description" => desc})
+        |> json_response_and_validate_schema(202)
+
+      assert media_id = response["id"]
+
+      %{conn: conn} = oauth_access(["read:media"], user: user)
+
+      media =
+        conn
+        |> get("/api/v1/media/#{media_id}")
+        |> json_response_and_validate_schema(200)
+
+      assert media["type"] == "image"
+      assert media["description"] == desc
+      assert media["id"]
+
+      object = Object.get_by_id(media["id"])
+      assert object.data["actor"] == user.ap_id
+    end
  end

-  describe "PUT /api/v1/media/:id" do
+  describe "Update media description" do
+    setup do: oauth_access(["write:media"])
+
    setup %{user: actor} do
      file = %Plug.Upload{
        content_type: "image/jpg",
@ -60,23 +89,58 @@ defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do
      [object: object]
    end

-    test "updates name of media", %{conn: conn, object: object} do
+    test "/api/v1/media/:id good request", %{conn: conn, object: object} do
      media =
        conn
+        |> put_req_header("content-type", "multipart/form-data")
        |> put("/api/v1/media/#{object.id}", %{"description" => "test-media"})
-        |> json_response(:ok)
+        |> json_response_and_validate_schema(:ok)

      assert media["description"] == "test-media"
      assert refresh_record(object).data["name"] == "test-media"
    end
+  end

-    test "returns error when request is bad", %{conn: conn, object: object} do
+  describe "Get media by id (/api/v1/media/:id)" do
+    setup do: oauth_access(["read:media"])
+
+    setup %{user: actor} do
+      file = %Plug.Upload{
+        content_type: "image/jpg",
+        path: Path.absname("test/fixtures/image.jpg"),
+        filename: "an_image.jpg"
+      }
+
+      {:ok, %Object{} = object} =
+        ActivityPub.upload(
+          file,
+          actor: User.ap_id(actor),
+          description: "test-media"
+        )
+
+      [object: object]
+    end
+
+    test "it returns media object when requested by owner", %{conn: conn, object: object} do
      media =
        conn
-        |> put("/api/v1/media/#{object.id}", %{})
-        |> json_response(400)
+        |> get("/api/v1/media/#{object.id}")
+        |> json_response_and_validate_schema(:ok)

-      assert media == %{"error" => "bad_request"}
+      assert media["description"] == "test-media"
+      assert media["type"] == "image"
+      assert media["id"]
+    end
+
+    test "it returns 403 if media object requested by non-owner", %{object: object, user: user} do
+      %{conn: conn, user: other_user} = oauth_access(["read:media"])
+
+      assert object.data["actor"] == user.ap_id
+      refute user.id == other_user.id
+
+      conn
+      |> get("/api/v1/media/#{object.id}")
+      |> json_response(403)
    end
  end
 end
--- a/test/web/mastodon_api/controllers/notification_controller_test.exs
+++ b/test/web/mastodon_api/controllers/notification_controller_test.exs
@ -12,13 +12,11 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do

  import Pleroma.Factory

-  test "does NOT render account/pleroma/relationship if this is disabled by default" do
-    clear_config([:extensions, :output_relationships_in_statuses_by_default], false)
-
+  test "does NOT render account/pleroma/relationship by default" do
    %{user: user, conn: conn} = oauth_access(["read:notifications"])
    other_user = insert(:user)

-    {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
+    {:ok, activity} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"})
    {:ok, [_notification]} = Notification.create_notifications(activity)

    response =
@ -36,7 +34,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
    %{user: user, conn: conn} = oauth_access(["read:notifications"])
    other_user = insert(:user)

-    {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
+    {:ok, activity} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"})

    {:ok, [_notification]} = Notification.create_notifications(activity)

@ -60,7 +58,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
    %{user: user, conn: conn} = oauth_access(["read:notifications"])
    other_user = insert(:user)

-    {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
+    {:ok, activity} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"})

    {:ok, [notification]} = Notification.create_notifications(activity)

@ -79,7 +77,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
    %{user: user, conn: conn} = oauth_access(["write:notifications"])
    other_user = insert(:user)

-    {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
+    {:ok, activity} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"})

    {:ok, [notification]} = Notification.create_notifications(activity)

@ -96,7 +94,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
    %{user: user, conn: conn} = oauth_access(["write:notifications"])
    other_user = insert(:user)

-    {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
+    {:ok, activity} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"})

    {:ok, [notification]} = Notification.create_notifications(activity)

@ -112,7 +110,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
    %{user: user, conn: conn} = oauth_access(["write:notifications", "read:notifications"])
    other_user = insert(:user)

-    {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
+    {:ok, activity} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"})

    {:ok, [_notification]} = Notification.create_notifications(activity)

@ -130,10 +128,10 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
    %{user: user, conn: conn} = oauth_access(["read:notifications"])
    other_user = insert(:user)

-    {:ok, activity1} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
-    {:ok, activity2} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
-    {:ok, activity3} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
-    {:ok, activity4} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
+    {:ok, activity1} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"})
+    {:ok, activity2} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"})
+    {:ok, activity3} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"})
+    {:ok, activity4} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"})

    notification1_id = get_notification_id_by_activity(activity1)
    notification2_id = get_notification_id_by_activity(activity2)
@ -173,16 +171,16 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
      other_user = insert(:user)

      {:ok, public_activity} =
-        CommonAPI.post(other_user, %{"status" => "@#{user.nickname}", "visibility" => "public"})
+        CommonAPI.post(other_user, %{status: "@#{user.nickname}", visibility: "public"})

      {:ok, direct_activity} =
-        CommonAPI.post(other_user, %{"status" => "@#{user.nickname}", "visibility" => "direct"})
+        CommonAPI.post(other_user, %{status: "@#{user.nickname}", visibility: "direct"})

      {:ok, unlisted_activity} =
-        CommonAPI.post(other_user, %{"status" => "@#{user.nickname}", "visibility" => "unlisted"})
+        CommonAPI.post(other_user, %{status: "@#{user.nickname}", visibility: "unlisted"})

      {:ok, private_activity} =
-        CommonAPI.post(other_user, %{"status" => "@#{user.nickname}", "visibility" => "private"})
+        CommonAPI.post(other_user, %{status: "@#{user.nickname}", visibility: "private"})

      query = params_to_query(%{exclude_visibilities: ["public", "unlisted", "private"]})
      conn_res = get(conn, "/api/v1/notifications?" <> query)
@ -213,17 +211,15 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
      user = insert(:user)
      %{user: other_user, conn: conn} = oauth_access(["read:notifications"])

-      {:ok, public_activity} =
-        CommonAPI.post(other_user, %{"status" => ".", "visibility" => "public"})
+      {:ok, public_activity} = CommonAPI.post(other_user, %{status: ".", visibility: "public"})

      {:ok, direct_activity} =
-        CommonAPI.post(other_user, %{"status" => "@#{user.nickname}", "visibility" => "direct"})
+        CommonAPI.post(other_user, %{status: "@#{user.nickname}", visibility: "direct"})

      {:ok, unlisted_activity} =
-        CommonAPI.post(other_user, %{"status" => ".", "visibility" => "unlisted"})
+        CommonAPI.post(other_user, %{status: ".", visibility: "unlisted"})

-      {:ok, private_activity} =
-        CommonAPI.post(other_user, %{"status" => ".", "visibility" => "private"})
+      {:ok, private_activity} = CommonAPI.post(other_user, %{status: ".", visibility: "private"})

      {:ok, _} = CommonAPI.favorite(user, public_activity.id)
      {:ok, _} = CommonAPI.favorite(user, direct_activity.id)
@ -279,14 +275,13 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
      user = insert(:user)
      %{user: other_user, conn: conn} = oauth_access(["read:notifications"])

-      {:ok, public_activity} =
-        CommonAPI.post(other_user, %{"status" => ".", "visibility" => "public"})
+      {:ok, public_activity} = CommonAPI.post(other_user, %{status: ".", visibility: "public"})

      {:ok, unlisted_activity} =
-        CommonAPI.post(other_user, %{"status" => ".", "visibility" => "unlisted"})
+        CommonAPI.post(other_user, %{status: ".", visibility: "unlisted"})

-      {:ok, _, _} = CommonAPI.repeat(public_activity.id, user)
-      {:ok, _, _} = CommonAPI.repeat(unlisted_activity.id, user)
+      {:ok, _} = CommonAPI.repeat(public_activity.id, user)
+      {:ok, _} = CommonAPI.repeat(unlisted_activity.id, user)

      activity_ids =
        conn
@ -303,10 +298,10 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
    %{user: user, conn: conn} = oauth_access(["read:notifications"])
    other_user = insert(:user)

-    {:ok, mention_activity} = CommonAPI.post(other_user, %{"status" => "hey @#{user.nickname}"})
-    {:ok, create_activity} = CommonAPI.post(user, %{"status" => "hey"})
+    {:ok, mention_activity} = CommonAPI.post(other_user, %{status: "hey @#{user.nickname}"})
+    {:ok, create_activity} = CommonAPI.post(user, %{status: "hey"})
    {:ok, favorite_activity} = CommonAPI.favorite(other_user, create_activity.id)
-    {:ok, reblog_activity, _} = CommonAPI.repeat(create_activity.id, other_user)
+    {:ok, reblog_activity} = CommonAPI.repeat(create_activity.id, other_user)
    {:ok, _, _, follow_activity} = CommonAPI.follow(other_user, user)

    mention_notification_id = get_notification_id_by_activity(mention_activity)
@ -341,10 +336,10 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
    %{user: user, conn: conn} = oauth_access(["read:notifications"])
    other_user = insert(:user)

-    {:ok, mention_activity} = CommonAPI.post(other_user, %{"status" => "hey @#{user.nickname}"})
-    {:ok, create_activity} = CommonAPI.post(user, %{"status" => "hey"})
+    {:ok, mention_activity} = CommonAPI.post(other_user, %{status: "hey @#{user.nickname}"})
+    {:ok, create_activity} = CommonAPI.post(user, %{status: "hey"})
    {:ok, favorite_activity} = CommonAPI.favorite(other_user, create_activity.id)
-    {:ok, reblog_activity, _} = CommonAPI.repeat(create_activity.id, other_user)
+    {:ok, reblog_activity} = CommonAPI.repeat(create_activity.id, other_user)
    {:ok, _, _, follow_activity} = CommonAPI.follow(other_user, user)

    mention_notification_id = get_notification_id_by_activity(mention_activity)
@ -388,10 +383,10 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
    %{user: user, conn: conn} = oauth_access(["read:notifications", "write:notifications"])
    other_user = insert(:user)

-    {:ok, activity1} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
-    {:ok, activity2} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
-    {:ok, activity3} = CommonAPI.post(user, %{"status" => "hi @#{other_user.nickname}"})
-    {:ok, activity4} = CommonAPI.post(user, %{"status" => "hi @#{other_user.nickname}"})
+    {:ok, activity1} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"})
+    {:ok, activity2} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"})
+    {:ok, activity3} = CommonAPI.post(user, %{status: "hi @#{other_user.nickname}"})
+    {:ok, activity4} = CommonAPI.post(user, %{status: "hi @#{other_user.nickname}"})

    notification1_id = get_notification_id_by_activity(activity1)
    notification2_id = get_notification_id_by_activity(activity2)
@ -435,7 +430,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
    user2 = insert(:user)

    {:ok, _, _, _} = CommonAPI.follow(user, user2)
-    {:ok, _} = CommonAPI.post(user2, %{"status" => "hey @#{user.nickname}"})
+    {:ok, _} = CommonAPI.post(user2, %{status: "hey @#{user.nickname}"})

    ret_conn = get(conn, "/api/v1/notifications")

@ -453,7 +448,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
    user2 = insert(:user)

    {:ok, _, _, _} = CommonAPI.follow(user, user2)
-    {:ok, _} = CommonAPI.post(user2, %{"status" => "hey @#{user.nickname}"})
+    {:ok, _} = CommonAPI.post(user2, %{status: "hey @#{user.nickname}"})

    ret_conn = get(conn, "/api/v1/notifications")

@ -471,7 +466,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
    user2 = insert(:user)

    {:ok, _, _, _} = CommonAPI.follow(user, user2)
-    {:ok, _} = CommonAPI.post(user2, %{"status" => "hey @#{user.nickname}"})
+    {:ok, _} = CommonAPI.post(user2, %{status: "hey @#{user.nickname}"})

    ret_conn = get(conn, "/api/v1/notifications")

@ -518,14 +513,14 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do

      {:ok, activity1} =
        CommonAPI.post(other_user, %{
-          "status" => "hi @#{user.nickname}",
-          "visibility" => "public"
+          status: "hi @#{user.nickname}",
+          visibility: "public"
        })

      {:ok, activity2} =
        CommonAPI.post(other_user, %{
-          "status" => "hi @#{user.nickname}",
-          "visibility" => "public"
+          status: "hi @#{user.nickname}",
+          visibility: "public"
        })

      notification1 = Repo.get_by(Notification, activity_id: activity1.id)
@ -550,8 +545,8 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do
      %{id: account_id} = other_user1 = insert(:user)
      other_user2 = insert(:user)

-      {:ok, _activity} = CommonAPI.post(other_user1, %{"status" => "hi @#{user.nickname}"})
-      {:ok, _activity} = CommonAPI.post(other_user2, %{"status" => "bye @#{user.nickname}"})
+      {:ok, _activity} = CommonAPI.post(other_user1, %{status: "hi @#{user.nickname}"})
+      {:ok, _activity} = CommonAPI.post(other_user2, %{status: "bye @#{user.nickname}"})

      assert [%{"account" => %{"id" => ^account_id}}] =
               conn
--- a/test/web/mastodon_api/controllers/poll_controller_test.exs
+++ b/test/web/mastodon_api/controllers/poll_controller_test.exs
@ -16,15 +16,15 @@ defmodule Pleroma.Web.MastodonAPI.PollControllerTest do
    test "returns poll entity for object id", %{user: user, conn: conn} do
      {:ok, activity} =
        CommonAPI.post(user, %{
-          "status" => "Pleroma does",
-          "poll" => %{"options" => ["what Mastodon't", "n't what Mastodoes"], "expires_in" => 20}
+          status: "Pleroma does",
+          poll: %{options: ["what Mastodon't", "n't what Mastodoes"], expires_in: 20}
        })

      object = Object.normalize(activity)

      conn = get(conn, "/api/v1/polls/#{object.id}")

-      response = json_response(conn, 200)
+      response = json_response_and_validate_schema(conn, 200)
      id = to_string(object.id)
      assert %{"id" => ^id, "expired" => false, "multiple" => false} = response
    end
@ -34,16 +34,16 @@ defmodule Pleroma.Web.MastodonAPI.PollControllerTest do

      {:ok, activity} =
        CommonAPI.post(other_user, %{
-          "status" => "Pleroma does",
-          "poll" => %{"options" => ["what Mastodon't", "n't what Mastodoes"], "expires_in" => 20},
-          "visibility" => "private"
+          status: "Pleroma does",
+          poll: %{options: ["what Mastodon't", "n't what Mastodoes"], expires_in: 20},
+          visibility: "private"
        })

      object = Object.normalize(activity)

      conn = get(conn, "/api/v1/polls/#{object.id}")

-      assert json_response(conn, 404)
+      assert json_response_and_validate_schema(conn, 404)
    end
  end

@ -55,19 +55,22 @@ defmodule Pleroma.Web.MastodonAPI.PollControllerTest do

      {:ok, activity} =
        CommonAPI.post(other_user, %{
-          "status" => "A very delicious sandwich",
-          "poll" => %{
-            "options" => ["Lettuce", "Grilled Bacon", "Tomato"],
-            "expires_in" => 20,
-            "multiple" => true
+          status: "A very delicious sandwich",
+          poll: %{
+            options: ["Lettuce", "Grilled Bacon", "Tomato"],
+            expires_in: 20,
+            multiple: true
          }
        })

      object = Object.normalize(activity)

-      conn = post(conn, "/api/v1/polls/#{object.id}/votes", %{"choices" => [0, 1, 2]})
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [0, 1, 2]})

-      assert json_response(conn, 200)
+      assert json_response_and_validate_schema(conn, 200)
      object = Object.get_by_id(object.id)

      assert Enum.all?(object.data["anyOf"], fn %{"replies" => %{"totalItems" => total_items}} ->
@ -78,15 +81,16 @@ defmodule Pleroma.Web.MastodonAPI.PollControllerTest do
    test "author can't vote", %{user: user, conn: conn} do
      {:ok, activity} =
        CommonAPI.post(user, %{
-          "status" => "Am I cute?",
-          "poll" => %{"options" => ["Yes", "No"], "expires_in" => 20}
+          status: "Am I cute?",
+          poll: %{options: ["Yes", "No"], expires_in: 20}
        })

      object = Object.normalize(activity)

      assert conn
+             |> put_req_header("content-type", "application/json")
             |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [1]})
-             |> json_response(422) == %{"error" => "Poll's author can't vote"}
+             |> json_response_and_validate_schema(422) == %{"error" => "Poll's author can't vote"}

      object = Object.get_by_id(object.id)

@ -98,15 +102,16 @@ defmodule Pleroma.Web.MastodonAPI.PollControllerTest do

      {:ok, activity} =
        CommonAPI.post(other_user, %{
-          "status" => "The glass is",
-          "poll" => %{"options" => ["half empty", "half full"], "expires_in" => 20}
+          status: "The glass is",
+          poll: %{options: ["half empty", "half full"], expires_in: 20}
        })

      object = Object.normalize(activity)

      assert conn
+             |> put_req_header("content-type", "application/json")
             |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [0, 1]})
-             |> json_response(422) == %{"error" => "Too many choices"}
+             |> json_response_and_validate_schema(422) == %{"error" => "Too many choices"}

      object = Object.get_by_id(object.id)

@ -120,21 +125,27 @@ defmodule Pleroma.Web.MastodonAPI.PollControllerTest do

      {:ok, activity} =
        CommonAPI.post(other_user, %{
-          "status" => "Am I cute?",
-          "poll" => %{"options" => ["Yes", "No"], "expires_in" => 20}
+          status: "Am I cute?",
+          poll: %{options: ["Yes", "No"], expires_in: 20}
        })

      object = Object.normalize(activity)

-      conn = post(conn, "/api/v1/polls/#{object.id}/votes", %{"choices" => [2]})
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [2]})

-      assert json_response(conn, 422) == %{"error" => "Invalid indices"}
+      assert json_response_and_validate_schema(conn, 422) == %{"error" => "Invalid indices"}
    end

    test "returns 404 error when object is not exist", %{conn: conn} do
-      conn = post(conn, "/api/v1/polls/1/votes", %{"choices" => [0]})
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/polls/1/votes", %{"choices" => [0]})

-      assert json_response(conn, 404) == %{"error" => "Record not found"}
+      assert json_response_and_validate_schema(conn, 404) == %{"error" => "Record not found"}
    end

    test "returns 404 when poll is private and not available for user", %{conn: conn} do
@ -142,16 +153,19 @@ defmodule Pleroma.Web.MastodonAPI.PollControllerTest do

      {:ok, activity} =
        CommonAPI.post(other_user, %{
-          "status" => "Am I cute?",
-          "poll" => %{"options" => ["Yes", "No"], "expires_in" => 20},
-          "visibility" => "private"
+          status: "Am I cute?",
+          poll: %{options: ["Yes", "No"], expires_in: 20},
+          visibility: "private"
        })

      object = Object.normalize(activity)

-      conn = post(conn, "/api/v1/polls/#{object.id}/votes", %{"choices" => [0]})
+      conn =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [0]})

-      assert json_response(conn, 404) == %{"error" => "Record not found"}
+      assert json_response_and_validate_schema(conn, 404) == %{"error" => "Record not found"}
    end
  end
 end
--- a/test/web/mastodon_api/controllers/report_controller_test.exs
+++ b/test/web/mastodon_api/controllers/report_controller_test.exs
@ -14,7 +14,7 @@ defmodule Pleroma.Web.MastodonAPI.ReportControllerTest do
  setup do
    target_user = insert(:user)

-    {:ok, activity} = CommonAPI.post(target_user, %{"status" => "foobar"})
+    {:ok, activity} = CommonAPI.post(target_user, %{status: "foobar"})

    [target_user: target_user, activity: activity]
  end
--- a/test/web/mastodon_api/controllers/scheduled_activity_controller_test.exs
+++ b/test/web/mastodon_api/controllers/scheduled_activity_controller_test.exs
@ -24,19 +24,19 @@ defmodule Pleroma.Web.MastodonAPI.ScheduledActivityControllerTest do
    # min_id
    conn_res = get(conn, "/api/v1/scheduled_statuses?limit=2&min_id=#{scheduled_activity_id1}")

-    result = json_response(conn_res, 200)
+    result = json_response_and_validate_schema(conn_res, 200)
    assert [%{"id" => ^scheduled_activity_id3}, %{"id" => ^scheduled_activity_id2}] = result

    # since_id
    conn_res = get(conn, "/api/v1/scheduled_statuses?limit=2&since_id=#{scheduled_activity_id1}")

-    result = json_response(conn_res, 200)
+    result = json_response_and_validate_schema(conn_res, 200)
    assert [%{"id" => ^scheduled_activity_id4}, %{"id" => ^scheduled_activity_id3}] = result

    # max_id
    conn_res = get(conn, "/api/v1/scheduled_statuses?limit=2&max_id=#{scheduled_activity_id4}")

-    result = json_response(conn_res, 200)
+    result = json_response_and_validate_schema(conn_res, 200)
    assert [%{"id" => ^scheduled_activity_id3}, %{"id" => ^scheduled_activity_id2}] = result
  end

@ -46,12 +46,12 @@ defmodule Pleroma.Web.MastodonAPI.ScheduledActivityControllerTest do

    res_conn = get(conn, "/api/v1/scheduled_statuses/#{scheduled_activity.id}")

-    assert %{"id" => scheduled_activity_id} = json_response(res_conn, 200)
+    assert %{"id" => scheduled_activity_id} = json_response_and_validate_schema(res_conn, 200)
    assert scheduled_activity_id == scheduled_activity.id |> to_string()

    res_conn = get(conn, "/api/v1/scheduled_statuses/404")

-    assert %{"error" => "Record not found"} = json_response(res_conn, 404)
+    assert %{"error" => "Record not found"} = json_response_and_validate_schema(res_conn, 404)
  end

  test "updates a scheduled activity" do
@ -74,22 +74,32 @@ defmodule Pleroma.Web.MastodonAPI.ScheduledActivityControllerTest do
    assert job.args == %{"activity_id" => scheduled_activity.id}
    assert DateTime.truncate(job.scheduled_at, :second) == to_datetime(scheduled_at)

-    new_scheduled_at = Timex.shift(NaiveDateTime.utc_now(), minutes: 120)
+    new_scheduled_at =
+      NaiveDateTime.utc_now()
+      |> Timex.shift(minutes: 120)
+      |> Timex.format!("%Y-%m-%dT%H:%M:%S.%fZ", :strftime)

    res_conn =
-      put(conn, "/api/v1/scheduled_statuses/#{scheduled_activity.id}", %{
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> put("/api/v1/scheduled_statuses/#{scheduled_activity.id}", %{
        scheduled_at: new_scheduled_at
      })

-    assert %{"scheduled_at" => expected_scheduled_at} = json_response(res_conn, 200)
+    assert %{"scheduled_at" => expected_scheduled_at} =
+             json_response_and_validate_schema(res_conn, 200)
+
    assert expected_scheduled_at == Pleroma.Web.CommonAPI.Utils.to_masto_date(new_scheduled_at)
    job = refresh_record(job)

    assert DateTime.truncate(job.scheduled_at, :second) == to_datetime(new_scheduled_at)

-    res_conn = put(conn, "/api/v1/scheduled_statuses/404", %{scheduled_at: new_scheduled_at})
+    res_conn =
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> put("/api/v1/scheduled_statuses/404", %{scheduled_at: new_scheduled_at})

-    assert %{"error" => "Record not found"} = json_response(res_conn, 404)
+    assert %{"error" => "Record not found"} = json_response_and_validate_schema(res_conn, 404)
  end

  test "deletes a scheduled activity" do
@ -115,7 +125,7 @@ defmodule Pleroma.Web.MastodonAPI.ScheduledActivityControllerTest do
      |> assign(:user, user)
      |> delete("/api/v1/scheduled_statuses/#{scheduled_activity.id}")

-    assert %{} = json_response(res_conn, 200)
+    assert %{} = json_response_and_validate_schema(res_conn, 200)
    refute Repo.get(ScheduledActivity, scheduled_activity.id)
    refute Repo.get(Oban.Job, job.id)

@ -124,6 +134,6 @@ defmodule Pleroma.Web.MastodonAPI.ScheduledActivityControllerTest do
      |> assign(:user, user)
      |> delete("/api/v1/scheduled_statuses/#{scheduled_activity.id}")

-    assert %{"error" => "Record not found"} = json_response(res_conn, 404)
+    assert %{"error" => "Record not found"} = json_response_and_validate_schema(res_conn, 404)
  end
 end
--- a/test/web/mastodon_api/controllers/search_controller_test.exs
+++ b/test/web/mastodon_api/controllers/search_controller_test.exs
@ -13,7 +13,7 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
  import Tesla.Mock
  import Mock

-  setup do
+  setup_all do
    mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
    :ok
  end
@ -27,8 +27,8 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
        capture_log(fn ->
          results =
            conn
-            |> get("/api/v2/search", %{"q" => "2hu"})
-            |> json_response(200)
+            |> get("/api/v2/search?q=2hu")
+            |> json_response_and_validate_schema(200)

          assert results["accounts"] == []
          assert results["statuses"] == []
@ -42,20 +42,20 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
      user_two = insert(:user, %{nickname: "shp@shitposter.club"})
      user_three = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"})

-      {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about 2hu private 天子"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "This is about 2hu private 天子"})

      {:ok, _activity} =
        CommonAPI.post(user, %{
-          "status" => "This is about 2hu, but private",
-          "visibility" => "private"
+          status: "This is about 2hu, but private",
+          visibility: "private"
        })

-      {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
+      {:ok, _} = CommonAPI.post(user_two, %{status: "This isn't"})

      results =
        conn
-        |> get("/api/v2/search", %{"q" => "2hu #private"})
-        |> json_response(200)
+        |> get("/api/v2/search?#{URI.encode_query(%{q: "2hu #private"})}")
+        |> json_response_and_validate_schema(200)

      [account | _] = results["accounts"]
      assert account["id"] == to_string(user_three.id)
@ -68,8 +68,8 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
      assert status["id"] == to_string(activity.id)

      results =
-        get(conn, "/api/v2/search", %{"q" => "天子"})
-        |> json_response(200)
+        get(conn, "/api/v2/search?q=天子")
+        |> json_response_and_validate_schema(200)

      [status] = results["statuses"]
      assert status["id"] == to_string(activity.id)
@ -80,17 +80,17 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
      user_smith = insert(:user, %{nickname: "Agent", name: "I love 2hu"})
      user_neo = insert(:user, %{nickname: "Agent Neo", name: "Agent"})

-      {:ok, act1} = CommonAPI.post(user, %{"status" => "This is about 2hu private 天子"})
-      {:ok, act2} = CommonAPI.post(user_smith, %{"status" => "Agent Smith"})
-      {:ok, act3} = CommonAPI.post(user_neo, %{"status" => "Agent Smith"})
+      {:ok, act1} = CommonAPI.post(user, %{status: "This is about 2hu private 天子"})
+      {:ok, act2} = CommonAPI.post(user_smith, %{status: "Agent Smith"})
+      {:ok, act3} = CommonAPI.post(user_neo, %{status: "Agent Smith"})
      Pleroma.User.block(user, user_smith)

      results =
        conn
        |> assign(:user, user)
        |> assign(:token, insert(:oauth_token, user: user, scopes: ["read"]))
-        |> get("/api/v2/search", %{"q" => "Agent"})
-        |> json_response(200)
+        |> get("/api/v2/search?q=Agent")
+        |> json_response_and_validate_schema(200)

      status_ids = Enum.map(results["statuses"], fn g -> g["id"] end)

@ -107,8 +107,8 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do

      results =
        conn
-        |> get("/api/v1/accounts/search", %{"q" => "shp"})
-        |> json_response(200)
+        |> get("/api/v1/accounts/search?q=shp")
+        |> json_response_and_validate_schema(200)

      result_ids = for result <- results, do: result["acct"]

@ -117,8 +117,8 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do

      results =
        conn
-        |> get("/api/v1/accounts/search", %{"q" => "2hu"})
-        |> json_response(200)
+        |> get("/api/v1/accounts/search?q=2hu")
+        |> json_response_and_validate_schema(200)

      result_ids = for result <- results, do: result["acct"]

@ -130,8 +130,8 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do

      results =
        conn
-        |> get("/api/v1/accounts/search", %{"q" => "shp@shitposter.club xxx "})
-        |> json_response(200)
+        |> get("/api/v1/accounts/search?q=shp@shitposter.club xxx")
+        |> json_response_and_validate_schema(200)

      assert length(results) == 1
    end
@ -146,8 +146,8 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
        capture_log(fn ->
          results =
            conn
-            |> get("/api/v1/search", %{"q" => "2hu"})
-            |> json_response(200)
+            |> get("/api/v1/search?q=2hu")
+            |> json_response_and_validate_schema(200)

          assert results["accounts"] == []
          assert results["statuses"] == []
@ -161,20 +161,20 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
      user_two = insert(:user, %{nickname: "shp@shitposter.club"})
      user_three = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"})

-      {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about 2hu"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "This is about 2hu"})

      {:ok, _activity} =
        CommonAPI.post(user, %{
-          "status" => "This is about 2hu, but private",
-          "visibility" => "private"
+          status: "This is about 2hu, but private",
+          visibility: "private"
        })

