Merge branch 'develop' into issue/941

2019-06-04 09:49:08 +03:00 · 2019-06-04 09:49:08 +03:00 · 4f2e359687
commit 4f2e359687
parent 64ada7f960 0f8f63c6bb
45 changed files with 1456 additions and 149 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -52,8 +52,7 @@ unit-testing:
    - mix deps.get
    - mix ecto.create
    - mix ecto.migrate
-    - mix test --trace --preload-modules
+    - mix coveralls --trace --preload-modules
    - mix coveralls
 unit-testing-rum:
  stage: test
@ -122,8 +121,7 @@ review_app:
    - (ssh -t dokku@pleroma.online -- postgres:create $(echo $CI_ENVIRONMENT_SLUG | sed -e 's/-/_/g')_db) || true
    - (ssh -t dokku@pleroma.online -- postgres:link $(echo $CI_ENVIRONMENT_SLUG | sed -e 's/-/_/g')_db "$CI_ENVIRONMENT_SLUG") || true
    - (ssh -t dokku@pleroma.online -- certs:add "$CI_ENVIRONMENT_SLUG" /home/dokku/server.crt /home/dokku/server.key) || true
-    - (git remote add dokku dokku@pleroma.online:$CI_ENVIRONMENT_SLUG) || true
+    - git push -f dokku@pleroma.online:$CI_ENVIRONMENT_SLUG $CI_COMMIT_SHA:refs/heads/master
    - git push -f dokku $CI_COMMIT_SHA:refs/heads/master
 stop_review_app:
  image: alpine:3.9
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ## [unreleased]
 ### Added
 - Add a generic settings store for frontends / clients to use.
 - Optional SSH access mode. (Needs `erlang-ssh` package on some distributions).
 - [MongooseIM](https://github.com/esl/MongooseIM) http authentication support.
 - LDAP authentication
@ -16,7 +17,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Mix Tasks: `mix pleroma.database remove_embedded_objects`
 - Mix Tasks: `mix pleroma.database update_users_following_followers_counts`
 - Mix Tasks: `mix pleroma.user toggle_confirmed`
 - Federation: Support for `Question` and `Answer` objects
 - Federation: Support for reports
 - Configuration: `poll_limits` option
 - Configuration: `safe_dm_mentions` option
 - Configuration: `link_name` option
 - Configuration: `fetch_initial_posts` option
@ -37,6 +40,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Mastodon API: `/api/v1/pleroma/accounts/:id/favourites` (API extension)
 - Mastodon API: [Reports](https://docs.joinmastodon.org/api/rest/reports/)
 - Mastodon API: `POST /api/v1/accounts` (account creation API)
 - Mastodon API: [Polls](https://docs.joinmastodon.org/api/rest/polls/)
 - ActivityPub C2S: OAuth endpoints
 - Metadata: RelMe provider
 - OAuth: added support for refresh tokens
@ -45,6 +49,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - OAuth: added job to clean expired access tokens
 - MRF: Support for rejecting reports from specific instances (`mrf_simple`)
 - MRF: Support for stripping avatars and banner images from specific instances (`mrf_simple`)
 - MRF: Support for running subchains.
 - Configuration: `skip_thread_containment` option
 ### Changed
--- a/config/config.exs
+++ b/config/config.exs
@ -208,6 +208,12 @@
  avatar_upload_limit: 2_000_000,
  background_upload_limit: 4_000_000,
  banner_upload_limit: 4_000_000,
  poll_limits: %{
    max_options: 20,
    max_option_chars: 200,
    min_expiration: 0,
    max_expiration: 365 * 24 * 60 * 60
  },
  registrations_open: true,
  federating: true,
  federation_reachability_timeout_days: 7,
@ -321,6 +327,8 @@
  federated_timeline_removal: [],
  replace: []
 config :pleroma, :mrf_subchain, match_actor: %{}
 config :pleroma, :rich_media, enabled: true
 config :pleroma, :media_proxy,
@ -454,7 +462,11 @@
 config :esshd,
  enabled: false
-oauth_consumer_strategies = String.split(System.get_env("OAUTH_CONSUMER_STRATEGIES") || "")
+oauth_consumer_strategies =
  System.get_env("OAUTH_CONSUMER_STRATEGIES")
  |> to_string()
  |> String.split()
  |> Enum.map(&hd(String.split(&1, ":")))
 ueberauth_providers =
  for strategy <- oauth_consumer_strategies do
--- a/docs/api/differences_in_mastoapi_responses.md
+++ b/docs/api/differences_in_mastoapi_responses.md
@ -43,6 +43,7 @@ Has these additional fields under the `pleroma` object:
 - `confirmation_pending`: boolean, true if a new user account is waiting on email confirmation to be activated
 - `hide_followers`: boolean, true when the user has follower hiding enabled
 - `hide_follows`: boolean, true when the user has follow hiding enabled
 - `settings_store`: A generic map of settings for frontends. Opaque to the backend. Only returned in `verify_credentials` and `update_credentials`
 ### Source
@ -80,8 +81,17 @@ Additional parameters can be added to the JSON body/Form data:
 - `hide_favorites` - if true, user's favorites timeline will be hidden
 - `show_role` - if true, user's role (e.g admin, moderator) will be exposed to anyone in the API
 - `default_scope` - the scope returned under `privacy` key in Source subentity
 - `pleroma_settings_store` - Opaque user settings to be saved on the backend.
 - `skip_thread_containment` - if true, skip filtering out broken threads
 ### Pleroma Settings Store
 Pleroma has mechanism that allows frontends to save blobs of json for each user on the backend. This can be used to save frontend-specific settings for a user that the backend does not need to know about.
 The parameter should have a form of `{frontend_name: {...}}`, with `frontend_name` identifying your type of client, e.g. `pleroma_fe`. It will overwrite everything under this property, but will not overwrite other frontend's settings.
 This information is returned in the `verify_credentials` endpoint.
 >>>>>>> develop
 ## Authentication
 *Pleroma supports refreshing tokens.
--- a/docs/config.md
+++ b/docs/config.md
@ -71,6 +71,11 @@ config :pleroma, Pleroma.Emails.Mailer,
 * `avatar_upload_limit`: File size limit of user’s profile avatars
 * `background_upload_limit`: File size limit of user’s profile backgrounds
 * `banner_upload_limit`: File size limit of user’s profile banners
 * `poll_limits`: A map with poll limits for **local** polls
  * `max_options`: Maximum number of options
  * `max_option_chars`: Maximum number of characters per option
  * `min_expiration`: Minimum expiration time (in seconds)
  * `max_expiration`: Maximum expiration time (in seconds)
 * `registrations_open`: Enable registrations for anyone, invitations can be enabled when false.
 * `invites_enabled`: Enable user invitations for admins (depends on `registrations_open: false`).
 * `account_activation_required`: Require users to confirm their emails before signing in.
@ -81,6 +86,7 @@ config :pleroma, Pleroma.Emails.Mailer,
  * `Pleroma.Web.ActivityPub.MRF.NoOpPolicy`: Doesn’t modify activities (default)
  * `Pleroma.Web.ActivityPub.MRF.DropPolicy`: Drops all activities. It generally doesn’t makes sense to use in production
  * `Pleroma.Web.ActivityPub.MRF.SimplePolicy`: Restrict the visibility of activities from certains instances (See ``:mrf_simple`` section)
  * `Pleroma.Web.ActivityPub.MRF.SubchainPolicy`: Selectively runs other MRF policies when messages match (see ``:mrf_subchain`` section)
  * `Pleroma.Web.ActivityPub.MRF.RejectNonPublic`: Drops posts with non-public visibility settings (See ``:mrf_rejectnonpublic`` section)
  * `Pleroma.Web.ActivityPub.MRF.EnsureRePrepended`: Rewrites posts to ensure that replies to posts with subjects do not have an identical subject and instead begin with re:.
 * `public`: Makes the client API in authentificated mode-only except for user-profiles. Useful for disabling the Local Timeline and The Whole Known Network.
@ -225,6 +231,21 @@ relates to mascots on the mastodon frontend
 * `avatar_removal`: List of instances to strip avatars from
 * `banner_removal`: List of instances to strip banners from
 ## :mrf_subchain
 This policy processes messages through an alternate pipeline when a given message matches certain criteria.
 All criteria are configured as a map of regular expressions to lists of policy modules.
 * `match_actor`: Matches a series of regular expressions against the actor field.
 Example:
 ```
 config :pleroma, :mrf_subchain,
  match_actor: %{
    ~r/https:\/\/example.com/s => [Pleroma.Web.ActivityPub.MRF.DropPolicy]
  }
 ```
 ## :mrf_rejectnonpublic
 * `allow_followersonly`: whether to allow followers-only posts
 * `allow_direct`: whether to allow direct messages
@ -493,7 +514,7 @@ Authentication / authorization settings.
 * `auth_template`: authentication form template. By default it's `show.html` which corresponds to `lib/pleroma/web/templates/o_auth/o_auth/show.html.eex`.
 * `oauth_consumer_template`: OAuth consumer mode authentication form template. By default it's `consumer.html` which corresponds to `lib/pleroma/web/templates/o_auth/o_auth/consumer.html.eex`.
-* `oauth_consumer_strategies`: the list of enabled OAuth consumer strategies; by default it's set by OAUTH_CONSUMER_STRATEGIES environment variable.
+* `oauth_consumer_strategies`: the list of enabled OAuth consumer strategies; by default it's set by OAUTH_CONSUMER_STRATEGIES environment variable. Each entry in this space-delimited string should be of format `<strategy>` or `<strategy>:<dependency>` (e.g. `twitter` or `keycloak:ueberauth_keycloak_strategy` in case dependency is named differently than `ueberauth_<strategy>`).
