Merge branch 'develop' into host-verification

2026-05-14 06:01:31 +00:00 · 2026-05-14 06:01:31 +00:00 · b90ac6b9c7
commit b90ac6b9c7
parent 4810d2536e 5b63307f85
20 changed files with 414 additions and 22 deletions
--- a/changelog.d/captcha-package.fix
+++ b/changelog.d/captcha-package.fix
@ -0,0 +1 @@
+Switch native captcha to the published pleroma_captcha Hex package.
--- a/changelog.d/iceshrimpnet-reports-fix.fix
+++ b/changelog.d/iceshrimpnet-reports-fix.fix
@ -0,0 +1 @@
+Handle reports with just actor ap id as the object
--- a/changelog.d/majic-1.2.0.change
+++ b/changelog.d/majic-1.2.0.change
@ -0,0 +1 @@
+Update majic to 1.2.0.
--- a/changelog.d/oban-plugins-lazarus-hex.change
+++ b/changelog.d/oban-plugins-lazarus-hex.change
@ -0,0 +1 @@
+Use the Hex package for oban_plugins_lazarus.
--- a/changelog.d/reject-third-party-reports.fix
+++ b/changelog.d/reject-third-party-reports.fix
@ -0,0 +1 @@
+Reject incoming reports when both the reporter and reported account are remote
--- a/changelog.d/remote-ip-hex.change
+++ b/changelog.d/remote-ip-hex.change
@ -0,0 +1 @@
+Use upstream Hex releases for the `remote_ip` dependency and expose client IP ranges for remote IP resolution.
--- a/changelog.d/user-search-sorting.change
+++ b/changelog.d/user-search-sorting.change
@ -0,0 +1 @@
+Improve user search / autocompletion ordering.
--- a/config/config.exs
+++ b/config/config.exs
@ -738,6 +738,7 @@ config :pleroma, Pleroma.Workers.PurgeExpiredActivity, enabled: true, min_lifeti
 config :pleroma, Pleroma.Web.Plugs.RemoteIp,
  enabled: true,
  headers: ["x-forwarded-for"],
+  clients: [],
  proxies: [],
  reserved: [
    "127.0.0.0/8",
--- a/config/description.exs
+++ b/config/description.exs
@ -2910,7 +2910,7 @@ config :pleroma, :config_description, [
    key: Pleroma.Web.Plugs.RemoteIp,
    type: :group,
    description: """
-    `Pleroma.Web.Plugs.RemoteIp` is a shim to call [`RemoteIp`](https://git.pleroma.social/pleroma/remote_ip) but with runtime configuration.
+    `Pleroma.Web.Plugs.RemoteIp` is a shim to call [`RemoteIp`](https://hex.pm/packages/remote_ip) but with runtime configuration.
    **If your instance is not behind at least one reverse proxy, you should not enable this plug.**
    """,
    children: [
@ -2926,6 +2926,12 @@ config :pleroma, :config_description, [
          A list of strings naming the HTTP headers to use when deriving the true client IP. Default: `["x-forwarded-for"]`.
        """
      },
+      %{
+        key: :clients,
+        type: {:list, :string},
+        description:
+          "A list of client IPs or subnets in CIDR notation. These will not be treated as proxies or reserved ranges. Defaults to `[]`. IPv4 entries without a bitmask will be assumed to be /32 and IPv6 /128."
+      },
      %{
        key: :proxies,
        type: {:list, :string},
--- a/lib/pleroma/signature.ex
+++ b/lib/pleroma/signature.ex
@ -104,7 +104,7 @@ defmodule Pleroma.Signature do
      |> put_req_header("(request-target)", request_target)
      |> put_req_header("@request-target", request_target)

-    @http_signatures_impl.validate_conn(conn)
+    @http_signatures_impl.validate_conn(conn) == true
  end

  @spec validate_signature(Plug.Conn.t()) :: boolean()
--- a/lib/pleroma/user/search.ex
+++ b/lib/pleroma/user/search.ex
@ -4,6 +4,7 @@

 defmodule Pleroma.User.Search do
  alias Pleroma.EctoType.ActivityPub.ObjectValidators.Uri, as: UriType
+  alias Pleroma.Instances.Instance
  alias Pleroma.Pagination
  alias Pleroma.User

@ -88,12 +89,13 @@ defmodule Pleroma.User.Search do
    |> filter_invisible_users()
    |> filter_internal_users()
    |> filter_blocked_domains(for_user)
+    |> filter_unreachable_users()
    |> fts_search(query_string)
    |> select_top_users(top_user_ids)
    |> trigram_rank(query_string)
    |> boost_search_rank(for_user, top_user_ids)
    |> subquery()
-    |> order_by(desc: :search_rank)
+    |> order_by_search_rank(for_user)
    |> maybe_restrict_local(for_user)
    |> maybe_restrict_accepting_chat_messages(capabilities)
    |> filter_deactivated_users()
@ -196,6 +198,14 @@ defmodule Pleroma.User.Search do