-      {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"})
+      {:ok, _} = CommonAPI.post(user_two, %{status: "This isn't"})

      results =
        conn
-        |> get("/api/v1/search", %{"q" => "2hu"})
-        |> json_response(200)
+        |> get("/api/v1/search?q=2hu")
+        |> json_response_and_validate_schema(200)

      [account | _] = results["accounts"]
      assert account["id"] == to_string(user_three.id)
@ -189,13 +189,13 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
      capture_log(fn ->
        {:ok, %{id: activity_id}} =
          CommonAPI.post(insert(:user), %{
-            "status" => "check out https://shitposter.club/notice/2827873"
+            status: "check out https://shitposter.club/notice/2827873"
          })

        results =
          conn
-          |> get("/api/v1/search", %{"q" => "https://shitposter.club/notice/2827873"})
-          |> json_response(200)
+          |> get("/api/v1/search?q=https://shitposter.club/notice/2827873")
+          |> json_response_and_validate_schema(200)

        [status, %{"id" => ^activity_id}] = results["statuses"]

@ -207,15 +207,17 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
    test "search doesn't show statuses that it shouldn't", %{conn: conn} do
      {:ok, activity} =
        CommonAPI.post(insert(:user), %{
-          "status" => "This is about 2hu, but private",
-          "visibility" => "private"
+          status: "This is about 2hu, but private",
+          visibility: "private"
        })

      capture_log(fn ->
+        q = Object.normalize(activity).data["id"]
+
        results =
          conn
-          |> get("/api/v1/search", %{"q" => Object.normalize(activity).data["id"]})
-          |> json_response(200)
+          |> get("/api/v1/search?q=#{q}")
+          |> json_response_and_validate_schema(200)

        [] = results["statuses"]
      end)
@ -228,8 +230,8 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
        conn
        |> assign(:user, user)
        |> assign(:token, insert(:oauth_token, user: user, scopes: ["read"]))
-        |> get("/api/v1/search", %{"q" => "mike@osada.macgirvin.com", "resolve" => "true"})
-        |> json_response(200)
+        |> get("/api/v1/search?q=mike@osada.macgirvin.com&resolve=true")
+        |> json_response_and_validate_schema(200)

      [account] = results["accounts"]
      assert account["acct"] == "mike@osada.macgirvin.com"
@ -238,8 +240,8 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
    test "search doesn't fetch remote accounts if resolve is false", %{conn: conn} do
      results =
        conn
-        |> get("/api/v1/search", %{"q" => "mike@osada.macgirvin.com", "resolve" => "false"})
-        |> json_response(200)
+        |> get("/api/v1/search?q=mike@osada.macgirvin.com&resolve=false")
+        |> json_response_and_validate_schema(200)

      assert [] == results["accounts"]
    end
@ -249,21 +251,21 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
      _user_two = insert(:user, %{nickname: "shp@shitposter.club"})
      _user_three = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"})

-      {:ok, _activity1} = CommonAPI.post(user, %{"status" => "This is about 2hu"})
-      {:ok, _activity2} = CommonAPI.post(user, %{"status" => "This is also about 2hu"})
+      {:ok, _activity1} = CommonAPI.post(user, %{status: "This is about 2hu"})
+      {:ok, _activity2} = CommonAPI.post(user, %{status: "This is also about 2hu"})

      result =
        conn
-        |> get("/api/v1/search", %{"q" => "2hu", "limit" => 1})
+        |> get("/api/v1/search?q=2hu&limit=1")

-      assert results = json_response(result, 200)
+      assert results = json_response_and_validate_schema(result, 200)
      assert [%{"id" => activity_id1}] = results["statuses"]
      assert [_] = results["accounts"]

      results =
        conn
-        |> get("/api/v1/search", %{"q" => "2hu", "limit" => 1, "offset" => 1})
-        |> json_response(200)
+        |> get("/api/v1/search?q=2hu&limit=1&offset=1")
+        |> json_response_and_validate_schema(200)

      assert [%{"id" => activity_id2}] = results["statuses"]
      assert [] = results["accounts"]
@ -275,30 +277,30 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do
      user = insert(:user)
      _user_two = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"})

-      {:ok, _activity} = CommonAPI.post(user, %{"status" => "This is about 2hu"})
+      {:ok, _activity} = CommonAPI.post(user, %{status: "This is about 2hu"})

      assert %{"statuses" => [_activity], "accounts" => [], "hashtags" => []} =
               conn
-               |> get("/api/v1/search", %{"q" => "2hu", "type" => "statuses"})
-               |> json_response(200)
+               |> get("/api/v1/search?q=2hu&type=statuses")
+               |> json_response_and_validate_schema(200)

      assert %{"statuses" => [], "accounts" => [_user_two], "hashtags" => []} =
               conn
-               |> get("/api/v1/search", %{"q" => "2hu", "type" => "accounts"})
-               |> json_response(200)
+               |> get("/api/v1/search?q=2hu&type=accounts")
+               |> json_response_and_validate_schema(200)
    end

    test "search uses account_id to filter statuses by the author", %{conn: conn} do
      user = insert(:user, %{nickname: "shp@shitposter.club"})
      user_two = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"})

-      {:ok, activity1} = CommonAPI.post(user, %{"status" => "This is about 2hu"})
-      {:ok, activity2} = CommonAPI.post(user_two, %{"status" => "This is also about 2hu"})
+      {:ok, activity1} = CommonAPI.post(user, %{status: "This is about 2hu"})
+      {:ok, activity2} = CommonAPI.post(user_two, %{status: "This is also about 2hu"})

      results =
        conn
-        |> get("/api/v1/search", %{"q" => "2hu", "account_id" => user.id})
-        |> json_response(200)
+        |> get("/api/v1/search?q=2hu&account_id=#{user.id}")
+        |> json_response_and_validate_schema(200)

      assert [%{"id" => activity_id1}] = results["statuses"]
      assert activity_id1 == activity1.id
@ -306,8 +308,8 @@ defmodule Pleroma.Web.MastodonAPI.SearchControllerTest do

      results =
        conn
-        |> get("/api/v1/search", %{"q" => "2hu", "account_id" => user_two.id})
-        |> json_response(200)
+        |> get("/api/v1/search?q=2hu&account_id=#{user_two.id}")
+        |> json_response_and_validate_schema(200)

      assert [%{"id" => activity_id2}] = results["statuses"]
      assert activity_id2 == activity2.id
--- a/test/web/mastodon_api/controllers/status_controller_test.exs
+++ b/test/web/mastodon_api/controllers/status_controller_test.exs
--- a/test/web/mastodon_api/controllers/subscription_controller_test.exs
+++ b/test/web/mastodon_api/controllers/subscription_controller_test.exs
@ -6,6 +6,7 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
  use Pleroma.Web.ConnCase

  import Pleroma.Factory
+
  alias Pleroma.Web.Push
  alias Pleroma.Web.Push.Subscription

@ -27,6 +28,7 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
      build_conn()
      |> assign(:user, user)
      |> assign(:token, token)
+      |> put_req_header("content-type", "application/json")

    %{conn: conn, user: user, token: token}
  end
@ -47,8 +49,8 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
    test "returns error when push disabled ", %{conn: conn} do
      assert_error_when_disable_push do
        conn
-        |> post("/api/v1/push/subscription", %{})
-        |> json_response(403)
+        |> post("/api/v1/push/subscription", %{subscription: @sub})
+        |> json_response_and_validate_schema(403)
      end
    end

@ -59,7 +61,7 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
          "data" => %{"alerts" => %{"mention" => true, "test" => true}},
          "subscription" => @sub
        })
-        |> json_response(200)
+        |> json_response_and_validate_schema(200)

      [subscription] = Pleroma.Repo.all(Subscription)

@ -77,7 +79,7 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
      assert_error_when_disable_push do
        conn
        |> get("/api/v1/push/subscription", %{})
-        |> json_response(403)
+        |> json_response_and_validate_schema(403)
      end
    end

@ -85,9 +87,9 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
      res =
        conn
        |> get("/api/v1/push/subscription", %{})
-        |> json_response(404)
+        |> json_response_and_validate_schema(404)

-      assert "Not found" == res
+      assert %{"error" => "Record not found"} == res
    end

    test "returns a user subsciption", %{conn: conn, user: user, token: token} do
@ -101,7 +103,7 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
      res =
        conn
        |> get("/api/v1/push/subscription", %{})
-        |> json_response(200)
+        |> json_response_and_validate_schema(200)

      expect = %{
        "alerts" => %{"mention" => true},
@ -130,7 +132,7 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
      assert_error_when_disable_push do
        conn
        |> put("/api/v1/push/subscription", %{data: %{"alerts" => %{"mention" => false}}})
-        |> json_response(403)
+        |> json_response_and_validate_schema(403)
      end
    end

@ -140,7 +142,7 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
        |> put("/api/v1/push/subscription", %{
          data: %{"alerts" => %{"mention" => false, "follow" => true}}
        })
-        |> json_response(200)
+        |> json_response_and_validate_schema(200)

      expect = %{
        "alerts" => %{"follow" => true, "mention" => false},
@ -158,7 +160,7 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
      assert_error_when_disable_push do
        conn
        |> delete("/api/v1/push/subscription", %{})
-        |> json_response(403)
+        |> json_response_and_validate_schema(403)
      end
    end

@ -166,9 +168,9 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
      res =
        conn
        |> delete("/api/v1/push/subscription", %{})
-        |> json_response(404)
+        |> json_response_and_validate_schema(404)

-      assert "Not found" == res
+      assert %{"error" => "Record not found"} == res
    end

    test "returns empty result and delete user subsciption", %{
@ -186,7 +188,7 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
      res =
        conn
        |> delete("/api/v1/push/subscription", %{})
-        |> json_response(200)
+        |> json_response_and_validate_schema(200)

      assert %{} == res
      refute Pleroma.Repo.get(Subscription, subscription.id)
--- a/test/web/mastodon_api/controllers/suggestion_controller_test.exs
+++ b/test/web/mastodon_api/controllers/suggestion_controller_test.exs
@ -11,7 +11,7 @@ defmodule Pleroma.Web.MastodonAPI.SuggestionControllerTest do
    res =
      conn
      |> get("/api/v1/suggestions")
-      |> json_response(200)
+      |> json_response_and_validate_schema(200)

    assert res == []
  end
--- a/test/web/mastodon_api/controllers/timeline_controller_test.exs
+++ b/test/web/mastodon_api/controllers/timeline_controller_test.exs
@ -20,106 +20,36 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
  describe "home" do
    setup do: oauth_access(["read:statuses"])

-    test "does NOT render account/pleroma/relationship if this is disabled by default", %{
+    test "does NOT embed account/pleroma/relationship in statuses", %{
      user: user,
      conn: conn
    } do
-      clear_config([:extensions, :output_relationships_in_statuses_by_default], false)
-
      other_user = insert(:user)

-      {:ok, _} = CommonAPI.post(other_user, %{"status" => "hi @#{user.nickname}"})
+      {:ok, _} = CommonAPI.post(other_user, %{status: "hi @#{user.nickname}"})

      response =
        conn
        |> assign(:user, user)
        |> get("/api/v1/timelines/home")
-        |> json_response(200)
+        |> json_response_and_validate_schema(200)

      assert Enum.all?(response, fn n ->
               get_in(n, ["account", "pleroma", "relationship"]) == %{}
             end)
    end

-    test "the home timeline", %{user: user, conn: conn} do
-      uri = "/api/v1/timelines/home?with_relationships=true"
-
-      following = insert(:user, nickname: "followed")
-      third_user = insert(:user, nickname: "repeated")
-
-      {:ok, _activity} = CommonAPI.post(following, %{"status" => "post"})
-      {:ok, activity} = CommonAPI.post(third_user, %{"status" => "repeated post"})
-      {:ok, _, _} = CommonAPI.repeat(activity.id, following)
-
-      ret_conn = get(conn, uri)
-
-      assert Enum.empty?(json_response(ret_conn, :ok))
-
-      {:ok, _user} = User.follow(user, following)
-
-      ret_conn = get(conn, uri)
-
-      assert [
-               %{
-                 "reblog" => %{
-                   "content" => "repeated post",
-                   "account" => %{
-                     "pleroma" => %{
-                       "relationship" => %{"following" => false, "followed_by" => false}
-                     }
-                   }
-                 },
-                 "account" => %{"pleroma" => %{"relationship" => %{"following" => true}}}
-               },
-               %{
-                 "content" => "post",
-                 "account" => %{
-                   "acct" => "followed",
-                   "pleroma" => %{"relationship" => %{"following" => true}}
-                 }
-               }
-             ] = json_response(ret_conn, :ok)
-
-      {:ok, _user} = User.follow(third_user, user)
-
-      ret_conn = get(conn, uri)
-
-      assert [
-               %{
-                 "reblog" => %{
-                   "content" => "repeated post",
-                   "account" => %{
-                     "acct" => "repeated",
-                     "pleroma" => %{
-                       "relationship" => %{"following" => false, "followed_by" => true}
-                     }
-                   }
-                 },
-                 "account" => %{"pleroma" => %{"relationship" => %{"following" => true}}}
-               },
-               %{
-                 "content" => "post",
-                 "account" => %{
-                   "acct" => "followed",
-                   "pleroma" => %{"relationship" => %{"following" => true}}
-                 }
-               }
-             ] = json_response(ret_conn, :ok)
-    end
-
    test "the home timeline when the direct messages are excluded", %{user: user, conn: conn} do
-      {:ok, public_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "public"})
-      {:ok, direct_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "direct"})
+      {:ok, public_activity} = CommonAPI.post(user, %{status: ".", visibility: "public"})
+      {:ok, direct_activity} = CommonAPI.post(user, %{status: ".", visibility: "direct"})

-      {:ok, unlisted_activity} =
-        CommonAPI.post(user, %{"status" => ".", "visibility" => "unlisted"})
+      {:ok, unlisted_activity} = CommonAPI.post(user, %{status: ".", visibility: "unlisted"})

-      {:ok, private_activity} =
-        CommonAPI.post(user, %{"status" => ".", "visibility" => "private"})
+      {:ok, private_activity} = CommonAPI.post(user, %{status: ".", visibility: "private"})

-      conn = get(conn, "/api/v1/timelines/home", %{"exclude_visibilities" => ["direct"]})
+      conn = get(conn, "/api/v1/timelines/home?exclude_visibilities[]=direct")

-      assert status_ids = json_response(conn, :ok) |> Enum.map(& &1["id"])
+      assert status_ids = json_response_and_validate_schema(conn, :ok) |> Enum.map(& &1["id"])
      assert public_activity.id in status_ids
      assert unlisted_activity.id in status_ids
      assert private_activity.id in status_ids
@ -132,33 +62,33 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
    test "the public timeline", %{conn: conn} do
      following = insert(:user)

-      {:ok, _activity} = CommonAPI.post(following, %{"status" => "test"})
+      {:ok, _activity} = CommonAPI.post(following, %{status: "test"})

      _activity = insert(:note_activity, local: false)

-      conn = get(conn, "/api/v1/timelines/public", %{"local" => "False"})
+      conn = get(conn, "/api/v1/timelines/public?local=False")

-      assert length(json_response(conn, :ok)) == 2
+      assert length(json_response_and_validate_schema(conn, :ok)) == 2

-      conn = get(build_conn(), "/api/v1/timelines/public", %{"local" => "True"})
+      conn = get(build_conn(), "/api/v1/timelines/public?local=True")

-      assert [%{"content" => "test"}] = json_response(conn, :ok)
+      assert [%{"content" => "test"}] = json_response_and_validate_schema(conn, :ok)

-      conn = get(build_conn(), "/api/v1/timelines/public", %{"local" => "1"})
+      conn = get(build_conn(), "/api/v1/timelines/public?local=1")

-      assert [%{"content" => "test"}] = json_response(conn, :ok)
+      assert [%{"content" => "test"}] = json_response_and_validate_schema(conn, :ok)
    end

    test "the public timeline includes only public statuses for an authenticated user" do
      %{user: user, conn: conn} = oauth_access(["read:statuses"])

-      {:ok, _activity} = CommonAPI.post(user, %{"status" => "test"})
-      {:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "private"})
-      {:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "unlisted"})
-      {:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "direct"})
+      {:ok, _activity} = CommonAPI.post(user, %{status: "test"})
+      {:ok, _activity} = CommonAPI.post(user, %{status: "test", visibility: "private"})
+      {:ok, _activity} = CommonAPI.post(user, %{status: "test", visibility: "unlisted"})
+      {:ok, _activity} = CommonAPI.post(user, %{status: "test", visibility: "direct"})

      res_conn = get(conn, "/api/v1/timelines/public")
-      assert length(json_response(res_conn, 200)) == 1
+      assert length(json_response_and_validate_schema(res_conn, 200)) == 1
    end
  end

@ -176,15 +106,15 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
    setup do: clear_config([:restrict_unauthenticated, :timelines, :federated], true)

    test "if user is unauthenticated", %{conn: conn} do
-      res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "true"})
+      res_conn = get(conn, "/api/v1/timelines/public?local=true")

-      assert json_response(res_conn, :unauthorized) == %{
+      assert json_response_and_validate_schema(res_conn, :unauthorized) == %{
               "error" => "authorization required for timeline view"
             }

-      res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "false"})
+      res_conn = get(conn, "/api/v1/timelines/public?local=false")

-      assert json_response(res_conn, :unauthorized) == %{
+      assert json_response_and_validate_schema(res_conn, :unauthorized) == %{
               "error" => "authorization required for timeline view"
             }
    end
@ -192,11 +122,11 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
    test "if user is authenticated" do
      %{conn: conn} = oauth_access(["read:statuses"])

-      res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "true"})
-      assert length(json_response(res_conn, 200)) == 1
+      res_conn = get(conn, "/api/v1/timelines/public?local=true")
+      assert length(json_response_and_validate_schema(res_conn, 200)) == 1

-      res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "false"})
-      assert length(json_response(res_conn, 200)) == 2
+      res_conn = get(conn, "/api/v1/timelines/public?local=false")
+      assert length(json_response_and_validate_schema(res_conn, 200)) == 2
    end
  end

@ -206,24 +136,24 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
    setup do: clear_config([:restrict_unauthenticated, :timelines, :local], true)

    test "if user is unauthenticated", %{conn: conn} do
-      res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "true"})
+      res_conn = get(conn, "/api/v1/timelines/public?local=true")

-      assert json_response(res_conn, :unauthorized) == %{
+      assert json_response_and_validate_schema(res_conn, :unauthorized) == %{
               "error" => "authorization required for timeline view"
             }

-      res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "false"})
-      assert length(json_response(res_conn, 200)) == 2
+      res_conn = get(conn, "/api/v1/timelines/public?local=false")
+      assert length(json_response_and_validate_schema(res_conn, 200)) == 2
    end

    test "if user is authenticated", %{conn: _conn} do
      %{conn: conn} = oauth_access(["read:statuses"])

-      res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "true"})
-      assert length(json_response(res_conn, 200)) == 1
+      res_conn = get(conn, "/api/v1/timelines/public?local=true")
+      assert length(json_response_and_validate_schema(res_conn, 200)) == 1

-      res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "false"})
-      assert length(json_response(res_conn, 200)) == 2
+      res_conn = get(conn, "/api/v1/timelines/public?local=false")
+      assert length(json_response_and_validate_schema(res_conn, 200)) == 2
    end
  end

@ -233,12 +163,12 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
    setup do: clear_config([:restrict_unauthenticated, :timelines, :federated], true)

    test "if user is unauthenticated", %{conn: conn} do
-      res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "true"})
-      assert length(json_response(res_conn, 200)) == 1
+      res_conn = get(conn, "/api/v1/timelines/public?local=true")
+      assert length(json_response_and_validate_schema(res_conn, 200)) == 1

-      res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "false"})
+      res_conn = get(conn, "/api/v1/timelines/public?local=false")

-      assert json_response(res_conn, :unauthorized) == %{
+      assert json_response_and_validate_schema(res_conn, :unauthorized) == %{
               "error" => "authorization required for timeline view"
             }
    end
@ -246,11 +176,11 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
    test "if user is authenticated", %{conn: _conn} do
      %{conn: conn} = oauth_access(["read:statuses"])

-      res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "true"})
-      assert length(json_response(res_conn, 200)) == 1
+      res_conn = get(conn, "/api/v1/timelines/public?local=true")
+      assert length(json_response_and_validate_schema(res_conn, 200)) == 1

-      res_conn = get(conn, "/api/v1/timelines/public", %{"local" => "false"})
-      assert length(json_response(res_conn, 200)) == 2
+      res_conn = get(conn, "/api/v1/timelines/public?local=false")
+      assert length(json_response_and_validate_schema(res_conn, 200)) == 2
    end
  end

@ -263,14 +193,14 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do

      {:ok, direct} =
        CommonAPI.post(user_one, %{
-          "status" => "Hi @#{user_two.nickname}!",
-          "visibility" => "direct"
+          status: "Hi @#{user_two.nickname}!",
+          visibility: "direct"
        })

      {:ok, _follower_only} =
        CommonAPI.post(user_one, %{
-          "status" => "Hi @#{user_two.nickname}!",
-          "visibility" => "private"
+          status: "Hi @#{user_two.nickname}!",
+          visibility: "private"
        })

      conn_user_two =
@ -281,7 +211,7 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
      # Only direct should be visible here
      res_conn = get(conn_user_two, "api/v1/timelines/direct")

-      [status] = json_response(res_conn, :ok)
+      assert [status] = json_response_and_validate_schema(res_conn, :ok)

      assert %{"visibility" => "direct"} = status
      assert status["url"] != direct.data["id"]
@ -293,33 +223,34 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
        |> assign(:token, insert(:oauth_token, user: user_one, scopes: ["read:statuses"]))
        |> get("api/v1/timelines/direct")

-      [status] = json_response(res_conn, :ok)
+      [status] = json_response_and_validate_schema(res_conn, :ok)

      assert %{"visibility" => "direct"} = status

      # Both should be visible here
      res_conn = get(conn_user_two, "api/v1/timelines/home")

-      [_s1, _s2] = json_response(res_conn, :ok)
+      [_s1, _s2] = json_response_and_validate_schema(res_conn, :ok)

      # Test pagination
      Enum.each(1..20, fn _ ->
        {:ok, _} =
          CommonAPI.post(user_one, %{
-            "status" => "Hi @#{user_two.nickname}!",
-            "visibility" => "direct"
+            status: "Hi @#{user_two.nickname}!",
+            visibility: "direct"
          })
      end)

      res_conn = get(conn_user_two, "api/v1/timelines/direct")

-      statuses = json_response(res_conn, :ok)
+      statuses = json_response_and_validate_schema(res_conn, :ok)
      assert length(statuses) == 20

-      res_conn =
-        get(conn_user_two, "api/v1/timelines/direct", %{max_id: List.last(statuses)["id"]})
+      max_id = List.last(statuses)["id"]

-      [status] = json_response(res_conn, :ok)
+      res_conn = get(conn_user_two, "api/v1/timelines/direct?max_id=#{max_id}")
+
+      assert [status] = json_response_and_validate_schema(res_conn, :ok)

      assert status["url"] != direct.data["id"]
    end
@ -332,19 +263,19 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do

      {:ok, _blocked_direct} =
        CommonAPI.post(blocked, %{
-          "status" => "Hi @#{blocker.nickname}!",
-          "visibility" => "direct"
+          status: "Hi @#{blocker.nickname}!",
+          visibility: "direct"
        })

      {:ok, direct} =
        CommonAPI.post(other_user, %{
-          "status" => "Hi @#{blocker.nickname}!",
-          "visibility" => "direct"
+          status: "Hi @#{blocker.nickname}!",
+          visibility: "direct"
        })

      res_conn = get(conn, "api/v1/timelines/direct")

-      [status] = json_response(res_conn, :ok)
+      [status] = json_response_and_validate_schema(res_conn, :ok)
      assert status["id"] == direct.id
    end
  end
@ -354,14 +285,14 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do

    test "list timeline", %{user: user, conn: conn} do
      other_user = insert(:user)
-      {:ok, _activity_one} = CommonAPI.post(user, %{"status" => "Marisa is cute."})
-      {:ok, activity_two} = CommonAPI.post(other_user, %{"status" => "Marisa is cute."})
+      {:ok, _activity_one} = CommonAPI.post(user, %{status: "Marisa is cute."})
+      {:ok, activity_two} = CommonAPI.post(other_user, %{status: "Marisa is cute."})
      {:ok, list} = Pleroma.List.create("name", user)
      {:ok, list} = Pleroma.List.follow(list, other_user)

      conn = get(conn, "/api/v1/timelines/list/#{list.id}")

-      assert [%{"id" => id}] = json_response(conn, :ok)
+      assert [%{"id" => id}] = json_response_and_validate_schema(conn, :ok)

      assert id == to_string(activity_two.id)
    end
@ -371,12 +302,12 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
      conn: conn
    } do
      other_user = insert(:user)
-      {:ok, activity_one} = CommonAPI.post(other_user, %{"status" => "Marisa is cute."})
+      {:ok, activity_one} = CommonAPI.post(other_user, %{status: "Marisa is cute."})

      {:ok, _activity_two} =
        CommonAPI.post(other_user, %{
-          "status" => "Marisa is cute.",
-          "visibility" => "private"
+          status: "Marisa is cute.",
+          visibility: "private"
        })

      {:ok, list} = Pleroma.List.create("name", user)
@ -384,7 +315,7 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do

      conn = get(conn, "/api/v1/timelines/list/#{list.id}")

-      assert [%{"id" => id}] = json_response(conn, :ok)
+      assert [%{"id" => id}] = json_response_and_validate_schema(conn, :ok)

      assert id == to_string(activity_one.id)
    end
@ -397,18 +328,18 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
    test "hashtag timeline", %{conn: conn} do
      following = insert(:user)

-      {:ok, activity} = CommonAPI.post(following, %{"status" => "test #2hu"})
+      {:ok, activity} = CommonAPI.post(following, %{status: "test #2hu"})

      nconn = get(conn, "/api/v1/timelines/tag/2hu")

-      assert [%{"id" => id}] = json_response(nconn, :ok)
+      assert [%{"id" => id}] = json_response_and_validate_schema(nconn, :ok)

      assert id == to_string(activity.id)

      # works for different capitalization too
      nconn = get(conn, "/api/v1/timelines/tag/2HU")

-      assert [%{"id" => id}] = json_response(nconn, :ok)
+      assert [%{"id" => id}] = json_response_and_validate_schema(nconn, :ok)

      assert id == to_string(activity.id)
    end
@ -416,26 +347,25 @@ defmodule Pleroma.Web.MastodonAPI.TimelineControllerTest do
    test "multi-hashtag timeline", %{conn: conn} do
      user = insert(:user)

-      {:ok, activity_test} = CommonAPI.post(user, %{"status" => "#test"})
-      {:ok, activity_test1} = CommonAPI.post(user, %{"status" => "#test #test1"})
-      {:ok, activity_none} = CommonAPI.post(user, %{"status" => "#test #none"})
+      {:ok, activity_test} = CommonAPI.post(user, %{status: "#test"})
+      {:ok, activity_test1} = CommonAPI.post(user, %{status: "#test #test1"})
+      {:ok, activity_none} = CommonAPI.post(user, %{status: "#test #none"})

-      any_test = get(conn, "/api/v1/timelines/tag/test", %{"any" => ["test1"]})
+      any_test = get(conn, "/api/v1/timelines/tag/test?any[]=test1")

-      [status_none, status_test1, status_test] = json_response(any_test, :ok)
+      [status_none, status_test1, status_test] = json_response_and_validate_schema(any_test, :ok)

      assert to_string(activity_test.id) == status_test["id"]
      assert to_string(activity_test1.id) == status_test1["id"]
      assert to_string(activity_none.id) == status_none["id"]

-      restricted_test =
-        get(conn, "/api/v1/timelines/tag/test", %{"all" => ["test1"], "none" => ["none"]})
+      restricted_test = get(conn, "/api/v1/timelines/tag/test?all[]=test1&none[]=none")

-      assert [status_test1] == json_response(restricted_test, :ok)
+      assert [status_test1] == json_response_and_validate_schema(restricted_test, :ok)

-      all_test = get(conn, "/api/v1/timelines/tag/test", %{"all" => ["none"]})
+      all_test = get(conn, "/api/v1/timelines/tag/test?all[]=none")

-      assert [status_none] == json_response(all_test, :ok)
+      assert [status_none] == json_response_and_validate_schema(all_test, :ok)
    end
  end
 end
--- a/test/web/mastodon_api/mastodon_api_test.exs
+++ b/test/web/mastodon_api/mastodon_api_test.exs
@ -75,9 +75,9 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPITest do

      User.subscribe(subscriber, user)

-      {:ok, status} = CommonAPI.post(user, %{"status" => "Akariiiin"})
+      {:ok, status} = CommonAPI.post(user, %{status: "Akariiiin"})