 ## OAuth consumer mode
--- a/lib/pleroma/conversation.ex
+++ b/lib/pleroma/conversation.ex
@ -49,7 +49,7 @@ def create_or_bump_for(activity, opts \\ []) do
    with true <- Pleroma.Web.ActivityPub.Visibility.is_direct?(activity),
         "Create" <- activity.data["type"],
         object <- Pleroma.Object.normalize(activity),
-         "Note" <- object.data["type"],
+         true <- object.data["type"] in ["Note", "Question"],
         ap_id when is_binary(ap_id) and byte_size(ap_id) > 0 <- object.data["context"] do
      {:ok, conversation} = create_for_ap_id(ap_id)
--- a/lib/pleroma/notification.ex
+++ b/lib/pleroma/notification.ex
@ -127,10 +127,15 @@ def dismiss(%{id: user_id} = _user, id) do
  def create_notifications(%Activity{data: %{"to" => _, "type" => type}} = activity)
      when type in ["Create", "Like", "Announce", "Follow"] do
-    users = get_notified_from_activity(activity)
+    object = Object.normalize(activity)
-    notifications = Enum.map(users, fn user -> create_notification(activity, user) end)
+    unless object && object.data["type"] == "Answer" do
-    {:ok, notifications}
+      users = get_notified_from_activity(activity)
      notifications = Enum.map(users, fn user -> create_notification(activity, user) end)
      {:ok, notifications}
    else
      {:ok, []}
    end
  end
  def create_notifications(_), do: {:ok, []}
@ -166,7 +171,16 @@ def get_notified_from_activity(
  def get_notified_from_activity(_, _local_only), do: []
  def skip?(activity, user) do
-    [:self, :blocked, :local, :muted, :followers, :follows, :recently_followed]
+    [
      :self,
      :blocked,
      :muted,
      :followers,
      :follows,
      :non_followers,
      :non_follows,
      :recently_followed
    ]
    |> Enum.any?(&skip?(&1, activity, user))
  end
@ -179,12 +193,6 @@ def skip?(:blocked, activity, user) do
    User.blocks?(user, %{ap_id: actor})
  end
  def skip?(:local, %{local: true}, %{info: %{notification_settings: %{"local" => false}}}),
    do: true
  def skip?(:local, %{local: false}, %{info: %{notification_settings: %{"remote" => false}}}),
    do: true
  def skip?(:muted, activity, user) do
    actor = activity.data["actor"]
@ -201,12 +209,32 @@ def skip?(
    User.following?(follower, user)
  end
  def skip?(
        :non_followers,
        activity,
        %{info: %{notification_settings: %{"non_followers" => false}}} = user
      ) do
    actor = activity.data["actor"]
    follower = User.get_cached_by_ap_id(actor)
    !User.following?(follower, user)
  end
  def skip?(:follows, activity, %{info: %{notification_settings: %{"follows" => false}}} = user) do
    actor = activity.data["actor"]
    followed = User.get_cached_by_ap_id(actor)
    User.following?(user, followed)
  end
  def skip?(
        :non_follows,
        activity,
        %{info: %{notification_settings: %{"non_follows" => false}}} = user
      ) do
    actor = activity.data["actor"]
    followed = User.get_cached_by_ap_id(actor)
    !User.following?(user, followed)
  end
  def skip?(:recently_followed, %{data: %{"type" => "Follow"}} = activity, user) do
    actor = activity.data["actor"]
--- a/lib/pleroma/object.ex
+++ b/lib/pleroma/object.ex
@ -35,6 +35,9 @@ def change(struct, params \\ %{}) do
    |> unique_constraint(:ap_id, name: :objects_unique_apid_index)
  end
  def get_by_id(nil), do: nil
  def get_by_id(id), do: Repo.get(Object, id)
  def get_by_ap_id(nil), do: nil
  def get_by_ap_id(ap_id) do
@ -195,4 +198,34 @@ def decrease_replies_count(ap_id) do
      _ -> {:error, "Not found"}
    end
  end
  def increase_vote_count(ap_id, name) do
    with %Object{} = object <- Object.normalize(ap_id),
         "Question" <- object.data["type"] do
      multiple = Map.has_key?(object.data, "anyOf")
      options =
        (object.data["anyOf"] || object.data["oneOf"] || [])
        |> Enum.map(fn
          %{"name" => ^name} = option ->
            Kernel.update_in(option["replies"]["totalItems"], &(&1 + 1))
          option ->
            option
        end)
      data =
        if multiple do
          Map.put(object.data, "anyOf", options)
        else
          Map.put(object.data, "oneOf", options)
        end
      object
      |> Object.change(%{data: data})
      |> update_and_set_cache()
    else
      _ -> :noop
    end
  end
 end
--- a/lib/pleroma/reverse_proxy.ex
+++ b/lib/pleroma/reverse_proxy.ex
@ -61,8 +61,6 @@ defmodule Pleroma.ReverseProxy do
  * `http`: options for [hackney](https://github.com/benoitc/hackney).
  """
  @hackney Pleroma.Config.get(:hackney, :hackney)
  @default_hackney_options []
  @inline_content_types [
@ -148,7 +146,7 @@ defp request(method, url, headers, hackney_opts) do
    Logger.debug("#{__MODULE__} #{method} #{url} #{inspect(headers)}")
    method = method |> String.downcase() |> String.to_existing_atom()
-    case @hackney.request(method, url, headers, "", hackney_opts) do
+    case :hackney.request(method, url, headers, "", hackney_opts) do
      {:ok, code, headers, client} when code in @valid_resp_codes ->
        {:ok, code, downcase_headers(headers), client}
@ -198,7 +196,7 @@ defp chunk_reply(conn, client, opts, sent_so_far, duration) do
             duration,
             Keyword.get(opts, :max_read_duration, @max_read_duration)
           ),
-         {:ok, data} <- @hackney.stream_body(client),
+         {:ok, data} <- :hackney.stream_body(client),
         {:ok, duration} <- increase_read_duration(duration),
         sent_so_far = sent_so_far + byte_size(data),
         :ok <- body_size_constraint(sent_so_far, Keyword.get(opts, :max_body_size)),
--- a/lib/pleroma/user/info.ex
+++ b/lib/pleroma/user/info.ex
@ -44,9 +44,15 @@ defmodule Pleroma.User.Info do
    field(:pinned_activities, {:array, :string}, default: [])
    field(:mascot, :map, default: nil)
    field(:emoji, {:array, :map}, default: [])
    field(:pleroma_settings_store, :map, default: %{})
    field(:notification_settings, :map,
-      default: %{"remote" => true, "local" => true, "followers" => true, "follows" => true}
+      default: %{
        "followers" => true,
        "follows" => true,
        "non_follows" => true,
        "non_followers" => true
      }
    )
    field(:skip_thread_containment, :boolean, default: false)
@ -69,10 +75,15 @@ def set_activation_status(info, deactivated) do
  end
  def update_notification_settings(info, settings) do
    settings =
      settings
      |> Enum.map(fn {k, v} -> {k, v in [true, "true", "True", "1"]} end)
      |> Map.new()
    notification_settings =
      info.notification_settings
      |> Map.merge(settings)
-      |> Map.take(["remote", "local", "followers", "follows"])
+      |> Map.take(["followers", "follows", "non_follows", "non_followers"])
    params = %{notification_settings: notification_settings}
@ -211,7 +222,8 @@ def profile_update(info, params) do
      :hide_favorites,
      :background,
      :show_role,
-      :skip_thread_containment
+      :skip_thread_containment,
      :pleroma_settings_store
    ])
  end
--- a/lib/pleroma/web/activity_pub/activity_pub.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub.ex
@ -109,6 +109,15 @@ def decrease_replies_count_if_reply(%Object{
  def decrease_replies_count_if_reply(_object), do: :noop
  def increase_poll_votes_if_vote(%{
        "object" => %{"inReplyTo" => reply_ap_id, "name" => name},
        "type" => "Create"
      }) do
    Object.increase_vote_count(reply_ap_id, name)
  end
  def increase_poll_votes_if_vote(_create_data), do: :noop
  def insert(map, local \\ true, fake \\ false) when is_map(map) do
    with nil <- Activity.normalize(map),
         map <- lazy_put_activity_defaults(map, fake),
@ -184,40 +193,42 @@ def stream_out(activity) do
    public = "https://www.w3.org/ns/activitystreams#Public"
    if activity.data["type"] in ["Create", "Announce", "Delete"] do
-      Pleroma.Web.Streamer.stream("user", activity)
+      object = Object.normalize(activity)
-      Pleroma.Web.Streamer.stream("list", activity)
+      # Do not stream out poll replies
      unless object.data["type"] == "Answer" do
        Pleroma.Web.Streamer.stream("user", activity)
        Pleroma.Web.Streamer.stream("list", activity)
-      if Enum.member?(activity.data["to"], public) do
+        if Enum.member?(activity.data["to"], public) do
-        Pleroma.Web.Streamer.stream("public", activity)
+          Pleroma.Web.Streamer.stream("public", activity)
-        if activity.local do
+          if activity.local do
-          Pleroma.Web.Streamer.stream("public:local", activity)
+            Pleroma.Web.Streamer.stream("public:local", activity)
-        end
+          end
-        if activity.data["type"] in ["Create"] do
+          if activity.data["type"] in ["Create"] do
-          object = Object.normalize(activity)
+            object.data
            |> Map.get("tag", [])
            |> Enum.filter(fn tag -> is_bitstring(tag) end)
            |> Enum.each(fn tag -> Pleroma.Web.Streamer.stream("hashtag:" <> tag, activity) end)
-          object.data
+            if object.data["attachment"] != [] do
-          |> Map.get("tag", [])
+              Pleroma.Web.Streamer.stream("public:media", activity)
          |> Enum.filter(fn tag -> is_bitstring(tag) end)
          |> Enum.each(fn tag -> Pleroma.Web.Streamer.stream("hashtag:" <> tag, activity) end)
-          if object.data["attachment"] != [] do
+              if activity.local do
-            Pleroma.Web.Streamer.stream("public:media", activity)
+                Pleroma.Web.Streamer.stream("public:local:media", activity)
-
+              end
            if activity.local do
              Pleroma.Web.Streamer.stream("public:local:media", activity)
            end
          end
        else
          # TODO: Write test, replace with visibility test
          if !Enum.member?(activity.data["cc"] || [], public) &&
               !Enum.member?(
                 activity.data["to"],
                 User.get_cached_by_ap_id(activity.data["actor"]).follower_address
               ),
             do: Pleroma.Web.Streamer.stream("direct", activity)
        end
      else
        # TODO: Write test, replace with visibility test
        if !Enum.member?(activity.data["cc"] || [], public) &&
             !Enum.member?(
               activity.data["to"],
               User.get_cached_by_ap_id(activity.data["actor"]).follower_address
             ),
