Merge remote-tracking branch 'pleroma/develop' into feature/disable-account

2019-05-14 18:15:56 +07:00 · 2019-05-14 18:15:56 +07:00 · 5e2b491276
parent 1557b99beb cdcdbd88da
commit 5e2b491276
150 changed files with 2739 additions and 759 deletions
--- a/.gitignore
+++ b/.gitignore
@ -38,3 +38,7 @@ erl_crash.dump
 # Prevent committing docs files
 /priv/static/doc/*
 # Code test coverage
 /cover
 /Elixir.*.coverdata
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -21,14 +21,17 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Pleroma API: Healthcheck endpoint
 - Admin API: Endpoints for listing/revoking invite tokens
 - Admin API: Endpoints for making users follow/unfollow each other
 - Admin API: added filters (role, tags, email, name) for users endpoint
 - Mastodon API: [Scheduled statuses](https://docs.joinmastodon.org/api/rest/scheduled-statuses/)
 - Mastodon API: `/api/v1/notifications/destroy_multiple` (glitch-soc extension)
 - Mastodon API: `/api/v1/pleroma/accounts/:id/favourites` (API extension)
 - Mastodon API: [Reports](https://docs.joinmastodon.org/api/rest/reports/)
 - Mastodon API: REST API for creating an account
 - ActivityPub C2S: OAuth endpoints
 - Metadata RelMe provider
 - OAuth: added support for refresh tokens
 - Emoji packs and emoji pack manager
 - AdminFE: initial release with basic user management accessible at /pleroma/admin/
 ### Changed
 - **Breaking:** Configuration: move from Pleroma.Mailer to Pleroma.Emails.Mailer
@ -56,10 +59,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Mastodon API: Add `with_muted` parameter to timeline endpoints
 - Mastodon API: Actual reblog hiding instead of a dummy
 - Mastodon API: Remove attachment limit in the Status entity
 - Mastodon API: Added support max_id & since_id for bookmark timeline endpoints.
 - Deps: Updated Cowboy to 2.6
 - Deps: Updated Ecto to 3.0.7
 - Don't ship finmoji by default, they can be installed as an emoji pack
- Mastodon API: Added support max_id & since_id for bookmark timeline endpoints.
+- Admin API: Move the user related API to `api/pleroma/admin/users`
 ### Fixed
 - Added an FTS index on objects. Running `vacuum analyze` and setting a larger `work_mem` is recommended.
@ -90,6 +94,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Mastodon API: Handling of `reblogs` in `/api/v1/accounts/:id/follow`
 - Mastodon API: Correct `reblogged`, `favourited`, and `bookmarked` values in the reblog status JSON
 - Mastodon API: Exposing default scope of the user to anyone
 - Mastodon API: Make `irreversible` field default to `false` [`POST /api/v1/filters`]
 ## [0.9.9999] - 2019-04-05
 ### Security
--- a/8
+++ b/8
@ -15,6 +15,14 @@ priv/static/images/pleroma-tan.png
 ---
 The following files are copyright © 2019 shitposter.club, and are distributed
 under the Creative Commons Attribution 4.0 International license, you should
 have received a copy of the license file as CC-BY-4.0.
 priv/static/images/pleroma-fox-tan-shy.png
 ---
 The following files are copyright © 2017-2019 Pleroma Authors
 <https://pleroma.social/>, and are distributed under the Creative Commons
 Attribution-ShareAlike 4.0 International license, you should have received
--- a/README.md
+++ b/README.md
@ -12,7 +12,7 @@ For clients it supports both the [GNU Social API with Qvitter extensions](https:
 - [Client Applications for Pleroma](https://docs-develop.pleroma.social/clients.html)
-No release has been made yet, but several servers have been online for months already. If you want to run your own server, feel free to contact us at @lain@pleroma.soykaf.com or in our dev chat at #pleroma on freenode or via matrix at <https://matrix.heldscal.la/#/room/#freenode_#pleroma:matrix.org>.
+If you want to run your own server, feel free to contact us at @lain@pleroma.soykaf.com or in our dev chat at #pleroma on freenode or via matrix at <https://matrix.heldscal.la/#/room/#freenode_#pleroma:matrix.org>.
 ## Installation
--- a/config/config.exs
+++ b/config/config.exs
@ -212,6 +212,11 @@
  registrations_open: true,
  federating: true,
  federation_reachability_timeout_days: 7,
  federation_publisher_modules: [
    Pleroma.Web.ActivityPub.Publisher,
    Pleroma.Web.Websub,
    Pleroma.Web.Salmon
  ],
  allow_relay: true,
  rewrite_policy: Pleroma.Web.ActivityPub.MRF.NoOpPolicy,
  public: true,
@ -234,6 +239,8 @@
  safe_dm_mentions: false,
  healthcheck: false
 config :pleroma, :app_account_creation, enabled: false, max_requests: 5, interval: 1800
 config :pleroma, :markup,
  # XXX - unfortunately, inline images must be enabled by default right now, because
  # of custom emoji.  Issue #275 discusses defanging that somehow.
--- a/docs/api/admin_api.md
+++ b/docs/api/admin_api.md
@ -8,15 +8,20 @@ Authentication is required and the user must be an admin.