-      {:ok, status1} = CommonAPI.post(user, %{"status" => "Magi"})
+      {:ok, status1} = CommonAPI.post(user, %{status: "Magi"})
      {:ok, [notification]} = Notification.create_notifications(status)
      {:ok, [notification1]} = Notification.create_notifications(status1)
      res = MastodonAPI.get_notifications(subscriber)
--- a/test/web/mastodon_api/views/account_view_test.exs
+++ b/test/web/mastodon_api/views/account_view_test.exs
@ -31,7 +31,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
        nickname: "shp@shitposter.club",
        name: ":karjalanpiirakka: shp",
        bio:
-          "<script src=\"invalid-html\"></script><span>valid html</span>. a<br>b<br/>c<br >d<br />f",
+          "<script src=\"invalid-html\"></script><span>valid html</span>. a<br>b<br/>c<br >d<br />f '&<>\"",
        inserted_at: ~N[2017-08-15 15:47:06.597036],
        emoji: %{"karjalanpiirakka" => "/file.png"}
      })
@ -46,7 +46,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
      followers_count: 3,
      following_count: 0,
      statuses_count: 5,
-      note: "<span>valid html</span>. a<br/>b<br/>c<br/>d<br/>f",
+      note: "<span>valid html</span>. a<br/>b<br/>c<br/>d<br/>f &#39;&amp;&lt;&gt;&quot;",
      url: user.ap_id,
      avatar: "http://localhost:4001/images/avi.png",
      avatar_static: "http://localhost:4001/images/avi.png",
@ -54,16 +54,16 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
      header_static: "http://localhost:4001/images/banner.png",
      emojis: [
        %{
-          "static_url" => "/file.png",
-          "url" => "/file.png",
-          "shortcode" => "karjalanpiirakka",
-          "visible_in_picker" => false
+          static_url: "/file.png",
+          url: "/file.png",
+          shortcode: "karjalanpiirakka",
+          visible_in_picker: false
        }
      ],
      fields: [],
      bot: false,
      source: %{
-        note: "valid html. a\nb\nc\nd\nf",
+        note: "valid html. a\nb\nc\nd\nf '&<>\"",
        sensitive: false,
        pleroma: %{
          actor_type: "Person",
@ -93,7 +93,14 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
  test "Represent the user account for the account owner" do
    user = insert(:user)

-    notification_settings = %Pleroma.User.NotificationSetting{}
+    notification_settings = %{
+      followers: true,
+      follows: true,
+      non_followers: true,
+      non_follows: true,
+      privacy_option: false
+    }
+
    privacy = user.default_scope

    assert %{
@ -295,82 +302,6 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
    end
  end

-  test "represent an embedded relationship" do
-    user =
-      insert(:user, %{
-        follower_count: 0,
-        note_count: 5,
-        actor_type: "Service",
-        nickname: "shp@shitposter.club",
-        inserted_at: ~N[2017-08-15 15:47:06.597036]
-      })
-
-    other_user = insert(:user)
-    {:ok, other_user} = User.follow(other_user, user)
-    {:ok, _user_relationship} = User.block(other_user, user)
-    {:ok, _} = User.follow(insert(:user), user)
-
-    expected = %{
-      id: to_string(user.id),
-      username: "shp",
-      acct: user.nickname,
-      display_name: user.name,
-      locked: false,
-      created_at: "2017-08-15T15:47:06.000Z",
-      followers_count: 1,
-      following_count: 0,
-      statuses_count: 5,
-      note: user.bio,
-      url: user.ap_id,
-      avatar: "http://localhost:4001/images/avi.png",
-      avatar_static: "http://localhost:4001/images/avi.png",
-      header: "http://localhost:4001/images/banner.png",
-      header_static: "http://localhost:4001/images/banner.png",
-      emojis: [],
-      fields: [],
-      bot: true,
-      source: %{
-        note: user.bio,
-        sensitive: false,
-        pleroma: %{
-          actor_type: "Service",
-          discoverable: false
-        },
-        fields: []
-      },
-      pleroma: %{
-        background_image: nil,
-        confirmation_pending: false,
-        tags: [],
-        is_admin: false,
-        is_moderator: false,
-        hide_favorites: true,
-        hide_followers: false,
-        hide_follows: false,
-        hide_followers_count: false,
-        hide_follows_count: false,
-        relationship: %{
-          id: to_string(user.id),
-          following: false,
-          followed_by: false,
-          blocking: true,
-          blocked_by: false,
-          subscribing: false,
-          muting: false,
-          muting_notifications: false,
-          requested: false,
-          domain_blocking: false,
-          showing_reblogs: true,
-          endorsed: false
-        },
-        skip_thread_containment: false
-      }
-    }
-
-    assert expected ==
-             AccountView.render("show.json", %{user: refresh_record(user), for: other_user})
-  end
-
  test "returns the settings store if the requesting user is the represented user and it's requested specifically" do
    user = insert(:user, pleroma_settings_store: %{fe: "test"})

@ -452,8 +383,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do

      {:ok, _activity} =
        CommonAPI.post(other_user, %{
-          "status" => "Hey @#{user.nickname}.",
-          "visibility" => "direct"
+          status: "Hey @#{user.nickname}.",
+          visibility: "direct"
        })

      user = User.get_cached_by_ap_id(user.ap_id)
@ -466,6 +397,24 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
               :unread_conversation_count
             ] == 1
    end
+
+    test "shows unread_count only to the account owner" do
+      user = insert(:user)
+      insert_list(7, :notification, user: user)
+      other_user = insert(:user)
+
+      user = User.get_cached_by_ap_id(user.ap_id)
+
+      assert AccountView.render(
+               "show.json",
+               %{user: user, for: other_user}
+             )[:pleroma][:unread_notifications_count] == nil
+
+      assert AccountView.render(
+               "show.json",
+               %{user: user, for: user}
+             )[:pleroma][:unread_notifications_count] == 7
+    end
  end

  describe "follow requests counter" do
@ -542,4 +491,31 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
               AccountView.render("show.json", %{user: user, for: user})
    end
  end
+
+  test "uses mediaproxy urls when it's enabled" do
+    clear_config([:media_proxy, :enabled], true)
+
+    user =
+      insert(:user,
+        avatar: %{"url" => [%{"href" => "https://evil.website/avatar.png"}]},
+        banner: %{"url" => [%{"href" => "https://evil.website/banner.png"}]},
+        emoji: %{"joker_smile" => "https://evil.website/society.png"}
+      )
+
+    AccountView.render("show.json", %{user: user})
+    |> Enum.all?(fn
+      {key, url} when key in [:avatar, :avatar_static, :header, :header_static] ->
+        String.starts_with?(url, Pleroma.Web.base_url())
+
+      {:emojis, emojis} ->
+        Enum.all?(emojis, fn %{url: url, static_url: static_url} ->
+          String.starts_with?(url, Pleroma.Web.base_url()) &&
+            String.starts_with?(static_url, Pleroma.Web.base_url())
+        end)
+
+      _ ->
+        true
+    end)
+    |> assert()
+  end
 end
--- a/test/web/mastodon_api/views/conversation_view_test.exs
+++ b/test/web/mastodon_api/views/conversation_view_test.exs
@ -16,7 +16,7 @@ defmodule Pleroma.Web.MastodonAPI.ConversationViewTest do
    other_user = insert(:user)

    {:ok, activity} =
-      CommonAPI.post(user, %{"status" => "hey @#{other_user.nickname}", "visibility" => "direct"})
+      CommonAPI.post(user, %{status: "hey @#{other_user.nickname}", visibility: "direct"})

    [participation] = Participation.for_user_with_last_activity_id(user)

--- a/test/web/mastodon_api/views/marker_view_test.exs
+++ b/test/web/mastodon_api/views/marker_view_test.exs
@ -8,19 +8,21 @@ defmodule Pleroma.Web.MastodonAPI.MarkerViewTest do
  import Pleroma.Factory

  test "returns markers" do
-    marker1 = insert(:marker, timeline: "notifications", last_read_id: "17")
+    marker1 = insert(:marker, timeline: "notifications", last_read_id: "17", unread_count: 5)
    marker2 = insert(:marker, timeline: "home", last_read_id: "42")

    assert MarkerView.render("markers.json", %{markers: [marker1, marker2]}) == %{
             "home" => %{
               last_read_id: "42",
               updated_at: NaiveDateTime.to_iso8601(marker2.updated_at),
-               version: 0
+               version: 0,
+               pleroma: %{unread_count: 0}
             },
             "notifications" => %{
               last_read_id: "17",
               updated_at: NaiveDateTime.to_iso8601(marker1.updated_at),
-               version: 0
+               version: 0,
+               pleroma: %{unread_count: 5}
             }
           }
  end
--- a/test/web/mastodon_api/views/notification_view_test.exs
+++ b/test/web/mastodon_api/views/notification_view_test.exs
@ -34,7 +34,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationViewTest do
  test "Mention notification" do
    user = insert(:user)
    mentioned_user = insert(:user)
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "hey @#{mentioned_user.nickname}"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "hey @#{mentioned_user.nickname}"})
    {:ok, [notification]} = Notification.create_notifications(activity)
    user = User.get_cached_by_id(user.id)

@ -42,7 +42,11 @@ defmodule Pleroma.Web.MastodonAPI.NotificationViewTest do
      id: to_string(notification.id),
      pleroma: %{is_seen: false},
      type: "mention",
-      account: AccountView.render("show.json", %{user: user, for: mentioned_user}),
+      account:
+        AccountView.render("show.json", %{
+          user: user,
+          for: mentioned_user
+        }),
      status: StatusView.render("show.json", %{activity: activity, for: mentioned_user}),
      created_at: Utils.to_masto_date(notification.inserted_at)
    }
@ -53,7 +57,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationViewTest do
  test "Favourite notification" do
    user = insert(:user)
    another_user = insert(:user)
-    {:ok, create_activity} = CommonAPI.post(user, %{"status" => "hey"})
+    {:ok, create_activity} = CommonAPI.post(user, %{status: "hey"})
    {:ok, favorite_activity} = CommonAPI.favorite(another_user, create_activity.id)
    {:ok, [notification]} = Notification.create_notifications(favorite_activity)
    create_activity = Activity.get_by_id(create_activity.id)
@ -73,8 +77,8 @@ defmodule Pleroma.Web.MastodonAPI.NotificationViewTest do
  test "Reblog notification" do
    user = insert(:user)
    another_user = insert(:user)
-    {:ok, create_activity} = CommonAPI.post(user, %{"status" => "hey"})
-    {:ok, reblog_activity, _object} = CommonAPI.repeat(create_activity.id, another_user)
+    {:ok, create_activity} = CommonAPI.post(user, %{status: "hey"})
+    {:ok, reblog_activity} = CommonAPI.repeat(create_activity.id, another_user)
    {:ok, [notification]} = Notification.create_notifications(reblog_activity)
    reblog_activity = Activity.get_by_id(create_activity.id)

@ -155,8 +159,8 @@ defmodule Pleroma.Web.MastodonAPI.NotificationViewTest do
    user = insert(:user)
    other_user = insert(:user)

-    {:ok, activity} = CommonAPI.post(user, %{"status" => "#cofe"})
-    {:ok, _activity, _} = CommonAPI.react_with_emoji(activity.id, other_user, "☕")
+    {:ok, activity} = CommonAPI.post(user, %{status: "#cofe"})
+    {:ok, _activity} = CommonAPI.react_with_emoji(activity.id, other_user, "☕")

    activity = Repo.get(Activity, activity.id)

--- a/test/web/mastodon_api/views/poll_view_test.exs
+++ b/test/web/mastodon_api/views/poll_view_test.exs
@ -22,10 +22,10 @@ defmodule Pleroma.Web.MastodonAPI.PollViewTest do

    {:ok, activity} =
      CommonAPI.post(user, %{
-        "status" => "Is Tenshi eating a corndog cute?",
-        "poll" => %{
-          "options" => ["absolutely!", "sure", "yes", "why are you even asking?"],
-          "expires_in" => 20
+        status: "Is Tenshi eating a corndog cute?",
+        poll: %{
+          options: ["absolutely!", "sure", "yes", "why are you even asking?"],
+          expires_in: 20
        }
      })

@ -62,11 +62,11 @@ defmodule Pleroma.Web.MastodonAPI.PollViewTest do

    {:ok, activity} =
      CommonAPI.post(user, %{
-        "status" => "Which Mastodon developer is your favourite?",
-        "poll" => %{
-          "options" => ["Gargron", "Eugen"],
-          "expires_in" => 20,
-          "multiple" => true
+        status: "Which Mastodon developer is your favourite?",
+        poll: %{
+          options: ["Gargron", "Eugen"],
+          expires_in: 20,
+          multiple: true
        }
      })

@ -91,10 +91,10 @@ defmodule Pleroma.Web.MastodonAPI.PollViewTest do

    {:ok, activity} =
      CommonAPI.post(user, %{
-        "status" => "What's with the smug face?",
-        "poll" => %{
-          "options" => [":blank: sip", ":blank::blank: sip", ":blank::blank::blank: sip"],
-          "expires_in" => 20
+        status: "What's with the smug face?",
+        poll: %{
+          options: [":blank: sip", ":blank::blank: sip", ":blank::blank::blank: sip"],
+          expires_in: 20
        }
      })

@ -109,11 +109,11 @@ defmodule Pleroma.Web.MastodonAPI.PollViewTest do

    {:ok, activity} =
      CommonAPI.post(user, %{
-        "status" => "Which input devices do you use?",
-        "poll" => %{
-          "options" => ["mouse", "trackball", "trackpoint"],
-          "multiple" => true,
-          "expires_in" => 20
+        status: "Which input devices do you use?",
+        poll: %{
+          options: ["mouse", "trackball", "trackpoint"],
+          multiple: true,
+          expires_in: 20
        }
      })

--- a/test/web/mastodon_api/views/scheduled_activity_view_test.exs
+++ b/test/web/mastodon_api/views/scheduled_activity_view_test.exs
@ -14,7 +14,7 @@ defmodule Pleroma.Web.MastodonAPI.ScheduledActivityViewTest do

  test "A scheduled activity with a media attachment" do
    user = insert(:user)
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "hi"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "hi"})

    scheduled_at =
      NaiveDateTime.utc_now()
@ -47,7 +47,7 @@ defmodule Pleroma.Web.MastodonAPI.ScheduledActivityViewTest do
    expected = %{
      id: to_string(scheduled_activity.id),
      media_attachments:
-        %{"media_ids" => [upload.id]}
+        %{media_ids: [upload.id]}
        |> Utils.attachments_from_ids()
        |> Enum.map(&StatusView.render("attachment.json", %{attachment: &1})),
      params: %{
--- a/test/web/mastodon_api/views/status_view_test.exs
+++ b/test/web/mastodon_api/views/status_view_test.exs
@ -20,6 +20,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do

  import Pleroma.Factory
  import Tesla.Mock
+  import OpenApiSpex.TestAssertions

  setup do
    mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
@ -30,14 +31,16 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
    user = insert(:user)
    other_user = insert(:user)
    third_user = insert(:user)
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "dae cofe??"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "dae cofe??"})

-    {:ok, _, _} = CommonAPI.react_with_emoji(activity.id, user, "☕")
-    {:ok, _, _} = CommonAPI.react_with_emoji(activity.id, third_user, "🍵")
-    {:ok, _, _} = CommonAPI.react_with_emoji(activity.id, other_user, "☕")
+    {:ok, _} = CommonAPI.react_with_emoji(activity.id, user, "☕")
+    {:ok, _} = CommonAPI.react_with_emoji(activity.id, third_user, "🍵")
+    {:ok, _} = CommonAPI.react_with_emoji(activity.id, other_user, "☕")
    activity = Repo.get(Activity, activity.id)
    status = StatusView.render("show.json", activity: activity)

+    assert_schema(status, "Status", Pleroma.Web.ApiSpec.spec())
+
    assert status[:pleroma][:emoji_reactions] == [
             %{name: "☕", count: 2, me: false},
             %{name: "🍵", count: 1, me: false}
@ -45,6 +48,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do

    status = StatusView.render("show.json", activity: activity, for: user)

+    assert_schema(status, "Status", Pleroma.Web.ApiSpec.spec())
+
    assert status[:pleroma][:emoji_reactions] == [
             %{name: "☕", count: 2, me: true},
             %{name: "🍵", count: 1, me: false}
@ -54,7 +59,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
  test "loads and returns the direct conversation id when given the `with_direct_conversation_id` option" do
    user = insert(:user)

-    {:ok, activity} = CommonAPI.post(user, %{"status" => "Hey @shp!", "visibility" => "direct"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "Hey @shp!", visibility: "direct"})
    [participation] = Participation.for_user(user)

    status =
@ -68,12 +73,13 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do

    status = StatusView.render("show.json", activity: activity, for: user)
    assert status[:pleroma][:direct_conversation_id] == nil
+    assert_schema(status, "Status", Pleroma.Web.ApiSpec.spec())
  end

  test "returns the direct conversation id when given the `direct_conversation_id` option" do
    user = insert(:user)

-    {:ok, activity} = CommonAPI.post(user, %{"status" => "Hey @shp!", "visibility" => "direct"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "Hey @shp!", visibility: "direct"})
    [participation] = Participation.for_user(user)

    status =
@ -84,12 +90,13 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
      )

    assert status[:pleroma][:direct_conversation_id] == participation.id
+    assert_schema(status, "Status", Pleroma.Web.ApiSpec.spec())
  end

  test "returns a temporary ap_id based user for activities missing db users" do
    user = insert(:user)

-    {:ok, activity} = CommonAPI.post(user, %{"status" => "Hey @shp!", "visibility" => "direct"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "Hey @shp!", visibility: "direct"})

    Repo.delete(user)
    Cachex.clear(:user_cache)
@ -119,7 +126,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
  test "tries to get a user by nickname if fetching by ap_id doesn't work" do
    user = insert(:user)

-    {:ok, activity} = CommonAPI.post(user, %{"status" => "Hey @shp!", "visibility" => "direct"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "Hey @shp!", visibility: "direct"})

    {:ok, user} =
      user
@ -131,6 +138,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
    result = StatusView.render("show.json", activity: activity)

    assert result[:account][:id] == to_string(user.id)
+    assert_schema(result, "Status", Pleroma.Web.ApiSpec.spec())
  end

  test "a note with null content" do
@ -149,6 +157,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
    status = StatusView.render("show.json", %{activity: note})

    assert status.content == ""
+    assert_schema(status, "Status", Pleroma.Web.ApiSpec.spec())
  end

  test "a note activity" do
@ -222,6 +231,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
    }

    assert status == expected
+    assert_schema(status, "Status", Pleroma.Web.ApiSpec.spec())
  end

  test "tells if the message is muted for some reason" do
@ -230,13 +240,14 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do

    {:ok, _user_relationships} = User.mute(user, other_user)

-    {:ok, activity} = CommonAPI.post(other_user, %{"status" => "test"})
+    {:ok, activity} = CommonAPI.post(other_user, %{status: "test"})

    relationships_opt = UserRelationship.view_relationships_option(user, [other_user])

    opts = %{activity: activity}
    status = StatusView.render("show.json", opts)
    assert status.muted == false
+    assert_schema(status, "Status", Pleroma.Web.ApiSpec.spec())

    status = StatusView.render("show.json", Map.put(opts, :relationships, relationships_opt))
    assert status.muted == false
@ -247,6 +258,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do

    status = StatusView.render("show.json", Map.put(for_opts, :relationships, relationships_opt))
    assert status.muted == true
+    assert_schema(status, "Status", Pleroma.Web.ApiSpec.spec())
  end

  test "tells if the message is thread muted" do
@ -255,7 +267,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do

    {:ok, _user_relationships} = User.mute(user, other_user)

-    {:ok, activity} = CommonAPI.post(other_user, %{"status" => "test"})
+    {:ok, activity} = CommonAPI.post(other_user, %{status: "test"})
    status = StatusView.render("show.json", %{activity: activity, for: user})

    assert status.pleroma.thread_muted == false
@ -270,7 +282,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
  test "tells if the status is bookmarked" do
    user = insert(:user)

-    {:ok, activity} = CommonAPI.post(user, %{"status" => "Cute girls doing cute things"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "Cute girls doing cute things"})
    status = StatusView.render("show.json", %{activity: activity})

    assert status.bookmarked == false
@ -292,8 +304,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
    note = insert(:note_activity)
    user = insert(:user)

-    {:ok, activity} =
-      CommonAPI.post(user, %{"status" => "he", "in_reply_to_status_id" => note.id})
+    {:ok, activity} = CommonAPI.post(user, %{status: "he", in_reply_to_status_id: note.id})

    status = StatusView.render("show.json", %{activity: activity})

@ -308,12 +319,14 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
    user = insert(:user)
    mentioned = insert(:user)

-    {:ok, activity} = CommonAPI.post(user, %{"status" => "hi @#{mentioned.nickname}"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "hi @#{mentioned.nickname}"})

    status = StatusView.render("show.json", %{activity: activity})

    assert status.mentions ==
             Enum.map([mentioned], fn u -> AccountView.render("mention.json", %{user: u}) end)
+
+    assert_schema(status, "Status", Pleroma.Web.ApiSpec.spec())
  end

  test "create mentions from the 'to' field" do
@ -402,11 +415,17 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
      pleroma: %{mime_type: "image/png"}
    }

+    api_spec = Pleroma.Web.ApiSpec.spec()
+
    assert expected == StatusView.render("attachment.json", %{attachment: object})
+    assert_schema(expected, "Attachment", api_spec)

    # If theres a "id", use that instead of the generated one
    object = Map.put(object, "id", 2)
-    assert %{id: "2"} = StatusView.render("attachment.json", %{attachment: object})
+    result = StatusView.render("attachment.json", %{attachment: object})
+
+    assert %{id: "2"} = result
+    assert_schema(result, "Attachment", api_spec)
  end

  test "put the url advertised in the Activity in to the url attribute" do
@ -423,13 +442,14 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
    user = insert(:user)
    activity = insert(:note_activity)

-    {:ok, reblog, _} = CommonAPI.repeat(activity.id, user)
+    {:ok, reblog} = CommonAPI.repeat(activity.id, user)

    represented = StatusView.render("show.json", %{for: user, activity: reblog})

    assert represented[:id] == to_string(reblog.id)
    assert represented[:reblog][:id] == to_string(activity.id)
    assert represented[:emojis] == []
+    assert_schema(represented, "Status", Pleroma.Web.ApiSpec.spec())
  end

  test "a peertube video" do
@ -446,6 +466,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do

    assert represented[:id] == to_string(activity.id)
    assert length(represented[:media_attachments]) == 1
+    assert_schema(represented, "Status", Pleroma.Web.ApiSpec.spec())
  end

  test "funkwhale audio" do
@ -555,39 +576,37 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do
    end
  end

-  test "embeds a relationship in the account" do
+  test "does not embed a relationship in the account" do
    user = insert(:user)
    other_user = insert(:user)

    {:ok, activity} =
      CommonAPI.post(user, %{
-        "status" => "drink more water"
+        status: "drink more water"
      })

    result = StatusView.render("show.json", %{activity: activity, for: other_user})

-    assert result[:account][:pleroma][:relationship] ==
-             AccountView.render("relationship.json", %{user: other_user, target: user})
+    assert result[:account][:pleroma][:relationship] == %{}
+    assert_schema(result, "Status", Pleroma.Web.ApiSpec.spec())
  end

-  test "embeds a relationship in the account in reposts" do
+  test "does not embed a relationship in the account in reposts" do
    user = insert(:user)
    other_user = insert(:user)

    {:ok, activity} =
      CommonAPI.post(user, %{
-        "status" => "˙˙ɐʎns"
+        status: "˙˙ɐʎns"
      })

-    {:ok, activity, _object} = CommonAPI.repeat(activity.id, other_user)
+    {:ok, activity} = CommonAPI.repeat(activity.id, other_user)

    result = StatusView.render("show.json", %{activity: activity, for: user})

-    assert result[:account][:pleroma][:relationship] ==
-             AccountView.render("relationship.json", %{user: user, target: other_user})
-
-    assert result[:reblog][:account][:pleroma][:relationship] ==
-             AccountView.render("relationship.json", %{user: user, target: user})
+    assert result[:account][:pleroma][:relationship] == %{}
+    assert result[:reblog][:account][:pleroma][:relationship] == %{}
+    assert_schema(result, "Status", Pleroma.Web.ApiSpec.spec())
  end

  test "visibility/list" do
@ -595,20 +614,10 @@ defmodule Pleroma.Web.MastodonAPI.StatusViewTest do

    {:ok, list} = Pleroma.List.create("foo", user)

-    {:ok, activity} =
-      CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "foobar", visibility: "list:#{list.id}"})

    status = StatusView.render("show.json", activity: activity)

    assert status.visibility == "list"
  end
-
-  test "successfully renders a Listen activity (pleroma extension)" do
-    listen_activity = insert(:listen)
-
-    status = StatusView.render("listen.json", activity: listen_activity)
-
-    assert status.length == listen_activity.data["object"]["length"]
-    assert status.title == listen_activity.data["object"]["title"]
-  end
 end
--- a/test/web/media_proxy/invalidations/http_test.exs
+++ b/test/web/media_proxy/invalidations/http_test.exs
@ -0,0 +1,35 @@
+defmodule Pleroma.Web.MediaProxy.Invalidation.HttpTest do
+  use ExUnit.Case
+  alias Pleroma.Web.MediaProxy.Invalidation
+
+  import ExUnit.CaptureLog
+  import Tesla.Mock
+
+  test "logs hasn't error message when request is valid" do
+    mock(fn
+      %{method: :purge, url: "http://example.com/media/example.jpg"} ->
+        %Tesla.Env{status: 200}
+    end)
+
+    refute capture_log(fn ->
+             assert Invalidation.Http.purge(
+                      ["http://example.com/media/example.jpg"],
+                      %{}
+                    ) == {:ok, "success"}
+           end) =~ "Error while cache purge"
+  end
+
+  test "it write error message in logs when request invalid" do
+    mock(fn
+      %{method: :purge, url: "http://example.com/media/example1.jpg"} ->
+        %Tesla.Env{status: 404}
+    end)
+
+    assert capture_log(fn ->
+             assert Invalidation.Http.purge(
+                      ["http://example.com/media/example1.jpg"],
+                      %{}
+                    ) == {:ok, "success"}
+           end) =~ "Error while cache purge: url - http://example.com/media/example1.jpg"
+  end
+end
--- a/test/web/media_proxy/invalidations/script_test.exs
+++ b/test/web/media_proxy/invalidations/script_test.exs
@ -0,0 +1,20 @@
+defmodule Pleroma.Web.MediaProxy.Invalidation.ScriptTest do
+  use ExUnit.Case
+  alias Pleroma.Web.MediaProxy.Invalidation
+
+  import ExUnit.CaptureLog
+
+  test "it logger error when script not found" do
+    assert capture_log(fn ->
+             assert Invalidation.Script.purge(
+                      ["http://example.com/media/example.jpg"],
+                      %{script_path: "./example"}
+                    ) == {:error, "\"%ErlangError{original: :enoent}\""}
+           end) =~ "Error while cache purge: \"%ErlangError{original: :enoent}\""
+
+    assert Invalidation.Script.purge(
+             ["http://example.com/media/example.jpg"],
+             %{}
+           ) == {:error, "not found script path"}
+  end
+end
--- a/test/web/media_proxy/media_proxy_test.exs
+++ b/test/web/media_proxy/media_proxy_test.exs
@ -124,15 +124,7 @@ defmodule Pleroma.Web.MediaProxyTest do
    end

    test "uses the configured base_url" do
-      base_url = Pleroma.Config.get([:media_proxy, :base_url])
-
-      if base_url do
-        on_exit(fn ->
-          Pleroma.Config.put([:media_proxy, :base_url], base_url)
-        end)
-      end
-
-      Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social")
+      clear_config([:media_proxy, :base_url], "https://cache.pleroma.social")

      url = "https://pleroma.soykaf.com/static/logo.png"
      encoded = url(url)
@ -213,8 +205,8 @@ defmodule Pleroma.Web.MediaProxyTest do
    end

    test "does not change whitelisted urls" do
-      Pleroma.Config.put([:media_proxy, :whitelist], ["mycdn.akamai.com"])
-      Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social")
+      clear_config([:media_proxy, :whitelist], ["mycdn.akamai.com"])
+      clear_config([:media_proxy, :base_url], "https://cache.pleroma.social")

      media_url = "https://mycdn.akamai.com"

--- a/test/web/metadata/twitter_card_test.exs
+++ b/test/web/metadata/twitter_card_test.exs
@ -30,7 +30,7 @@ defmodule Pleroma.Web.Metadata.Providers.TwitterCardTest do

  test "it uses summary twittercard if post has no attachment" do
    user = insert(:user, name: "Jimmy Hendriks", bio: "born 19 March 1994")
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "HI"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "HI"})

    note =
      insert(:note, %{
@ -56,7 +56,7 @@ defmodule Pleroma.Web.Metadata.Providers.TwitterCardTest do
  test "it renders avatar not attachment if post is nsfw and unfurl_nsfw is disabled" do
    Pleroma.Config.put([Pleroma.Web.Metadata, :unfurl_nsfw], false)
    user = insert(:user, name: "Jimmy Hendriks", bio: "born 19 March 1994")
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "HI"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "HI"})

    note =
      insert(:note, %{
@ -100,7 +100,7 @@ defmodule Pleroma.Web.Metadata.Providers.TwitterCardTest do

  test "it renders supported types of attachments and skips unknown types" do
    user = insert(:user, name: "Jimmy Hendriks", bio: "born 19 March 1994")
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "HI"})
+    {:ok, activity} = CommonAPI.post(user, %{status: "HI"})

    note =
      insert(:note, %{
--- a/test/web/mongooseim/mongoose_im_controller_test.exs
+++ b/test/web/mongooseim/mongoose_im_controller_test.exs
@ -41,13 +41,13 @@ defmodule Pleroma.Web.MongooseIMController do
  end

  test "/check_password", %{conn: conn} do
-    user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt("cool"))
+    user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt("cool"))