  defp filter_blocked_domains(query, _), do: query

+  defp filter_unreachable_users(query) do
+    from(u in query,
+      left_join: i in Instance,
+      on: i.host == fragment("substring(? from '.*://([^/]*)')", u.ap_id),
+      where: is_nil(i.unreachable_since)
+    )
+  end
+
  defp maybe_resolve(true, user, query) do
    case {limit(), user} do
      {:all, _} -> :noop
@ -236,6 +246,16 @@ defmodule Pleroma.User.Search do

    from(u in subquery(query),
      select_merge: %{
+        search_type:
+          fragment(
+            """
+            CASE WHEN (?) THEN 2
+            WHEN (?) THEN 1
+            ELSE 0 END
+            """,
+            u.id in ^top_user_ids,
+            u.id in ^friends_ids or u.id in ^followers_ids
+          ),
        search_rank:
          fragment(
            """
@ -261,6 +281,14 @@ defmodule Pleroma.User.Search do
  defp boost_search_rank(query, _for_user, top_user_ids) do
    from(u in subquery(query),
      select_merge: %{
+        search_type:
+          fragment(
+            """
+            CASE WHEN (?) THEN 2
+            ELSE 0 END
+            """,
+            u.id in ^top_user_ids
+          ),
        search_rank:
          fragment(
            """
@ -273,4 +301,22 @@ defmodule Pleroma.User.Search do
      }
    )
  end
+
+  defp order_by_search_rank(query, %User{}) do
+    order_by(
+      query,
+      [u],
+      desc: u.search_type,
+      desc_nulls_last:
+        fragment(
+          "CASE WHEN ? = 1 THEN COALESCE(?, ?) ELSE NULL END",
+          u.search_type,
+          u.last_status_at,
+          u.last_active_at
+        ),
+      desc: u.search_rank
+    )
+  end
+
+  defp order_by_search_rank(query, _), do: order_by(query, desc: :search_rank)
 end
--- a/lib/pleroma/web/activity_pub/transmogrifier.ex
+++ b/lib/pleroma/web/activity_pub/transmogrifier.ex
@ -430,6 +430,12 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
    end)
  end

+  defp reject_third_party_report(%User{local: false}, %User{local: false} = account) do
+    {:reject, "[Transmogrifier] third-party report: #{account.ap_id}"}
+  end
+
+  defp reject_third_party_report(_, _), do: :ok
+
  def handle_incoming(data, options \\ []) do
    data
    |> fix_recursive(&strip_internal_fields/1)
@ -444,9 +450,11 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
       ) do
    with context <- data["context"] || Utils.generate_context_id(),
         content <- data["content"] || "",
+         objects <- List.wrap(objects),
         %User{} = actor <- User.get_cached_by_ap_id(actor),
         # Reduce the object list to find the reported user.
         %User{} = account <- get_reported(objects),
+         :ok <- reject_third_party_report(actor, account),
         # Remove the reported user from the object list.
         statuses <- Enum.filter(objects, fn ap_id -> ap_id != account.ap_id end) do
      %{
--- a/lib/pleroma/web/plugs/remote_ip.ex
+++ b/lib/pleroma/web/plugs/remote_ip.ex
@ -4,7 +4,7 @@

 defmodule Pleroma.Web.Plugs.RemoteIp do
  @moduledoc """
-  This is a shim to call [`RemoteIp`](https://git.pleroma.social/pleroma/remote_ip) but with runtime configuration.
+  This is a shim to call [`RemoteIp`](https://hex.pm/packages/remote_ip) but with runtime configuration.
  """

  alias Pleroma.Config
@ -17,15 +17,29 @@ defmodule Pleroma.Web.Plugs.RemoteIp do

  def call(%{remote_ip: original_remote_ip} = conn, _) do
    if Config.get([__MODULE__, :enabled]) do
-      %{remote_ip: new_remote_ip} = conn = RemoteIp.call(conn, remote_ip_opts())
+      new_remote_ip = remote_ip(conn) || original_remote_ip
+
+      conn = %{conn | remote_ip: new_remote_ip}
      assign(conn, :remote_ip_found, original_remote_ip != new_remote_ip)
    else
      conn
    end
  end

+  defp remote_ip(conn) do
+    opts = remote_ip_opts()
+
+    # Do not use RemoteIp.from/2 here: upstream remote_ip always applies its
+    # built-in reserved ranges. Pleroma keeps :reserved configurable, so reuse
+    # only the header parsing and apply Pleroma's own block classification.
+    conn.req_headers
+    |> RemoteIp.Headers.take(opts[:headers])
+    |> RemoteIp.Headers.parse()
+    |> Enum.reverse()
+    |> Enum.find(&client?(&1, opts))
+  end
+
  defp remote_ip_opts do
-    headers = Config.get([__MODULE__, :headers], []) |> MapSet.new()
    reserved = Config.get([__MODULE__, :reserved], [])

    proxies =
@ -33,6 +47,26 @@ defmodule Pleroma.Web.Plugs.RemoteIp do
      |> Enum.concat(reserved)
      |> Enum.map(&InetHelper.parse_cidr/1)