           do: Pleroma.Web.Streamer.stream("direct", activity)
      end
    end
  end
@ -236,6 +247,7 @@ def create(%{to: to, actor: actor, context: context, object: object} = params, f
         {:ok, activity} <- insert(create_data, local, fake),
         {:fake, false, activity} <- {:fake, fake, activity},
         _ <- increase_replies_count_if_reply(create_data),
         _ <- increase_poll_votes_if_vote(create_data),
         # Changing note count prior to enqueuing federation task in order to avoid
         # race conditions on updating user.info
         {:ok, _actor} <- increase_note_count_if_public(actor, activity),
@ -477,6 +489,7 @@ defp fetch_activities_for_context_query(context, opts) do
      if opts["user"], do: [opts["user"].ap_id | opts["user"].following] ++ public, else: public
    from(activity in Activity)
    |> maybe_preload_objects(opts)
    |> restrict_blocked(opts)
    |> restrict_recipients(recipients, opts["user"])
    |> where(
@ -489,6 +502,7 @@ defp fetch_activities_for_context_query(context, opts) do
        ^context
      )
    )
    |> exclude_poll_votes(opts)
    |> order_by([activity], desc: activity.id)
  end
@ -496,7 +510,6 @@ defp fetch_activities_for_context_query(context, opts) do
  def fetch_activities_for_context(context, opts \\ %{}) do
    context
    |> fetch_activities_for_context_query(opts)
    |> Activity.with_preloaded_object()
    |> Repo.all()
  end
@ -504,7 +517,7 @@ def fetch_activities_for_context(context, opts \\ %{}) do
          Pleroma.FlakeId.t() | nil
  def fetch_latest_activity_id_for_context(context, opts \\ %{}) do
    context
-    |> fetch_activities_for_context_query(opts)
+    |> fetch_activities_for_context_query(Map.merge(%{"skip_preload" => true}, opts))
    |> limit(1)
    |> select([a], a.id)
    |> Repo.one()
@ -803,6 +816,18 @@ defp restrict_muted_reblogs(query, %{"muting_user" => %User{info: info}}) do
  defp restrict_muted_reblogs(query, _), do: query
  defp exclude_poll_votes(query, %{"include_poll_votes" => "true"}), do: query
  defp exclude_poll_votes(query, _) do
    if has_named_binding?(query, :object) do
      from([activity, object: o] in query,
        where: fragment("not(?->>'type' = ?)", o.data, "Answer")
      )
    else
      query
    end
  end
  defp maybe_preload_objects(query, %{"skip_preload" => true}), do: query
  defp maybe_preload_objects(query, _) do
@ -864,6 +889,7 @@ def fetch_activities_query(recipients, opts \\ %{}) do
    |> restrict_pinned(opts)
    |> restrict_muted_reblogs(opts)
    |> Activity.restrict_deactivated_users()
    |> exclude_poll_votes(opts)
  end
  def fetch_activities(recipients, opts \\ %{}) do
--- a/lib/pleroma/web/activity_pub/mrf.ex
+++ b/lib/pleroma/web/activity_pub/mrf.ex
@ -5,8 +5,8 @@
 defmodule Pleroma.Web.ActivityPub.MRF do
  @callback filter(Map.t()) :: {:ok | :reject, Map.t()}
-  def filter(object) do
+  def filter(policies, %{} = object) do
-    get_policies()
+    policies
    |> Enum.reduce({:ok, object}, fn
      policy, {:ok, object} ->
        policy.filter(object)
@ -16,6 +16,8 @@ def filter(object) do
    end)
  end
  def filter(%{} = object), do: get_policies() |> filter(object)
  def get_policies do
    Pleroma.Config.get([:instance, :rewrite_policy], []) |> get_policies()
  end
--- a/lib/pleroma/web/activity_pub/mrf/subchain_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/subchain_policy.ex
@ -0,0 +1,40 @@
 # Pleroma: A lightweight social networking server
 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Web.ActivityPub.MRF.SubchainPolicy do
  alias Pleroma.Config
  alias Pleroma.Web.ActivityPub.MRF
  require Logger
  @behaviour MRF
  defp lookup_subchain(actor) do
    with matches <- Config.get([:mrf_subchain, :match_actor]),
         {match, subchain} <- Enum.find(matches, fn {k, _v} -> String.match?(actor, k) end) do
      {:ok, match, subchain}
    else
      _e -> {:error, :notfound}
    end
  end
  @impl true
  def filter(%{"actor" => actor} = message) do
    with {:ok, match, subchain} <- lookup_subchain(actor) do
      Logger.debug(
        "[SubchainPolicy] Matched #{actor} against #{inspect(match)} with subchain #{
          inspect(subchain)
        }"
      )
      subchain
      |> MRF.filter(message)
    else
      _e -> {:ok, message}
    end
  end
  @impl true
  def filter(message), do: {:ok, message}
 end
--- a/lib/pleroma/web/activity_pub/transmogrifier.ex
+++ b/lib/pleroma/web/activity_pub/transmogrifier.ex
@ -35,6 +35,7 @@ def fix_object(object) do
    |> fix_likes
    |> fix_addressing
    |> fix_summary
    |> fix_type
  end
  def fix_summary(%{"summary" => nil} = object) do
@ -335,6 +336,18 @@ def fix_content_map(%{"contentMap" => content_map} = object) do
  def fix_content_map(object), do: object
  def fix_type(%{"inReplyTo" => reply_id} = object) when is_binary(reply_id) do
    reply = Object.normalize(reply_id)
    if reply.data["type"] == "Question" and object["name"] do
      Map.put(object, "type", "Answer")
    else
      object
    end
  end
  def fix_type(object), do: object
  defp mastodon_follow_hack(%{"id" => id, "actor" => follower_id}, followed) do
    with true <- id =~ "follows",
         %User{local: true} = follower <- User.get_cached_by_ap_id(follower_id),
@ -405,7 +418,7 @@ def handle_incoming(%{"id" => id}) when not (is_binary(id) and length(id) > 8),
  # - tags
  # - emoji
  def handle_incoming(%{"type" => "Create", "object" => %{"type" => objtype} = object} = data)
-      when objtype in ["Article", "Note", "Video", "Page"] do
+      when objtype in ["Article", "Note", "Video", "Page", "Question", "Answer"] do
    actor = Containment.get_actor(data)
    data =
@ -738,6 +751,7 @@ def prepare_object(object) do
    |> set_reply_to_uri
    |> strip_internal_fields
    |> strip_internal_tags
    |> set_type
  end
  #  @doc
@ -902,6 +916,12 @@ def set_sensitive(object) do
    Map.put(object, "sensitive", "nsfw" in tags)
  end
  def set_type(%{"type" => "Answer"} = object) do
    Map.put(object, "type", "Note")
  end
  def set_type(object), do: object
  def add_attributed_to(object) do
    attributed_to = object["attributedTo"] || object["actor"]
--- a/lib/pleroma/web/activity_pub/utils.ex
+++ b/lib/pleroma/web/activity_pub/utils.ex
@ -19,7 +19,7 @@ defmodule Pleroma.Web.ActivityPub.Utils do
  require Logger
-  @supported_object_types ["Article", "Note", "Video", "Page"]
+  @supported_object_types ["Article", "Note", "Video", "Page", "Question", "Answer"]
  @supported_report_states ~w(open closed resolved)
  @valid_visibilities ~w(public unlisted private direct)
@ -789,4 +789,21 @@ defp get_updated_targets(
        [to, cc, recipients]
    end
  end
  def get_existing_votes(actor, %{data: %{"id" => id}}) do
    query =
      from(
        [activity, object: object] in Activity.with_preloaded_object(Activity),
        where: fragment("(?)->>'actor' = ?", activity.data, ^actor),
        where:
          fragment(
            "(?)->'inReplyTo' = ?",
            object.data,
            ^to_string(id)
          ),
        where: fragment("(?)->>'type' = 'Answer'", object.data)
      )
    Repo.all(query)
  end
 end
--- a/lib/pleroma/web/common_api/common_api.ex
+++ b/lib/pleroma/web/common_api/common_api.ex
@ -119,6 +119,53 @@ def unfavorite(id_or_ap_id, user) do
    end
  end
  def vote(user, object, choices) do
    with "Question" <- object.data["type"],
         {:author, false} <- {:author, object.data["actor"] == user.ap_id},
         {:existing_votes, []} <- {:existing_votes, Utils.get_existing_votes(user.ap_id, object)},
         {options, max_count} <- get_options_and_max_count(object),
         option_count <- Enum.count(options),
         {:choice_check, {choices, true}} <-
           {:choice_check, normalize_and_validate_choice_indices(choices, option_count)},
         {:count_check, true} <- {:count_check, Enum.count(choices) <= max_count} do
      answer_activities =
        Enum.map(choices, fn index ->
          answer_data = make_answer_data(user, object, Enum.at(options, index)["name"])
          ActivityPub.create(%{
            to: answer_data["to"],
            actor: user,
            context: object.data["context"],
            object: answer_data,
            additional: %{"cc" => answer_data["cc"]}
          })
        end)
      object = Object.get_cached_by_ap_id(object.data["id"])
      {:ok, answer_activities, object}
    else
      {:author, _} -> {:error, "Poll's author can't vote"}
      {:existing_votes, _} -> {:error, "Already voted"}
      {:choice_check, {_, false}} -> {:error, "Invalid indices"}
      {:count_check, false} -> {:error, "Too many choices"}
    end
  end
  defp get_options_and_max_count(object) do
    if Map.has_key?(object.data, "anyOf") do
      {object.data["anyOf"], Enum.count(object.data["anyOf"])}
    else
      {object.data["oneOf"], 1}
    end
  end
  defp normalize_and_validate_choice_indices(choices, count) do
    Enum.map_reduce(choices, true, fn index, valid ->
      index = if is_binary(index), do: String.to_integer(index), else: index
      {index, if(valid, do: index < count, else: valid)}
    end)
  end
  def get_visibility(%{"visibility" => visibility}, in_reply_to)
      when visibility in ~w{public unlisted private direct},
      do: {visibility, get_replied_to_visibility(in_reply_to)}
@ -154,6 +201,7 @@ def post(user, %{"status" => status} = data) do
             data,
             visibility
           ),
         {poll, poll_emoji} <- make_poll_data(data),
         {to, cc} <- to_for_user_and_mentions(user, mentions, in_reply_to, visibility),
         context <- make_context(in_reply_to),
         cw <- data["spoiler_text"] || "",
@ -171,13 +219,14 @@ def post(user, %{"status" => status} = data) do
             tags,
             cw,
             cc,
-             sensitive
+             sensitive,
             poll
           ),
         object <-
           Map.put(
             object,
             "emoji",
-             Formatter.get_emoji_map(full_payload)
+             Map.merge(Formatter.get_emoji_map(full_payload), poll_emoji)
           ) do
      res =
        ActivityPub.create(
--- a/lib/pleroma/web/common_api/utils.ex
+++ b/lib/pleroma/web/common_api/utils.ex
@ -102,6 +102,72 @@ def to_for_user_and_mentions(_user, mentions, inReplyTo, "direct") do
    end
  end
  def make_poll_data(%{"poll" => %{"options" => options, "expires_in" => expires_in}} = data)