    _deactivated_user =
      insert(:user,
        nickname: "konata",
        deactivated: true,
-        password_hash: Comeonin.Pbkdf2.hashpwsalt("cool")
+        password_hash: Pbkdf2.hash_pwd_salt("cool")
      )

    res =
--- a/test/web/oauth/ldap_authorization_test.exs
+++ b/test/web/oauth/ldap_authorization_test.exs
@ -19,7 +19,7 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do
  @tag @skip
  test "authorizes the existing user using LDAP credentials" do
    password = "testpassword"
-    user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
+    user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
    app = insert(:oauth_app, scopes: ["read", "write"])

    host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
@ -104,7 +104,7 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do
  @tag @skip
  test "falls back to the default authorization when LDAP is unavailable" do
    password = "testpassword"
-    user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
+    user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
    app = insert(:oauth_app, scopes: ["read", "write"])

    host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
@ -148,7 +148,7 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do
  @tag @skip
  test "disallow authorization for wrong LDAP credentials" do
    password = "testpassword"
-    user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
+    user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
    app = insert(:oauth_app, scopes: ["read", "write"])

    host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
--- a/test/web/oauth/mfa_controller_test.exs
+++ b/test/web/oauth/mfa_controller_test.exs
@ -0,0 +1,306 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.OAuth.MFAControllerTest do
+  use Pleroma.Web.ConnCase
+  import Pleroma.Factory
+
+  alias Pleroma.MFA
+  alias Pleroma.MFA.BackupCodes
+  alias Pleroma.MFA.TOTP
+  alias Pleroma.Repo
+  alias Pleroma.Web.OAuth.Authorization
+  alias Pleroma.Web.OAuth.OAuthController
+
+  setup %{conn: conn} do
+    otp_secret = TOTP.generate_secret()
+
+    user =
+      insert(:user,
+        multi_factor_authentication_settings: %MFA.Settings{
+          enabled: true,
+          backup_codes: [Pbkdf2.hash_pwd_salt("test-code")],
+          totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
+        }
+      )
+
+    app = insert(:oauth_app)
+    {:ok, conn: conn, user: user, app: app}
+  end
+
+  describe "show" do
+    setup %{conn: conn, user: user, app: app} do
+      mfa_token =
+        insert(:mfa_token,
+          user: user,
+          authorization: build(:oauth_authorization, app: app, scopes: ["write"])
+        )
+
+      {:ok, conn: conn, mfa_token: mfa_token}
+    end
+
+    test "GET /oauth/mfa renders mfa forms", %{conn: conn, mfa_token: mfa_token} do
+      conn =
+        get(
+          conn,
+          "/oauth/mfa",
+          %{
+            "mfa_token" => mfa_token.token,
+            "state" => "a_state",
+            "redirect_uri" => "http://localhost:8080/callback"
+          }
+        )
+
+      assert response = html_response(conn, 200)
+      assert response =~ "Two-factor authentication"
+      assert response =~ mfa_token.token
+      assert response =~ "http://localhost:8080/callback"
+    end
+
+    test "GET /oauth/mfa renders mfa recovery forms", %{conn: conn, mfa_token: mfa_token} do
+      conn =
+        get(
+          conn,
+          "/oauth/mfa",
+          %{
+            "mfa_token" => mfa_token.token,
+            "state" => "a_state",
+            "redirect_uri" => "http://localhost:8080/callback",
+            "challenge_type" => "recovery"
+          }
+        )
+
+      assert response = html_response(conn, 200)
+      assert response =~ "Two-factor recovery"
+      assert response =~ mfa_token.token
+      assert response =~ "http://localhost:8080/callback"
+    end
+  end
+
+  describe "verify" do
+    setup %{conn: conn, user: user, app: app} do
+      mfa_token =
+        insert(:mfa_token,
+          user: user,
+          authorization: build(:oauth_authorization, app: app, scopes: ["write"])
+        )
+
+      {:ok, conn: conn, user: user, mfa_token: mfa_token, app: app}
+    end
+
+    test "POST /oauth/mfa/verify, verify totp code", %{
+      conn: conn,
+      user: user,
+      mfa_token: mfa_token,
+      app: app
+    } do
+      otp_token = TOTP.generate_token(user.multi_factor_authentication_settings.totp.secret)
+
+      conn =
+        conn
+        |> post("/oauth/mfa/verify", %{
+          "mfa" => %{
+            "mfa_token" => mfa_token.token,
+            "challenge_type" => "totp",
+            "code" => otp_token,
+            "state" => "a_state",
+            "redirect_uri" => OAuthController.default_redirect_uri(app)
+          }
+        })
+
+      target = redirected_to(conn)
+      target_url = %URI{URI.parse(target) | query: nil} |> URI.to_string()
+      query = URI.parse(target).query |> URI.query_decoder() |> Map.new()
+      assert %{"state" => "a_state", "code" => code} = query
+      assert target_url == OAuthController.default_redirect_uri(app)
+      auth = Repo.get_by(Authorization, token: code)
+      assert auth.scopes == ["write"]
+    end
+
+    test "POST /oauth/mfa/verify, verify recovery code", %{
+      conn: conn,
+      mfa_token: mfa_token,
+      app: app
+    } do
+      conn =
+        conn
+        |> post("/oauth/mfa/verify", %{
+          "mfa" => %{
+            "mfa_token" => mfa_token.token,
+            "challenge_type" => "recovery",
+            "code" => "test-code",
+            "state" => "a_state",
+            "redirect_uri" => OAuthController.default_redirect_uri(app)
+          }
+        })
+
+      target = redirected_to(conn)
+      target_url = %URI{URI.parse(target) | query: nil} |> URI.to_string()
+      query = URI.parse(target).query |> URI.query_decoder() |> Map.new()
+      assert %{"state" => "a_state", "code" => code} = query
+      assert target_url == OAuthController.default_redirect_uri(app)
+      auth = Repo.get_by(Authorization, token: code)
+      assert auth.scopes == ["write"]
+    end
+  end
+
+  describe "challenge/totp" do
+    test "returns access token with valid code", %{conn: conn, user: user, app: app} do
+      otp_token = TOTP.generate_token(user.multi_factor_authentication_settings.totp.secret)
+
+      mfa_token =
+        insert(:mfa_token,
+          user: user,
+          authorization: build(:oauth_authorization, app: app, scopes: ["write"])
+        )
+
+      response =
+        conn
+        |> post("/oauth/mfa/challenge", %{
+          "mfa_token" => mfa_token.token,
+          "challenge_type" => "totp",
+          "code" => otp_token,
+          "client_id" => app.client_id,
+          "client_secret" => app.client_secret
+        })
+        |> json_response(:ok)
+
+      ap_id = user.ap_id
+
+      assert match?(
+               %{
+                 "access_token" => _,
+                 "expires_in" => 600,
+                 "me" => ^ap_id,
+                 "refresh_token" => _,
+                 "scope" => "write",
+                 "token_type" => "Bearer"
+               },
+               response
+             )
+    end
+
+    test "returns errors when mfa token invalid", %{conn: conn, user: user, app: app} do
+      otp_token = TOTP.generate_token(user.multi_factor_authentication_settings.totp.secret)
+
+      response =
+        conn
+        |> post("/oauth/mfa/challenge", %{
+          "mfa_token" => "XXX",
+          "challenge_type" => "totp",
+          "code" => otp_token,
+          "client_id" => app.client_id,
+          "client_secret" => app.client_secret
+        })
+        |> json_response(400)
+
+      assert response == %{"error" => "Invalid code"}
+    end
+
+    test "returns error when otp code is invalid", %{conn: conn, user: user, app: app} do
+      mfa_token = insert(:mfa_token, user: user)
+
+      response =
+        conn
+        |> post("/oauth/mfa/challenge", %{
+          "mfa_token" => mfa_token.token,
+          "challenge_type" => "totp",
+          "code" => "XXX",
+          "client_id" => app.client_id,
+          "client_secret" => app.client_secret
+        })
+        |> json_response(400)
+
+      assert response == %{"error" => "Invalid code"}
+    end
+
+    test "returns error when client credentails is wrong ", %{conn: conn, user: user} do
+      otp_token = TOTP.generate_token(user.multi_factor_authentication_settings.totp.secret)
+      mfa_token = insert(:mfa_token, user: user)
+
+      response =
+        conn
+        |> post("/oauth/mfa/challenge", %{
+          "mfa_token" => mfa_token.token,
+          "challenge_type" => "totp",
+          "code" => otp_token,
+          "client_id" => "xxx",
+          "client_secret" => "xxx"
+        })
+        |> json_response(400)
+
+      assert response == %{"error" => "Invalid code"}
+    end
+  end
+
+  describe "challenge/recovery" do
+    setup %{conn: conn} do
+      app = insert(:oauth_app)
+      {:ok, conn: conn, app: app}
+    end
+
+    test "returns access token with valid code", %{conn: conn, app: app} do
+      otp_secret = TOTP.generate_secret()
+
+      [code | _] = backup_codes = BackupCodes.generate()
+
+      hashed_codes =
+        backup_codes
+        |> Enum.map(&Pbkdf2.hash_pwd_salt(&1))
+
+      user =
+        insert(:user,
+          multi_factor_authentication_settings: %MFA.Settings{
+            enabled: true,
+            backup_codes: hashed_codes,
+            totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
+          }
+        )
+
+      mfa_token =
+        insert(:mfa_token,
+          user: user,
+          authorization: build(:oauth_authorization, app: app, scopes: ["write"])
+        )
+
+      response =
+        conn
+        |> post("/oauth/mfa/challenge", %{
+          "mfa_token" => mfa_token.token,
+          "challenge_type" => "recovery",
+          "code" => code,
+          "client_id" => app.client_id,
+          "client_secret" => app.client_secret
+        })
+        |> json_response(:ok)
+
+      ap_id = user.ap_id
+
+      assert match?(
+               %{
+                 "access_token" => _,
+                 "expires_in" => 600,
+                 "me" => ^ap_id,
+                 "refresh_token" => _,
+                 "scope" => "write",
+                 "token_type" => "Bearer"
+               },
+               response
+             )
+
+      error_response =
+        conn
+        |> post("/oauth/mfa/challenge", %{
+          "mfa_token" => mfa_token.token,
+          "challenge_type" => "recovery",
+          "code" => code,
+          "client_id" => app.client_id,
+          "client_secret" => app.client_secret
+        })
+        |> json_response(400)
+
+      assert error_response == %{"error" => "Invalid code"}
+    end
+  end
+end
--- a/test/web/oauth/oauth_controller_test.exs
+++ b/test/web/oauth/oauth_controller_test.exs
@ -6,6 +6,8 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
  use Pleroma.Web.ConnCase
  import Pleroma.Factory

+  alias Pleroma.MFA
+  alias Pleroma.MFA.TOTP
  alias Pleroma.Repo
  alias Pleroma.User
  alias Pleroma.Web.OAuth.Authorization
@ -309,7 +311,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
           app: app,
           conn: conn
         } do
-      user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt("testpassword"))
+      user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt("testpassword"))
      registration = insert(:registration, user: nil)
      redirect_uri = OAuthController.default_redirect_uri(app)

@ -340,7 +342,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
           app: app,
           conn: conn
         } do
-      user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt("testpassword"))
+      user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt("testpassword"))
      registration = insert(:registration, user: nil)
      unlisted_redirect_uri = "http://cross-site-request.com"

@ -604,6 +606,41 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
      end
    end

+    test "redirect to on two-factor auth page" do
+      otp_secret = TOTP.generate_secret()
+
+      user =
+        insert(:user,
+          multi_factor_authentication_settings: %MFA.Settings{
+            enabled: true,
+            totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
+          }
+        )
+
+      app = insert(:oauth_app, scopes: ["read", "write", "follow"])
+
+      conn =
+        build_conn()
+        |> post("/oauth/authorize", %{
+          "authorization" => %{
+            "name" => user.nickname,
+            "password" => "test",
+            "client_id" => app.client_id,
+            "redirect_uri" => app.redirect_uris,
+            "scope" => "read write",
+            "state" => "statepassed"
+          }
+        })
+
+      result = html_response(conn, 200)
+
+      mfa_token = Repo.get_by(MFA.Token, user_id: user.id)
+      assert result =~ app.redirect_uris
+      assert result =~ "statepassed"
+      assert result =~ mfa_token.token
+      assert result =~ "Two-factor authentication"
+    end
+
    test "returns 401 for wrong credentials", %{conn: conn} do
      user = insert(:user)
      app = insert(:oauth_app)
@ -713,7 +750,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do

    test "issues a token for `password` grant_type with valid credentials, with full permissions by default" do
      password = "testpassword"
-      user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
+      user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))

      app = insert(:oauth_app, scopes: ["read", "write"])

@ -735,6 +772,46 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
      assert token.scopes == app.scopes
    end

+    test "issues a mfa token for `password` grant_type, when MFA enabled" do
+      password = "testpassword"
+      otp_secret = TOTP.generate_secret()
+
+      user =
+        insert(:user,
+          password_hash: Pbkdf2.hash_pwd_salt(password),
+          multi_factor_authentication_settings: %MFA.Settings{
+            enabled: true,
+            totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
+          }
+        )
+
+      app = insert(:oauth_app, scopes: ["read", "write"])
+
+      response =
+        build_conn()
+        |> post("/oauth/token", %{
+          "grant_type" => "password",
+          "username" => user.nickname,
+          "password" => password,
+          "client_id" => app.client_id,
+          "client_secret" => app.client_secret
+        })
+        |> json_response(403)
+
+      assert match?(
+               %{
+                 "supported_challenge_types" => "totp",
+                 "mfa_token" => _,
+                 "error" => "mfa_required"
+               },
+               response
+             )
+
+      token = Repo.get_by(MFA.Token, token: response["mfa_token"])
+      assert token.user_id == user.id
+      assert token.authorization_id
+    end
+
    test "issues a token for request with HTTP basic auth client credentials" do
      user = insert(:user)
      app = insert(:oauth_app, scopes: ["scope1", "scope2", "scope3"])
@ -810,7 +887,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
      password = "testpassword"

      {:ok, user} =
-        insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
+        insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
        |> User.confirmation_changeset(need_confirmation: true)
        |> User.update_and_set_cache()

@ -838,7 +915,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do

      user =
        insert(:user,
-          password_hash: Comeonin.Pbkdf2.hashpwsalt(password),
+          password_hash: Pbkdf2.hash_pwd_salt(password),
          deactivated: true
        )

@ -866,7 +943,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do

      user =
        insert(:user,
-          password_hash: Comeonin.Pbkdf2.hashpwsalt(password),
+          password_hash: Pbkdf2.hash_pwd_salt(password),
          password_reset_pending: true
        )

@ -895,7 +972,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do

      user =
        insert(:user,
-          password_hash: Comeonin.Pbkdf2.hashpwsalt(password),
+          password_hash: Pbkdf2.hash_pwd_salt(password),
          confirmation_pending: true
        )

--- a/test/web/ostatus/ostatus_controller_test.exs
+++ b/test/web/ostatus/ostatus_controller_test.exs
@ -10,7 +10,11 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do
  alias Pleroma.Config
  alias Pleroma.Object
  alias Pleroma.User
+  alias Pleroma.Web.ActivityPub.ActivityPub
  alias Pleroma.Web.CommonAPI
+  alias Pleroma.Web.Endpoint
+
+  require Pleroma.Constants

  setup_all do
    Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
@ -19,6 +23,47 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do

  setup do: clear_config([:instance, :federating], true)

+  describe "Mastodon compatibility routes" do
+    setup %{conn: conn} do
+      conn = put_req_header(conn, "accept", "text/html")
+
+      {:ok, object} =
+        %{
+          "type" => "Note",
+          "content" => "hey",
+          "id" => Endpoint.url() <> "/users/raymoo/statuses/999999999",
+          "actor" => Endpoint.url() <> "/users/raymoo",
+          "to" => [Pleroma.Constants.as_public()]
+        }
+        |> Object.create()
+
+      {:ok, activity, _} =
+        %{
+          "id" => object.data["id"] <> "/activity",
+          "type" => "Create",
+          "object" => object.data["id"],
+          "actor" => object.data["actor"],
+          "to" => object.data["to"]
+        }
+        |> ActivityPub.persist(local: true)
+
+      %{conn: conn, activity: activity}
+    end
+
+    test "redirects to /notice/:id for html format", %{conn: conn, activity: activity} do
+      conn = get(conn, "/users/raymoo/statuses/999999999")
+      assert redirected_to(conn) == "/notice/#{activity.id}"
+    end
+
+    test "redirects to /notice/:id for html format for activity", %{
+      conn: conn,
+      activity: activity
+    } do
+      conn = get(conn, "/users/raymoo/statuses/999999999/activity")
+      assert redirected_to(conn) == "/notice/#{activity.id}"
+    end
+  end
+
  # Note: see ActivityPubControllerTest for JSON format tests
  describe "GET /objects/:uuid (text/html)" do
    setup %{conn: conn} do
--- a/test/web/pleroma_api/controllers/account_controller_test.exs
+++ b/test/web/pleroma_api/controllers/account_controller_test.exs
@ -31,8 +31,28 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do

    test "resend account confirmation email", %{conn: conn, user: user} do
      conn
+      |> put_req_header("content-type", "application/json")
      |> post("/api/v1/pleroma/accounts/confirmation_resend?email=#{user.email}")
-      |> json_response(:no_content)
+      |> json_response_and_validate_schema(:no_content)
+
+      ObanHelpers.perform_all()
+
+      email = Pleroma.Emails.UserEmail.account_confirmation_email(user)
+      notify_email = Config.get([:instance, :notify_email])
+      instance_name = Config.get([:instance, :name])
+
+      assert_email_sent(
+        from: {instance_name, notify_email},
+        to: {user.name, user.email},
+        html_body: email.html_body
+      )
+    end
+
+    test "resend account confirmation email (with nickname)", %{conn: conn, user: user} do
+      conn
+      |> put_req_header("content-type", "application/json")
+      |> post("/api/v1/pleroma/accounts/confirmation_resend?nickname=#{user.nickname}")
+      |> json_response_and_validate_schema(:no_content)

      ObanHelpers.perform_all()

@ -54,7 +74,10 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
    test "user avatar can be set", %{user: user, conn: conn} do
      avatar_image = File.read!("test/fixtures/avatar_data_uri")

-      conn = patch(conn, "/api/v1/pleroma/accounts/update_avatar", %{img: avatar_image})
+      conn =
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> patch("/api/v1/pleroma/accounts/update_avatar", %{img: avatar_image})

      user = refresh_record(user)

@ -70,17 +93,20 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
               ]
             } = user.avatar

-      assert %{"url" => _} = json_response(conn, 200)
+      assert %{"url" => _} = json_response_and_validate_schema(conn, 200)
    end

    test "user avatar can be reset", %{user: user, conn: conn} do
-      conn = patch(conn, "/api/v1/pleroma/accounts/update_avatar", %{img: ""})
+      conn =
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> patch("/api/v1/pleroma/accounts/update_avatar", %{img: ""})

      user = User.get_cached_by_id(user.id)

      assert user.avatar == nil

-      assert %{"url" => nil} = json_response(conn, 200)
+      assert %{"url" => nil} = json_response_and_validate_schema(conn, 200)
    end
  end

@ -88,21 +114,27 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
    setup do: oauth_access(["write:accounts"])

    test "can set profile banner", %{user: user, conn: conn} do
-      conn = patch(conn, "/api/v1/pleroma/accounts/update_banner", %{"banner" => @image})
+      conn =
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> patch("/api/v1/pleroma/accounts/update_banner", %{"banner" => @image})

      user = refresh_record(user)
      assert user.banner["type"] == "Image"

-      assert %{"url" => _} = json_response(conn, 200)
+      assert %{"url" => _} = json_response_and_validate_schema(conn, 200)
    end

    test "can reset profile banner", %{user: user, conn: conn} do
-      conn = patch(conn, "/api/v1/pleroma/accounts/update_banner", %{"banner" => ""})
+      conn =
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> patch("/api/v1/pleroma/accounts/update_banner", %{"banner" => ""})

      user = refresh_record(user)
      assert user.banner == %{}

-      assert %{"url" => nil} = json_response(conn, 200)
+      assert %{"url" => nil} = json_response_and_validate_schema(conn, 200)
    end
  end

@ -110,19 +142,26 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
    setup do: oauth_access(["write:accounts"])

    test "background image can be set", %{user: user, conn: conn} do
-      conn = patch(conn, "/api/v1/pleroma/accounts/update_background", %{"img" => @image})
+      conn =
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> patch("/api/v1/pleroma/accounts/update_background", %{"img" => @image})

      user = refresh_record(user)
      assert user.background["type"] == "Image"
-      assert %{"url" => _} = json_response(conn, 200)
+      # assert %{"url" => _} = json_response(conn, 200)
+      assert %{"url" => _} = json_response_and_validate_schema(conn, 200)
    end

    test "background image can be reset", %{user: user, conn: conn} do
-      conn = patch(conn, "/api/v1/pleroma/accounts/update_background", %{"img" => ""})
+      conn =
+        conn
+        |> put_req_header("content-type", "multipart/form-data")
+        |> patch("/api/v1/pleroma/accounts/update_background", %{"img" => ""})

      user = refresh_record(user)
      assert user.background == %{}
-      assert %{"url" => nil} = json_response(conn, 200)
+      assert %{"url" => nil} = json_response_and_validate_schema(conn, 200)
    end
  end

@ -143,7 +182,7 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
      response =
        conn
        |> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
-        |> json_response(:ok)
+        |> json_response_and_validate_schema(:ok)

      [like] = response

@ -160,7 +199,7 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
      response =
        build_conn()
        |> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
-        |> json_response(200)
+        |> json_response_and_validate_schema(200)

      assert length(response) == 1
    end
@ -171,8 +210,8 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
    } do
      {:ok, direct} =
        CommonAPI.post(current_user, %{
-          "status" => "Hi @#{user.nickname}!",
-          "visibility" => "direct"
+          status: "Hi @#{user.nickname}!",
+          visibility: "direct"
        })

      CommonAPI.favorite(user, direct.id)
@ -183,7 +222,7 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
          |> assign(:user, u)
          |> assign(:token, insert(:oauth_token, user: u, scopes: ["read:favourites"]))
          |> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
-          |> json_response(:ok)
+          |> json_response_and_validate_schema(:ok)

        assert length(response) == 1
      end
@ -191,7 +230,7 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
      response =
        build_conn()
        |> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
-        |> json_response(200)
+        |> json_response_and_validate_schema(200)

      assert length(response) == 0
    end
@ -204,8 +243,8 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do

      {:ok, direct} =
        CommonAPI.post(user_two, %{
-          "status" => "Hi @#{user.nickname}!",
-          "visibility" => "direct"
+          status: "Hi @#{user.nickname}!",
+          visibility: "direct"
        })

      CommonAPI.favorite(user, direct.id)
@ -213,7 +252,7 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
      response =
        conn
        |> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
-        |> json_response(:ok)
+        |> json_response_and_validate_schema(:ok)

      assert Enum.empty?(response)
    end
@ -233,11 +272,12 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do

      response =
        conn
-        |> get("/api/v1/pleroma/accounts/#{user.id}/favourites", %{
-          since_id: third_activity.id,
-          max_id: seventh_activity.id
-        })
-        |> json_response(:ok)
+        |> get(
+          "/api/v1/pleroma/accounts/#{user.id}/favourites?since_id=#{third_activity.id}&max_id=#{
+            seventh_activity.id
+          }"
+        )
+        |> json_response_and_validate_schema(:ok)

      assert length(response) == 3
      refute third_activity in response
@ -256,8 +296,8 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do

      response =
        conn
-        |> get("/api/v1/pleroma/accounts/#{user.id}/favourites", %{limit: "3"})
-        |> json_response(:ok)
+        |> get("/api/v1/pleroma/accounts/#{user.id}/favourites?limit=3")
+        |> json_response_and_validate_schema(:ok)

      assert length(response) == 3
    end
@ -269,7 +309,7 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
      response =
        conn
        |> get("/api/v1/pleroma/accounts/#{user.id}/favourites")
-        |> json_response(:ok)
+        |> json_response_and_validate_schema(:ok)

      assert Enum.empty?(response)
    end
@ -277,7 +317,7 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
    test "returns 404 error when specified user is not exist", %{conn: conn} do
      conn = get(conn, "/api/v1/pleroma/accounts/test/favourites")

-      assert json_response(conn, 404) == %{"error" => "Record not found"}
+      assert json_response_and_validate_schema(conn, 404) == %{"error" => "Record not found"}
    end

    test "returns 403 error when user has hidden own favorites", %{conn: conn} do
@ -287,7 +327,7 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do

      conn = get(conn, "/api/v1/pleroma/accounts/#{user.id}/favourites")

-      assert json_response(conn, 403) == %{"error" => "Can't get favorites"}
+      assert json_response_and_validate_schema(conn, 403) == %{"error" => "Can't get favorites"}
    end

    test "hides favorites for new users by default", %{conn: conn} do
@ -298,7 +338,7 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
      assert user.hide_favorites
      conn = get(conn, "/api/v1/pleroma/accounts/#{user.id}/favourites")

-      assert json_response(conn, 403) == %{"error" => "Can't get favorites"}
+      assert json_response_and_validate_schema(conn, 403) == %{"error" => "Can't get favorites"}
    end
  end

@ -312,11 +352,12 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do
        |> assign(:user, user)
        |> post("/api/v1/pleroma/accounts/#{subscription_target.id}/subscribe")

-      assert %{"id" => _id, "subscribing" => true} = json_response(ret_conn, 200)
+      assert %{"id" => _id, "subscribing" => true} =
+               json_response_and_validate_schema(ret_conn, 200)

      conn = post(conn, "/api/v1/pleroma/accounts/#{subscription_target.id}/unsubscribe")

-      assert %{"id" => _id, "subscribing" => false} = json_response(conn, 200)
+      assert %{"id" => _id, "subscribing" => false} = json_response_and_validate_schema(conn, 200)
    end
  end

@ -326,7 +367,7 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do

      conn = post(conn, "/api/v1/pleroma/accounts/target_id/subscribe")

-      assert %{"error" => "Record not found"} = json_response(conn, 404)
+      assert %{"error" => "Record not found"} = json_response_and_validate_schema(conn, 404)
    end
  end

@ -336,7 +377,7 @@ defmodule Pleroma.Web.PleromaAPI.AccountControllerTest do

      conn = post(conn, "/api/v1/pleroma/accounts/target_id/unsubscribe")

-      assert %{"error" => "Record not found"} = json_response(conn, 404)
+      assert %{"error" => "Record not found"} = json_response_and_validate_schema(conn, 404)
    end
  end
 end
--- a/test/web/pleroma_api/controllers/conversation_controller_test.exs
+++ b/test/web/pleroma_api/controllers/conversation_controller_test.exs
@ -0,0 +1,136 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.PleromaAPI.ConversationControllerTest do
+  use Pleroma.Web.ConnCase
+
+  alias Pleroma.Conversation.Participation
+  alias Pleroma.Repo
+  alias Pleroma.User
+  alias Pleroma.Web.CommonAPI
+
+  import Pleroma.Factory
+
+  test "/api/v1/pleroma/conversations/:id" do
+    user = insert(:user)
+    %{user: other_user, conn: conn} = oauth_access(["read:statuses"])
+
+    {:ok, _activity} =
+      CommonAPI.post(user, %{status: "Hi @#{other_user.nickname}!", visibility: "direct"})
+
+    [participation] = Participation.for_user(other_user)
+
+    result =
+      conn
+      |> get("/api/v1/pleroma/conversations/#{participation.id}")
+      |> json_response_and_validate_schema(200)
+
+    assert result["id"] == participation.id |> to_string()
+  end
+
+  test "/api/v1/pleroma/conversations/:id/statuses" do
+    user = insert(:user)
+    %{user: other_user, conn: conn} = oauth_access(["read:statuses"])
+    third_user = insert(:user)
+
+    {:ok, _activity} =
+      CommonAPI.post(user, %{status: "Hi @#{third_user.nickname}!", visibility: "direct"})
+
+    {:ok, activity} =
+      CommonAPI.post(user, %{status: "Hi @#{other_user.nickname}!", visibility: "direct"})
+
+    [participation] = Participation.for_user(other_user)
+
+    {:ok, activity_two} =
+      CommonAPI.post(other_user, %{
+        status: "Hi!",
+        in_reply_to_status_id: activity.id,
+        in_reply_to_conversation_id: participation.id
+      })
+
+    result =
+      conn
+      |> get("/api/v1/pleroma/conversations/#{participation.id}/statuses")
+      |> json_response_and_validate_schema(200)
+
+    assert length(result) == 2
+
+    id_one = activity.id
+    id_two = activity_two.id
+    assert [%{"id" => ^id_one}, %{"id" => ^id_two}] = result
+
+    {:ok, %{id: id_three}} =
+      CommonAPI.post(other_user, %{
+        status: "Bye!",
+        in_reply_to_status_id: activity.id,
+        in_reply_to_conversation_id: participation.id
+      })
+
+    assert [%{"id" => ^id_two}, %{"id" => ^id_three}] =
+             conn
+             |> get("/api/v1/pleroma/conversations/#{participation.id}/statuses?limit=2")
+             |> json_response_and_validate_schema(:ok)
+
+    assert [%{"id" => ^id_three}] =
+             conn
+             |> get("/api/v1/pleroma/conversations/#{participation.id}/statuses?min_id=#{id_two}")
+             |> json_response_and_validate_schema(:ok)
+  end
+
+  test "PATCH /api/v1/pleroma/conversations/:id" do
+    %{user: user, conn: conn} = oauth_access(["write:conversations"])
+    other_user = insert(:user)
+
+    {:ok, _activity} = CommonAPI.post(user, %{status: "Hi", visibility: "direct"})
+
+    [participation] = Participation.for_user(user)
+
+    participation = Repo.preload(participation, :recipients)
+
+    user = User.get_cached_by_id(user.id)
+    assert [user] == participation.recipients
+    assert other_user not in participation.recipients
+
+    query = "recipients[]=#{user.id}&recipients[]=#{other_user.id}"
+
+    result =
+      conn
+      |> patch("/api/v1/pleroma/conversations/#{participation.id}?#{query}")
+      |> json_response_and_validate_schema(200)
+
+    assert result["id"] == participation.id |> to_string
+
+    [participation] = Participation.for_user(user)
+    participation = Repo.preload(participation, :recipients)
+
+    assert user in participation.recipients
+    assert other_user in participation.recipients
+  end
+
+  test "POST /api/v1/pleroma/conversations/read" do
+    user = insert(:user)
+    %{user: other_user, conn: conn} = oauth_access(["write:conversations"])
+
+    {:ok, _activity} =
+      CommonAPI.post(user, %{status: "Hi @#{other_user.nickname}", visibility: "direct"})
+
+    {:ok, _activity} =
+      CommonAPI.post(user, %{status: "Hi @#{other_user.nickname}", visibility: "direct"})
+
+    [participation2, participation1] = Participation.for_user(other_user)
+    assert Participation.get(participation2.id).read == false
+    assert Participation.get(participation1.id).read == false
+    assert User.get_cached_by_id(other_user.id).unread_conversation_count == 2
+
+    [%{"unread" => false}, %{"unread" => false}] =
+      conn
+      |> post("/api/v1/pleroma/conversations/read", %{})
+      |> json_response_and_validate_schema(200)
+
+    [participation2, participation1] = Participation.for_user(other_user)
+    assert Participation.get(participation2.id).read == true
+    assert Participation.get(participation1.id).read == true
+    assert User.get_cached_by_id(other_user.id).unread_conversation_count == 0
+  end
+end
--- a/test/web/pleroma_api/controllers/emoji_pack_controller_test.exs
+++ b/test/web/pleroma_api/controllers/emoji_pack_controller_test.exs
@ -2,7 +2,7 @@
 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only

-defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
+defmodule Pleroma.Web.PleromaAPI.EmojiPackControllerTest do
  use Pleroma.Web.ConnCase

  import Tesla.Mock
@ -28,7 +28,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
  end

  test "GET /api/pleroma/emoji/packs", %{conn: conn} do
-    resp = conn |> get("/api/pleroma/emoji/packs") |> json_response(200)
+    resp = conn |> get("/api/pleroma/emoji/packs") |> json_response_and_validate_schema(200)

    shared = resp["test_pack"]
    assert shared["files"] == %{"blank" => "blank.png"}
@ -46,7 +46,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
      resp =
        conn
        |> get("/api/pleroma/emoji/packs")
-        |> json_response(200)
+        |> json_response_and_validate_schema(200)

      mock(fn
        %{method: :get, url: "https://example.com/.well-known/nodeinfo"} ->
@ -60,10 +60,8 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
      end)

      assert admin_conn
-             |> get("/api/pleroma/emoji/packs/remote", %{
-               url: "https://example.com"
-             })
-             |> json_response(200) == resp
+             |> get("/api/pleroma/emoji/packs/remote?url=https://example.com")
+             |> json_response_and_validate_schema(200) == resp
    end

    test "non shareable instance", %{admin_conn: admin_conn} do
@ -76,8 +74,8 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
      end)

      assert admin_conn
-             |> get("/api/pleroma/emoji/packs/remote", %{url: "https://example.com"})
-             |> json_response(500) == %{
+             |> get("/api/pleroma/emoji/packs/remote?url=https://example.com")
+             |> json_response_and_validate_schema(500) == %{
               "error" => "The requested instance does not support sharing emoji packs"
             }
    end
@ -99,7 +97,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
    test "non existing pack", %{conn: conn} do
      assert conn
             |> get("/api/pleroma/emoji/packs/test_pack_for_import/archive")
-             |> json_response(:not_found) == %{
+             |> json_response_and_validate_schema(:not_found) == %{
               "error" => "Pack test_pack_for_import does not exist"
             }
    end
@ -107,7 +105,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
    test "non downloadable pack", %{conn: conn} do
      assert conn
             |> get("/api/pleroma/emoji/packs/test_pack_nonshared/archive")
-             |> json_response(:forbidden) == %{
+             |> json_response_and_validate_schema(:forbidden) == %{
               "error" =>
                 "Pack test_pack_nonshared cannot be downloaded from this instance, either pack sharing was disabled for this pack or some files are missing"
             }
@ -132,7 +130,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
        } ->
          conn
          |> get("/api/pleroma/emoji/packs/test_pack")
-          |> json_response(200)
+          |> json_response_and_validate_schema(200)
          |> json()

        %{
@ -150,7 +148,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
        } ->
          conn
          |> get("/api/pleroma/emoji/packs/test_pack_nonshared")
-          |> json_response(200)
+          |> json_response_and_validate_schema(200)
          |> json()

        %{
@ -161,23 +159,25 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
      end)

      assert admin_conn
+             |> put_req_header("content-type", "multipart/form-data")
             |> post("/api/pleroma/emoji/packs/download", %{
               url: "https://example.com",
               name: "test_pack",
               as: "test_pack2"
             })
-             |> json_response(200) == "ok"
+             |> json_response_and_validate_schema(200) == "ok"

      assert File.exists?("#{@emoji_path}/test_pack2/pack.json")
      assert File.exists?("#{@emoji_path}/test_pack2/blank.png")

      assert admin_conn
             |> delete("/api/pleroma/emoji/packs/test_pack2")
-             |> json_response(200) == "ok"
+             |> json_response_and_validate_schema(200) == "ok"

      refute File.exists?("#{@emoji_path}/test_pack2")

      assert admin_conn
+             |> put_req_header("content-type", "multipart/form-data")
             |> post(
               "/api/pleroma/emoji/packs/download",
               %{
@ -186,14 +186,14 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
                 as: "test_pack_nonshared2"
               }
             )
-             |> json_response(200) == "ok"
+             |> json_response_and_validate_schema(200) == "ok"

      assert File.exists?("#{@emoji_path}/test_pack_nonshared2/pack.json")
      assert File.exists?("#{@emoji_path}/test_pack_nonshared2/blank.png")

      assert admin_conn
             |> delete("/api/pleroma/emoji/packs/test_pack_nonshared2")
-             |> json_response(200) == "ok"
+             |> json_response_and_validate_schema(200) == "ok"

      refute File.exists?("#{@emoji_path}/test_pack_nonshared2")
    end
@ -208,6 +208,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
      end)

      assert admin_conn
+             |> put_req_header("content-type", "multipart/form-data")
             |> post(
               "/api/pleroma/emoji/packs/download",
               %{
@ -216,7 +217,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
                 as: "test_pack2"
               }
             )
-             |> json_response(500) == %{
+             |> json_response_and_validate_schema(500) == %{
               "error" => "The requested instance does not support sharing emoji packs"
             }
    end
@ -233,10 +234,8 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
          method: :get,
          url: "https://example.com/api/pleroma/emoji/packs/pack_bad_sha"
        } ->
-          %Tesla.Env{
-            status: 200,
-            body: Pleroma.Emoji.Pack.load_pack("pack_bad_sha") |> Jason.encode!()
-          }
+          {:ok, pack} = Pleroma.Emoji.Pack.load_pack("pack_bad_sha")
+          %Tesla.Env{status: 200, body: Jason.encode!(pack)}

        %{
          method: :get,
@ -249,12 +248,13 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
      end)

      assert admin_conn
+             |> put_req_header("content-type", "multipart/form-data")
             |> post("/api/pleroma/emoji/packs/download", %{
               url: "https://example.com",
               name: "pack_bad_sha",
               as: "pack_bad_sha2"
             })
-             |> json_response(:internal_server_error) == %{
+             |> json_response_and_validate_schema(:internal_server_error) == %{
               "error" => "SHA256 for the pack doesn't match the one sent by the server"
             }
    end
@ -271,19 +271,18 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
          method: :get,
          url: "https://example.com/api/pleroma/emoji/packs/test_pack"
        } ->
-          %Tesla.Env{
-            status: 200,
-            body: Pleroma.Emoji.Pack.load_pack("test_pack") |> Jason.encode!()
-          }
+          {:ok, pack} = Pleroma.Emoji.Pack.load_pack("test_pack")
+          %Tesla.Env{status: 200, body: Jason.encode!(pack)}
      end)

      assert admin_conn
+             |> put_req_header("content-type", "multipart/form-data")
             |> post("/api/pleroma/emoji/packs/download", %{
               url: "https://example.com",
               name: "test_pack",
               as: "test_pack2"
             })
-             |> json_response(:internal_server_error) == %{
+             |> json_response_and_validate_schema(:internal_server_error) == %{
               "error" =>
                 "The pack was not set as shared and there is no fallback src to download from"
             }
@ -311,8 +310,9 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do

    test "for a pack without a fallback source", ctx do
      assert ctx[:admin_conn]
+             |> put_req_header("content-type", "multipart/form-data")
             |> patch("/api/pleroma/emoji/packs/test_pack", %{"metadata" => ctx[:new_data]})
-             |> json_response(200) == ctx[:new_data]
+             |> json_response_and_validate_schema(200) == ctx[:new_data]

      assert Jason.decode!(File.read!(ctx[:pack_file]))["pack"] == ctx[:new_data]
    end
@ -336,8 +336,9 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
        )

      assert ctx[:admin_conn]
+             |> put_req_header("content-type", "multipart/form-data")
             |> patch("/api/pleroma/emoji/packs/test_pack", %{metadata: new_data})
-             |> json_response(200) == new_data_with_sha
+             |> json_response_and_validate_schema(200) == new_data_with_sha

      assert Jason.decode!(File.read!(ctx[:pack_file]))["pack"] == new_data_with_sha
    end
@ -355,8 +356,9 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
      new_data = Map.put(ctx[:new_data], "fallback-src", "https://nonshared-pack")

      assert ctx[:admin_conn]
+             |> put_req_header("content-type", "multipart/form-data")
             |> patch("/api/pleroma/emoji/packs/test_pack", %{metadata: new_data})
-             |> json_response(:bad_request) == %{
+             |> json_response_and_validate_schema(:bad_request) == %{
               "error" => "The fallback archive does not have all files specified in pack.json"
             }
    end
@ -376,6 +378,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do

    test "create shortcode exists", %{admin_conn: admin_conn} do
      assert admin_conn
+             |> put_req_header("content-type", "multipart/form-data")
             |> post("/api/pleroma/emoji/packs/test_pack/files", %{
               shortcode: "blank",
               filename: "dir/blank.png",
@ -384,7 +387,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
                 path: "#{@emoji_path}/test_pack/blank.png"
               }
             })
-             |> json_response(:conflict) == %{
+             |> json_response_and_validate_schema(:conflict) == %{
               "error" => "An emoji with the \"blank\" shortcode already exists"
             }
    end
@ -393,6 +396,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
      on_exit(fn -> File.rm_rf!("#{@emoji_path}/test_pack/dir/") end)

      assert admin_conn
+             |> put_req_header("content-type", "multipart/form-data")
             |> post("/api/pleroma/emoji/packs/test_pack/files", %{
               shortcode: "blank2",
               filename: "dir/blank.png",
@ -401,17 +405,21 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
                 path: "#{@emoji_path}/test_pack/blank.png"
               }
             })
-             |> json_response(200) == %{"blank" => "blank.png", "blank2" => "dir/blank.png"}
+             |> json_response_and_validate_schema(200) == %{
+               "blank" => "blank.png",
+               "blank2" => "dir/blank.png"
+             }

      assert File.exists?("#{@emoji_path}/test_pack/dir/blank.png")

      assert admin_conn
+             |> put_req_header("content-type", "multipart/form-data")
             |> patch("/api/pleroma/emoji/packs/test_pack/files", %{
               shortcode: "blank",
               new_shortcode: "blank2",
               new_filename: "dir_2/blank_3.png"
             })
-             |> json_response(:conflict) == %{
+             |> json_response_and_validate_schema(:conflict) == %{
               "error" =>
                 "New shortcode \"blank2\" is already used. If you want to override emoji use 'force' option"
             }
@ -421,6 +429,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
      on_exit(fn -> File.rm_rf!("#{@emoji_path}/test_pack/dir_2/") end)

      assert admin_conn
+             |> put_req_header("content-type", "multipart/form-data")
             |> post("/api/pleroma/emoji/packs/test_pack/files", %{
               shortcode: "blank2",
               filename: "dir/blank.png",
@ -429,18 +438,22 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
                 path: "#{@emoji_path}/test_pack/blank.png"
               }
             })
-             |> json_response(200) == %{"blank" => "blank.png", "blank2" => "dir/blank.png"}
+             |> json_response_and_validate_schema(200) == %{
+               "blank" => "blank.png",
+               "blank2" => "dir/blank.png"
+             }

      assert File.exists?("#{@emoji_path}/test_pack/dir/blank.png")

      assert admin_conn
+             |> put_req_header("content-type", "multipart/form-data")
             |> patch("/api/pleroma/emoji/packs/test_pack/files", %{
               shortcode: "blank2",
               new_shortcode: "blank3",
               new_filename: "dir_2/blank_3.png",
               force: true
             })
-             |> json_response(200) == %{
+             |> json_response_and_validate_schema(200) == %{
               "blank" => "blank.png",
               "blank3" => "dir_2/blank_3.png"
             }
@ -450,6 +463,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do

    test "with empty filename", %{admin_conn: admin_conn} do
      assert admin_conn
+             |> put_req_header("content-type", "multipart/form-data")
             |> post("/api/pleroma/emoji/packs/test_pack/files", %{
               shortcode: "blank2",
               filename: "",
@ -458,13 +472,14 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
                 path: "#{@emoji_path}/test_pack/blank.png"
               }
             })
-             |> json_response(:bad_request) == %{
+             |> json_response_and_validate_schema(:bad_request) == %{
               "error" => "pack name, shortcode or filename cannot be empty"
             }
    end

    test "add file with not loaded pack", %{admin_conn: admin_conn} do
      assert admin_conn
+             |> put_req_header("content-type", "multipart/form-data")
             |> post("/api/pleroma/emoji/packs/not_loaded/files", %{
               shortcode: "blank2",
               filename: "dir/blank.png",
@ -473,37 +488,43 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
                 path: "#{@emoji_path}/test_pack/blank.png"
               }
             })
-             |> json_response(:bad_request) == %{
+             |> json_response_and_validate_schema(:bad_request) == %{
               "error" => "pack \"not_loaded\" is not found"
             }
    end

    test "remove file with not loaded pack", %{admin_conn: admin_conn} do
      assert admin_conn
-             |> delete("/api/pleroma/emoji/packs/not_loaded/files", %{shortcode: "blank3"})
-             |> json_response(:bad_request) == %{"error" => "pack \"not_loaded\" is not found"}
+             |> delete("/api/pleroma/emoji/packs/not_loaded/files?shortcode=blank3")
+             |> json_response_and_validate_schema(:bad_request) == %{
+               "error" => "pack \"not_loaded\" is not found"
+             }
    end

    test "remove file with empty shortcode", %{admin_conn: admin_conn} do
      assert admin_conn
-             |> delete("/api/pleroma/emoji/packs/not_loaded/files", %{shortcode: ""})
-             |> json_response(:bad_request) == %{
+             |> delete("/api/pleroma/emoji/packs/not_loaded/files?shortcode=")
+             |> json_response_and_validate_schema(:bad_request) == %{
               "error" => "pack name or shortcode cannot be empty"
             }
    end

    test "update file with not loaded pack", %{admin_conn: admin_conn} do
      assert admin_conn
+             |> put_req_header("content-type", "multipart/form-data")
             |> patch("/api/pleroma/emoji/packs/not_loaded/files", %{
               shortcode: "blank4",
               new_shortcode: "blank3",
               new_filename: "dir_2/blank_3.png"
             })
-             |> json_response(:bad_request) == %{"error" => "pack \"not_loaded\" is not found"}
+             |> json_response_and_validate_schema(:bad_request) == %{
+               "error" => "pack \"not_loaded\" is not found"
+             }
    end

    test "new with shortcode as file with update", %{admin_conn: admin_conn} do
      assert admin_conn
+             |> put_req_header("content-type", "multipart/form-data")
             |> post("/api/pleroma/emoji/packs/test_pack/files", %{
               shortcode: "blank4",
               filename: "dir/blank.png",
@ -512,24 +533,31 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
                 path: "#{@emoji_path}/test_pack/blank.png"
               }
             })
-             |> json_response(200) == %{"blank" => "blank.png", "blank4" => "dir/blank.png"}
+             |> json_response_and_validate_schema(200) == %{
+               "blank" => "blank.png",
+               "blank4" => "dir/blank.png"
+             }

      assert File.exists?("#{@emoji_path}/test_pack/dir/blank.png")

      assert admin_conn
+             |> put_req_header("content-type", "multipart/form-data")
             |> patch("/api/pleroma/emoji/packs/test_pack/files", %{
               shortcode: "blank4",
               new_shortcode: "blank3",
               new_filename: "dir_2/blank_3.png"
             })
-             |> json_response(200) == %{"blank3" => "dir_2/blank_3.png", "blank" => "blank.png"}
+             |> json_response_and_validate_schema(200) == %{
+               "blank3" => "dir_2/blank_3.png",
+               "blank" => "blank.png"
+             }

      refute File.exists?("#{@emoji_path}/test_pack/dir/")
      assert File.exists?("#{@emoji_path}/test_pack/dir_2/blank_3.png")

      assert admin_conn
-             |> delete("/api/pleroma/emoji/packs/test_pack/files", %{shortcode: "blank3"})
-             |> json_response(200) == %{"blank" => "blank.png"}
+             |> delete("/api/pleroma/emoji/packs/test_pack/files?shortcode=blank3")
+             |> json_response_and_validate_schema(200) == %{"blank" => "blank.png"}

      refute File.exists?("#{@emoji_path}/test_pack/dir_2/")

@ -546,11 +574,12 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
      end)

      assert admin_conn
+             |> put_req_header("content-type", "multipart/form-data")
             |> post("/api/pleroma/emoji/packs/test_pack/files", %{
               shortcode: "blank_url",
               file: "https://test-blank/blank_url.png"
             })
-             |> json_response(200) == %{
+             |> json_response_and_validate_schema(200) == %{
               "blank_url" => "blank_url.png",
               "blank" => "blank.png"
             }
@ -564,40 +593,51 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
      on_exit(fn -> File.rm_rf!("#{@emoji_path}/test_pack/shortcode.png") end)

      assert admin_conn
+             |> put_req_header("content-type", "multipart/form-data")
             |> post("/api/pleroma/emoji/packs/test_pack/files", %{
               file: %Plug.Upload{
                 filename: "shortcode.png",
                 path: "#{Pleroma.Config.get([:instance, :static_dir])}/add/shortcode.png"
               }
             })
-             |> json_response(200) == %{"shortcode" => "shortcode.png", "blank" => "blank.png"}
+             |> json_response_and_validate_schema(200) == %{
+               "shortcode" => "shortcode.png",
+               "blank" => "blank.png"
+             }
    end

    test "remove non existing shortcode in pack.json", %{admin_conn: admin_conn} do
      assert admin_conn
-             |> delete("/api/pleroma/emoji/packs/test_pack/files", %{shortcode: "blank2"})
-             |> json_response(:bad_request) == %{"error" => "Emoji \"blank2\" does not exist"}
+             |> delete("/api/pleroma/emoji/packs/test_pack/files?shortcode=blank2")
+             |> json_response_and_validate_schema(:bad_request) == %{
+               "error" => "Emoji \"blank2\" does not exist"
+             }
    end

    test "update non existing emoji", %{admin_conn: admin_conn} do
      assert admin_conn
+             |> put_req_header("content-type", "multipart/form-data")
             |> patch("/api/pleroma/emoji/packs/test_pack/files", %{
               shortcode: "blank2",
               new_shortcode: "blank3",
               new_filename: "dir_2/blank_3.png"
             })
-             |> json_response(:bad_request) == %{"error" => "Emoji \"blank2\" does not exist"}
+             |> json_response_and_validate_schema(:bad_request) == %{
+               "error" => "Emoji \"blank2\" does not exist"
+             }
    end

    test "update with empty shortcode", %{admin_conn: admin_conn} do
-      assert admin_conn
-             |> patch("/api/pleroma/emoji/packs/test_pack/files", %{
-               shortcode: "blank",
-               new_filename: "dir_2/blank_3.png"
-             })
-             |> json_response(:bad_request) == %{
-               "error" => "new_shortcode or new_filename cannot be empty"
-             }
+      assert %{
+               "error" => "Missing field: new_shortcode."
+             } =
+               admin_conn
+               |> put_req_header("content-type", "multipart/form-data")
+               |> patch("/api/pleroma/emoji/packs/test_pack/files", %{
+                 shortcode: "blank",
+                 new_filename: "dir_2/blank_3.png"
+               })
+               |> json_response_and_validate_schema(:bad_request)
    end
  end

@ -605,7 +645,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
    test "creating and deleting a pack", %{admin_conn: admin_conn} do
      assert admin_conn
             |> post("/api/pleroma/emoji/packs/test_created")
-             |> json_response(200) == "ok"
+             |> json_response_and_validate_schema(200) == "ok"

      assert File.exists?("#{@emoji_path}/test_created/pack.json")

@ -616,7 +656,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do

      assert admin_conn
             |> delete("/api/pleroma/emoji/packs/test_created")
-             |> json_response(200) == "ok"
+             |> json_response_and_validate_schema(200) == "ok"

      refute File.exists?("#{@emoji_path}/test_created/pack.json")
    end
@ -629,7 +669,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do

      assert admin_conn
             |> post("/api/pleroma/emoji/packs/test_created")
-             |> json_response(:conflict) == %{
+             |> json_response_and_validate_schema(:conflict) == %{
               "error" => "A pack named \"test_created\" already exists"
             }

@ -639,20 +679,26 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
    test "with empty name", %{admin_conn: admin_conn} do
      assert admin_conn
             |> post("/api/pleroma/emoji/packs/ ")
-             |> json_response(:bad_request) == %{"error" => "pack name cannot be empty"}
+             |> json_response_and_validate_schema(:bad_request) == %{
+               "error" => "pack name cannot be empty"
+             }
    end
  end

  test "deleting nonexisting pack", %{admin_conn: admin_conn} do
    assert admin_conn
           |> delete("/api/pleroma/emoji/packs/non_existing")
-           |> json_response(:not_found) == %{"error" => "Pack non_existing does not exist"}
+           |> json_response_and_validate_schema(:not_found) == %{
+             "error" => "Pack non_existing does not exist"
+           }
  end

  test "deleting with empty name", %{admin_conn: admin_conn} do
    assert admin_conn
           |> delete("/api/pleroma/emoji/packs/ ")
-           |> json_response(:bad_request) == %{"error" => "pack name cannot be empty"}
+           |> json_response_and_validate_schema(:bad_request) == %{
+             "error" => "pack name cannot be empty"
+           }
  end

  test "filesystem import", %{admin_conn: admin_conn, conn: conn} do
@ -661,15 +707,15 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
      File.rm!("#{@emoji_path}/test_pack_for_import/pack.json")
    end)

-    resp = conn |> get("/api/pleroma/emoji/packs") |> json_response(200)
+    resp = conn |> get("/api/pleroma/emoji/packs") |> json_response_and_validate_schema(200)

    refute Map.has_key?(resp, "test_pack_for_import")

    assert admin_conn
           |> get("/api/pleroma/emoji/packs/import")
-           |> json_response(200) == ["test_pack_for_import"]
+           |> json_response_and_validate_schema(200) == ["test_pack_for_import"]

-    resp = conn |> get("/api/pleroma/emoji/packs") |> json_response(200)
+    resp = conn |> get("/api/pleroma/emoji/packs") |> json_response_and_validate_schema(200)
    assert resp["test_pack_for_import"]["files"] == %{"blank" => "blank.png"}

    File.rm!("#{@emoji_path}/test_pack_for_import/pack.json")
@ -686,9 +732,9 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do

    assert admin_conn
           |> get("/api/pleroma/emoji/packs/import")
-           |> json_response(200) == ["test_pack_for_import"]
+           |> json_response_and_validate_schema(200) == ["test_pack_for_import"]

-    resp = conn |> get("/api/pleroma/emoji/packs") |> json_response(200)
+    resp = conn |> get("/api/pleroma/emoji/packs") |> json_response_and_validate_schema(200)

    assert resp["test_pack_for_import"]["files"] == %{
             "blank" => "blank.png",
@ -712,19 +758,23 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIControllerTest do
             } =
               conn
               |> get("/api/pleroma/emoji/packs/test_pack")
-               |> json_response(200)
+               |> json_response_and_validate_schema(200)
    end

    test "non existing pack", %{conn: conn} do
      assert conn
             |> get("/api/pleroma/emoji/packs/non_existing")
-             |> json_response(:not_found) == %{"error" => "Pack non_existing does not exist"}
+             |> json_response_and_validate_schema(:not_found) == %{
+               "error" => "Pack non_existing does not exist"
+             }
    end

    test "error name", %{conn: conn} do
      assert conn
             |> get("/api/pleroma/emoji/packs/ ")
-             |> json_response(:bad_request) == %{"error" => "pack name cannot be empty"}
+             |> json_response_and_validate_schema(:bad_request) == %{
+               "error" => "pack name cannot be empty"
+             }
    end
  end
 end
--- a/test/web/pleroma_api/controllers/emoji_reaction_controller_test.exs
+++ b/test/web/pleroma_api/controllers/emoji_reaction_controller_test.exs
@ -0,0 +1,132 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.PleromaAPI.EmojiReactionControllerTest do
+  use Oban.Testing, repo: Pleroma.Repo
+  use Pleroma.Web.ConnCase
+
+  alias Pleroma.Object
+  alias Pleroma.Tests.ObanHelpers
+  alias Pleroma.User
+  alias Pleroma.Web.CommonAPI
+
+  import Pleroma.Factory
+
+  test "PUT /api/v1/pleroma/statuses/:id/reactions/:emoji", %{conn: conn} do
+    user = insert(:user)
+    other_user = insert(:user)
+
+    {:ok, activity} = CommonAPI.post(user, %{status: "#cofe"})
+
+    result =
+      conn
+      |> assign(:user, other_user)
+      |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["write:statuses"]))
+      |> put("/api/v1/pleroma/statuses/#{activity.id}/reactions/☕")
+      |> json_response_and_validate_schema(200)
+
+    # We return the status, but this our implementation detail.
+    assert %{"id" => id} = result
+    assert to_string(activity.id) == id
+
+    assert result["pleroma"]["emoji_reactions"] == [
+             %{"name" => "☕", "count" => 1, "me" => true}
+           ]
+
+    # Reacting with a non-emoji
+    assert conn
+           |> assign(:user, other_user)
+           |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["write:statuses"]))
+           |> put("/api/v1/pleroma/statuses/#{activity.id}/reactions/x")
+           |> json_response_and_validate_schema(400)
+  end
+
+  test "DELETE /api/v1/pleroma/statuses/:id/reactions/:emoji", %{conn: conn} do
+    user = insert(:user)
+    other_user = insert(:user)
+
+    {:ok, activity} = CommonAPI.post(user, %{status: "#cofe"})
+    {:ok, _reaction_activity} = CommonAPI.react_with_emoji(activity.id, other_user, "☕")
+
+    ObanHelpers.perform_all()
+
+    result =
+      conn
+      |> assign(:user, other_user)
+      |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["write:statuses"]))
+      |> delete("/api/v1/pleroma/statuses/#{activity.id}/reactions/☕")
+
+    assert %{"id" => id} = json_response_and_validate_schema(result, 200)
+    assert to_string(activity.id) == id
+
+    ObanHelpers.perform_all()
+
+    object = Object.get_by_ap_id(activity.data["object"])
+
+    assert object.data["reaction_count"] == 0
+  end
+
+  test "GET /api/v1/pleroma/statuses/:id/reactions", %{conn: conn} do
+    user = insert(:user)
+    other_user = insert(:user)
+    doomed_user = insert(:user)
+
+    {:ok, activity} = CommonAPI.post(user, %{status: "#cofe"})
+
+    result =
+      conn
+      |> get("/api/v1/pleroma/statuses/#{activity.id}/reactions")
+      |> json_response_and_validate_schema(200)
+
+    assert result == []
+
+    {:ok, _} = CommonAPI.react_with_emoji(activity.id, other_user, "🎅")
+    {:ok, _} = CommonAPI.react_with_emoji(activity.id, doomed_user, "🎅")
+
+    User.perform(:delete, doomed_user)
+
+    result =
+      conn
+      |> get("/api/v1/pleroma/statuses/#{activity.id}/reactions")
+      |> json_response_and_validate_schema(200)
+
+    [%{"name" => "🎅", "count" => 1, "accounts" => [represented_user], "me" => false}] = result
+
+    assert represented_user["id"] == other_user.id
+
+    result =
+      conn
+      |> assign(:user, other_user)
+      |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:statuses"]))
+      |> get("/api/v1/pleroma/statuses/#{activity.id}/reactions")
+      |> json_response_and_validate_schema(200)
+
+    assert [%{"name" => "🎅", "count" => 1, "accounts" => [_represented_user], "me" => true}] =
+             result
+  end
+
+  test "GET /api/v1/pleroma/statuses/:id/reactions/:emoji", %{conn: conn} do
+    user = insert(:user)
+    other_user = insert(:user)
+
+    {:ok, activity} = CommonAPI.post(user, %{status: "#cofe"})
+
+    result =
+      conn
+      |> get("/api/v1/pleroma/statuses/#{activity.id}/reactions/🎅")
+      |> json_response_and_validate_schema(200)
+
+    assert result == []
+
+    {:ok, _} = CommonAPI.react_with_emoji(activity.id, other_user, "🎅")
+    {:ok, _} = CommonAPI.react_with_emoji(activity.id, other_user, "☕")
+
+    assert [%{"name" => "🎅", "count" => 1, "accounts" => [represented_user], "me" => false}] =
+             conn
+             |> get("/api/v1/pleroma/statuses/#{activity.id}/reactions/🎅")
+             |> json_response_and_validate_schema(200)
+
+    assert represented_user["id"] == other_user.id
+  end
+end
--- a/test/web/pleroma_api/controllers/mascot_controller_test.exs
+++ b/test/web/pleroma_api/controllers/mascot_controller_test.exs
@ -16,9 +16,12 @@ defmodule Pleroma.Web.PleromaAPI.MascotControllerTest do
      filename: "sound.mp3"
    }