-    {headers, proxies}
+    clients =
+      Config.get([__MODULE__, :clients], [])
+      |> Enum.map(&InetHelper.parse_cidr/1)
+
+    [
+      headers: Config.get([__MODULE__, :headers], []),
+      clients: clients,
+      proxies: proxies
+    ]
+  end
+
+  defp client?(ip, opts) do
+    client_ip?(ip, opts[:clients]) || !proxy_ip?(ip, opts[:proxies])
+  end
+
+  defp client_ip?(ip, clients) do
+    Enum.any?(clients, &InetCidr.contains?(&1, ip))
+  end
+
+  defp proxy_ip?(ip, proxies) do
+    Enum.any?(proxies, &InetCidr.contains?(&1, ip))
  end
 end
--- a/mix.exs
+++ b/mix.exs
@ -137,9 +137,7 @@ defmodule Pleroma.Mixfile do
      {:tzdata, "~> 1.0.5"},
      {:plug_cowboy, "~> 2.7"},
      {:oban, "~> 2.19.4"},
-      {:oban_plugins_lazarus,
-       git: "https://git.pleroma.social/pleroma/elixir-libraries/oban_plugins_lazarus.git",
-       ref: "e49fc355baaf0e435208bf5f534d31e26e897711"},
+      {:oban_plugins_lazarus, "~> 0.1.1"},
      {:oban_web, "~> 2.11"},
      {:gettext, "~> 0.24"},
      {:bcrypt_elixir, "~> 2.3"},
@ -184,14 +182,11 @@ defmodule Pleroma.Mixfile do
      {:plug_static_index_html, "~> 1.0.0"},
      {:flake_id, "~> 0.1.0"},
      {:concurrent_limiter, "~> 0.1.1"},
-      {:remote_ip,
-       git: "https://git.pleroma.social/pleroma/remote_ip.git",
-       ref: "b647d0deecaa3acb140854fe4bda5b7e1dc6d1c8"},
-      {:captcha,
-       git: "https://git.pleroma.social/pleroma/elixir-libraries/elixir-captcha.git",
-       ref: "e7b7cc34cc16b383461b966484c297e4ec9aeef6"},
+      {:remote_ip, "~> 1.2.0"},
+      {:inet_cidr, "~> 1.0"},
+      {:captcha, "~> 1.0.3", hex: :pleroma_captcha},
      {:restarter, path: "./restarter"},
-      {:majic, "~> 1.1"},
+      {:majic, "~> 1.2"},
      {:open_api_spex, "~> 3.22"},
      {:ecto_psql_extras, "~> 0.8"},
      {:vix, "~> 0.36"},
--- a/mix.lock
+++ b/mix.lock
@ -10,7 +10,7 @@
  "bunt": {:hex, :bunt, "1.0.0", "081c2c665f086849e6d57900292b3a161727ab40431219529f13c4ddcf3e7a44", [:mix], [], "hexpm", "dc5f86aa08a5f6fa6b8096f0735c4e76d54ae5c9fa2c143e5a1fc7c1cd9bb6b5"},
  "cachex": {:hex, :cachex, "3.6.0", "14a1bfbeee060dd9bec25a5b6f4e4691e3670ebda28c8ba2884b12fe30b36bf8", [:mix], [{:eternal, "~> 1.2", [hex: :eternal, repo: "hexpm", optional: false]}, {:jumper, "~> 1.0", [hex: :jumper, repo: "hexpm", optional: false]}, {:sleeplocks, "~> 1.1", [hex: :sleeplocks, repo: "hexpm", optional: false]}, {:unsafe, "~> 1.0", [hex: :unsafe, repo: "hexpm", optional: false]}], "hexpm", "ebf24e373883bc8e0c8d894a63bbe102ae13d918f790121f5cfe6e485cc8e2e2"},
  "calendar": {:hex, :calendar, "1.0.0", "f52073a708528482ec33d0a171954ca610fe2bd28f1e871f247dc7f1565fa807", [:mix], [{:tzdata, "~> 0.1.201603 or ~> 0.5.20 or ~> 1.0", [hex: :tzdata, repo: "hexpm", optional: false]}], "hexpm", "990e9581920c82912a5ee50e62ff5ef96da6b15949a2ee4734f935fdef0f0a6f"},
-  "captcha": {:git, "https://git.pleroma.social/pleroma/elixir-libraries/elixir-captcha.git", "e7b7cc34cc16b383461b966484c297e4ec9aeef6", [ref: "e7b7cc34cc16b383461b966484c297e4ec9aeef6"]},
+  "captcha": {:hex, :pleroma_captcha, "1.0.3", "6cc1440e91a092653fe909f028cc4c5d83ea858b1439e3b9a85e446382e2b9a3", [:make, :mix], [], "hexpm", "477f62c1a845a9458c546658223295f958f98136acef89c05beb278b1b6f4a14"},
  "castore": {:hex, :castore, "1.0.15", "8aa930c890fe18b6fe0a0cff27b27d0d4d231867897bd23ea772dee561f032a3", [:mix], [], "hexpm", "96ce4c69d7d5d7a0761420ef743e2f4096253931a3ba69e5ff8ef1844fe446d3"},
  "cc_precompiler": {:hex, :cc_precompiler, "0.1.11", "8c844d0b9fb98a3edea067f94f616b3f6b29b959b6b3bf25fee94ffe34364768", [:mix], [{:elixir_make, "~> 0.7", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "3427232caf0835f94680e5bcf082408a70b48ad68a5f5c0b02a3bea9f3a075b9"},
  "certifi": {:hex, :certifi, "2.12.0", "2d1cca2ec95f59643862af91f001478c9863c2ac9cb6e2f89780bfd8de987329", [:rebar3], [], "hexpm", "ee68d85df22e554040cdb4be100f33873ac6051387baf6a8f6ce82272340ff1c"},
@ -65,7 +65,7 @@
  "http_signatures": {:hex, :http_signatures, "0.1.3", "19f26aee35b4684e37efdce3ac4638605e6e41a04368186bd39d2b6138a60ea9", [:mix], [{:plug, "~> 1.18", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "20313a65516db88006f85b090f6f76cc5b04e9609b45943657e6781eb91174f4"},
  "httpoison": {:hex, :httpoison, "1.8.2", "9eb9c63ae289296a544842ef816a85d881d4a31f518a0fec089aaa744beae290", [:mix], [{:hackney, "~> 1.17", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm", "2bb350d26972e30c96e2ca74a1aaf8293d61d0742ff17f01e0279fef11599921"},
  "idna": {:hex, :idna, "6.1.1", "8a63070e9f7d0c62eb9d9fcb360a7de382448200fbbd1b106cc96d3d8099df8d", [:rebar3], [{:unicode_util_compat, "~> 0.7.0", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "92376eb7894412ed19ac475e4a86f7b413c1b9fbb5bd16dccd57934157944cea"},