      when is_list(options) do
    %{max_expiration: max_expiration, min_expiration: min_expiration} =
      limits = Pleroma.Config.get([:instance, :poll_limits])
    # XXX: There is probably a cleaner way of doing this
    try do
      # In some cases mastofe sends out strings instead of integers
      expires_in = if is_binary(expires_in), do: String.to_integer(expires_in), else: expires_in
      if Enum.count(options) > limits.max_options do
        raise ArgumentError, message: "Poll can't contain more than #{limits.max_options} options"
      end
      {poll, emoji} =
        Enum.map_reduce(options, %{}, fn option, emoji ->
          if String.length(option) > limits.max_option_chars do
            raise ArgumentError,
              message:
                "Poll options cannot be longer than #{limits.max_option_chars} characters each"
          end
          {%{
             "name" => option,
             "type" => "Note",
             "replies" => %{"type" => "Collection", "totalItems" => 0}
           }, Map.merge(emoji, Formatter.get_emoji_map(option))}
        end)
      case expires_in do
        expires_in when expires_in > max_expiration ->
          raise ArgumentError, message: "Expiration date is too far in the future"
        expires_in when expires_in < min_expiration ->
          raise ArgumentError, message: "Expiration date is too soon"
        _ ->
          :noop
      end
      end_time =
        NaiveDateTime.utc_now()
        |> NaiveDateTime.add(expires_in)
        |> NaiveDateTime.to_iso8601()
      poll =
        if Pleroma.Web.ControllerHelper.truthy_param?(data["poll"]["multiple"]) do
          %{"type" => "Question", "anyOf" => poll, "closed" => end_time}
        else
          %{"type" => "Question", "oneOf" => poll, "closed" => end_time}
        end
      {poll, emoji}
    rescue
      e in ArgumentError -> e.message
    end
  end
  def make_poll_data(%{"poll" => poll}) when is_map(poll) do
    "Invalid poll"
  end
  def make_poll_data(_data) do
    {%{}, %{}}
  end
  def make_content_html(
        status,
        attachments,
@ -224,7 +290,8 @@ def make_note_data(
        tags,
        cw \\ nil,
        cc \\ [],
-        sensitive \\ false
+        sensitive \\ false,
        merge \\ %{}
      ) do
    object = %{
      "type" => "Note",
@ -239,12 +306,15 @@ def make_note_data(
      "tag" => tags |> Enum.map(fn {_, tag} -> tag end) |> Enum.uniq()
    }
-    with false <- is_nil(in_reply_to),
+    object =
-         %Object{} = in_reply_to_object <- Object.normalize(in_reply_to) do
+      with false <- is_nil(in_reply_to),
-      Map.put(object, "inReplyTo", in_reply_to_object.data["id"])
+           %Object{} = in_reply_to_object <- Object.normalize(in_reply_to) do
-    else
+        Map.put(object, "inReplyTo", in_reply_to_object.data["id"])
-      _ -> object
+      else
-    end
+        _ -> object
      end
    Map.merge(object, merge)
  end
  def format_naive_asctime(date) do
@ -421,4 +491,15 @@ def conversation_id_to_context(id) do
        {:error, "No such conversation"}
    end
  end
  def make_answer_data(%User{ap_id: ap_id}, object, name) do
    %{
      "type" => "Answer",
      "actor" => ap_id,
      "cc" => [object.data["actor"]],
      "to" => [],
      "name" => name,
      "inReplyTo" => object.data["id"]
    }
  end
 end
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@ -132,6 +132,9 @@ def update_credentials(%{assigns: %{user: user}} = conn, params) do
        end)
      end)
      |> add_if_present(params, "default_scope", :default_scope)
      |> add_if_present(params, "pleroma_settings_store", :pleroma_settings_store, fn value ->
        {:ok, Map.merge(user.info.pleroma_settings_store, value)}
      end)
      |> add_if_present(params, "header", :banner, fn value ->
        with %Plug.Upload{} <- value,
             {:ok, object} <- ActivityPub.upload(value, type: :banner) do
@ -151,7 +154,10 @@ def update_credentials(%{assigns: %{user: user}} = conn, params) do
        CommonAPI.update(user)
      end
-      json(conn, AccountView.render("account.json", %{user: user, for: user}))
+      json(
        conn,
        AccountView.render("account.json", %{user: user, for: user, with_pleroma_settings: true})
      )
    else
      _e ->
        conn
@ -161,7 +167,9 @@ def update_credentials(%{assigns: %{user: user}} = conn, params) do
  end
  def verify_credentials(%{assigns: %{user: user}} = conn, _) do
-    account = AccountView.render("account.json", %{user: user, for: user})
+    account =
      AccountView.render("account.json", %{user: user, for: user, with_pleroma_settings: true})
    json(conn, account)
  end
@ -205,7 +213,8 @@ def masto_instance(conn, _params) do
      languages: ["en"],
      registrations: Pleroma.Config.get([:instance, :registrations_open]),
      # Extra (not present in Mastodon):
-      max_toot_chars: Keyword.get(instance, :limit)
+      max_toot_chars: Keyword.get(instance, :limit),
      poll_limits: Keyword.get(instance, :poll_limits)
    }
    json(conn, response)
@ -417,6 +426,53 @@ def get_context(%{assigns: %{user: user}} = conn, %{"id" => id}) do
    end
  end
  def get_poll(%{assigns: %{user: user}} = conn, %{"id" => id}) do
    with %Object{} = object <- Object.get_by_id(id),
         %Activity{} = activity <- Activity.get_create_by_object_ap_id(object.data["id"]),
         true <- Visibility.visible_for_user?(activity, user) do
      conn
      |> put_view(StatusView)
      |> try_render("poll.json", %{object: object, for: user})
    else
      nil ->
        conn
        |> put_status(404)
        |> json(%{error: "Record not found"})
      false ->
        conn
        |> put_status(404)
        |> json(%{error: "Record not found"})
    end
  end
  def poll_vote(%{assigns: %{user: user}} = conn, %{"id" => id, "choices" => choices}) do
    with %Object{} = object <- Object.get_by_id(id),
         true <- object.data["type"] == "Question",
         %Activity{} = activity <- Activity.get_create_by_object_ap_id(object.data["id"]),
         true <- Visibility.visible_for_user?(activity, user),
         {:ok, _activities, object} <- CommonAPI.vote(user, object, choices) do
      conn
      |> put_view(StatusView)
      |> try_render("poll.json", %{object: object, for: user})
    else
      nil ->
        conn
        |> put_status(404)
        |> json(%{error: "Record not found"})
      false ->
        conn
        |> put_status(404)
        |> json(%{error: "Record not found"})
      {:error, message} ->
        conn
        |> put_status(422)
        |> json(%{error: message})
    end
  end
  def scheduled_statuses(%{assigns: %{user: user}} = conn, params) do
    with scheduled_activities <- MastodonAPI.get_scheduled_activities(user, params) do
      conn
@ -480,12 +536,6 @@ def post_status(%{assigns: %{user: user}} = conn, %{"status" => _} = params) do
      params
      |> Map.put("in_reply_to_status_id", params["in_reply_to_id"])
    idempotency_key =
      case get_req_header(conn, "idempotency-key") do
        [key] -> key
        _ -> Ecto.UUID.generate()
      end
    scheduled_at = params["scheduled_at"]
    if scheduled_at && ScheduledActivity.far_enough?(scheduled_at) do
@ -498,17 +548,40 @@ def post_status(%{assigns: %{user: user}} = conn, %{"status" => _} = params) do
    else
      params = Map.drop(params, ["scheduled_at"])
-      {:ok, activity} =
+      case get_cached_status_or_post(conn, params) do
-        Cachex.fetch!(:idempotency_cache, idempotency_key, fn _ ->
+        {:ignore, message} ->
-          CommonAPI.post(user, params)
+          conn
-        end)
+          |> put_status(422)
          |> json(%{error: message})
-      conn
+        {:error, message} ->
-      |> put_view(StatusView)
+          conn
-      |> try_render("status.json", %{activity: activity, for: user, as: :activity})
+          |> put_status(422)
          |> json(%{error: message})
        {_, activity} ->
          conn
          |> put_view(StatusView)
          |> try_render("status.json", %{activity: activity, for: user, as: :activity})
      end
    end
  end
  defp get_cached_status_or_post(%{assigns: %{user: user}} = conn, params) do
    idempotency_key =
      case get_req_header(conn, "idempotency-key") do
        [key] -> key
        _ -> Ecto.UUID.generate()
      end
    Cachex.fetch(:idempotency_cache, idempotency_key, fn _ ->
      case CommonAPI.post(user, params) do
        {:ok, activity} -> activity
        {:error, message} -> {:ignore, message}
      end
    end)
  end
  def delete_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do
    with {:ok, %Activity{}} <- CommonAPI.delete(id, user) do
      json(conn, %{})
@ -1372,6 +1445,7 @@ def index(%{assigns: %{user: user}} = conn, _params) do
            max_toot_chars: limit,
            mascot: User.get_mascot(user)["url"]
          },
          poll_limits: Config.get([:instance, :poll_limits]),
          rights: %{
            delete_others_notice: present?(user.info.is_moderator),
            admin: present?(user.info.is_admin)
--- a/lib/pleroma/web/mastodon_api/views/account_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/account_view.ex
@ -131,6 +131,7 @@ defp do_render("account.json", %{user: user} = opts) do
    |> maybe_put_role(user, opts[:for])
    |> maybe_put_settings(user, opts[:for], user_info)
    |> maybe_put_notification_settings(user, opts[:for])
    |> maybe_put_settings_store(user, opts[:for], opts)
  end
  defp username_from_nickname(string) when is_binary(string) do
@ -153,6 +154,15 @@ defp maybe_put_settings(
  defp maybe_put_settings(data, _, _, _), do: data
  defp maybe_put_settings_store(data, %User{info: info, id: id}, %User{id: id}, %{
         with_pleroma_settings: true
       }) do
    data
    |> Kernel.put_in([:pleroma, :settings_store], info.pleroma_settings_store)
  end
  defp maybe_put_settings_store(data, _, _, _), do: data
  defp maybe_put_role(data, %User{info: %{show_role: true}} = user, _) do
    data
    |> Kernel.put_in([:pleroma, :is_admin], user.info.is_admin)
--- a/lib/pleroma/web/mastodon_api/views/conversation_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/conversation_view.ex
@ -22,9 +22,14 @@ def render("participation.json", %{participation: participation, user: user}) do
    last_status = StatusView.render("status.json", %{activity: activity, for: user})