-    ret_conn = put(conn, "/api/v1/pleroma/mascot", %{"file" => non_image_file})
+    ret_conn =
+      conn
+      |> put_req_header("content-type", "multipart/form-data")
+      |> put("/api/v1/pleroma/mascot", %{"file" => non_image_file})

-    assert json_response(ret_conn, 415)
+    assert json_response_and_validate_schema(ret_conn, 415)

    file = %Plug.Upload{
      content_type: "image/jpg",
@ -26,9 +29,12 @@ defmodule Pleroma.Web.PleromaAPI.MascotControllerTest do
      filename: "an_image.jpg"
    }

-    conn = put(conn, "/api/v1/pleroma/mascot", %{"file" => file})
+    conn =
+      conn
+      |> put_req_header("content-type", "multipart/form-data")
+      |> put("/api/v1/pleroma/mascot", %{"file" => file})

-    assert %{"id" => _, "type" => image} = json_response(conn, 200)
+    assert %{"id" => _, "type" => image} = json_response_and_validate_schema(conn, 200)
  end

  test "mascot retrieving" do
@ -37,7 +43,7 @@ defmodule Pleroma.Web.PleromaAPI.MascotControllerTest do
    # When user hasn't set a mascot, we should just get pleroma tan back
    ret_conn = get(conn, "/api/v1/pleroma/mascot")

-    assert %{"url" => url} = json_response(ret_conn, 200)
+    assert %{"url" => url} = json_response_and_validate_schema(ret_conn, 200)
    assert url =~ "pleroma-fox-tan-smol"

    # When a user sets their mascot, we should get that back
@ -47,9 +53,12 @@ defmodule Pleroma.Web.PleromaAPI.MascotControllerTest do
      filename: "an_image.jpg"
    }

-    ret_conn = put(conn, "/api/v1/pleroma/mascot", %{"file" => file})
+    ret_conn =
+      conn
+      |> put_req_header("content-type", "multipart/form-data")
+      |> put("/api/v1/pleroma/mascot", %{"file" => file})

-    assert json_response(ret_conn, 200)
+    assert json_response_and_validate_schema(ret_conn, 200)

    user = User.get_cached_by_id(user.id)

@ -58,7 +67,7 @@ defmodule Pleroma.Web.PleromaAPI.MascotControllerTest do
      |> assign(:user, user)
      |> get("/api/v1/pleroma/mascot")

-    assert %{"url" => url, "type" => "image"} = json_response(conn, 200)
+    assert %{"url" => url, "type" => "image"} = json_response_and_validate_schema(conn, 200)
    assert url =~ "an_image"
  end
 end
--- a/test/web/pleroma_api/controllers/notification_controller_test.exs
+++ b/test/web/pleroma_api/controllers/notification_controller_test.exs
@ -0,0 +1,68 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.PleromaAPI.NotificationControllerTest do
+  use Pleroma.Web.ConnCase
+
+  alias Pleroma.Notification
+  alias Pleroma.Repo
+  alias Pleroma.Web.CommonAPI
+
+  import Pleroma.Factory
+
+  describe "POST /api/v1/pleroma/notifications/read" do
+    setup do: oauth_access(["write:notifications"])
+
+    test "it marks a single notification as read", %{user: user1, conn: conn} do
+      user2 = insert(:user)
+      {:ok, activity1} = CommonAPI.post(user2, %{status: "hi @#{user1.nickname}"})
+      {:ok, activity2} = CommonAPI.post(user2, %{status: "hi @#{user1.nickname}"})
+      {:ok, [notification1]} = Notification.create_notifications(activity1)
+      {:ok, [notification2]} = Notification.create_notifications(activity2)
+
+      response =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/pleroma/notifications/read", %{id: notification1.id})
+        |> json_response_and_validate_schema(:ok)
+
+      assert %{"pleroma" => %{"is_seen" => true}} = response
+      assert Repo.get(Notification, notification1.id).seen
+      refute Repo.get(Notification, notification2.id).seen
+    end
+
+    test "it marks multiple notifications as read", %{user: user1, conn: conn} do
+      user2 = insert(:user)
+      {:ok, _activity1} = CommonAPI.post(user2, %{status: "hi @#{user1.nickname}"})
+      {:ok, _activity2} = CommonAPI.post(user2, %{status: "hi @#{user1.nickname}"})
+      {:ok, _activity3} = CommonAPI.post(user2, %{status: "HIE @#{user1.nickname}"})
+
+      [notification3, notification2, notification1] = Notification.for_user(user1, %{limit: 3})
+
+      [response1, response2] =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/pleroma/notifications/read", %{max_id: notification2.id})
+        |> json_response_and_validate_schema(:ok)
+
+      assert %{"pleroma" => %{"is_seen" => true}} = response1
+      assert %{"pleroma" => %{"is_seen" => true}} = response2
+      assert Repo.get(Notification, notification1.id).seen
+      assert Repo.get(Notification, notification2.id).seen
+      refute Repo.get(Notification, notification3.id).seen
+    end
+
+    test "it returns error when notification not found", %{conn: conn} do
+      response =
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/pleroma/notifications/read", %{
+          id: 22_222_222_222_222
+        })
+        |> json_response_and_validate_schema(:bad_request)
+
+      assert response == %{"error" => "Cannot get notification"}
+    end
+  end
+end
--- a/test/web/pleroma_api/controllers/pleroma_api_controller_test.exs
+++ b/test/web/pleroma_api/controllers/pleroma_api_controller_test.exs
@ -1,296 +0,0 @@
-# Pleroma: A lightweight social networking server
-# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-defmodule Pleroma.Web.PleromaAPI.PleromaAPIControllerTest do
-  use Pleroma.Web.ConnCase
-
-  alias Pleroma.Conversation.Participation
-  alias Pleroma.Notification
-  alias Pleroma.Object
-  alias Pleroma.Repo
-  alias Pleroma.User
-  alias Pleroma.Web.CommonAPI
-
-  import Pleroma.Factory
-
-  test "PUT /api/v1/pleroma/statuses/:id/reactions/:emoji", %{conn: conn} do
-    user = insert(:user)
-    other_user = insert(:user)
-
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "#cofe"})
-
-    result =
-      conn
-      |> assign(:user, other_user)
-      |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["write:statuses"]))
-      |> put("/api/v1/pleroma/statuses/#{activity.id}/reactions/☕")
-      |> json_response(200)
-
-    # We return the status, but this our implementation detail.
-    assert %{"id" => id} = result
-    assert to_string(activity.id) == id
-
-    assert result["pleroma"]["emoji_reactions"] == [
-             %{"name" => "☕", "count" => 1, "me" => true}
-           ]
-  end
-
-  test "DELETE /api/v1/pleroma/statuses/:id/reactions/:emoji", %{conn: conn} do
-    user = insert(:user)
-    other_user = insert(:user)
-
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "#cofe"})
-    {:ok, activity, _object} = CommonAPI.react_with_emoji(activity.id, other_user, "☕")
-
-    result =
-      conn
-      |> assign(:user, other_user)
-      |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["write:statuses"]))
-      |> delete("/api/v1/pleroma/statuses/#{activity.id}/reactions/☕")
-
-    assert %{"id" => id} = json_response(result, 200)
-    assert to_string(activity.id) == id
-
-    object = Object.normalize(activity)
-
-    assert object.data["reaction_count"] == 0
-  end
-
-  test "GET /api/v1/pleroma/statuses/:id/reactions", %{conn: conn} do
-    user = insert(:user)
-    other_user = insert(:user)
-    doomed_user = insert(:user)
-
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "#cofe"})
-
-    result =
-      conn
-      |> get("/api/v1/pleroma/statuses/#{activity.id}/reactions")
-      |> json_response(200)
-
-    assert result == []
-
-    {:ok, _, _} = CommonAPI.react_with_emoji(activity.id, other_user, "🎅")
-    {:ok, _, _} = CommonAPI.react_with_emoji(activity.id, doomed_user, "🎅")
-
-    User.perform(:delete, doomed_user)
-
-    result =
-      conn
-      |> get("/api/v1/pleroma/statuses/#{activity.id}/reactions")
-      |> json_response(200)
-
-    [%{"name" => "🎅", "count" => 1, "accounts" => [represented_user], "me" => false}] = result
-
-    assert represented_user["id"] == other_user.id
-
-    result =
-      conn
-      |> assign(:user, other_user)
-      |> assign(:token, insert(:oauth_token, user: other_user, scopes: ["read:statuses"]))
-      |> get("/api/v1/pleroma/statuses/#{activity.id}/reactions")
-      |> json_response(200)
-
-    assert [%{"name" => "🎅", "count" => 1, "accounts" => [_represented_user], "me" => true}] =
-             result
-  end
-
-  test "GET /api/v1/pleroma/statuses/:id/reactions/:emoji", %{conn: conn} do
-    user = insert(:user)
-    other_user = insert(:user)
-
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "#cofe"})
-
-    result =
-      conn
-      |> get("/api/v1/pleroma/statuses/#{activity.id}/reactions/🎅")
-      |> json_response(200)
-
-    assert result == []
-
-    {:ok, _, _} = CommonAPI.react_with_emoji(activity.id, other_user, "🎅")
-    {:ok, _, _} = CommonAPI.react_with_emoji(activity.id, other_user, "☕")
-
-    result =
-      conn
-      |> get("/api/v1/pleroma/statuses/#{activity.id}/reactions/🎅")
-      |> json_response(200)
-
-    [%{"name" => "🎅", "count" => 1, "accounts" => [represented_user], "me" => false}] = result
-
-    assert represented_user["id"] == other_user.id
-  end
-
-  test "/api/v1/pleroma/conversations/:id" do
-    user = insert(:user)
-    %{user: other_user, conn: conn} = oauth_access(["read:statuses"])
-
-    {:ok, _activity} =
-      CommonAPI.post(user, %{"status" => "Hi @#{other_user.nickname}!", "visibility" => "direct"})
-
-    [participation] = Participation.for_user(other_user)
-
-    result =
-      conn
-      |> get("/api/v1/pleroma/conversations/#{participation.id}")
-      |> json_response(200)
-
-    assert result["id"] == participation.id |> to_string()
-  end
-
-  test "/api/v1/pleroma/conversations/:id/statuses" do
-    user = insert(:user)
-    %{user: other_user, conn: conn} = oauth_access(["read:statuses"])
-    third_user = insert(:user)
-
-    {:ok, _activity} =
-      CommonAPI.post(user, %{"status" => "Hi @#{third_user.nickname}!", "visibility" => "direct"})
-
-    {:ok, activity} =
-      CommonAPI.post(user, %{"status" => "Hi @#{other_user.nickname}!", "visibility" => "direct"})
-
-    [participation] = Participation.for_user(other_user)
-
-    {:ok, activity_two} =
-      CommonAPI.post(other_user, %{
-        "status" => "Hi!",
-        "in_reply_to_status_id" => activity.id,
-        "in_reply_to_conversation_id" => participation.id
-      })
-
-    result =
-      conn
-      |> get("/api/v1/pleroma/conversations/#{participation.id}/statuses")
-      |> json_response(200)
-
-    assert length(result) == 2
-
-    id_one = activity.id
-    id_two = activity_two.id
-    assert [%{"id" => ^id_one}, %{"id" => ^id_two}] = result
-
-    {:ok, %{id: id_three}} =
-      CommonAPI.post(other_user, %{
-        "status" => "Bye!",
-        "in_reply_to_status_id" => activity.id,
-        "in_reply_to_conversation_id" => participation.id
-      })
-
-    assert [%{"id" => ^id_two}, %{"id" => ^id_three}] =
-             conn
-             |> get("/api/v1/pleroma/conversations/#{participation.id}/statuses?limit=2")
-             |> json_response(:ok)
-
-    assert [%{"id" => ^id_three}] =
-             conn
-             |> get("/api/v1/pleroma/conversations/#{participation.id}/statuses?min_id=#{id_two}")
-             |> json_response(:ok)
-  end
-
-  test "PATCH /api/v1/pleroma/conversations/:id" do
-    %{user: user, conn: conn} = oauth_access(["write:conversations"])
-    other_user = insert(:user)
-
-    {:ok, _activity} = CommonAPI.post(user, %{"status" => "Hi", "visibility" => "direct"})
-
-    [participation] = Participation.for_user(user)
-
-    participation = Repo.preload(participation, :recipients)
-
-    user = User.get_cached_by_id(user.id)
-    assert [user] == participation.recipients
-    assert other_user not in participation.recipients
-
-    result =
-      conn
-      |> patch("/api/v1/pleroma/conversations/#{participation.id}", %{
-        "recipients" => [user.id, other_user.id]
-      })
-      |> json_response(200)
-
-    assert result["id"] == participation.id |> to_string
-
-    [participation] = Participation.for_user(user)
-    participation = Repo.preload(participation, :recipients)
-
-    assert user in participation.recipients
-    assert other_user in participation.recipients
-  end
-
-  test "POST /api/v1/pleroma/conversations/read" do
-    user = insert(:user)
-    %{user: other_user, conn: conn} = oauth_access(["write:conversations"])
-
-    {:ok, _activity} =
-      CommonAPI.post(user, %{"status" => "Hi @#{other_user.nickname}", "visibility" => "direct"})
-
-    {:ok, _activity} =
-      CommonAPI.post(user, %{"status" => "Hi @#{other_user.nickname}", "visibility" => "direct"})
-
-    [participation2, participation1] = Participation.for_user(other_user)
-    assert Participation.get(participation2.id).read == false
-    assert Participation.get(participation1.id).read == false
-    assert User.get_cached_by_id(other_user.id).unread_conversation_count == 2
-
-    [%{"unread" => false}, %{"unread" => false}] =
-      conn
-      |> post("/api/v1/pleroma/conversations/read", %{})
-      |> json_response(200)
-
-    [participation2, participation1] = Participation.for_user(other_user)
-    assert Participation.get(participation2.id).read == true
-    assert Participation.get(participation1.id).read == true
-    assert User.get_cached_by_id(other_user.id).unread_conversation_count == 0
-  end
-
-  describe "POST /api/v1/pleroma/notifications/read" do
-    setup do: oauth_access(["write:notifications"])
-
-    test "it marks a single notification as read", %{user: user1, conn: conn} do
-      user2 = insert(:user)
-      {:ok, activity1} = CommonAPI.post(user2, %{"status" => "hi @#{user1.nickname}"})
-      {:ok, activity2} = CommonAPI.post(user2, %{"status" => "hi @#{user1.nickname}"})
-      {:ok, [notification1]} = Notification.create_notifications(activity1)
-      {:ok, [notification2]} = Notification.create_notifications(activity2)
-
-      response =
-        conn
-        |> post("/api/v1/pleroma/notifications/read", %{"id" => "#{notification1.id}"})
-        |> json_response(:ok)
-
-      assert %{"pleroma" => %{"is_seen" => true}} = response
-      assert Repo.get(Notification, notification1.id).seen
-      refute Repo.get(Notification, notification2.id).seen
-    end
-
-    test "it marks multiple notifications as read", %{user: user1, conn: conn} do
-      user2 = insert(:user)
-      {:ok, _activity1} = CommonAPI.post(user2, %{"status" => "hi @#{user1.nickname}"})
-      {:ok, _activity2} = CommonAPI.post(user2, %{"status" => "hi @#{user1.nickname}"})
-      {:ok, _activity3} = CommonAPI.post(user2, %{"status" => "HIE @#{user1.nickname}"})
-
-      [notification3, notification2, notification1] = Notification.for_user(user1, %{limit: 3})
-
-      [response1, response2] =
-        conn
-        |> post("/api/v1/pleroma/notifications/read", %{"max_id" => "#{notification2.id}"})
-        |> json_response(:ok)
-
-      assert %{"pleroma" => %{"is_seen" => true}} = response1
-      assert %{"pleroma" => %{"is_seen" => true}} = response2
-      assert Repo.get(Notification, notification1.id).seen
-      assert Repo.get(Notification, notification2.id).seen
-      refute Repo.get(Notification, notification3.id).seen
-    end
-
-    test "it returns error when notification not found", %{conn: conn} do
-      response =
-        conn
-        |> post("/api/v1/pleroma/notifications/read", %{"id" => "22222222222222"})
-        |> json_response(:bad_request)
-
-      assert response == %{"error" => "Cannot get notification"}
-    end
-  end
-end
--- a/test/web/pleroma_api/controllers/scrobble_controller_test.exs
+++ b/test/web/pleroma_api/controllers/scrobble_controller_test.exs
@ -12,14 +12,16 @@ defmodule Pleroma.Web.PleromaAPI.ScrobbleControllerTest do
      %{conn: conn} = oauth_access(["write"])

      conn =
-        post(conn, "/api/v1/pleroma/scrobble", %{
+        conn
+        |> put_req_header("content-type", "application/json")
+        |> post("/api/v1/pleroma/scrobble", %{
          "title" => "lain radio episode 1",
          "artist" => "lain",
          "album" => "lain radio",
          "length" => "180000"
        })

-      assert %{"title" => "lain radio episode 1"} = json_response(conn, 200)
+      assert %{"title" => "lain radio episode 1"} = json_response_and_validate_schema(conn, 200)
    end
  end

@ -29,28 +31,28 @@ defmodule Pleroma.Web.PleromaAPI.ScrobbleControllerTest do

      {:ok, _activity} =
        CommonAPI.listen(user, %{
-          "title" => "lain radio episode 1",
-          "artist" => "lain",
-          "album" => "lain radio"
+          title: "lain radio episode 1",
+          artist: "lain",
+          album: "lain radio"
        })

      {:ok, _activity} =
        CommonAPI.listen(user, %{
-          "title" => "lain radio episode 2",
-          "artist" => "lain",
-          "album" => "lain radio"
+          title: "lain radio episode 2",
+          artist: "lain",
+          album: "lain radio"
        })

      {:ok, _activity} =
        CommonAPI.listen(user, %{
-          "title" => "lain radio episode 3",
-          "artist" => "lain",
-          "album" => "lain radio"
+          title: "lain radio episode 3",
+          artist: "lain",
+          album: "lain radio"
        })

      conn = get(conn, "/api/v1/pleroma/accounts/#{user.id}/scrobbles")

-      result = json_response(conn, 200)
+      result = json_response_and_validate_schema(conn, 200)

      assert length(result) == 3
    end
--- a/test/web/pleroma_api/controllers/two_factor_authentication_controller_test.exs
+++ b/test/web/pleroma_api/controllers/two_factor_authentication_controller_test.exs
@ -0,0 +1,260 @@
+defmodule Pleroma.Web.PleromaAPI.TwoFactorAuthenticationControllerTest do
+  use Pleroma.Web.ConnCase
+
+  import Pleroma.Factory
+  alias Pleroma.MFA.Settings
+  alias Pleroma.MFA.TOTP
+
+  describe "GET /api/pleroma/accounts/mfa/settings" do
+    test "returns user mfa settings for new user", %{conn: conn} do
+      token = insert(:oauth_token, scopes: ["read", "follow"])
+      token2 = insert(:oauth_token, scopes: ["write"])
+
+      assert conn
+             |> put_req_header("authorization", "Bearer #{token.token}")
+             |> get("/api/pleroma/accounts/mfa")
+             |> json_response(:ok) == %{
+               "settings" => %{"enabled" => false, "totp" => false}
+             }
+
+      assert conn
+             |> put_req_header("authorization", "Bearer #{token2.token}")
+             |> get("/api/pleroma/accounts/mfa")
+             |> json_response(403) == %{
+               "error" => "Insufficient permissions: read:security."
+             }
+    end
+
+    test "returns user mfa settings with enabled totp", %{conn: conn} do
+      user =
+        insert(:user,
+          multi_factor_authentication_settings: %Settings{
+            enabled: true,
+            totp: %Settings.TOTP{secret: "XXX", delivery_type: "app", confirmed: true}
+          }
+        )
+
+      token = insert(:oauth_token, scopes: ["read", "follow"], user: user)
+
+      assert conn
+             |> put_req_header("authorization", "Bearer #{token.token}")
+             |> get("/api/pleroma/accounts/mfa")
+             |> json_response(:ok) == %{
+               "settings" => %{"enabled" => true, "totp" => true}
+             }
+    end
+  end
+
+  describe "GET /api/pleroma/accounts/mfa/backup_codes" do
+    test "returns backup codes", %{conn: conn} do
+      user =
+        insert(:user,
+          multi_factor_authentication_settings: %Settings{
+            backup_codes: ["1", "2", "3"],
+            totp: %Settings.TOTP{secret: "secret"}
+          }
+        )
+
+      token = insert(:oauth_token, scopes: ["write", "follow"], user: user)
+      token2 = insert(:oauth_token, scopes: ["read"])
+
+      response =
+        conn
+        |> put_req_header("authorization", "Bearer #{token.token}")
+        |> get("/api/pleroma/accounts/mfa/backup_codes")
+        |> json_response(:ok)
+
+      assert [<<_::bytes-size(6)>>, <<_::bytes-size(6)>>] = response["codes"]
+      user = refresh_record(user)
+      mfa_settings = user.multi_factor_authentication_settings
+      assert mfa_settings.totp.secret == "secret"
+      refute mfa_settings.backup_codes == ["1", "2", "3"]
+      refute mfa_settings.backup_codes == []
+
+      assert conn
+             |> put_req_header("authorization", "Bearer #{token2.token}")
+             |> get("/api/pleroma/accounts/mfa/backup_codes")
+             |> json_response(403) == %{
+               "error" => "Insufficient permissions: write:security."
+             }
+    end
+  end
+
+  describe "GET /api/pleroma/accounts/mfa/setup/totp" do
+    test "return errors when method is invalid", %{conn: conn} do
+      user = insert(:user)
+      token = insert(:oauth_token, scopes: ["write", "follow"], user: user)
+
+      response =
+        conn
+        |> put_req_header("authorization", "Bearer #{token.token}")
+        |> get("/api/pleroma/accounts/mfa/setup/torf")
+        |> json_response(400)
+
+      assert response == %{"error" => "undefined method"}
+    end
+
+    test "returns key and provisioning_uri", %{conn: conn} do
+      user =
+        insert(:user,
+          multi_factor_authentication_settings: %Settings{backup_codes: ["1", "2", "3"]}
+        )
+
+      token = insert(:oauth_token, scopes: ["write", "follow"], user: user)
+      token2 = insert(:oauth_token, scopes: ["read"])
+
+      response =
+        conn
+        |> put_req_header("authorization", "Bearer #{token.token}")
+        |> get("/api/pleroma/accounts/mfa/setup/totp")
+        |> json_response(:ok)
+
+      user = refresh_record(user)
+      mfa_settings = user.multi_factor_authentication_settings
+      secret = mfa_settings.totp.secret
+      refute mfa_settings.enabled
+      assert mfa_settings.backup_codes == ["1", "2", "3"]
+
+      assert response == %{
+               "key" => secret,
+               "provisioning_uri" => TOTP.provisioning_uri(secret, "#{user.email}")
+             }
+
+      assert conn
+             |> put_req_header("authorization", "Bearer #{token2.token}")
+             |> get("/api/pleroma/accounts/mfa/setup/totp")
+             |> json_response(403) == %{
+               "error" => "Insufficient permissions: write:security."
+             }
+    end
+  end
+
+  describe "GET /api/pleroma/accounts/mfa/confirm/totp" do
+    test "returns success result", %{conn: conn} do
+      secret = TOTP.generate_secret()
+      code = TOTP.generate_token(secret)
+
+      user =
+        insert(:user,
+          multi_factor_authentication_settings: %Settings{
+            backup_codes: ["1", "2", "3"],
+            totp: %Settings.TOTP{secret: secret}
+          }
+        )
+
+      token = insert(:oauth_token, scopes: ["write", "follow"], user: user)
+      token2 = insert(:oauth_token, scopes: ["read"])
+
+      assert conn
+             |> put_req_header("authorization", "Bearer #{token.token}")
+             |> post("/api/pleroma/accounts/mfa/confirm/totp", %{password: "test", code: code})
+             |> json_response(:ok)
+
+      settings = refresh_record(user).multi_factor_authentication_settings
+      assert settings.enabled
+      assert settings.totp.secret == secret
+      assert settings.totp.confirmed
+      assert settings.backup_codes == ["1", "2", "3"]
+
+      assert conn
+             |> put_req_header("authorization", "Bearer #{token2.token}")
+             |> post("/api/pleroma/accounts/mfa/confirm/totp", %{password: "test", code: code})
+             |> json_response(403) == %{
+               "error" => "Insufficient permissions: write:security."
+             }
+    end
+
+    test "returns error if password incorrect", %{conn: conn} do
+      secret = TOTP.generate_secret()
+      code = TOTP.generate_token(secret)
+
+      user =
+        insert(:user,
+          multi_factor_authentication_settings: %Settings{
+            backup_codes: ["1", "2", "3"],
+            totp: %Settings.TOTP{secret: secret}
+          }
+        )
+
+      token = insert(:oauth_token, scopes: ["write", "follow"], user: user)
+
+      response =
+        conn
+        |> put_req_header("authorization", "Bearer #{token.token}")
+        |> post("/api/pleroma/accounts/mfa/confirm/totp", %{password: "xxx", code: code})
+        |> json_response(422)
+
+      settings = refresh_record(user).multi_factor_authentication_settings
+      refute settings.enabled
+      refute settings.totp.confirmed
+      assert settings.backup_codes == ["1", "2", "3"]
+      assert response == %{"error" => "Invalid password."}
+    end
+
+    test "returns error if code incorrect", %{conn: conn} do
+      secret = TOTP.generate_secret()
+
+      user =
+        insert(:user,
+          multi_factor_authentication_settings: %Settings{
+            backup_codes: ["1", "2", "3"],
+            totp: %Settings.TOTP{secret: secret}
+          }
+        )
+
+      token = insert(:oauth_token, scopes: ["write", "follow"], user: user)
+      token2 = insert(:oauth_token, scopes: ["read"])
+
+      response =
+        conn
+        |> put_req_header("authorization", "Bearer #{token.token}")
+        |> post("/api/pleroma/accounts/mfa/confirm/totp", %{password: "test", code: "code"})
+        |> json_response(422)
+
+      settings = refresh_record(user).multi_factor_authentication_settings
+      refute settings.enabled
+      refute settings.totp.confirmed
+      assert settings.backup_codes == ["1", "2", "3"]
+      assert response == %{"error" => "invalid_token"}
+
+      assert conn
+             |> put_req_header("authorization", "Bearer #{token2.token}")
+             |> post("/api/pleroma/accounts/mfa/confirm/totp", %{password: "test", code: "code"})
+             |> json_response(403) == %{
+               "error" => "Insufficient permissions: write:security."
+             }
+    end
+  end
+
+  describe "DELETE /api/pleroma/accounts/mfa/totp" do
+    test "returns success result", %{conn: conn} do
+      user =
+        insert(:user,
+          multi_factor_authentication_settings: %Settings{
+            backup_codes: ["1", "2", "3"],
+            totp: %Settings.TOTP{secret: "secret"}
+          }
+        )
+
+      token = insert(:oauth_token, scopes: ["write", "follow"], user: user)
+      token2 = insert(:oauth_token, scopes: ["read"])
+
+      assert conn
+             |> put_req_header("authorization", "Bearer #{token.token}")
+             |> delete("/api/pleroma/accounts/mfa/totp", %{password: "test"})
+             |> json_response(:ok)
+
+      settings = refresh_record(user).multi_factor_authentication_settings
+      refute settings.enabled
+      assert settings.totp.secret == nil
+      refute settings.totp.confirmed
+
+      assert conn
+             |> put_req_header("authorization", "Bearer #{token2.token}")
+             |> delete("/api/pleroma/accounts/mfa/totp", %{password: "test"})
+             |> json_response(403) == %{
+               "error" => "Insufficient permissions: write:security."
+             }
+    end
+  end
+end
--- a/test/web/pleroma_api/views/scrobble_view_test.exs
+++ b/test/web/pleroma_api/views/scrobble_view_test.exs
@ -0,0 +1,20 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.PleromaAPI.StatusViewTest do
+  use Pleroma.DataCase
+
+  alias Pleroma.Web.PleromaAPI.ScrobbleView
+
+  import Pleroma.Factory
+
+  test "successfully renders a Listen activity (pleroma extension)" do
+    listen_activity = insert(:listen)
+
+    status = ScrobbleView.render("show.json", activity: listen_activity)
+
+    assert status.length == listen_activity.data["object"]["length"]
+    assert status.title == listen_activity.data["object"]["title"]
+  end
+end
--- a/test/web/plugs/plug_test.exs
+++ b/test/web/plugs/plug_test.exs
@ -0,0 +1,91 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.PlugTest do
+  @moduledoc "Tests for the functionality added via `use Pleroma.Web, :plug`"
+
+  alias Pleroma.Plugs.ExpectAuthenticatedCheckPlug
+  alias Pleroma.Plugs.ExpectPublicOrAuthenticatedCheckPlug
+  alias Pleroma.Plugs.PlugHelper
+
+  import Mock
+
+  use Pleroma.Web.ConnCase
+
+  describe "when plug is skipped, " do
+    setup_with_mocks(
+      [
+        {ExpectPublicOrAuthenticatedCheckPlug, [:passthrough], []}
+      ],
+      %{conn: conn}
+    ) do
+      conn = ExpectPublicOrAuthenticatedCheckPlug.skip_plug(conn)
+      %{conn: conn}
+    end
+
+    test "it neither adds plug to called plugs list nor calls `perform/2`, " <>
+           "regardless of :if_func / :unless_func options",
+         %{conn: conn} do
+      for opts <- [%{}, %{if_func: fn _ -> true end}, %{unless_func: fn _ -> false end}] do
+        ret_conn = ExpectPublicOrAuthenticatedCheckPlug.call(conn, opts)
+
+        refute called(ExpectPublicOrAuthenticatedCheckPlug.perform(:_, :_))
+        refute PlugHelper.plug_called?(ret_conn, ExpectPublicOrAuthenticatedCheckPlug)
+      end
+    end
+  end
+
+  describe "when plug is NOT skipped, " do
+    setup_with_mocks([{ExpectAuthenticatedCheckPlug, [:passthrough], []}]) do
+      :ok
+    end
+
+    test "with no pre-run checks, adds plug to called plugs list and calls `perform/2`", %{
+      conn: conn
+    } do
+      ret_conn = ExpectAuthenticatedCheckPlug.call(conn, %{})
+
+      assert called(ExpectAuthenticatedCheckPlug.perform(ret_conn, :_))
+      assert PlugHelper.plug_called?(ret_conn, ExpectAuthenticatedCheckPlug)
+    end
+
+    test "when :if_func option is given, calls the plug only if provided function evals tru-ish",
+         %{conn: conn} do
+      ret_conn = ExpectAuthenticatedCheckPlug.call(conn, %{if_func: fn _ -> false end})
+
+      refute called(ExpectAuthenticatedCheckPlug.perform(:_, :_))
+      refute PlugHelper.plug_called?(ret_conn, ExpectAuthenticatedCheckPlug)
+
+      ret_conn = ExpectAuthenticatedCheckPlug.call(conn, %{if_func: fn _ -> true end})
+
+      assert called(ExpectAuthenticatedCheckPlug.perform(ret_conn, :_))
+      assert PlugHelper.plug_called?(ret_conn, ExpectAuthenticatedCheckPlug)
+    end
+
+    test "if :unless_func option is given, calls the plug only if provided function evals falsy",
+         %{conn: conn} do
+      ret_conn = ExpectAuthenticatedCheckPlug.call(conn, %{unless_func: fn _ -> true end})
+
+      refute called(ExpectAuthenticatedCheckPlug.perform(:_, :_))
+      refute PlugHelper.plug_called?(ret_conn, ExpectAuthenticatedCheckPlug)
+
+      ret_conn = ExpectAuthenticatedCheckPlug.call(conn, %{unless_func: fn _ -> false end})
+
+      assert called(ExpectAuthenticatedCheckPlug.perform(ret_conn, :_))
+      assert PlugHelper.plug_called?(ret_conn, ExpectAuthenticatedCheckPlug)
+    end
+
+    test "allows a plug to be called multiple times (even if it's in called plugs list)", %{
+      conn: conn
+    } do
+      conn = ExpectAuthenticatedCheckPlug.call(conn, %{an_option: :value1})
+      assert called(ExpectAuthenticatedCheckPlug.perform(conn, %{an_option: :value1}))
+
+      assert PlugHelper.plug_called?(conn, ExpectAuthenticatedCheckPlug)
+
+      conn = ExpectAuthenticatedCheckPlug.call(conn, %{an_option: :value2})
+      assert called(ExpectAuthenticatedCheckPlug.perform(conn, %{an_option: :value2}))
+    end
+  end
+end
--- a/test/web/push/impl_test.exs
+++ b/test/web/push/impl_test.exs
@ -13,8 +13,8 @@ defmodule Pleroma.Web.Push.ImplTest do

  import Pleroma.Factory

-  setup_all do
-    Tesla.Mock.mock_global(fn
+  setup do
+    Tesla.Mock.mock(fn
      %{method: :post, url: "https://example.com/example/1234"} ->
        %Tesla.Env{status: 200}