-  "inet_cidr": {:hex, :inet_cidr, "1.0.8", "d26bb7bdbdf21ae401ead2092bf2bb4bf57fe44a62f5eaa5025280720ace8a40", [:mix], [], "hexpm", "d5b26da66603bb56c933c65214c72152f0de9a6ea53618b56d63302a68f6a90e"},
+  "inet_cidr": {:hex, :inet_cidr, "1.0.9", "e0ef72a2942529da78c8e4147d53f2ef5f6f5293335c3637b0fdf83c012cc816", [:mix], [], "hexpm", "172da15ff7cf635b1feaf14f5818be28c811b37cc5fb7c5f7c01058c1c1066cc"},
  "jason": {:hex, :jason, "1.4.4", "b9226785a9aa77b6857ca22832cffa5d5011a667207eb2a0ad56adb5db443b8a", [:mix], [{:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "c5eb0cab91f094599f94d55bc63409236a8ec69a21a67814529e8d5f6cc90b3b"},
  "joken": {:hex, :joken, "2.6.2", "5daaf82259ca603af4f0b065475099ada1b2b849ff140ccd37f4b6828ca6892a", [:mix], [{:jose, "~> 1.11.10", [hex: :jose, repo: "hexpm", optional: false]}], "hexpm", "5134b5b0a6e37494e46dbf9e4dad53808e5e787904b7c73972651b51cce3d72b"},
  "jose": {:hex, :jose, "1.11.10", "a903f5227417bd2a08c8a00a0cbcc458118be84480955e8d251297a425723f83", [:mix, :rebar3], [], "hexpm", "0d6cd36ff8ba174db29148fc112b5842186b68a90ce9fc2b3ec3afe76593e614"},
@ -73,7 +73,7 @@
  "linkify": {:hex, :linkify, "0.5.3", "5f8143d8f61f5ff08d3aeeff47ef6509492b4948d8f08007fbf66e4d2246a7f2", [:mix], [], "hexpm", "3ef35a1377d47c25506e07c1c005ea9d38d700699d92ee92825f024434258177"},
  "logger_backends": {:hex, :logger_backends, "1.0.0", "09c4fad6202e08cb0fbd37f328282f16539aca380f512523ce9472b28edc6bdf", [:mix], [], "hexpm", "1faceb3e7ec3ef66a8f5746c5afd020e63996df6fd4eb8cdb789e5665ae6c9ce"},
  "mail": {:hex, :mail, "0.3.1", "cb0a14e4ed8904e4e5a08214e686ccf6f9099346885db17d8c309381f865cc5c", [:mix], [], "hexpm", "1db701e89865c1d5fa296b2b57b1cd587587cca8d8a1a22892b35ef5a8e352a6"},
-  "majic": {:hex, :majic, "1.1.1", "16092a3a3376cc5e13d207e82ec06e05a5561170465e50cc11cc4df8a5747938", [:make, :mix], [{:elixir_make, "~> 0.8.4", [hex: :elixir_make, repo: "hexpm", optional: false]}, {:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}, {:nimble_pool, "~> 1.0", [hex: :nimble_pool, repo: "hexpm", optional: false]}, {:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: true]}], "hexpm", "7fbb0372f0447b3f777056177d6ab3f009742e68474f850521ff56b84bd85b96"},
+  "majic": {:hex, :majic, "1.2.0", "414b69c1460ece692fa892a0ed6669b8db6a44c42bb3071cb723854f22e7bd78", [:make, :mix], [{:elixir_make, "~> 0.8.4", [hex: :elixir_make, repo: "hexpm", optional: false]}, {:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}, {:nimble_pool, "~> 1.0", [hex: :nimble_pool, repo: "hexpm", optional: false]}, {:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: true]}], "hexpm", "0bd0c65f8e4dcc595757d957577f6151b59246da9614ba87debfdc641ccc0514"},
  "makeup": {:hex, :makeup, "1.0.5", "d5a830bc42c9800ce07dd97fa94669dfb93d3bf5fcf6ea7a0c67b2e0e4a7f26c", [:mix], [{:nimble_parsec, "~> 0.5 or ~> 1.0", [hex: :nimble_parsec, repo: "hexpm", optional: false]}], "hexpm", "cfa158c02d3f5c0c665d0af11512fed3fba0144cf1aadee0f2ce17747fba2ca9"},
  "makeup_elixir": {:hex, :makeup_elixir, "0.14.1", "4f0e96847c63c17841d42c08107405a005a2680eb9c7ccadfd757bd31dabccfb", [:mix], [{:makeup, "~> 1.0", [hex: :makeup, repo: "hexpm", optional: false]}], "hexpm", "f2438b1a80eaec9ede832b5c41cd4f373b38fd7aa33e3b22d9db79e640cbde11"},
  "makeup_erlang": {:hex, :makeup_erlang, "1.0.2", "03e1804074b3aa64d5fad7aa64601ed0fb395337b982d9bcf04029d68d51b6a7", [:mix], [{:makeup, "~> 1.0", [hex: :makeup, repo: "hexpm", optional: false]}], "hexpm", "af33ff7ef368d5893e4a267933e7744e46ce3cf1f61e2dccf53a111ed3aa3727"},
@ -96,7 +96,7 @@
  "oban": {:hex, :oban, "2.19.4", "045adb10db1161dceb75c254782f97cdc6596e7044af456a59decb6d06da73c1", [:mix], [{:ecto_sql, "~> 3.10", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:ecto_sqlite3, "~> 0.9", [hex: :ecto_sqlite3, repo: "hexpm", optional: true]}, {:igniter, "~> 0.5", [hex: :igniter, repo: "hexpm", optional: true]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: true]}, {:myxql, "~> 0.7", [hex: :myxql, repo: "hexpm", optional: true]}, {:postgrex, "~> 0.16", [hex: :postgrex, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "5fcc6219e6464525b808d97add17896e724131f498444a292071bf8991c99f97"},
  "oban_live_dashboard": {:hex, :oban_live_dashboard, "0.1.1", "8aa4ceaf381c818f7d5c8185cc59942b8ac82ef0cf559881aacf8d3f8ac7bdd3", [:mix], [{:oban, "~> 2.15", [hex: :oban, repo: "hexpm", optional: false]}, {:phoenix_live_dashboard, "~> 0.7", [hex: :phoenix_live_dashboard, repo: "hexpm", optional: false]}], "hexpm", "16dc4ce9c9a95aa2e655e35ed4e675652994a8def61731a18af85e230e1caa63"},