    # Conversations return all users except the current user.
    users =
      participation.conversation.users
      |> Enum.reject(&(&1.id == user.id))
    accounts =
      AccountView.render("accounts.json", %{
-        users: participation.conversation.users,
+        users: users,
        as: :user
      })
--- a/lib/pleroma/web/mastodon_api/views/status_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/status_view.ex
@ -240,6 +240,7 @@ def render("status.json", %{activity: %{data: %{"object" => _object}} = activity
      spoiler_text: summary_html,
      visibility: get_visibility(object),
      media_attachments: attachments,
      poll: render("poll.json", %{object: object, for: opts[:for]}),
      mentions: mentions,
      tags: build_tags(tags),
      application: %{
@ -329,6 +330,64 @@ def render("attachment.json", %{attachment: attachment}) do
    }
  end
  def render("poll.json", %{object: object} = opts) do
    {multiple, options} =
      case object.data do
        %{"anyOf" => options} when is_list(options) -> {true, options}
        %{"oneOf" => options} when is_list(options) -> {false, options}
        _ -> {nil, nil}
      end
    if options do
      end_time =
        (object.data["closed"] || object.data["endTime"])
        |> NaiveDateTime.from_iso8601!()
      expired =
        end_time
        |> NaiveDateTime.compare(NaiveDateTime.utc_now())
        |> case do
          :lt -> true
          _ -> false
        end
      voted =
        if opts[:for] do
          existing_votes =
            Pleroma.Web.ActivityPub.Utils.get_existing_votes(opts[:for].ap_id, object)
          existing_votes != [] or opts[:for].ap_id == object.data["actor"]
        else
          false
        end
      {options, votes_count} =
        Enum.map_reduce(options, 0, fn %{"name" => name} = option, count ->
          current_count = option["replies"]["totalItems"] || 0
          {%{
             title: HTML.strip_tags(name),
             votes_count: current_count
           }, current_count + count}
        end)
      %{
        # Mastodon uses separate ids for polls, but an object can't have
        # more than one poll embedded so object id is fine
        id: object.id,
        expires_at: Utils.to_masto_date(end_time),
        expired: expired,
        multiple: multiple,
        votes_count: votes_count,
        options: options,
        voted: voted,
        emojis: build_emojis(object.data["emoji"])
      }
    else
      nil
    end
  end
  def get_reply_to(activity, %{replied_to_activities: replied_to_activities}) do
    object = Object.normalize(activity)
--- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
+++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
@ -97,6 +97,7 @@ def raw_nodeinfo do
        "pleroma_api",
        "mastodon_api",
        "mastodon_api_streaming",
        "polls",
        if Config.get([:media_proxy, :enabled]) do
          "media_proxy"
        end,
@ -149,6 +150,7 @@ def raw_nodeinfo do
        },
        staffAccounts: staff_accounts,
        federation: federation_response,
        pollLimits: Config.get([:instance, :poll_limits]),
        postFormats: Config.get([:instance, :allowed_post_formats]),
        uploadLimits: %{
          general: Config.get([:instance, :upload_limit]),
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@ -333,6 +333,8 @@ defmodule Pleroma.Web.Router do
      put("/scheduled_statuses/:id", MastodonAPIController, :update_scheduled_status)
      delete("/scheduled_statuses/:id", MastodonAPIController, :delete_scheduled_status)
      post("/polls/:id/votes", MastodonAPIController, :poll_vote)
      post("/media", MastodonAPIController, :upload)
      put("/media/:id", MastodonAPIController, :update_media)
@ -422,6 +424,8 @@ defmodule Pleroma.Web.Router do
      get("/statuses/:id", MastodonAPIController, :get_status)
      get("/statuses/:id/context", MastodonAPIController, :get_context)
      get("/polls/:id", MastodonAPIController, :get_poll)
      get("/accounts/:id/statuses", MastodonAPIController, :user_statuses)
      get("/accounts/:id/followers", MastodonAPIController, :followers)
      get("/accounts/:id/following", MastodonAPIController, :following)
--- a/lib/pleroma/web/templates/layout/app.html.eex
+++ b/lib/pleroma/web/templates/layout/app.html.eex
@ -63,13 +63,14 @@
      .scopes-input {
        display: flex;
        flex-direction: column;
        margin-top: 1em;
        text-align: left;
        color: #89898a;
      }
      .scopes-input label:first-child {
-        flex-basis: 40%;
+        height: 2em;
      }
      .scopes {
@ -80,13 +81,22 @@
      }
      .scope {
        flex-basis: 100%;
        display: flex;
        flex-basis: 100%;
        height: 2em;
        align-items: center;
      }
      .scope:before {
        color: #b9b9ba;
        content: "✔\fe0e";
        margin-left: 1em;
        margin-right: 1em;
      }
      [type="checkbox"] + label {
        display: none;
        cursor: pointer;
        margin: 0.5em;
      }
@ -95,10 +105,12 @@
      }
      [type="checkbox"] + label:before {
        cursor: pointer;
        display: inline-block;
        color: white;
        background-color: #121a24;
        border: 4px solid #121a24;
        box-shadow: 0px 0px 1px 0 #d8a070;
        box-sizing: border-box;
        width: 1.2em;
        height: 1.2em;
@ -128,7 +140,8 @@
        border-radius: 4px;
        border: none;
        padding: 10px;
-        margin-top: 30px;
+        margin-top: 20px;
        margin-bottom: 20px;
        text-transform: uppercase;
        font-size: 16px;
        box-shadow: 0px 0px 2px 0px black,
@ -147,8 +160,8 @@
        box-sizing: border-box;
        width: 100%;
        background-color: #931014;
        border: 1px solid #a06060;
        border-radius: 4px;
        border: none;
        padding: 10px;
        margin-top: 20px;
        font-weight: 500;
@ -171,12 +184,27 @@
          margin-top: 0
        }
-        .scopes-input {
+        .scope {
-          flex-direction: column;
+          flex-basis: 0%;
        }
-        .scope {
+        .scope:before {
-          flex-basis: 50%;
+          content: "";
          margin-left: 0em;
          margin-right: 1em;
        }
        .scope:first-child:before {
          margin-left: 1em;
          content: "✔\fe0e";
        }
        .scope:after {
          content: ",";
        }
        .scope:last-child:after {
          content: "";
        }
      }
      .form-row {
--- a/lib/pleroma/web/templates/o_auth/o_auth/_scopes.html.eex
+++ b/lib/pleroma/web/templates/o_auth/o_auth/_scopes.html.eex
@ -1,13 +1,19 @@
 <div class="scopes-input">
-  <%= label @form, :scope, "Permissions" %>
+  <%= label @form, :scope, "The following permissions will be granted" %>
  <div class="scopes">
    <%= for scope <- @available_scopes do %>
      <%# Note: using hidden input with `unchecked_value` in order to distinguish user's empty selection from `scope` param being omitted %>
-      <div class="scope">
+      <%= if scope in @scopes do %>
        <div class="scope">
          <%= checkbox @form, :"scope_#{scope}", value: scope in @scopes && scope, checked_value: scope, unchecked_value: "", name: "authorization[scope][]" %>
          <%= label @form, :"scope_#{scope}", String.capitalize(scope) %>
          <%= if scope in @scopes && scope do %>
            <%= String.capitalize(scope) %>
          <% end %>
        </div>
      <% else %>
        <%= checkbox @form, :"scope_#{scope}", value: scope in @scopes && scope, checked_value: scope, unchecked_value: "", name: "authorization[scope][]" %>
-        <%= label @form, :"scope_#{scope}", String.capitalize(scope) %>
+      <% end %>
      </div>
    <% end %>
  </div>
 </div>
--- a/lib/pleroma/web/templates/o_auth/o_auth/consumer.html.eex
+++ b/lib/pleroma/web/templates/o_auth/o_auth/consumer.html.eex
@ -1,7 +1,9 @@
 <h2>Sign in with external provider</h2>
 <%= form_for @conn, o_auth_path(@conn, :prepare_request), [as: "authorization", method: "get"], fn f -> %>
-  <%= render @view_module, "_scopes.html", Map.put(assigns, :form, f) %>
+  <div style="display: none">
    <%= render @view_module, "_scopes.html", Map.merge(assigns, %{form: f}) %>
  </div>
  <%= hidden_input f, :client_id, value: @client_id %>
  <%= hidden_input f, :redirect_uri, value: @redirect_uri %>
--- a/lib/pleroma/web/templates/o_auth/o_auth/show.html.eex
+++ b/lib/pleroma/web/templates/o_auth/o_auth/show.html.eex
@ -6,26 +6,38 @@
 <% end %>
 <h2>OAuth Authorization</h2>
 <%= form_for @conn, o_auth_path(@conn, :authorize), [as: "authorization"], fn f -> %>
 <div class="input">
  <%= label f, :name, "Name or email" %>
  <%= text_input f, :name %>
 </div>
 <div class="input">
  <%= label f, :password, "Password" %>
  <%= password_input f, :password %>
 </div>
-<%= render @view_module, "_scopes.html", Map.merge(assigns, %{form: f}) %>
+<%= if @params["registration"] in ["true", true] do %>
  <h3>This is the first time you visit! Please enter your Pleroma handle.</h3>
  <p>Choose carefully! You won't be able to change this later. You will be able to change your display name, though.</p>
  <div class="input">
    <%= label f, :nickname, "Pleroma Handle" %>
    <%= text_input f, :nickname, placeholder: "lain" %>
  </div>
  <%= hidden_input f, :name, value: @params["name"] %>
  <%= hidden_input f, :password, value: @params["password"] %>
  <br>
 <% else %>
  <div class="input">
    <%= label f, :name, "Username" %>
    <%= text_input f, :name %>
  </div>
  <div class="input">
    <%= label f, :password, "Password" %>
    <%= password_input f, :password %>
  </div>
  <%= submit "Log In" %>
  <%= render @view_module, "_scopes.html", Map.merge(assigns, %{form: f}) %>
 <% end %>
 <%= hidden_input f, :client_id, value: @client_id %>
 <%= hidden_input f, :response_type, value: @response_type %>
 <%= hidden_input f, :redirect_uri, value: @redirect_uri %>
 <%= hidden_input f, :state, value: @state %>
 <%= submit "Authorize" %>
 <% end %>
 <%= if Pleroma.Config.oauth_consumer_enabled?() do %>
  <%= render @view_module, Pleroma.Web.Auth.Authenticator.oauth_consumer_template(), assigns %>
 <% end %>
--- a/lib/pleroma/web/twitter_api/views/user_view.ex
+++ b/lib/pleroma/web/twitter_api/views/user_view.ex
@ -122,6 +122,7 @@ defp do_render("user.json", %{user: user = %User{}} = assigns) do
            "skip_thread_containment" => user.info.skip_thread_containment
          }
          |> maybe_with_activation_status(user, for_user)
          |> with_notification_settings(user, for_user)
      }
      |> maybe_with_user_settings(user, for_user)
      |> maybe_with_role(user, for_user)
@ -133,6 +134,12 @@ defp do_render("user.json", %{user: user = %User{}} = assigns) do
    end
  end
  defp with_notification_settings(data, %User{id: user_id} = user, %User{id: user_id}) do
    Map.put(data, "notification_settings", user.info.notification_settings)
  end
  defp with_notification_settings(data, _, _), do: data
  defp maybe_with_activation_status(data, user, %User{info: %{is_admin: true}}) do
    Map.put(data, "deactivated", user.info.deactivated)
  end
--- a/mix.exs
+++ b/mix.exs
@ -51,16 +51,27 @@ def application do
  defp elixirc_paths(:test), do: ["lib", "test/support"]
  defp elixirc_paths(_), do: ["lib"]
  # Specifies OAuth dependencies.
  defp oauth_deps do
    oauth_strategy_packages =
      System.get_env("OAUTH_CONSUMER_STRATEGIES")
      |> to_string()
      |> String.split()
      |> Enum.map(fn strategy_entry ->
        with [_strategy, dependency] <- String.split(strategy_entry, ":") do
          dependency
        else
          [strategy] -> "ueberauth_#{strategy}"
        end
      end)
    for s <- oauth_strategy_packages, do: {String.to_atom(s), ">= 0.0.0"}
  end
  # Specifies your project dependencies.
  #
  # Type `mix help deps` for examples and options.
  defp deps do
    oauth_strategies = String.split(System.get_env("OAUTH_CONSUMER_STRATEGIES") || "")
    oauth_deps =
      for s <- oauth_strategies,
          do: {String.to_atom("ueberauth_#{s}"), ">= 0.0.0"}
    [
      {:phoenix, "~> 1.4.1"},
      {:plug_cowboy, "~> 2.0"},
@ -121,7 +132,7 @@ defp deps do
      {:ex_rated, "~> 1.2"},
      {:plug_static_index_html, "~> 1.0.0"},
      {:excoveralls, "~> 0.11.1", only: :test}
-    ] ++ oauth_deps
+    ] ++ oauth_deps()