@ -55,7 +55,7 @@ defmodule Pleroma.Web.Push.ImplTest do
      data: %{alerts: %{"follow" => true, "mention" => false}}
    )

-    {:ok, activity} = CommonAPI.post(user, %{"status" => "<Lorem ipsum dolor sit amet."})
+    {:ok, activity} = CommonAPI.post(user, %{status: "<Lorem ipsum dolor sit amet."})

    notif =
      insert(:notification,
@ -111,7 +111,7 @@ defmodule Pleroma.Web.Push.ImplTest do

    {:ok, activity} =
      CommonAPI.post(user, %{
-        "status" =>
+        status:
          "<span>Lorem ipsum dolor sit amet</span>, consectetur :firefox: adipiscing elit. Fusce sagittis finibus turpis."
      })

@ -147,11 +147,11 @@ defmodule Pleroma.Web.Push.ImplTest do

    {:ok, activity} =
      CommonAPI.post(user, %{
-        "status" =>
+        status:
          "<span>Lorem ipsum dolor sit amet</span>, consectetur :firefox: adipiscing elit. Fusce sagittis finibus turpis."
      })

-    {:ok, announce_activity, _} = CommonAPI.repeat(activity.id, user)
+    {:ok, announce_activity} = CommonAPI.repeat(activity.id, user)
    object = Object.normalize(activity)

    assert Impl.format_body(%{activity: announce_activity}, user, object) ==
@ -166,7 +166,7 @@ defmodule Pleroma.Web.Push.ImplTest do

    {:ok, activity} =
      CommonAPI.post(user, %{
-        "status" =>
+        status:
          "<span>Lorem ipsum dolor sit amet</span>, consectetur :firefox: adipiscing elit. Fusce sagittis finibus turpis."
      })

@ -184,8 +184,8 @@ defmodule Pleroma.Web.Push.ImplTest do

    {:ok, activity} =
      CommonAPI.post(user, %{
-        "visibility" => "direct",
-        "status" => "This is just between you and me, pal"
+        visibility: "direct",
+        status: "This is just between you and me, pal"
      })

    assert Impl.format_title(%{activity: activity}) ==
@ -193,14 +193,14 @@ defmodule Pleroma.Web.Push.ImplTest do
  end

  describe "build_content/3" do
-    test "returns info content for direct message with enabled privacy option" do
+    test "hides details for notifications when privacy option enabled" do
      user = insert(:user, nickname: "Bob")
      user2 = insert(:user, nickname: "Rob", notification_settings: %{privacy_option: true})

      {:ok, activity} =
        CommonAPI.post(user, %{
-          "visibility" => "direct",
-          "status" => "<Lorem ipsum dolor sit amet."
+          visibility: "direct",
+          status: "<Lorem ipsum dolor sit amet."
        })

      notif = insert(:notification, user: user2, activity: activity)
@ -209,19 +209,44 @@ defmodule Pleroma.Web.Push.ImplTest do
      object = Object.normalize(activity)

      assert Impl.build_content(notif, actor, object) == %{
-               body: "@Bob",
-               title: "New Direct Message"
+               body: "New Direct Message"
+             }
+
+      {:ok, activity} =
+        CommonAPI.post(user, %{
+          visibility: "public",
+          status: "<Lorem ipsum dolor sit amet."
+        })
+
+      notif = insert(:notification, user: user2, activity: activity)
+
+      actor = User.get_cached_by_ap_id(notif.activity.data["actor"])
+      object = Object.normalize(activity)
+
+      assert Impl.build_content(notif, actor, object) == %{
+               body: "New Mention"
+             }
+
+      {:ok, activity} = CommonAPI.favorite(user, activity.id)
+
+      notif = insert(:notification, user: user2, activity: activity)
+
+      actor = User.get_cached_by_ap_id(notif.activity.data["actor"])
+      object = Object.normalize(activity)
+
+      assert Impl.build_content(notif, actor, object) == %{
+               body: "New Favorite"
             }
    end

-    test "returns regular content for direct message with disabled privacy option" do
+    test "returns regular content for notifications with privacy option disabled" do
      user = insert(:user, nickname: "Bob")
      user2 = insert(:user, nickname: "Rob", notification_settings: %{privacy_option: false})

      {:ok, activity} =
        CommonAPI.post(user, %{
-          "visibility" => "direct",
-          "status" =>
+          visibility: "direct",
+          status:
            "<span>Lorem ipsum dolor sit amet</span>, consectetur :firefox: adipiscing elit. Fusce sagittis finibus turpis."
        })

@ -235,6 +260,36 @@ defmodule Pleroma.Web.Push.ImplTest do
                 "@Bob: Lorem ipsum dolor sit amet, consectetur  adipiscing elit. Fusce sagittis fini...",
               title: "New Direct Message"
             }
+
+      {:ok, activity} =
+        CommonAPI.post(user, %{
+          visibility: "public",
+          status:
+            "<span>Lorem ipsum dolor sit amet</span>, consectetur :firefox: adipiscing elit. Fusce sagittis finibus turpis."
+        })
+
+      notif = insert(:notification, user: user2, activity: activity)
+
+      actor = User.get_cached_by_ap_id(notif.activity.data["actor"])
+      object = Object.normalize(activity)
+
+      assert Impl.build_content(notif, actor, object) == %{
+               body:
+                 "@Bob: Lorem ipsum dolor sit amet, consectetur  adipiscing elit. Fusce sagittis fini...",
+               title: "New Mention"
+             }
+
+      {:ok, activity} = CommonAPI.favorite(user, activity.id)
+
+      notif = insert(:notification, user: user2, activity: activity)
+
+      actor = User.get_cached_by_ap_id(notif.activity.data["actor"])
+      object = Object.normalize(activity)
+
+      assert Impl.build_content(notif, actor, object) == %{
+               body: "@Bob has favorited your post",
+               title: "New Favorite"
+             }
    end
  end
 end
--- a/test/web/rel_me_test.exs
+++ b/test/web/rel_me_test.exs
@ -3,7 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-only

 defmodule Pleroma.Web.RelMeTest do
-  use ExUnit.Case, async: true
+  use ExUnit.Case

  setup_all do
    Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
--- a/test/web/rich_media/helpers_test.exs
+++ b/test/web/rich_media/helpers_test.exs
@ -26,8 +26,8 @@ defmodule Pleroma.Web.RichMedia.HelpersTest do

    {:ok, activity} =
      CommonAPI.post(user, %{
-        "status" => "[test](example.com/ogp)",
-        "content_type" => "text/markdown"
+        status: "[test](example.com/ogp)",
+        content_type: "text/markdown"
      })

    Config.put([:rich_media, :enabled], true)
@ -40,8 +40,8 @@ defmodule Pleroma.Web.RichMedia.HelpersTest do

    {:ok, activity} =
      CommonAPI.post(user, %{
-        "status" => "[test](example.com[]/ogp)",
-        "content_type" => "text/markdown"
+        status: "[test](example.com[]/ogp)",
+        content_type: "text/markdown"
      })

    Config.put([:rich_media, :enabled], true)
@ -54,8 +54,8 @@ defmodule Pleroma.Web.RichMedia.HelpersTest do

    {:ok, activity} =
      CommonAPI.post(user, %{
-        "status" => "[test](https://example.com/ogp)",
-        "content_type" => "text/markdown"
+        status: "[test](https://example.com/ogp)",
+        content_type: "text/markdown"
      })

    Config.put([:rich_media, :enabled], true)
@ -69,8 +69,8 @@ defmodule Pleroma.Web.RichMedia.HelpersTest do

    {:ok, activity} =
      CommonAPI.post(user, %{
-        "status" => "http://example.com/ogp",
-        "sensitive" => true
+        status: "http://example.com/ogp",
+        sensitive: true
      })

    %Object{} = object = Object.normalize(activity)
@ -87,7 +87,7 @@ defmodule Pleroma.Web.RichMedia.HelpersTest do

    {:ok, activity} =
      CommonAPI.post(user, %{
-        "status" => "http://example.com/ogp #nsfw"
+        status: "http://example.com/ogp #nsfw"
      })

    %Object{} = object = Object.normalize(activity)
@ -103,12 +103,12 @@ defmodule Pleroma.Web.RichMedia.HelpersTest do
    user = insert(:user)

    {:ok, activity} =
-      CommonAPI.post(user, %{"status" => "http://127.0.0.1:4000/notice/9kCP7VNyPJXFOXDrgO"})
+      CommonAPI.post(user, %{status: "http://127.0.0.1:4000/notice/9kCP7VNyPJXFOXDrgO"})

-    {:ok, activity2} = CommonAPI.post(user, %{"status" => "https://10.111.10.1/notice/9kCP7V"})
-    {:ok, activity3} = CommonAPI.post(user, %{"status" => "https://172.16.32.40/notice/9kCP7V"})
-    {:ok, activity4} = CommonAPI.post(user, %{"status" => "https://192.168.10.40/notice/9kCP7V"})
-    {:ok, activity5} = CommonAPI.post(user, %{"status" => "https://pleroma.local/notice/9kCP7V"})
+    {:ok, activity2} = CommonAPI.post(user, %{status: "https://10.111.10.1/notice/9kCP7V"})
+    {:ok, activity3} = CommonAPI.post(user, %{status: "https://172.16.32.40/notice/9kCP7V"})
+    {:ok, activity4} = CommonAPI.post(user, %{status: "https://192.168.10.40/notice/9kCP7V"})
+    {:ok, activity5} = CommonAPI.post(user, %{status: "https://pleroma.local/notice/9kCP7V"})

    Config.put([:rich_media, :enabled], true)

--- a/test/web/static_fe/static_fe_controller_test.exs
+++ b/test/web/static_fe/static_fe_controller_test.exs
@ -32,8 +32,8 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
    end

    test "profile does not include private messages", %{conn: conn, user: user} do
-      CommonAPI.post(user, %{"status" => "public"})
-      CommonAPI.post(user, %{"status" => "private", "visibility" => "private"})
+      CommonAPI.post(user, %{status: "public"})
+      CommonAPI.post(user, %{status: "private", visibility: "private"})

      conn = get(conn, "/users/#{user.nickname}")

@ -44,7 +44,7 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
    end

    test "pagination", %{conn: conn, user: user} do
-      Enum.map(1..30, fn i -> CommonAPI.post(user, %{"status" => "test#{i}"}) end)
+      Enum.map(1..30, fn i -> CommonAPI.post(user, %{status: "test#{i}"}) end)

      conn = get(conn, "/users/#{user.nickname}")

@ -57,7 +57,7 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
    end

    test "pagination, page 2", %{conn: conn, user: user} do
-      activities = Enum.map(1..30, fn i -> CommonAPI.post(user, %{"status" => "test#{i}"}) end)
+      activities = Enum.map(1..30, fn i -> CommonAPI.post(user, %{status: "test#{i}"}) end)
      {:ok, a11} = Enum.at(activities, 11)

      conn = get(conn, "/users/#{user.nickname}?max_id=#{a11.id}")
@ -77,7 +77,7 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do

  describe "notice html" do
    test "single notice page", %{conn: conn, user: user} do
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "testing a thing!"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})

      conn = get(conn, "/notice/#{activity.id}")

@ -89,7 +89,7 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do

    test "filters HTML tags", %{conn: conn} do
      user = insert(:user)
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "<script>alert('xss')</script>"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "<script>alert('xss')</script>"})

      conn =
        conn
@ -101,11 +101,11 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
    end

    test "shows the whole thread", %{conn: conn, user: user} do
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "space: the final frontier"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "space: the final frontier"})

      CommonAPI.post(user, %{
-        "status" => "these are the voyages or something",
-        "in_reply_to_status_id" => activity.id
+        status: "these are the voyages or something",
+        in_reply_to_status_id: activity.id
      })

      conn = get(conn, "/notice/#{activity.id}")
@ -117,7 +117,7 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do

    test "redirect by AP object ID", %{conn: conn, user: user} do
      {:ok, %Activity{data: %{"object" => object_url}}} =
-        CommonAPI.post(user, %{"status" => "beam me up"})
+        CommonAPI.post(user, %{status: "beam me up"})

      conn = get(conn, URI.parse(object_url).path)

@ -126,7 +126,7 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do

    test "redirect by activity ID", %{conn: conn, user: user} do
      {:ok, %Activity{data: %{"id" => id}}} =
-        CommonAPI.post(user, %{"status" => "I'm a doctor, not a devops!"})
+        CommonAPI.post(user, %{status: "I'm a doctor, not a devops!"})

      conn = get(conn, URI.parse(id).path)

@ -140,8 +140,7 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
    end

    test "404 for private status", %{conn: conn, user: user} do
-      {:ok, activity} =
-        CommonAPI.post(user, %{"status" => "don't show me!", "visibility" => "private"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "don't show me!", visibility: "private"})

      conn = get(conn, "/notice/#{activity.id}")

@ -171,7 +170,7 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do
    end

    test "it requires authentication if instance is NOT federating", %{conn: conn, user: user} do
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "testing a thing!"})
+      {:ok, activity} = CommonAPI.post(user, %{status: "testing a thing!"})

      ensure_federating_or_authenticated(conn, "/notice/#{activity.id}", user)
    end
--- a/test/web/streamer/ping_test.exs
+++ b/test/web/streamer/ping_test.exs
@ -1,36 +0,0 @@
-# Pleroma: A lightweight social networking server
-# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-defmodule Pleroma.Web.PingTest do
-  use Pleroma.DataCase
-
-  import Pleroma.Factory
-  alias Pleroma.Web.Streamer
-
-  setup do
-    start_supervised({Streamer.supervisor(), [ping_interval: 30]})
-
-    :ok
-  end
-
-  describe "sockets" do
-    setup do
-      user = insert(:user)
-      {:ok, %{user: user}}
-    end
-
-    test "it sends pings", %{user: user} do
-      task =
-        Task.async(fn ->
-          assert_receive {:text, received_event}, 40
-          assert_receive {:text, received_event}, 40
-          assert_receive {:text, received_event}, 40
-        end)
-
-      Streamer.add_socket("public", %{transport_pid: task.pid, assigns: %{user: user}})
-
-      Task.await(task)
-    end
-  end
-end
--- a/test/web/streamer/state_test.exs
+++ b/test/web/streamer/state_test.exs
@ -1,54 +0,0 @@
-# Pleroma: A lightweight social networking server
-# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-defmodule Pleroma.Web.StateTest do
-  use Pleroma.DataCase
-
-  import Pleroma.Factory
-  alias Pleroma.Web.Streamer
-  alias Pleroma.Web.Streamer.StreamerSocket
-
-  @moduletag needs_streamer: true
-
-  describe "sockets" do
-    setup do
-      user = insert(:user)
-      user2 = insert(:user)
-      {:ok, %{user: user, user2: user2}}
-    end
-
-    test "it can add a socket", %{user: user} do
-      Streamer.add_socket("public", %{transport_pid: 1, assigns: %{user: user}})
-
-      assert(%{"public" => [%StreamerSocket{transport_pid: 1}]} = Streamer.get_sockets())
-    end
-
-    test "it can add multiple sockets per user", %{user: user} do
-      Streamer.add_socket("public", %{transport_pid: 1, assigns: %{user: user}})
-      Streamer.add_socket("public", %{transport_pid: 2, assigns: %{user: user}})
-
-      assert(
-        %{
-          "public" => [
-            %StreamerSocket{transport_pid: 2},
-            %StreamerSocket{transport_pid: 1}
-          ]
-        } = Streamer.get_sockets()
-      )
-    end
-
-    test "it will not add a duplicate socket", %{user: user} do
-      Streamer.add_socket("activity", %{transport_pid: 1, assigns: %{user: user}})
-      Streamer.add_socket("activity", %{transport_pid: 1, assigns: %{user: user}})
-
-      assert(
-        %{
-          "activity" => [
-            %StreamerSocket{transport_pid: 1}
-          ]
-        } = Streamer.get_sockets()
-      )
-    end
-  end
-end
--- a/test/web/streamer/streamer_test.exs
+++ b/test/web/streamer/streamer_test.exs
@ -12,15 +12,81 @@ defmodule Pleroma.Web.StreamerTest do
  alias Pleroma.User
  alias Pleroma.Web.CommonAPI
  alias Pleroma.Web.Streamer
-  alias Pleroma.Web.Streamer.StreamerSocket
-  alias Pleroma.Web.Streamer.Worker

  @moduletag needs_streamer: true, capture_log: true

-  @streamer_timeout 150
-  @streamer_start_wait 10
  setup do: clear_config([:instance, :skip_thread_containment])

+  describe "get_topic without an user" do
+    test "allows public" do
+      assert {:ok, "public"} = Streamer.get_topic("public", nil)
+      assert {:ok, "public:local"} = Streamer.get_topic("public:local", nil)
+      assert {:ok, "public:media"} = Streamer.get_topic("public:media", nil)
+      assert {:ok, "public:local:media"} = Streamer.get_topic("public:local:media", nil)
+    end
+
+    test "allows hashtag streams" do
+      assert {:ok, "hashtag:cofe"} = Streamer.get_topic("hashtag", nil, %{"tag" => "cofe"})
+    end
+
+    test "disallows user streams" do
+      assert {:error, _} = Streamer.get_topic("user", nil)
+      assert {:error, _} = Streamer.get_topic("user:notification", nil)
+      assert {:error, _} = Streamer.get_topic("direct", nil)
+    end
+
+    test "disallows list streams" do
+      assert {:error, _} = Streamer.get_topic("list", nil, %{"list" => 42})
+    end
+  end
+
+  describe "get_topic with an user" do
+    setup do
+      user = insert(:user)
+      {:ok, %{user: user}}
+    end
+
+    test "allows public streams", %{user: user} do
+      assert {:ok, "public"} = Streamer.get_topic("public", user)
+      assert {:ok, "public:local"} = Streamer.get_topic("public:local", user)
+      assert {:ok, "public:media"} = Streamer.get_topic("public:media", user)
+      assert {:ok, "public:local:media"} = Streamer.get_topic("public:local:media", user)
+    end
+
+    test "allows user streams", %{user: user} do
+      expected_user_topic = "user:#{user.id}"
+      expected_notif_topic = "user:notification:#{user.id}"
+      expected_direct_topic = "direct:#{user.id}"
+      assert {:ok, ^expected_user_topic} = Streamer.get_topic("user", user)
+      assert {:ok, ^expected_notif_topic} = Streamer.get_topic("user:notification", user)
+      assert {:ok, ^expected_direct_topic} = Streamer.get_topic("direct", user)
+    end
+
+    test "allows hashtag streams", %{user: user} do
+      assert {:ok, "hashtag:cofe"} = Streamer.get_topic("hashtag", user, %{"tag" => "cofe"})
+    end
+
+    test "disallows registering to an user stream", %{user: user} do
+      another_user = insert(:user)
+      assert {:error, _} = Streamer.get_topic("user:#{another_user.id}", user)
+      assert {:error, _} = Streamer.get_topic("user:notification:#{another_user.id}", user)
+      assert {:error, _} = Streamer.get_topic("direct:#{another_user.id}", user)
+    end
+
+    test "allows list stream that are owned by the user", %{user: user} do
+      {:ok, list} = List.create("Test", user)
+      assert {:error, _} = Streamer.get_topic("list:#{list.id}", user)
+      assert {:ok, _} = Streamer.get_topic("list", user, %{"list" => list.id})
+    end
+
+    test "disallows list stream that are not owned by the user", %{user: user} do
+      another_user = insert(:user)
+      {:ok, list} = List.create("Test", another_user)
+      assert {:error, _} = Streamer.get_topic("list:#{list.id}", user)
+      assert {:error, _} = Streamer.get_topic("list", user, %{"list" => list.id})
+    end
+  end
+
  describe "user streams" do
    setup do
      user = insert(:user)
@ -29,69 +95,54 @@ defmodule Pleroma.Web.StreamerTest do
    end

    test "it streams the user's post in the 'user' stream", %{user: user} do
-      task =
-        Task.async(fn ->
-          assert_receive {:text, _}, @streamer_timeout
-        end)
-
-      Streamer.add_socket(
-        "user",
-        %{transport_pid: task.pid, assigns: %{user: user}}
-      )
-
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "hey"})
-
-      Streamer.stream("user", activity)
-      Task.await(task)
+      Streamer.get_topic_and_add_socket("user", user)
+      {:ok, activity} = CommonAPI.post(user, %{status: "hey"})
+      assert_receive {:render_with_user, _, _, ^activity}
+      refute Streamer.filtered_by_user?(user, activity)
    end

    test "it streams boosts of the user in the 'user' stream", %{user: user} do
-      task =
-        Task.async(fn ->
-          assert_receive {:text, _}, @streamer_timeout
-        end)
-
-      Streamer.add_socket(
-        "user",
-        %{transport_pid: task.pid, assigns: %{user: user}}
-      )
+      Streamer.get_topic_and_add_socket("user", user)

      other_user = insert(:user)
-      {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hey"})
-      {:ok, announce, _} = CommonAPI.repeat(activity.id, user)
+      {:ok, activity} = CommonAPI.post(other_user, %{status: "hey"})
+      {:ok, announce} = CommonAPI.repeat(activity.id, user)

-      Streamer.stream("user", announce)
-      Task.await(task)
+      assert_receive {:render_with_user, Pleroma.Web.StreamerView, "update.json", ^announce}
+      refute Streamer.filtered_by_user?(user, announce)
+    end
+
+    test "it streams boosts of mastodon user in the 'user' stream", %{user: user} do
+      Streamer.get_topic_and_add_socket("user", user)
+
+      other_user = insert(:user)
+      {:ok, activity} = CommonAPI.post(other_user, %{status: "hey"})
+
+      data =
+        File.read!("test/fixtures/mastodon-announce.json")
+        |> Poison.decode!()
+        |> Map.put("object", activity.data["object"])
+        |> Map.put("actor", user.ap_id)
+
+      {:ok, %Pleroma.Activity{data: _data, local: false} = announce} =
+        Pleroma.Web.ActivityPub.Transmogrifier.handle_incoming(data)
+
+      assert_receive {:render_with_user, Pleroma.Web.StreamerView, "update.json", ^announce}
+      refute Streamer.filtered_by_user?(user, announce)
    end

    test "it sends notify to in the 'user' stream", %{user: user, notify: notify} do
-      task =
-        Task.async(fn ->
-          assert_receive {:text, _}, @streamer_timeout
-        end)
-
-      Streamer.add_socket(
-        "user",
-        %{transport_pid: task.pid, assigns: %{user: user}}
-      )
-
+      Streamer.get_topic_and_add_socket("user", user)
      Streamer.stream("user", notify)
-      Task.await(task)
+      assert_receive {:render_with_user, _, _, ^notify}
+      refute Streamer.filtered_by_user?(user, notify)
    end

    test "it sends notify to in the 'user:notification' stream", %{user: user, notify: notify} do
-      task =
-        Task.async(fn ->
-          assert_receive {:text, _}, @streamer_timeout
-        end)
-
-      Streamer.add_socket(
-        "user:notification",
-        %{transport_pid: task.pid, assigns: %{user: user}}
-      )
-
+      Streamer.get_topic_and_add_socket("user:notification", user)
      Streamer.stream("user:notification", notify)
-      Task.await(task)
+      assert_receive {:render_with_user, _, _, ^notify}
+      refute Streamer.filtered_by_user?(user, notify)
    end

    test "it doesn't send notify to the 'user:notification' stream when a user is blocked", %{
@ -100,18 +151,12 @@ defmodule Pleroma.Web.StreamerTest do
      blocked = insert(:user)
      {:ok, _user_relationship} = User.block(user, blocked)

-      task = Task.async(fn -> refute_receive {:text, _}, @streamer_timeout end)
+      Streamer.get_topic_and_add_socket("user:notification", user)

-      Streamer.add_socket(
-        "user:notification",
-        %{transport_pid: task.pid, assigns: %{user: user}}
-      )
+      {:ok, activity} = CommonAPI.post(user, %{status: ":("})
+      {:ok, _} = CommonAPI.favorite(blocked, activity.id)

-      {:ok, activity} = CommonAPI.post(user, %{"status" => ":("})
-      {:ok, notif} = CommonAPI.favorite(blocked, activity.id)
-
-      Streamer.stream("user:notification", notif)
-      Task.await(task)
+      refute_receive _
    end

    test "it doesn't send notify to the 'user:notification' stream when a thread is muted", %{
@ -119,45 +164,50 @@ defmodule Pleroma.Web.StreamerTest do
    } do
      user2 = insert(:user)

-      task = Task.async(fn -> refute_receive {:text, _}, @streamer_timeout end)
+      {:ok, activity} = CommonAPI.post(user, %{status: "super hot take"})
+      {:ok, _} = CommonAPI.add_mute(user, activity)

-      Streamer.add_socket(
-        "user:notification",
-        %{transport_pid: task.pid, assigns: %{user: user}}
-      )
+      Streamer.get_topic_and_add_socket("user:notification", user)

-      {:ok, activity} = CommonAPI.post(user, %{"status" => "super hot take"})
-      {:ok, activity} = CommonAPI.add_mute(user, activity)
-      {:ok, notif} = CommonAPI.favorite(user2, activity.id)
+      {:ok, favorite_activity} = CommonAPI.favorite(user2, activity.id)

-      Streamer.stream("user:notification", notif)
-      Task.await(task)
+      refute_receive _
+      assert Streamer.filtered_by_user?(user, favorite_activity)
    end

-    test "it doesn't send notify to the 'user:notification' stream' when a domain is blocked", %{
+    test "it sends favorite to 'user:notification' stream'", %{
      user: user
    } do
      user2 = insert(:user, %{ap_id: "https://hecking-lewd-place.com/user/meanie"})

-      task = Task.async(fn -> refute_receive {:text, _}, @streamer_timeout end)
+      {:ok, activity} = CommonAPI.post(user, %{status: "super hot take"})
+      Streamer.get_topic_and_add_socket("user:notification", user)
+      {:ok, favorite_activity} = CommonAPI.favorite(user2, activity.id)