  "oban_met": {:hex, :oban_met, "1.0.5", "bb633ab06448dab2ef9194f6688d33b3d07fc3f2ad793a1a08f4dfbb2cc9fe50", [:mix], [{:oban, "~> 2.19", [hex: :oban, repo: "hexpm", optional: false]}], "hexpm", "64664d50805bbfd3903aeada1f3c39634652a87844797ee400b0bcc95a28f5ea"},
-  "oban_plugins_lazarus": {:git, "https://git.pleroma.social/pleroma/elixir-libraries/oban_plugins_lazarus.git", "e49fc355baaf0e435208bf5f534d31e26e897711", [ref: "e49fc355baaf0e435208bf5f534d31e26e897711"]},
+  "oban_plugins_lazarus": {:hex, :oban_plugins_lazarus, "0.1.1", "a5141d569e5b9f3bec8f4a958231d2c538af097d3c1ad06274f096fc06956821", [:mix], [{:oban, "< 3.0.0", [hex: :oban, repo: "hexpm", optional: false]}], "hexpm", "7e9c51bc44d33f71c0a52cf0cd5c8d4c70380ede065c1042013f5123f2fc9729"},
  "oban_web": {:hex, :oban_web, "2.11.6", "53933cb4253c4d9f1098ee311c06f07935259f0e564dcf2d66bae4cc98e317fe", [:mix], [{:jason, "~> 1.2", [hex: :jason, repo: "hexpm", optional: false]}, {:oban, "~> 2.19", [hex: :oban, repo: "hexpm", optional: false]}, {:oban_met, "~> 1.0", [hex: :oban_met, repo: "hexpm", optional: false]}, {:phoenix, "~> 1.7", [hex: :phoenix, repo: "hexpm", optional: false]}, {:phoenix_html, "~> 3.3 or ~> 4.0", [hex: :phoenix_html, repo: "hexpm", optional: false]}, {:phoenix_live_view, "~> 1.0", [hex: :phoenix_live_view, repo: "hexpm", optional: false]}, {:phoenix_pubsub, "~> 2.1", [hex: :phoenix_pubsub, repo: "hexpm", optional: false]}], "hexpm", "576d94b705688c313694c2c114ca21aa0f8f2ad1b9ca45c052c5ba316d3e8d10"},
  "octo_fetch": {:hex, :octo_fetch, "0.4.0", "074b5ecbc08be10b05b27e9db08bc20a3060142769436242702931c418695b19", [:mix], [{:castore, "~> 0.1 or ~> 1.0", [hex: :castore, repo: "hexpm", optional: false]}, {:ssl_verify_fun, "~> 1.1", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}], "hexpm", "cf8be6f40cd519d7000bb4e84adcf661c32e59369ca2827c4e20042eda7a7fc6"},
  "open_api_spex": {:hex, :open_api_spex, "3.22.0", "fbf90dc82681dc042a4ee79853c8e989efbba73d9e87439085daf849bbf8bc20", [:mix], [{:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:plug, "~> 1.7", [hex: :plug, repo: "hexpm", optional: false]}, {:poison, "~> 3.0 or ~> 4.0 or ~> 5.0 or ~> 6.0", [hex: :poison, repo: "hexpm", optional: true]}, {:ymlr, "~> 2.0 or ~> 3.0 or ~> 4.0 or ~> 5.0", [hex: :ymlr, repo: "hexpm", optional: true]}], "hexpm", "dd751ddbdd709bb4a5313e9a24530da6e66594773c7242a0c2592cbd9f589063"},
@ -132,7 +132,7 @@
  "quic": {:hex, :quic, "0.10.2", "4b390507a85f65ce47808f3df1a864e0baf9adb7a1b4ea9f4dcd66fe9d0cb166", [:rebar3], [], "hexpm", "7c196a66973c877a59768a5687f0a0610ff11817254d0a4e45cc4e3a16b1d00b"},
  "ranch": {:hex, :ranch, "2.2.0", "25528f82bc8d7c6152c57666ca99ec716510fe0925cb188172f41ce93117b1b0", [:make, :rebar3], [], "hexpm", "fa0b99a1780c80218a4197a59ea8d3bdae32fbff7e88527d7d8a4787eff4f8e7"},
  "recon": {:hex, :recon, "2.5.6", "9052588e83bfedfd9b72e1034532aee2a5369d9d9343b61aeb7fbce761010741", [:mix, :rebar3], [], "hexpm", "96c6799792d735cc0f0fd0f86267e9d351e63339cbe03df9d162010cefc26bb0"},
-  "remote_ip": {:git, "https://git.pleroma.social/pleroma/remote_ip.git", "b647d0deecaa3acb140854fe4bda5b7e1dc6d1c8", [ref: "b647d0deecaa3acb140854fe4bda5b7e1dc6d1c8"]},
+  "remote_ip": {:hex, :remote_ip, "1.2.0", "fb078e12a44414f4cef5a75963c33008fe169b806572ccd17257c208a7bc760f", [:mix], [{:combine, "~> 0.10", [hex: :combine, repo: "hexpm", optional: false]}, {:plug, "~> 1.14", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "2ff91de19c48149ce19ed230a81d377186e4412552a597d6a5137373e5877cb7"},
  "rustler": {:hex, :rustler, "0.30.0", "cefc49922132b072853fa9b0ca4dc2ffcb452f68fb73b779042b02d545e097fb", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:toml, "~> 0.6", [hex: :toml, repo: "hexpm", optional: false]}], "hexpm", "9ef1abb6a7dda35c47cfc649e6a5a61663af6cf842a55814a554a84607dee389"},
  "sleeplocks": {:hex, :sleeplocks, "1.1.3", "96a86460cc33b435c7310dbd27ec82ca2c1f24ae38e34f8edde97f756503441a", [:rebar3], [], "hexpm", "d3b3958552e6eb16f463921e70ae7c767519ef8f5be46d7696cc1ed649421321"},
  "ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.7", "354c321cf377240c7b8716899e182ce4890c5938111a1296add3ec74cf1715df", [:make, :mix, :rebar3], [], "hexpm", "fe4c190e8f37401d30167c8c405eda19469f34577987c76dde613e838bbc67f8"},
--- a/test/pleroma/dependency_version_test.exs
+++ b/test/pleroma/dependency_version_test.exs
@ -0,0 +1,16 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.DependencyVersionTest do
+  use ExUnit.Case, async: true
+
+  test "uses majic 1.2" do
+    majic_version =
+      :majic
+      |> Application.spec(:vsn)
+      |> to_string()
+
+    assert Version.match?(majic_version, "~> 1.2")
+  end
+end
--- a/test/pleroma/signature_test.exs
+++ b/test/pleroma/signature_test.exs
@ -11,6 +11,7 @@ defmodule Pleroma.SignatureTest do
  import Mock