  end
  # Aliases are shortcuts or tasks specific to the current project.
--- a/priv/repo/migrations/20190525071417_add_non_follows_and_non_followers_fields_to_notification_settings.exs
+++ b/priv/repo/migrations/20190525071417_add_non_follows_and_non_followers_fields_to_notification_settings.exs
@ -0,0 +1,10 @@
 defmodule Pleroma.Repo.Migrations.AddNonFollowsAndNonFollowersFieldsToNotificationSettings do
  use Ecto.Migration
  def change do
    execute("""
    update users set info = jsonb_set(info, '{notification_settings}', '{"local": true, "remote": true, "follows": true, "followers": true, "non_follows": true, "non_followers": true}')
    where local=true
    """)
  end
 end
--- a/priv/repo/migrations/20190603162018_add_object_in_reply_to_index.exs
+++ b/priv/repo/migrations/20190603162018_add_object_in_reply_to_index.exs
@ -0,0 +1,7 @@
 defmodule Pleroma.Repo.Migrations.AddObjectInReplyToIndex do
  use Ecto.Migration
  def change do
    create index(:objects, ["(data->>'inReplyTo')"], name: :objects_in_reply_to_index)
  end
 end
--- a/priv/repo/migrations/20190603173419_add_tag_index_to_objects.exs
+++ b/priv/repo/migrations/20190603173419_add_tag_index_to_objects.exs
@ -0,0 +1,8 @@
 defmodule Pleroma.Repo.Migrations.AddTagIndexToObjects do
  use Ecto.Migration
  def change do
    drop_if_exists index(:activities, ["(data #> '{\"object\",\"tag\"}')"], using: :gin, name: :activities_tags)
    create index(:objects, ["(data->'tag')"], using: :gin, name: :objects_tags)
  end
 end
--- a/test/fixtures/httpoison_mock/rinpatch.json
+++ b/test/fixtures/httpoison_mock/rinpatch.json
@ -0,0 +1,64 @@
 {
  "@context": [
    "https://www.w3.org/ns/activitystreams",
    "https://w3id.org/security/v1",
    {
      "manuallyApprovesFollowers": "as:manuallyApprovesFollowers",
      "toot": "http://joinmastodon.org/ns#",
      "featured": {
        "@id": "toot:featured",
        "@type": "@id"
      },
      "alsoKnownAs": {
        "@id": "as:alsoKnownAs",
        "@type": "@id"
      },
      "movedTo": {
        "@id": "as:movedTo",
        "@type": "@id"
      },
      "schema": "http://schema.org#",
      "PropertyValue": "schema:PropertyValue",
      "value": "schema:value",
      "Hashtag": "as:Hashtag",
      "Emoji": "toot:Emoji",
      "IdentityProof": "toot:IdentityProof",
      "focalPoint": {
        "@container": "@list",
        "@id": "toot:focalPoint"
      }
    }
  ],
  "id": "https://mastodon.sdf.org/users/rinpatch",
  "type": "Person",
  "following": "https://mastodon.sdf.org/users/rinpatch/following",
  "followers": "https://mastodon.sdf.org/users/rinpatch/followers",
  "inbox": "https://mastodon.sdf.org/users/rinpatch/inbox",
  "outbox": "https://mastodon.sdf.org/users/rinpatch/outbox",
  "featured": "https://mastodon.sdf.org/users/rinpatch/collections/featured",
  "preferredUsername": "rinpatch",
  "name": "rinpatch",
  "summary": "<p>umu</p>",
  "url": "https://mastodon.sdf.org/@rinpatch",
  "manuallyApprovesFollowers": false,
  "publicKey": {
    "id": "https://mastodon.sdf.org/users/rinpatch#main-key",
    "owner": "https://mastodon.sdf.org/users/rinpatch",
    "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1vbhYKDopb5xzfJB2TZY\n0ZvgxqdAhbSKKkQC5Q2b0ofhvueDy2AuZTnVk1/BbHNlqKlwhJUSpA6LiTZVvtcc\nMn6cmSaJJEg30gRF5GARP8FMcuq8e2jmceiW99NnUX17MQXsddSf2JFUwD0rUE8H\nBsgD7UzE9+zlA/PJOTBO7fvBEz9PTQ3r4sRMTJVFvKz2MU/U+aRNTuexRKMMPnUw\nfp6VWh1F44VWJEQOs4tOEjGiQiMQh5OfBk1w2haT3vrDbQvq23tNpUP1cRomLUtx\nEBcGKi5DMMBzE1RTVT1YUykR/zLWlA+JSmw7P6cWtsHYZovs8dgn8Po3X//6N+ng\nTQIDAQAB\n-----END PUBLIC KEY-----\n"
  },
  "tag": [],
  "attachment": [],
  "endpoints": {
    "sharedInbox": "https://mastodon.sdf.org/inbox"
  },
  "icon": {
    "type": "Image",
    "mediaType": "image/jpeg",
    "url": "https://mastodon.sdf.org/system/accounts/avatars/000/067/580/original/bf05521bf711b7a0.jpg?1533238802"
  },
  "image": {
    "type": "Image",
    "mediaType": "image/gif",
    "url": "https://mastodon.sdf.org/system/accounts/headers/000/067/580/original/a99b987e798f7063.gif?1533278217"
  }
 }
--- a/test/fixtures/mastodon-question-activity.json
+++ b/test/fixtures/mastodon-question-activity.json
@ -0,0 +1,99 @@
 {
  "@context": [
    "https://www.w3.org/ns/activitystreams",
    {
      "ostatus": "http://ostatus.org#",
      "atomUri": "ostatus:atomUri",
      "inReplyToAtomUri": "ostatus:inReplyToAtomUri",
      "conversation": "ostatus:conversation",
      "sensitive": "as:sensitive",
      "Hashtag": "as:Hashtag",
      "toot": "http://joinmastodon.org/ns#",
      "Emoji": "toot:Emoji",
      "focalPoint": {
        "@container": "@list",
        "@id": "toot:focalPoint"
      }
    }
  ],
  "id": "https://mastodon.sdf.org/users/rinpatch/statuses/102070944809637304/activity",
  "type": "Create",
  "actor": "https://mastodon.sdf.org/users/rinpatch",
  "published": "2019-05-10T09:03:36Z",
  "to": [
    "https://www.w3.org/ns/activitystreams#Public"
  ],
  "cc": [
    "https://mastodon.sdf.org/users/rinpatch/followers"
  ],
  "object": {
    "id": "https://mastodon.sdf.org/users/rinpatch/statuses/102070944809637304",
    "type": "Question",
    "summary": null,
    "inReplyTo": null,
    "published": "2019-05-10T09:03:36Z",
    "url": "https://mastodon.sdf.org/@rinpatch/102070944809637304",
    "attributedTo": "https://mastodon.sdf.org/users/rinpatch",
    "to": [
      "https://www.w3.org/ns/activitystreams#Public"
    ],
    "cc": [
      "https://mastodon.sdf.org/users/rinpatch/followers"
    ],
    "sensitive": false,
    "atomUri": "https://mastodon.sdf.org/users/rinpatch/statuses/102070944809637304",
    "inReplyToAtomUri": null,
    "conversation": "tag:mastodon.sdf.org,2019-05-10:objectId=15095122:objectType=Conversation",
    "content": "<p>Why is Tenshi eating a corndog so cute?</p>",
    "contentMap": {
      "en": "<p>Why is Tenshi eating a corndog so cute?</p>"
    },
    "endTime": "2019-05-11T09:03:36Z",
    "closed": "2019-05-11T09:03:36Z",
    "attachment": [],
    "tag": [],
    "replies": {
      "id": "https://mastodon.sdf.org/users/rinpatch/statuses/102070944809637304/replies",
      "type": "Collection",
      "first": {
        "type": "CollectionPage",
        "partOf": "https://mastodon.sdf.org/users/rinpatch/statuses/102070944809637304/replies",
        "items": []
      }
    },
    "oneOf": [
      {
        "type": "Note",
        "name": "Dunno",
        "replies": {
          "type": "Collection",
          "totalItems": 0
        }
      },
      {
        "type": "Note",
        "name": "Everyone knows that!",
        "replies": {
          "type": "Collection",
          "totalItems": 1
        }
      },
      {
        "type": "Note",
        "name": "25 char limit is dumb",
        "replies": {
          "type": "Collection",
          "totalItems": 0
        }
      },
      {
        "type": "Note",
        "name": "I can't even fit a funny",
        "replies": {
          "type": "Collection",
          "totalItems": 1
        }
      }
    ]
  }
 }
--- a/test/fixtures/mastodon-vote.json
+++ b/test/fixtures/mastodon-vote.json
@ -0,0 +1,16 @@
 {
  "@context": "https://www.w3.org/ns/activitystreams",
  "actor": "https://mastodon.sdf.org/users/rinpatch",
  "id": "https://mastodon.sdf.org/users/rinpatch#votes/387/activity",
  "nickname": "rin",
  "object": {
    "attributedTo": "https://mastodon.sdf.org/users/rinpatch",
    "id": "https://mastodon.sdf.org/users/rinpatch#votes/387",
    "inReplyTo": "https://testing.uguu.ltd/objects/9d300947-2dcb-445d-8978-9a3b4b84fa14",
    "name": "suya..",
    "to": "https://testing.uguu.ltd/users/rin",
    "type": "Note"
  },
  "to": "https://testing.uguu.ltd/users/rin",
  "type": "Create"
 }
--- a/test/notification_test.exs
+++ b/test/notification_test.exs
@ -78,33 +78,6 @@ test "it doesn't create a notification for an activity from a muted thread" do
      assert nil == Notification.create_notification(activity, muter)
    end
    test "it disables notifications from people on remote instances" do
      user = insert(:user, info: %{notification_settings: %{"remote" => false}})
      other_user = insert(:user)
      create_activity = %{
        "@context" => "https://www.w3.org/ns/activitystreams",
        "type" => "Create",
        "to" => ["https://www.w3.org/ns/activitystreams#Public"],
        "actor" => other_user.ap_id,
        "object" => %{
          "type" => "Note",
          "content" => "Hi @#{user.nickname}",
          "attributedTo" => other_user.ap_id
        }
      }
      {:ok, %{local: false} = activity} = Transmogrifier.handle_incoming(create_activity)
      assert nil == Notification.create_notification(activity, user)
    end
    test "it disables notifications from people on the local instance" do
      user = insert(:user, info: %{notification_settings: %{"local" => false}})
      other_user = insert(:user)
      {:ok, activity} = CommonAPI.post(other_user, %{"status" => "hey @#{user.nickname}"})
      assert nil == Notification.create_notification(activity, user)
    end
    test "it disables notifications from followers" do
      follower = insert(:user)
      followed = insert(:user, info: %{notification_settings: %{"followers" => false}})
@ -113,6 +86,13 @@ test "it disables notifications from followers" do
      assert nil == Notification.create_notification(activity, followed)
    end
    test "it disables notifications from non-followers" do
      follower = insert(:user)
      followed = insert(:user, info: %{notification_settings: %{"non_followers" => false}})
      {:ok, activity} = CommonAPI.post(follower, %{"status" => "hey @#{followed.nickname}"})
      assert nil == Notification.create_notification(activity, followed)
    end
    test "it disables notifications from people the user follows" do
      follower = insert(:user, info: %{notification_settings: %{"follows" => false}})
      followed = insert(:user)
@ -122,6 +102,13 @@ test "it disables notifications from people the user follows" do
      assert nil == Notification.create_notification(activity, follower)
    end
    test "it disables notifications from people the user does not follow" do
      follower = insert(:user, info: %{notification_settings: %{"non_follows" => false}})
      followed = insert(:user)
      {:ok, activity} = CommonAPI.post(followed, %{"status" => "hey @#{follower.nickname}"})
      assert nil == Notification.create_notification(activity, follower)
    end
    test "it doesn't create a notification for user if he is the activity author" do
      activity = insert(:note_activity)
      author = User.get_cached_by_ap_id(activity.data["actor"])
--- a/test/object/containment_test.exs
+++ b/test/object/containment_test.exs
@ -6,6 +6,11 @@ defmodule Pleroma.Object.ContainmentTest do
  import Pleroma.Factory
  setup_all do
    Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
    :ok
  end
  describe "general origin containment" do
    test "contain_origin_from_id() catches obvious spoofing attempts" do