-      Streamer.add_socket(
-        "user:notification",
-        %{transport_pid: task.pid, assigns: %{user: user}}
-      )
+      assert_receive {:render_with_user, _, "notification.json", notif}
+      assert notif.activity.id == favorite_activity.id
+      refute Streamer.filtered_by_user?(user, notif)
+    end
+
+    test "it doesn't send the 'user:notification' stream' when a domain is blocked", %{
+      user: user
+    } do
+      user2 = insert(:user, %{ap_id: "https://hecking-lewd-place.com/user/meanie"})

      {:ok, user} = User.block_domain(user, "hecking-lewd-place.com")
-      {:ok, activity} = CommonAPI.post(user, %{"status" => "super hot take"})
-      {:ok, notif} = CommonAPI.favorite(user2, activity.id)
+      {:ok, activity} = CommonAPI.post(user, %{status: "super hot take"})
+      Streamer.get_topic_and_add_socket("user:notification", user)
+      {:ok, favorite_activity} = CommonAPI.favorite(user2, activity.id)

-      Streamer.stream("user:notification", notif)
-      Task.await(task)
+      refute_receive _
+      assert Streamer.filtered_by_user?(user, favorite_activity)
    end

    test "it sends follow activities to the 'user:notification' stream", %{
      user: user
    } do
      user_url = user.ap_id
+      user2 = insert(:user)

      body =
        File.read!("test/fixtures/users_mock/localhost.json")
@ -169,79 +219,57 @@ defmodule Pleroma.Web.StreamerTest do
          %Tesla.Env{status: 200, body: body}
      end)

-      user2 = insert(:user)
-      task = Task.async(fn -> assert_receive {:text, _}, @streamer_timeout end)
+      Streamer.get_topic_and_add_socket("user:notification", user)
+      {:ok, _follower, _followed, follow_activity} = CommonAPI.follow(user2, user)

-      Process.sleep(@streamer_start_wait)
-
-      Streamer.add_socket(
-        "user:notification",
-        %{transport_pid: task.pid, assigns: %{user: user}}
-      )
-
-      {:ok, _follower, _followed, _activity} = CommonAPI.follow(user2, user)
-
-      # We don't directly pipe the notification to the streamer as it's already
-      # generated as a side effect of CommonAPI.follow().
-      Task.await(task)
+      assert_receive {:render_with_user, _, "notification.json", notif}
+      assert notif.activity.id == follow_activity.id
+      refute Streamer.filtered_by_user?(user, notif)
    end
  end

-  test "it sends to public" do
+  test "it sends to public authenticated" do
    user = insert(:user)
    other_user = insert(:user)

-    task =
-      Task.async(fn ->
-        assert_receive {:text, _}, @streamer_timeout
-      end)
+    Streamer.get_topic_and_add_socket("public", other_user)

-    fake_socket = %StreamerSocket{
-      transport_pid: task.pid,
-      user: user
-    }
+    {:ok, activity} = CommonAPI.post(user, %{status: "Test"})
+    assert_receive {:render_with_user, _, _, ^activity}
+    refute Streamer.filtered_by_user?(user, activity)
+  end

-    {:ok, activity} = CommonAPI.post(other_user, %{"status" => "Test"})
+  test "works for deletions" do
+    user = insert(:user)
+    other_user = insert(:user)
+    {:ok, activity} = CommonAPI.post(other_user, %{status: "Test"})

-    topics = %{
-      "public" => [fake_socket]
-    }
+    Streamer.get_topic_and_add_socket("public", user)

-    Worker.push_to_socket(topics, "public", activity)
+    {:ok, _} = CommonAPI.delete(activity.id, other_user)
+    activity_id = activity.id
+    assert_receive {:text, event}
+    assert %{"event" => "delete", "payload" => ^activity_id} = Jason.decode!(event)
+  end

-    Task.await(task)
+  test "it sends to public unauthenticated" do
+    user = insert(:user)

-    task =
-      Task.async(fn ->
-        expected_event =
-          %{
-            "event" => "delete",
-            "payload" => activity.id
-          }
-          |> Jason.encode!()
+    Streamer.get_topic_and_add_socket("public", nil)

-        assert_receive {:text, received_event}, @streamer_timeout
-        assert received_event == expected_event
-      end)
+    {:ok, activity} = CommonAPI.post(user, %{status: "Test"})
+    activity_id = activity.id
+    assert_receive {:text, event}
+    assert %{"event" => "update", "payload" => payload} = Jason.decode!(event)
+    assert %{"id" => ^activity_id} = Jason.decode!(payload)

-    fake_socket = %StreamerSocket{
-      transport_pid: task.pid,
-      user: user
-    }
-
-    {:ok, activity} = CommonAPI.delete(activity.id, other_user)
-
-    topics = %{
-      "public" => [fake_socket]
-    }
-
-    Worker.push_to_socket(topics, "public", activity)
-
-    Task.await(task)
+    {:ok, _} = CommonAPI.delete(activity.id, user)
+    assert_receive {:text, event}
+    assert %{"event" => "delete", "payload" => ^activity_id} = Jason.decode!(event)
  end

  describe "thread_containment" do
-    test "it doesn't send to user if recipients invalid and thread containment is enabled" do
+    test "it filters to user if recipients invalid and thread containment is enabled" do
      Pleroma.Config.put([:instance, :skip_thread_containment], false)
      author = insert(:user)
      user = insert(:user)
@ -256,12 +284,10 @@ defmodule Pleroma.Web.StreamerTest do
            )
        )

-      task = Task.async(fn -> refute_receive {:text, _}, 1_000 end)
-      fake_socket = %StreamerSocket{transport_pid: task.pid, user: user}
-      topics = %{"public" => [fake_socket]}
-      Worker.push_to_socket(topics, "public", activity)
-
-      Task.await(task)
+      Streamer.get_topic_and_add_socket("public", user)
+      Streamer.stream("public", activity)
+      assert_receive {:render_with_user, _, _, ^activity}
+      assert Streamer.filtered_by_user?(user, activity)
    end

    test "it sends message if recipients invalid and thread containment is disabled" do
@ -279,12 +305,11 @@ defmodule Pleroma.Web.StreamerTest do
            )
        )

-      task = Task.async(fn -> assert_receive {:text, _}, 1_000 end)
-      fake_socket = %StreamerSocket{transport_pid: task.pid, user: user}
-      topics = %{"public" => [fake_socket]}
-      Worker.push_to_socket(topics, "public", activity)
+      Streamer.get_topic_and_add_socket("public", user)
+      Streamer.stream("public", activity)

-      Task.await(task)
+      assert_receive {:render_with_user, _, _, ^activity}
+      refute Streamer.filtered_by_user?(user, activity)
    end

    test "it sends message if recipients invalid and thread containment is enabled but user's thread containment is disabled" do
@ -302,255 +327,168 @@ defmodule Pleroma.Web.StreamerTest do
            )
        )

-      task = Task.async(fn -> assert_receive {:text, _}, 1_000 end)
-      fake_socket = %StreamerSocket{transport_pid: task.pid, user: user}
-      topics = %{"public" => [fake_socket]}
-      Worker.push_to_socket(topics, "public", activity)
+      Streamer.get_topic_and_add_socket("public", user)
+      Streamer.stream("public", activity)

-      Task.await(task)
+      assert_receive {:render_with_user, _, _, ^activity}
+      refute Streamer.filtered_by_user?(user, activity)
    end
  end

  describe "blocks" do
-    test "it doesn't send messages involving blocked users" do
+    test "it filters messages involving blocked users" do
      user = insert(:user)
      blocked_user = insert(:user)
      {:ok, _user_relationship} = User.block(user, blocked_user)

-      {:ok, activity} = CommonAPI.post(blocked_user, %{"status" => "Test"})
-
-      task =
-        Task.async(fn ->
-          refute_receive {:text, _}, 1_000
-        end)
-
-      fake_socket = %StreamerSocket{
-        transport_pid: task.pid,
-        user: user
-      }
-
-      topics = %{
-        "public" => [fake_socket]
-      }
-
-      Worker.push_to_socket(topics, "public", activity)
-
-      Task.await(task)
+      Streamer.get_topic_and_add_socket("public", user)
+      {:ok, activity} = CommonAPI.post(blocked_user, %{status: "Test"})
+      assert_receive {:render_with_user, _, _, ^activity}
+      assert Streamer.filtered_by_user?(user, activity)
    end

-    test "it doesn't send messages transitively involving blocked users" do
+    test "it filters messages transitively involving blocked users" do
      blocker = insert(:user)
      blockee = insert(:user)
      friend = insert(:user)

-      task =
-        Task.async(fn ->
-          refute_receive {:text, _}, 1_000
-        end)
-
-      fake_socket = %StreamerSocket{
-        transport_pid: task.pid,
-        user: blocker
-      }
-
-      topics = %{
-        "public" => [fake_socket]
-      }
+      Streamer.get_topic_and_add_socket("public", blocker)

      {:ok, _user_relationship} = User.block(blocker, blockee)

-      {:ok, activity_one} = CommonAPI.post(friend, %{"status" => "hey! @#{blockee.nickname}"})
+      {:ok, activity_one} = CommonAPI.post(friend, %{status: "hey! @#{blockee.nickname}"})

-      Worker.push_to_socket(topics, "public", activity_one)
+      assert_receive {:render_with_user, _, _, ^activity_one}
+      assert Streamer.filtered_by_user?(blocker, activity_one)

-      {:ok, activity_two} = CommonAPI.post(blockee, %{"status" => "hey! @#{friend.nickname}"})
+      {:ok, activity_two} = CommonAPI.post(blockee, %{status: "hey! @#{friend.nickname}"})

-      Worker.push_to_socket(topics, "public", activity_two)
+      assert_receive {:render_with_user, _, _, ^activity_two}
+      assert Streamer.filtered_by_user?(blocker, activity_two)

-      {:ok, activity_three} = CommonAPI.post(blockee, %{"status" => "hey! @#{blocker.nickname}"})
+      {:ok, activity_three} = CommonAPI.post(blockee, %{status: "hey! @#{blocker.nickname}"})

-      Worker.push_to_socket(topics, "public", activity_three)
-
-      Task.await(task)
+      assert_receive {:render_with_user, _, _, ^activity_three}
+      assert Streamer.filtered_by_user?(blocker, activity_three)
    end
  end

-  test "it doesn't send unwanted DMs to list" do
-    user_a = insert(:user)
-    user_b = insert(:user)
-    user_c = insert(:user)
+  describe "lists" do
+    test "it doesn't send unwanted DMs to list" do
+      user_a = insert(:user)
+      user_b = insert(:user)
+      user_c = insert(:user)

-    {:ok, user_a} = User.follow(user_a, user_b)
+      {:ok, user_a} = User.follow(user_a, user_b)

-    {:ok, list} = List.create("Test", user_a)
-    {:ok, list} = List.follow(list, user_b)
+      {:ok, list} = List.create("Test", user_a)
+      {:ok, list} = List.follow(list, user_b)

-    {:ok, activity} =
-      CommonAPI.post(user_b, %{
-        "status" => "@#{user_c.nickname} Test",
-        "visibility" => "direct"
-      })
+      Streamer.get_topic_and_add_socket("list", user_a, %{"list" => list.id})

-    task =
-      Task.async(fn ->
-        refute_receive {:text, _}, 1_000
-      end)
+      {:ok, _activity} =
+        CommonAPI.post(user_b, %{
+          status: "@#{user_c.nickname} Test",
+          visibility: "direct"
+        })

-    fake_socket = %StreamerSocket{
-      transport_pid: task.pid,
-      user: user_a
-    }
+      refute_receive _
+    end

-    topics = %{
-      "list:#{list.id}" => [fake_socket]
-    }
+    test "it doesn't send unwanted private posts to list" do
+      user_a = insert(:user)
+      user_b = insert(:user)

-    Worker.handle_call({:stream, "list", activity}, self(), topics)
+      {:ok, list} = List.create("Test", user_a)
+      {:ok, list} = List.follow(list, user_b)

-    Task.await(task)
+      Streamer.get_topic_and_add_socket("list", user_a, %{"list" => list.id})
+
+      {:ok, _activity} =
+        CommonAPI.post(user_b, %{
+          status: "Test",
+          visibility: "private"
+        })
+
+      refute_receive _
+    end
+
+    test "it sends wanted private posts to list" do
+      user_a = insert(:user)
+      user_b = insert(:user)
+
+      {:ok, user_a} = User.follow(user_a, user_b)
+
+      {:ok, list} = List.create("Test", user_a)
+      {:ok, list} = List.follow(list, user_b)
+
+      Streamer.get_topic_and_add_socket("list", user_a, %{"list" => list.id})
+
+      {:ok, activity} =
+        CommonAPI.post(user_b, %{
+          status: "Test",
+          visibility: "private"
+        })
+
+      assert_receive {:render_with_user, _, _, ^activity}
+      refute Streamer.filtered_by_user?(user_a, activity)
+    end
  end

-  test "it doesn't send unwanted private posts to list" do
-    user_a = insert(:user)
-    user_b = insert(:user)
+  describe "muted reblogs" do
+    test "it filters muted reblogs" do
+      user1 = insert(:user)
+      user2 = insert(:user)
+      user3 = insert(:user)
+      CommonAPI.follow(user1, user2)
+      CommonAPI.hide_reblogs(user1, user2)

-    {:ok, list} = List.create("Test", user_a)
-    {:ok, list} = List.follow(list, user_b)
+      {:ok, create_activity} = CommonAPI.post(user3, %{status: "I'm kawen"})

-    {:ok, activity} =
-      CommonAPI.post(user_b, %{
-        "status" => "Test",
-        "visibility" => "private"
-      })
+      Streamer.get_topic_and_add_socket("user", user1)
+      {:ok, announce_activity} = CommonAPI.repeat(create_activity.id, user2)
+      assert_receive {:render_with_user, _, _, ^announce_activity}
+      assert Streamer.filtered_by_user?(user1, announce_activity)
+    end

-    task =
-      Task.async(fn ->
-        refute_receive {:text, _}, 1_000
-      end)
+    test "it filters reblog notification for reblog-muted actors" do
+      user1 = insert(:user)
+      user2 = insert(:user)
+      CommonAPI.follow(user1, user2)
+      CommonAPI.hide_reblogs(user1, user2)

-    fake_socket = %StreamerSocket{
-      transport_pid: task.pid,
-      user: user_a
-    }
+      {:ok, create_activity} = CommonAPI.post(user1, %{status: "I'm kawen"})
+      Streamer.get_topic_and_add_socket("user", user1)
+      {:ok, _announce_activity} = CommonAPI.repeat(create_activity.id, user2)

-    topics = %{
-      "list:#{list.id}" => [fake_socket]
-    }
+      assert_receive {:render_with_user, _, "notification.json", notif}
+      assert Streamer.filtered_by_user?(user1, notif)
+    end

-    Worker.handle_call({:stream, "list", activity}, self(), topics)
+    test "it send non-reblog notification for reblog-muted actors" do
+      user1 = insert(:user)
+      user2 = insert(:user)
+      CommonAPI.follow(user1, user2)
+      CommonAPI.hide_reblogs(user1, user2)

-    Task.await(task)
+      {:ok, create_activity} = CommonAPI.post(user1, %{status: "I'm kawen"})
+      Streamer.get_topic_and_add_socket("user", user1)
+      {:ok, _favorite_activity} = CommonAPI.favorite(user2, create_activity.id)
+
+      assert_receive {:render_with_user, _, "notification.json", notif}
+      refute Streamer.filtered_by_user?(user1, notif)
+    end
  end

-  test "it sends wanted private posts to list" do
-    user_a = insert(:user)
-    user_b = insert(:user)
-
-    {:ok, user_a} = User.follow(user_a, user_b)
-
-    {:ok, list} = List.create("Test", user_a)
-    {:ok, list} = List.follow(list, user_b)
-
-    {:ok, activity} =
-      CommonAPI.post(user_b, %{
-        "status" => "Test",
-        "visibility" => "private"
-      })
-
-    task =
-      Task.async(fn ->
-        assert_receive {:text, _}, 1_000
-      end)
-
-    fake_socket = %StreamerSocket{
-      transport_pid: task.pid,
-      user: user_a
-    }
-
-    Streamer.add_socket(
-      "list:#{list.id}",
-      fake_socket
-    )
-
-    Worker.handle_call({:stream, "list", activity}, self(), %{})
-
-    Task.await(task)
-  end
-
-  test "it doesn't send muted reblogs" do
-    user1 = insert(:user)
-    user2 = insert(:user)
-    user3 = insert(:user)
-    CommonAPI.hide_reblogs(user1, user2)
-
-    {:ok, create_activity} = CommonAPI.post(user3, %{"status" => "I'm kawen"})
-    {:ok, announce_activity, _} = CommonAPI.repeat(create_activity.id, user2)
-
-    task =
-      Task.async(fn ->
-        refute_receive {:text, _}, 1_000
-      end)
-
-    fake_socket = %StreamerSocket{
-      transport_pid: task.pid,
-      user: user1
-    }
-
-    topics = %{
-      "public" => [fake_socket]
-    }
-
-    Worker.push_to_socket(topics, "public", announce_activity)
-
-    Task.await(task)
-  end
-
-  test "it does send non-reblog notification for reblog-muted actors" do
-    user1 = insert(:user)
-    user2 = insert(:user)
-    user3 = insert(:user)
-    CommonAPI.hide_reblogs(user1, user2)
-
-    {:ok, create_activity} = CommonAPI.post(user3, %{"status" => "I'm kawen"})
-    {:ok, favorite_activity} = CommonAPI.favorite(user2, create_activity.id)
-
-    task =
-      Task.async(fn ->
-        assert_receive {:text, _}, 1_000
-      end)
-
-    fake_socket = %StreamerSocket{
-      transport_pid: task.pid,
-      user: user1
-    }
-
-    topics = %{
-      "public" => [fake_socket]
-    }
-
-    Worker.push_to_socket(topics, "public", favorite_activity)
-
-    Task.await(task)
-  end
-
-  test "it doesn't send posts from muted threads" do
+  test "it filters posts from muted threads" do
    user = insert(:user)
    user2 = insert(:user)
+    Streamer.get_topic_and_add_socket("user", user2)
    {:ok, user2, user, _activity} = CommonAPI.follow(user2, user)
-
-    {:ok, activity} = CommonAPI.post(user, %{"status" => "super hot take"})
-
-    {:ok, activity} = CommonAPI.add_mute(user2, activity)
-
-    task = Task.async(fn -> refute_receive {:text, _}, @streamer_timeout end)
-
-    Streamer.add_socket(
-      "user",
-      %{transport_pid: task.pid, assigns: %{user: user2}}
-    )
-
-    Streamer.stream("user", activity)
-    Task.await(task)
+    {:ok, activity} = CommonAPI.post(user, %{status: "super hot take"})
+    {:ok, _} = CommonAPI.add_mute(user2, activity)
+    assert_receive {:render_with_user, _, _, ^activity}
+    assert Streamer.filtered_by_user?(user2, activity)
  end

  describe "direct streams" do
@ -562,103 +500,88 @@ defmodule Pleroma.Web.StreamerTest do
      user = insert(:user)
      another_user = insert(:user)

-      task =
-        Task.async(fn ->
-          assert_receive {:text, received_event}, @streamer_timeout
-
-          assert %{"event" => "conversation", "payload" => received_payload} =
-                   Jason.decode!(received_event)
-
-          assert %{"last_status" => last_status} = Jason.decode!(received_payload)
-          [participation] = Participation.for_user(user)
-          assert last_status["pleroma"]["direct_conversation_id"] == participation.id
-        end)
-
-      Streamer.add_socket(
-        "direct",
-        %{transport_pid: task.pid, assigns: %{user: user}}
-      )
+      Streamer.get_topic_and_add_socket("direct", user)

      {:ok, _create_activity} =
        CommonAPI.post(another_user, %{
-          "status" => "hey @#{user.nickname}",
-          "visibility" => "direct"
+          status: "hey @#{user.nickname}",
+          visibility: "direct"
        })

-      Task.await(task)
+      assert_receive {:text, received_event}
+
+      assert %{"event" => "conversation", "payload" => received_payload} =
+               Jason.decode!(received_event)
+
+      assert %{"last_status" => last_status} = Jason.decode!(received_payload)
+      [participation] = Participation.for_user(user)
+      assert last_status["pleroma"]["direct_conversation_id"] == participation.id
    end

    test "it doesn't send conversation update to the 'direct' stream when the last message in the conversation is deleted" do
      user = insert(:user)
      another_user = insert(:user)

+      Streamer.get_topic_and_add_socket("direct", user)
+
      {:ok, create_activity} =
        CommonAPI.post(another_user, %{
-          "status" => "hi @#{user.nickname}",
-          "visibility" => "direct"
+          status: "hi @#{user.nickname}",
+          visibility: "direct"
        })

-      task =
-        Task.async(fn ->
-          assert_receive {:text, received_event}, @streamer_timeout
-          assert %{"event" => "delete", "payload" => _} = Jason.decode!(received_event)
+      create_activity_id = create_activity.id
+      assert_receive {:render_with_user, _, _, ^create_activity}
+      assert_receive {:text, received_conversation1}
+      assert %{"event" => "conversation", "payload" => _} = Jason.decode!(received_conversation1)

-          refute_receive {:text, _}, @streamer_timeout
-        end)
+      {:ok, _} = CommonAPI.delete(create_activity_id, another_user)

-      Process.sleep(@streamer_start_wait)
+      assert_receive {:text, received_event}

-      Streamer.add_socket(
-        "direct",
-        %{transport_pid: task.pid, assigns: %{user: user}}
-      )
+      assert %{"event" => "delete", "payload" => ^create_activity_id} =
+               Jason.decode!(received_event)

-      {:ok, _} = CommonAPI.delete(create_activity.id, another_user)
-
-      Task.await(task)
+      refute_receive _
    end

    test "it sends conversation update to the 'direct' stream when a message is deleted" do
      user = insert(:user)
      another_user = insert(:user)
+      Streamer.get_topic_and_add_socket("direct", user)

      {:ok, create_activity} =
        CommonAPI.post(another_user, %{
-          "status" => "hi @#{user.nickname}",
-          "visibility" => "direct"
+          status: "hi @#{user.nickname}",
+          visibility: "direct"
        })

      {:ok, create_activity2} =
        CommonAPI.post(another_user, %{
-          "status" => "hi @#{user.nickname}",
-          "in_reply_to_status_id" => create_activity.id,
-          "visibility" => "direct"
+          status: "hi @#{user.nickname} 2",
+          in_reply_to_status_id: create_activity.id,
+          visibility: "direct"
        })

-      task =
-        Task.async(fn ->
-          assert_receive {:text, received_event}, @streamer_timeout
-          assert %{"event" => "delete", "payload" => _} = Jason.decode!(received_event)
-
-          assert_receive {:text, received_event}, @streamer_timeout
-
-          assert %{"event" => "conversation", "payload" => received_payload} =
-                   Jason.decode!(received_event)
-
-          assert %{"last_status" => last_status} = Jason.decode!(received_payload)
-          assert last_status["id"] == to_string(create_activity.id)
-        end)
-
-      Process.sleep(@streamer_start_wait)
-
-      Streamer.add_socket(
-        "direct",
-        %{transport_pid: task.pid, assigns: %{user: user}}
-      )
+      assert_receive {:render_with_user, _, _, ^create_activity}
+      assert_receive {:render_with_user, _, _, ^create_activity2}
+      assert_receive {:text, received_conversation1}
+      assert %{"event" => "conversation", "payload" => _} = Jason.decode!(received_conversation1)
+      assert_receive {:text, received_conversation1}
+      assert %{"event" => "conversation", "payload" => _} = Jason.decode!(received_conversation1)

      {:ok, _} = CommonAPI.delete(create_activity2.id, another_user)

-      Task.await(task)
+      assert_receive {:text, received_event}
+      assert %{"event" => "delete", "payload" => _} = Jason.decode!(received_event)
+
+      assert_receive {:text, received_event}
+
+      assert %{"event" => "conversation", "payload" => received_payload} =
+               Jason.decode!(received_event)
+
+      assert %{"last_status" => last_status} = Jason.decode!(received_payload)
+      assert last_status["id"] == to_string(create_activity.id)
    end
  end
 end
--- a/test/web/twitter_api/password_controller_test.exs
+++ b/test/web/twitter_api/password_controller_test.exs
@ -54,7 +54,7 @@ defmodule Pleroma.Web.TwitterAPI.PasswordControllerTest do
      assert response =~ "<h2>Password changed!</h2>"

      user = refresh_record(user)
-      assert Comeonin.Pbkdf2.checkpw("test", user.password_hash)
+      assert Pbkdf2.verify_pass("test", user.password_hash)
      assert Enum.empty?(Token.get_user_tokens(user))
    end

--- a/test/web/twitter_api/remote_follow_controller_test.exs
+++ b/test/web/twitter_api/remote_follow_controller_test.exs
@ -6,11 +6,14 @@ defmodule Pleroma.Web.TwitterAPI.RemoteFollowControllerTest do
  use Pleroma.Web.ConnCase

  alias Pleroma.Config
+  alias Pleroma.MFA
+  alias Pleroma.MFA.TOTP
  alias Pleroma.User
  alias Pleroma.Web.CommonAPI

  import ExUnit.CaptureLog
  import Pleroma.Factory
+  import Ecto.Query

  setup do
    Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
@ -160,6 +163,119 @@ defmodule Pleroma.Web.TwitterAPI.RemoteFollowControllerTest do
    end
  end

+  describe "POST /ostatus_subscribe - follow/2 with enabled Two-Factor Auth " do
+    test "render the MFA login form", %{conn: conn} do
+      otp_secret = TOTP.generate_secret()
+
+      user =
+        insert(:user,
+          multi_factor_authentication_settings: %MFA.Settings{
+            enabled: true,
+            totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
+          }
+        )
+
+      user2 = insert(:user)
+
+      response =
+        conn
+        |> post(remote_follow_path(conn, :do_follow), %{
+          "authorization" => %{"name" => user.nickname, "password" => "test", "id" => user2.id}
+        })
+        |> response(200)
+
+      mfa_token = Pleroma.Repo.one(from(q in Pleroma.MFA.Token, where: q.user_id == ^user.id))
+
+      assert response =~ "Two-factor authentication"
+      assert response =~ "Authentication code"
+      assert response =~ mfa_token.token
+      refute user2.follower_address in User.following(user)
+    end
+
+    test "returns error when password is incorrect", %{conn: conn} do
+      otp_secret = TOTP.generate_secret()
+
+      user =
+        insert(:user,
+          multi_factor_authentication_settings: %MFA.Settings{
+            enabled: true,
+            totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
+          }
+        )
+
+      user2 = insert(:user)
+
+      response =
+        conn
+        |> post(remote_follow_path(conn, :do_follow), %{
+          "authorization" => %{"name" => user.nickname, "password" => "test1", "id" => user2.id}
+        })
+        |> response(200)
+
+      assert response =~ "Wrong username or password"
+      refute user2.follower_address in User.following(user)
+    end
+
+    test "follows", %{conn: conn} do
+      otp_secret = TOTP.generate_secret()
+
+      user =
+        insert(:user,
+          multi_factor_authentication_settings: %MFA.Settings{
+            enabled: true,
+            totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
+          }
+        )
+
+      {:ok, %{token: token}} = MFA.Token.create_token(user)
+
+      user2 = insert(:user)
+      otp_token = TOTP.generate_token(otp_secret)
+
+      conn =
+        conn
+        |> post(
+          remote_follow_path(conn, :do_follow),
+          %{
+            "mfa" => %{"code" => otp_token, "token" => token, "id" => user2.id}
+          }
+        )
+
+      assert redirected_to(conn) == "/users/#{user2.id}"
+      assert user2.follower_address in User.following(user)
+    end
+
+    test "returns error when auth code is incorrect", %{conn: conn} do
+      otp_secret = TOTP.generate_secret()
+
+      user =
+        insert(:user,
+          multi_factor_authentication_settings: %MFA.Settings{
+            enabled: true,
+            totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
+          }
+        )
+
+      {:ok, %{token: token}} = MFA.Token.create_token(user)
+
+      user2 = insert(:user)
+      otp_token = TOTP.generate_token(TOTP.generate_secret())
+
+      response =
+        conn
+        |> post(
+          remote_follow_path(conn, :do_follow),
+          %{
+            "mfa" => %{"code" => otp_token, "token" => token, "id" => user2.id}
+          }
+        )
+        |> response(200)
+
+      assert response =~ "Wrong authentication code"
+      refute user2.follower_address in User.following(user)
+    end
+  end
+
  describe "POST /ostatus_subscribe - follow/2 without assigned user " do
    test "follows", %{conn: conn} do
      user = insert(:user)
--- a/test/web/twitter_api/util_controller_test.exs
+++ b/test/web/twitter_api/util_controller_test.exs
@ -688,7 +688,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do

      assert json_response(conn, 200) == %{"status" => "success"}
      fetched_user = User.get_cached_by_id(user.id)
-      assert Comeonin.Pbkdf2.checkpw("newpass", fetched_user.password_hash) == true
+      assert Pbkdf2.verify_pass("newpass", fetched_user.password_hash) == true
    end
  end

--- a/test/web/web_finger/web_finger_test.exs
+++ b/test/web/web_finger/web_finger_test.exs
@ -67,7 +67,7 @@ defmodule Pleroma.Web.WebFingerTest do
      assert data["magic_key"] == nil
      assert data["salmon"] == nil

-      assert data["topic"] == "https://mstdn.jp/users/kPherox.atom"
+      assert data["topic"] == nil
      assert data["subject"] == "acct:kPherox@mstdn.jp"
      assert data["ap_id"] == "https://mstdn.jp/users/kPherox"
      assert data["subscribe_address"] == "https://mstdn.jp/authorize_interaction?acct={uri}"