  alias Pleroma.Signature
+  alias Pleroma.StubbedHTTPSignaturesMock, as: HTTPSignaturesMock

  setup do
    mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
@ -103,6 +104,18 @@ defmodule Pleroma.SignatureTest do
    end
  end

+  describe "validate_signature/1" do
+    test "treats HTTP signature errors as failed validation" do
+      conn = %Plug.Conn{method: "GET", request_path: "/inbox", req_headers: []}
+
+      Mox.expect(HTTPSignaturesMock, :validate_conn, fn _conn ->
+        {:error, :request_target_header}
+      end)
+
+      assert Signature.validate_signature(conn) == false
+    end
+  end
+
  describe "key_id_to_actor_id/1" do
    test "it properly deduces the actor id for misskey" do
      assert Signature.key_id_to_actor_id("https://example.com/users/1234/publickey") ==
--- a/test/pleroma/user/search_test.exs
+++ b/test/pleroma/user/search_test.exs
@ -0,0 +1,195 @@
+# Pleroma: A lightweight social networking server
+# Copyright © Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.User.SearchTest do
+  use Pleroma.DataCase, async: false
+
+  import Pleroma.Factory
+
+  alias Pleroma.Instances
+  alias Pleroma.Repo
+  alias Pleroma.User
+
+  describe "search/2 mention suggestions" do
+    test "prioritizes followed/follower users before others" do
+      user = insert(:user)
+
+      related =
+        insert(:user,
+          local: false,
+          nickname: "hj@real.example",
+          ap_id: "https://real.example/users/hj",
+          last_status_at: ~N[2020-01-01 00:00:00]
+        )
+
+      other = insert(:user, nickname: "hj", last_status_at: ~N[2020-01-02 00:00:00])
+
+      {:ok, _related, _user} = User.follow(related, user)
+
+      results = User.search("hj", for_user: user) |> Enum.map(& &1.id)
+
+      assert results == [related.id, other.id]
+    end
+
+    test "orders followed/follower users by most recent activity" do
+      user = insert(:user)
+
+      older =
+        insert(:user,
+          local: false,
+          nickname: "ali@remote.example",
+          ap_id: "https://remote.example/users/ali",
+          last_status_at: ~N[2020-01-01 00:00:00]
+        )
+
+      newer =
+        insert(:user,
+          local: false,
+          nickname: "alia@remote.example",
+          ap_id: "https://remote.example/users/alia",
+          last_status_at: ~N[2020-01-02 00:00:00]
+        )
+
+      {:ok, _user, _older} = User.follow(user, older)
+      {:ok, _user, _newer} = User.follow(user, newer)
+
+      assert [newer.id, older.id] ==
+               User.search("ali", for_user: user)
+               |> Enum.map(& &1.id)
+    end
+
+    test "groups followed/follower users first and sorts them by recency" do
+      user = insert(:user)
+
+      following_newest =
+        insert(:user,
+          local: false,
+          nickname: "mentiontesta@related.example",
+          ap_id: "https://related.example/users/mentiontesta",
+          last_status_at: ~N[2020-01-03 00:00:00]
+        )
+
+      follower_middle =
+        insert(:user,
+          local: false,
+          nickname: "mentiontestb@related.example",
+          ap_id: "https://related.example/users/mentiontestb",
+          last_status_at: ~N[2020-01-02 00:00:00]
+        )
+
+      mutual_oldest =
+        insert(:user,
+          local: false,
+          nickname: "mentiontestc@related.example",
+          ap_id: "https://related.example/users/mentiontestc",
+          last_status_at: ~N[2020-01-01 00:00:00]
+        )
+
+      unrelated_newer =
+        insert(:user,
+          local: false,
+          nickname: "mentiontestd@unrelated.example",
+          ap_id: "https://unrelated.example/users/mentiontestd",
+          last_status_at: ~N[2020-01-04 00:00:00]
+        )
+
+      {:ok, _user, _following_newest} = User.follow(user, following_newest)
+      {:ok, _follower_middle, _user} = User.follow(follower_middle, user)
+
+      {:ok, _user, _mutual_oldest} = User.follow(user, mutual_oldest)
+      {:ok, _mutual_oldest, _user} = User.follow(mutual_oldest, user)
+
+      results = User.search("mentiontest", for_user: user)
+
+      assert Enum.map(results, & &1.id) ==
+               [following_newest.id, follower_middle.id, mutual_oldest.id, unrelated_newer.id]
+    end
+
+    test "uses last_active_at when last_status_at is missing" do
+      user = insert(:user)
+
+      older =
+        insert(:user,
+          local: false,
+          nickname: "activefallbacka@remote.example",
+          ap_id: "https://remote.example/users/activefallbacka",
+          last_status_at: nil,
+          last_active_at: ~N[2020-01-01 00:00:00]
+        )
+
+      newer =
+        insert(:user,
+          local: false,
+          nickname: "activefallbackb@remote.example",
+          ap_id: "https://remote.example/users/activefallbackb",
+          last_status_at: nil,
+          last_active_at: ~N[2020-01-02 00:00:00]
+        )
+
+      {:ok, _user, _older} = User.follow(user, older)
+      {:ok, _user, _newer} = User.follow(user, newer)
+
+      assert [newer.id, older.id] ==
+               User.search("activefallback", for_user: user)
+               |> Enum.map(& &1.id)
+    end
+
+    test "does not return deactivated users even if related" do
+      user = insert(:user)
+
+      active =
+        insert(:user,
+          local: false,
+          nickname: "deactivatedtesta@remote.example",
+          ap_id: "https://remote.example/users/deactivatedtesta",
+          last_status_at: ~N[2020-01-02 00:00:00]
+        )
+
+      deactivated =
+        insert(:user,
+          local: false,
+          nickname: "deactivatedtestb@remote.example",
+          ap_id: "https://remote.example/users/deactivatedtestb",
+          last_status_at: ~N[2020-01-03 00:00:00]
+        )
+
+      {:ok, _user, _active} = User.follow(user, active)
+      {:ok, _user, _deactivated} = User.follow(user, deactivated)
+      Repo.update!(Ecto.Changeset.change(deactivated, is_active: false))
+
+      results = User.search("deactivatedtest", for_user: user) |> Enum.map(& &1.id)
+
+      assert results == [active.id]
+    end
+
+    test "does not return users from unreachable instances" do
+      user = insert(:user)
+
+      {:ok, _instance} = Instances.set_unreachable("dead.example")
+
+      dead =
+        insert(:user,
+          local: false,
+          nickname: "ali@dead.example",
+          ap_id: "https://dead.example/users/ali",
+          last_status_at: ~N[2020-01-02 00:00:00]
+        )
+
+      alive =
+        insert(:user,
+          local: false,
+          nickname: "ali@alive.example",
+          ap_id: "https://alive.example/users/ali",
+          last_status_at: ~N[2020-01-02 00:00:00]
+        )
+
+      {:ok, _user, _alive} = User.follow(user, alive)
+      {:ok, _user, _dead} = User.follow(user, dead)
+
+      results = User.search("ali", for_user: user) |> Enum.map(& &1.id)
+
+      assert results == [alive.id]
+    end
+  end
+end
--- a/test/pleroma/web/activity_pub/transmogrifier_test.exs
+++ b/test/pleroma/web/activity_pub/transmogrifier_test.exs
@ -86,6 +86,43 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
      assert activity.data["cc"] == [user.ap_id]
    end