      data = %{
--- a/test/support/http_request_mock.ex
+++ b/test/support/http_request_mock.ex
@ -52,6 +52,14 @@ def get("https://mastodon.social/users/emelie", _, _, _) do
     }}
  end
  def get("https://mastodon.sdf.org/users/rinpatch", _, _, _) do
    {:ok,
     %Tesla.Env{
       status: 200,
       body: File.read!("test/fixtures/httpoison_mock/rinpatch.json")
     }}
  end
  def get(
        "https://mastodon.social/.well-known/webfinger?resource=https://mastodon.social/users/emelie",
        _,
@ -235,6 +243,14 @@ def get("https://niu.moe/users/rye", _, _, Accept: "application/activity+json")
     }}
  end
  def get("https://n1u.moe/users/rye", _, _, Accept: "application/activity+json") do
    {:ok,
     %Tesla.Env{
       status: 200,
       body: File.read!("test/fixtures/httpoison_mock/rye.json")
     }}
  end
  def get("http://mastodon.example.org/users/admin/statuses/100787282858396771", _, _, _) do
    {:ok,
     %Tesla.Env{
@ -294,6 +310,10 @@ def get("http://mastodon.example.org/users/admin", _, _, Accept: "application/ac
     }}
  end
  def get("http://mastodon.example.org/users/gargron", _, _, Accept: "application/activity+json") do
    {:error, :nxdomain}
  end
  def get(
        "http://mastodon.example.org/@admin/99541947525187367",
        _,
@ -538,6 +558,15 @@ def get(
     }}
  end
  def get(
        "http://gs.example.org:4040/index.php/user/1",
        _,
        _,
        Accept: "application/activity+json"
      ) do
    {:ok, %Tesla.Env{status: 406, body: ""}}
  end
  def get("http://gs.example.org/index.php/api/statuses/user_timeline/1.atom", _, _, _) do
    {:ok,
     %Tesla.Env{
--- a/test/web/activity_pub/mrf/subchain_policy_test.exs
+++ b/test/web/activity_pub/mrf/subchain_policy_test.exs
@ -0,0 +1,32 @@
 # Pleroma: A lightweight social networking server
 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Web.ActivityPub.MRF.SubchainPolicyTest do
  use Pleroma.DataCase
  alias Pleroma.Web.ActivityPub.MRF.DropPolicy
  alias Pleroma.Web.ActivityPub.MRF.SubchainPolicy
  @message %{
    "actor" => "https://banned.com",
    "type" => "Create",
    "object" => %{"content" => "hi"}
  }
  test "it matches and processes subchains when the actor matches a configured target" do
    Pleroma.Config.put([:mrf_subchain, :match_actor], %{
      ~r/^https:\/\/banned.com/s => [DropPolicy]
    })
    {:reject, _} = SubchainPolicy.filter(@message)
  end
  test "it doesn't match and process subchains when the actor doesn't match a configured target" do
    Pleroma.Config.put([:mrf_subchain, :match_actor], %{
      ~r/^https:\/\/borked.com/s => [DropPolicy]
    })
    {:ok, _message} = SubchainPolicy.filter(@message)
  end
 end
--- a/test/web/activity_pub/transmogrifier_test.exs
+++ b/test/web/activity_pub/transmogrifier_test.exs
@ -113,6 +113,55 @@ test "it works for incoming notices with hashtags" do
      assert Enum.at(object.data["tag"], 2) == "moo"
    end
    test "it works for incoming questions" do
      data = File.read!("test/fixtures/mastodon-question-activity.json") |> Poison.decode!()
      {:ok, %Activity{local: false} = activity} = Transmogrifier.handle_incoming(data)
      object = Object.normalize(activity)
      assert Enum.all?(object.data["oneOf"], fn choice ->
               choice["name"] in [
                 "Dunno",
                 "Everyone knows that!",
                 "25 char limit is dumb",
                 "I can't even fit a funny"
               ]
             end)
    end
    test "it rewrites Note votes to Answers and increments vote counters on question activities" do
      user = insert(:user)
      {:ok, activity} =
        CommonAPI.post(user, %{
          "status" => "suya...",
          "poll" => %{"options" => ["suya", "suya.", "suya.."], "expires_in" => 10}
        })
      object = Object.normalize(activity)
      data =
        File.read!("test/fixtures/mastodon-vote.json")
        |> Poison.decode!()
        |> Kernel.put_in(["to"], user.ap_id)
        |> Kernel.put_in(["object", "inReplyTo"], object.data["id"])
        |> Kernel.put_in(["object", "to"], user.ap_id)
      {:ok, %Activity{local: false} = activity} = Transmogrifier.handle_incoming(data)
      answer_object = Object.normalize(activity)
      assert answer_object.data["type"] == "Answer"
      object = Object.get_by_ap_id(object.data["id"])
      assert Enum.any?(
               object.data["oneOf"],
               fn
                 %{"name" => "suya..", "replies" => %{"totalItems" => 1}} -> true
                 _ -> false
               end
             )
    end
    test "it works for incoming notices with contentMap" do
      data =
        File.read!("test/fixtures/mastodon-post-activity-contentmap.json") |> Poison.decode!()
@ -1210,6 +1259,30 @@ test "successfully reserializes a message with AS2 objects in IR" do
    end
  end
  test "Rewrites Answers to Notes" do
    user = insert(:user)
    {:ok, poll_activity} =
      CommonAPI.post(user, %{
        "status" => "suya...",
        "poll" => %{"options" => ["suya", "suya.", "suya.."], "expires_in" => 10}
      })
    poll_object = Object.normalize(poll_activity)
    # TODO: Replace with CommonAPI vote creation when implemented
    data =
      File.read!("test/fixtures/mastodon-vote.json")
      |> Poison.decode!()
      |> Kernel.put_in(["to"], user.ap_id)
      |> Kernel.put_in(["object", "inReplyTo"], poll_object.data["id"])
      |> Kernel.put_in(["object", "to"], user.ap_id)
    {:ok, %Activity{local: false} = activity} = Transmogrifier.handle_incoming(data)
    {:ok, data} = Transmogrifier.prepare_outgoing(activity.data)
    assert data["object"]["type"] == "Note"
  end
  describe "fix_explicit_addressing" do
    setup do
      user = insert(:user)
--- a/test/web/mastodon_api/account_view_test.exs
+++ b/test/web/mastodon_api/account_view_test.exs
@ -79,10 +79,10 @@ test "Represent the user account for the account owner" do
    user = insert(:user)
    notification_settings = %{
      "remote" => true,
      "local" => true,
      "followers" => true,
-      "follows" => true
+      "follows" => true,
      "non_follows" => true,
      "non_followers" => true
    }
    privacy = user.info.default_scope
@ -242,4 +242,19 @@ test "represent an embedded relationship" do
    assert expected == AccountView.render("account.json", %{user: user, for: other_user})
  end
  test "returns the settings store if the requesting user is the represented user and it's requested specifically" do
    user = insert(:user, %{info: %User.Info{pleroma_settings_store: %{fe: "test"}}})
    result =
      AccountView.render("account.json", %{user: user, for: user, with_pleroma_settings: true})
    assert result.pleroma.settings_store == %{:fe => "test"}
    result = AccountView.render("account.json", %{user: user, with_pleroma_settings: true})
    assert result.pleroma[:settings_store] == nil
    result = AccountView.render("account.json", %{user: user, for: user})
    assert result.pleroma[:settings_store] == nil
  end
 end
--- a/test/web/mastodon_api/mastodon_api_controller_test.exs
+++ b/test/web/mastodon_api/mastodon_api_controller_test.exs
@ -146,6 +146,103 @@ test "posting a status", %{conn: conn} do
    refute id == third_id
  end
  describe "posting polls" do
    test "posting a poll", %{conn: conn} do
      user = insert(:user)
      time = NaiveDateTime.utc_now()
      conn =
        conn
        |> assign(:user, user)
        |> post("/api/v1/statuses", %{
          "status" => "Who is the #bestgrill?",
          "poll" => %{"options" => ["Rei", "Asuka", "Misato"], "expires_in" => 420}
        })
      response = json_response(conn, 200)
      assert Enum.all?(response["poll"]["options"], fn %{"title" => title} ->
               title in ["Rei", "Asuka", "Misato"]
             end)
      assert NaiveDateTime.diff(NaiveDateTime.from_iso8601!(response["poll"]["expires_at"]), time) in 420..430
      refute response["poll"]["expred"]
    end
    test "option limit is enforced", %{conn: conn} do
      user = insert(:user)
      limit = Pleroma.Config.get([:instance, :poll_limits, :max_options])
      conn =
        conn
        |> assign(:user, user)
        |> post("/api/v1/statuses", %{
          "status" => "desu~",
          "poll" => %{"options" => Enum.map(0..limit, fn _ -> "desu" end), "expires_in" => 1}
        })
      %{"error" => error} = json_response(conn, 422)
      assert error == "Poll can't contain more than #{limit} options"
    end
    test "option character limit is enforced", %{conn: conn} do
      user = insert(:user)
      limit = Pleroma.Config.get([:instance, :poll_limits, :max_option_chars])
      conn =
        conn
        |> assign(:user, user)
        |> post("/api/v1/statuses", %{
          "status" => "...",
          "poll" => %{
            "options" => [Enum.reduce(0..limit, "", fn _, acc -> acc <> "." end)],
            "expires_in" => 1
          }
        })
      %{"error" => error} = json_response(conn, 422)
      assert error == "Poll options cannot be longer than #{limit} characters each"
    end
    test "minimal date limit is enforced", %{conn: conn} do
      user = insert(:user)
      limit = Pleroma.Config.get([:instance, :poll_limits, :min_expiration])
      conn =
        conn
        |> assign(:user, user)
        |> post("/api/v1/statuses", %{
          "status" => "imagine arbitrary limits",
          "poll" => %{
            "options" => ["this post was made by pleroma gang"],
            "expires_in" => limit - 1
          }
        })
      %{"error" => error} = json_response(conn, 422)
      assert error == "Expiration date is too soon"
    end
    test "maximum date limit is enforced", %{conn: conn} do
      user = insert(:user)
      limit = Pleroma.Config.get([:instance, :poll_limits, :max_expiration])
      conn =
        conn
        |> assign(:user, user)
        |> post("/api/v1/statuses", %{
          "status" => "imagine arbitrary limits",
          "poll" => %{
            "options" => ["this post was made by pleroma gang"],
            "expires_in" => limit + 1
          }
        })
      %{"error" => error} = json_response(conn, 422)
      assert error == "Expiration date is too far in the future"
    end
  end
  test "posting a sensitive status", %{conn: conn} do
    user = insert(:user)
@ -317,12 +414,13 @@ test "direct timeline", %{conn: conn} do
  test "Conversations", %{conn: conn} do
    user_one = insert(:user)
    user_two = insert(:user)
    user_three = insert(:user)
    {:ok, user_two} = User.follow(user_two, user_one)
    {:ok, direct} =
      CommonAPI.post(user_one, %{
-        "status" => "Hi @#{user_two.nickname}!",
+        "status" => "Hi @#{user_two.nickname}, @#{user_three.nickname}!",
        "visibility" => "direct"
      })
@ -348,7 +446,10 @@ test "Conversations", %{conn: conn} do
             }
           ] = response
    account_ids = Enum.map(res_accounts, & &1["id"])
    assert length(res_accounts) == 2
    assert user_two.id in account_ids
    assert user_three.id in account_ids
    assert is_binary(res_id)
    assert unread == true
    assert res_last_status["id"] == direct.id
@ -2322,6 +2423,66 @@ test "hides favorites for new users by default", %{conn: conn, current_user: cur
  end
  describe "updating credentials" do
    test "sets user settings in a generic way", %{conn: conn} do
      user = insert(:user)
      res_conn =
        conn
        |> assign(:user, user)
        |> patch("/api/v1/accounts/update_credentials", %{
          "pleroma_settings_store" => %{
            pleroma_fe: %{
              theme: "bla"
            }
          }
        })
      assert user = json_response(res_conn, 200)
      assert user["pleroma"]["settings_store"] == %{"pleroma_fe" => %{"theme" => "bla"}}
      user = Repo.get(User, user["id"])
      res_conn =
        conn
        |> assign(:user, user)
        |> patch("/api/v1/accounts/update_credentials", %{
          "pleroma_settings_store" => %{
            masto_fe: %{
              theme: "bla"
            }
          }
        })
      assert user = json_response(res_conn, 200)
      assert user["pleroma"]["settings_store"] ==
               %{
                 "pleroma_fe" => %{"theme" => "bla"},
                 "masto_fe" => %{"theme" => "bla"}
               }
      user = Repo.get(User, user["id"])
      res_conn =
        conn
        |> assign(:user, user)
        |> patch("/api/v1/accounts/update_credentials", %{
          "pleroma_settings_store" => %{
            masto_fe: %{
              theme: "blub"
            }
          }
        })
      assert user = json_response(res_conn, 200)
      assert user["pleroma"]["settings_store"] ==
               %{
                 "pleroma_fe" => %{"theme" => "bla"},
                 "masto_fe" => %{"theme" => "blub"}
               }
    end
    test "updates the user's bio", %{conn: conn} do
      user = insert(:user)
      user2 = insert(:user)
@ -2551,7 +2712,8 @@ test "get instance information", %{conn: conn} do
             "stats" => _,
             "thumbnail" => _,
             "languages" => _,
-             "registrations" => _
+             "registrations" => _,
             "poll_limits" => _
           } = result
    assert email == from_config_email
@ -3450,4 +3612,124 @@ test "rate limit", %{conn: conn} do
      assert json_response(conn, 403) == %{"error" => "Rate limit exceeded."}
    end
  end
  describe "GET /api/v1/polls/:id" do
    test "returns poll entity for object id", %{conn: conn} do
      user = insert(:user)
      {:ok, activity} =
        CommonAPI.post(user, %{
          "status" => "Pleroma does",
          "poll" => %{"options" => ["what Mastodon't", "n't what Mastodoes"], "expires_in" => 20}
        })
      object = Object.normalize(activity)
      conn =
        conn
        |> assign(:user, user)
        |> get("/api/v1/polls/#{object.id}")
      response = json_response(conn, 200)
      id = object.id
      assert %{"id" => ^id, "expired" => false, "multiple" => false} = response
    end
    test "does not expose polls for private statuses", %{conn: conn} do
      user = insert(:user)
      other_user = insert(:user)
      {:ok, activity} =
        CommonAPI.post(user, %{
          "status" => "Pleroma does",
          "poll" => %{"options" => ["what Mastodon't", "n't what Mastodoes"], "expires_in" => 20},
          "visibility" => "private"
        })
      object = Object.normalize(activity)
      conn =
        conn
        |> assign(:user, other_user)
        |> get("/api/v1/polls/#{object.id}")
      assert json_response(conn, 404)
    end
  end
  describe "POST /api/v1/polls/:id/votes" do
    test "votes are added to the poll", %{conn: conn} do
      user = insert(:user)
      other_user = insert(:user)
      {:ok, activity} =
        CommonAPI.post(user, %{
          "status" => "A very delicious sandwich",
          "poll" => %{
            "options" => ["Lettuce", "Grilled Bacon", "Tomato"],
            "expires_in" => 20,
            "multiple" => true
          }
        })
      object = Object.normalize(activity)
      conn =
        conn
        |> assign(:user, other_user)
        |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [0, 1, 2]})
      assert json_response(conn, 200)
      object = Object.get_by_id(object.id)
      assert Enum.all?(object.data["anyOf"], fn %{"replies" => %{"totalItems" => total_items}} ->
               total_items == 1
             end)
    end
    test "author can't vote", %{conn: conn} do
      user = insert(:user)
      {:ok, activity} =
        CommonAPI.post(user, %{
          "status" => "Am I cute?",
          "poll" => %{"options" => ["Yes", "No"], "expires_in" => 20}
        })
      object = Object.normalize(activity)
      assert conn
             |> assign(:user, user)
             |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [1]})
             |> json_response(422) == %{"error" => "Poll's author can't vote"}
      object = Object.get_by_id(object.id)
      refute Enum.at(object.data["oneOf"], 1)["replies"]["totalItems"] == 1
    end
    test "does not allow multiple choices on a single-choice question", %{conn: conn} do
      user = insert(:user)
      other_user = insert(:user)
      {:ok, activity} =
        CommonAPI.post(user, %{
          "status" => "The glass is",
          "poll" => %{"options" => ["half empty", "half full"], "expires_in" => 20}
        })
      object = Object.normalize(activity)
      assert conn
             |> assign(:user, other_user)
             |> post("/api/v1/polls/#{object.id}/votes", %{"choices" => [0, 1]})
             |> json_response(422) == %{"error" => "Too many choices"}
      object = Object.get_by_id(object.id)
      refute Enum.any?(object.data["oneOf"], fn %{"replies" => %{"totalItems" => total_items}} ->
               total_items == 1
             end)
    end
  end
 end
--- a/test/web/mastodon_api/status_view_test.exs
+++ b/test/web/mastodon_api/status_view_test.exs
@ -103,6 +103,7 @@ test "a note activity" do
      muted: false,
      pinned: false,
      sensitive: false,
      poll: nil,
      spoiler_text: HtmlSanitizeEx.basic_html(note.data["object"]["summary"]),
      visibility: "public",
      media_attachments: [],
@ -341,4 +342,106 @@ test "a rich media card with all relevant data renders correctly" do
        StatusView.render("card.json", %{page_url: page_url, rich_media: card})
    end
  end
  describe "poll view" do
    test "renders a poll" do
      user = insert(:user)
      {:ok, activity} =
        CommonAPI.post(user, %{
          "status" => "Is Tenshi eating a corndog cute?",
          "poll" => %{
            "options" => ["absolutely!", "sure", "yes", "why are you even asking?"],
            "expires_in" => 20
          }
        })
      object = Object.normalize(activity)
      expected = %{
        emojis: [],
        expired: false,
        id: object.id,
        multiple: false,
        options: [
          %{title: "absolutely!", votes_count: 0},
          %{title: "sure", votes_count: 0},
          %{title: "yes", votes_count: 0},
          %{title: "why are you even asking?", votes_count: 0}
        ],
        voted: false,
        votes_count: 0
      }
      result = StatusView.render("poll.json", %{object: object})
      expires_at = result.expires_at
      result = Map.delete(result, :expires_at)
      assert result == expected
      expires_at = NaiveDateTime.from_iso8601!(expires_at)
      assert NaiveDateTime.diff(expires_at, NaiveDateTime.utc_now()) in 15..20
    end
    test "detects if it is multiple choice" do
      user = insert(:user)
      {:ok, activity} =
        CommonAPI.post(user, %{
          "status" => "Which Mastodon developer is your favourite?",
          "poll" => %{
            "options" => ["Gargron", "Eugen"],
            "expires_in" => 20,
            "multiple" => true
          }
        })
      object = Object.normalize(activity)
      assert %{multiple: true} = StatusView.render("poll.json", %{object: object})
    end
    test "detects emoji" do
      user = insert(:user)
      {:ok, activity} =
        CommonAPI.post(user, %{
          "status" => "What's with the smug face?",
          "poll" => %{
            "options" => [":blank: sip", ":blank::blank: sip", ":blank::blank::blank: sip"],
            "expires_in" => 20
          }
        })
      object = Object.normalize(activity)
      assert %{emojis: [%{shortcode: "blank"}]} =
               StatusView.render("poll.json", %{object: object})
    end
    test "detects vote status" do
      user = insert(:user)
      other_user = insert(:user)
      {:ok, activity} =
        CommonAPI.post(user, %{
          "status" => "Which input devices do you use?",
          "poll" => %{
            "options" => ["mouse", "trackball", "trackpoint"],
            "multiple" => true,
            "expires_in" => 20
          }
        })
      object = Object.normalize(activity)
      {:ok, _, object} = CommonAPI.vote(other_user, object, [1, 2])
      result = StatusView.render("poll.json", %{object: object, for: other_user})
      assert result[:voted] == true
      assert Enum.at(result[:options], 1)[:votes_count] == 1
      assert Enum.at(result[:options], 2)[:votes_count] == 1
    end
  end
 end
--- a/test/web/twitter_api/util_controller_test.exs
+++ b/test/web/twitter_api/util_controller_test.exs
@ -102,7 +102,6 @@ test "it updates notification settings", %{conn: conn} do
      conn
      |> assign(:user, user)
      |> put("/api/pleroma/notification_settings", %{
        "remote" => false,
        "followers" => false,
        "bar" => 1
      })
@ -110,8 +109,12 @@ test "it updates notification settings", %{conn: conn} do
      user = Repo.get(User, user.id)
-      assert %{"remote" => false, "local" => true, "followers" => false, "follows" => true} ==
+      assert %{
-               user.info.notification_settings
+               "followers" => false,
               "follows" => true,
               "non_follows" => true,
               "non_followers" => true
             } == user.info.notification_settings
    end
  end
--- a/test/web/twitter_api/views/user_view_test.exs
+++ b/test/web/twitter_api/views/user_view_test.exs
@ -113,9 +113,11 @@ test "User exposes settings for themselves and only for themselves", %{user: use
    as_user = UserView.render("show.json", %{user: user, for: user})
    assert as_user["default_scope"] == user.info.default_scope
    assert as_user["no_rich_text"] == user.info.no_rich_text
    assert as_user["pleroma"]["notification_settings"] == user.info.notification_settings
    as_stranger = UserView.render("show.json", %{user: user})
    refute as_stranger["default_scope"]
    refute as_stranger["no_rich_text"]
    refute as_stranger["pleroma"]["notification_settings"]
  end
  test "A user for a given other follower", %{user: user} do