+    test "it rejects Flag activities when both reporter and reported account are remote" do
+      reporter = insert(:user, local: false, domain: "mastodon.cat")
+      reported = insert(:user, local: false, domain: "nicecrew.digital")
+
+      message = %{
+        "@context" => "https://www.w3.org/ns/activitystreams",
+        "actor" => reporter.ap_id,
+        "content" => "blocked AND reported!!!",
+        "object" => [reported.ap_id, "https://nicecrew.digital/objects/report-status"],
+        "type" => "Flag"
+      }
+
+      assert {:reject, reason} = Transmogrifier.handle_incoming(message)
+      assert reason =~ "third-party report"
+      refute "Flag" |> Pleroma.Activity.Queries.by_type() |> Pleroma.Repo.one()
+    end
+
+    test "it accepts Flag activities with just actor id as object" do
+      user = insert(:user)
+      other_user = insert(:user)
+
+      message = %{
+        "@context" => "https://www.w3.org/ns/activitystreams",
+        "cc" => [user.ap_id],
+        "object" => user.ap_id,
+        "type" => "Flag",
+        "content" => "blocked AND reported!!!",
+        "actor" => other_user.ap_id
+      }
+
+      assert {:ok, activity} = Transmogrifier.handle_incoming(message)
+
+      assert activity.data["content"] == "blocked AND reported!!!"
+      assert activity.data["actor"] == other_user.ap_id
+      assert activity.data["cc"] == [user.ap_id]
+    end
+
    test "it accepts Move activities" do
      old_user = insert(:user)
      new_user = insert(:user)
--- a/test/pleroma/web/plugs/remote_ip_test.exs
+++ b/test/pleroma/web/plugs/remote_ip_test.exs
@ -106,4 +106,38 @@ defmodule Pleroma.Web.Plugs.RemoteIpTest do

    assert conn.remote_ip == {1, 1, 1, 1}
  end
+
+  test "reserved ranges are configurable" do
+    clear_config([RemoteIp, :reserved], [])
+
+    conn =
+      conn(:get, "/")
+      |> put_req_header("x-forwarded-for", "1.1.1.1, 10.0.0.3")
+      |> RemoteIp.call(nil)
+
+    assert conn.remote_ip == {10, 0, 0, 3}
+  end
+
+  test "clients override reserved ranges" do
+    clear_config([RemoteIp, :clients], ["10.0.0.0/8"])
+
+    conn =
+      conn(:get, "/")
+      |> put_req_header("x-forwarded-for", "1.1.1.1, 10.0.0.3")
+      |> RemoteIp.call(nil)
+
+    assert conn.remote_ip == {10, 0, 0, 3}
+  end
+
+  test "clients override proxies" do
+    clear_config([RemoteIp, :clients], ["10.0.0.3"])
+    clear_config([RemoteIp, :proxies], ["10.0.0.0/8"])
+
+    conn =
+      conn(:get, "/")
+      |> put_req_header("x-forwarded-for", "1.1.1.1, 10.0.0.3")
+      |> RemoteIp.call(nil)
+
+    assert conn.remote_ip == {10, 0, 0, 3}
+  end
 end
				`@ -0,0 +1 @@`
				`Switch native captcha to the published pleroma_captcha Hex package.`
				`@ -0,0 +1 @@`
				`Handle reports with just actor ap id as the object`
				`@ -0,0 +1 @@`
				`Use the Hex package for oban_plugins_lazarus.`
				`@ -0,0 +1 @@`
				`Reject incoming reports when both the reporter and reported account are remote`
				`@ -0,0 +1 @@`
				Use upstream Hex releases for the `remote_ip` dependency and expose client IP ranges for remote IP resolution.
				`@ -0,0 +1 @@`
				`Improve user search / autocompletion ordering.`