 - Method `GET`
 - Query Params:
-  - *optional* `query`: **string** search term
+  - *optional* `query`: **string** search term (e.g. nickname, domain, nickname@domain)
  - *optional* `filters`: **string** comma-separated string of filters:
    - `local`: only local users
    - `external`: only external users
    - `active`: only active users
    - `deactivated`: only deactivated users
    - `is_admin`: users with admin role
    - `is_moderator`: users with moderator role
  - *optional* `page`: **integer** page number
  - *optional* `page_size`: **integer** number of users per page (default is `50`)
- Example: `https://mypleroma.org/api/pleroma/admin/users?query=john&filters=local,active&page=1&page_size=10`
+  - *optional* `tags`: **[string]** tags list
  - *optional* `name`: **string** user display name
  - *optional* `email`: **string** user email
 - Example: `https://mypleroma.org/api/pleroma/admin/users?query=john&filters=local,active&page=1&page_size=10&tags[]=some_tag&tags[]=another_tag&name=display_name&email=email@example.com`
 - Response:
 ```JSON
@ -40,7 +45,7 @@ Authentication is required and the user must be an admin.
 }
 ```
-## `/api/pleroma/admin/user`
+## `/api/pleroma/admin/users`
 ### Remove a user
@ -58,7 +63,7 @@ Authentication is required and the user must be an admin.
  - `password`
 - Response: User’s nickname
-## `/api/pleroma/admin/user/follow`
+## `/api/pleroma/admin/users/follow`
 ### Make a user follow another user
 - Methods: `POST`
@ -68,7 +73,7 @@ Authentication is required and the user must be an admin.
 - Response:
 - "ok"
-## `/api/pleroma/admin/user/unfollow`
+## `/api/pleroma/admin/users/unfollow`
 ### Make a user unfollow another user
 - Methods: `POST`
@ -111,7 +116,7 @@ Authentication is required and the user must be an admin.
  - `nickname`
  - `tags`
-## `/api/pleroma/admin/permission_group/:nickname`
+## `/api/pleroma/admin/users/:nickname/permission_group`
 ### Get user user permission groups membership
@ -126,7 +131,7 @@ Authentication is required and the user must be an admin.
 }
 ```
-## `/api/pleroma/admin/permission_group/:nickname/:permission_group`
+## `/api/pleroma/admin/users/:nickname/permission_group/:permission_group`
 Note: Available `:permission_group` is currently moderator and admin. 404 is returned when the permission group doesn’t exist.
@ -160,7 +165,7 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret
  - On success: JSON of the `user.info`
 - Note: An admin cannot revoke their own admin status.
-## `/api/pleroma/admin/activation_status/:nickname`
+## `/api/pleroma/admin/users/:nickname/activation_status`
 ### Active or deactivate a user
@ -198,7 +203,7 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret
 - Response:
  - On success: URL of the unfollowed relay
-## `/api/pleroma/admin/invite_token`
+## `/api/pleroma/admin/users/invite_token`
 ### Get an account registration invite token
@ -210,7 +215,7 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret
  ]
 - Response: invite token (base64 string)
-## `/api/pleroma/admin/invites`
+## `/api/pleroma/admin/users/invites`
 ### Get a list of generated invites
@ -236,7 +241,7 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret
 }
 ```
-## `/api/pleroma/admin/revoke_invite`
+## `/api/pleroma/admin/users/revoke_invite`
 ### Revoke invite by token
@ -259,7 +264,7 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret
 ```
-## `/api/pleroma/admin/email_invite`
+## `/api/pleroma/admin/users/email_invite`
 ### Sends registration invite via email
@ -268,7 +273,7 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret
  - `email`
  - `name`, optional
-## `/api/pleroma/admin/password_reset`
+## `/api/pleroma/admin/users/:nickname/password_reset`
 ### Get a password reset token for a given nickname
--- a/docs/api/differences_in_mastoapi_responses.md
+++ b/docs/api/differences_in_mastoapi_responses.md
@ -87,3 +87,13 @@ Additional parameters can be added to the JSON body/Form data:
 `POST /oauth/token`
 Post here request with grant_type=refresh_token to obtain new access token. Returns an access token.
 ## Account Registration
 `POST /api/v1/accounts`
 Has theses additionnal parameters (which are the same as in Pleroma-API):
    * `fullname`: optional
    * `bio`: optional
    * `captcha_solution`: optional, contains provider-specific captcha solution,
    * `captcha_token`: optional, contains provider-specific captcha token
    * `token`: invite token required when the registerations aren't public.
--- a/docs/config.md
+++ b/docs/config.md
@ -105,6 +105,12 @@ config :pleroma, Pleroma.Emails.Mailer,
 * `safe_dm_mentions`: If set to true, only mentions at the beginning of a post will be used to address people in direct messages. This is to prevent accidental mentioning of people when talking about them (e.g. "@friend hey i really don't like @enemy"). (Default: `false`)
 * `healthcheck`: if set to true, system data will be shown on ``/api/pleroma/healthcheck``.
 ## :app_account_creation
 REST API for creating an account settings
 * `enabled`: Enable/disable registration
 * `max_requests`: Number of requests allowed for creating accounts
 * `interval`: Interval for restricting requests for one ip (seconds)
 ## :logger
 * `backends`: `:console` is used to send logs to stdout, `{ExSyslogger, :ex_syslogger}` to log to syslog, and `Quack.Logger` to log to Slack
--- a/lib/mix/tasks/pleroma/emoji.ex
+++ b/lib/mix/tasks/pleroma/emoji.ex
@ -109,7 +109,7 @@ def run(["get-packs" | args]) do
          ])
        )
-        binary_archive = Tesla.get!(src_url).body
+        binary_archive = Tesla.get!(client(), src_url).body
        archive_sha = :crypto.hash(:sha256, binary_archive) |> Base.encode16()
        sha_status_text = ["SHA256 of ", :bright, pack_name, :normal, " source file is ", :bright]
@ -137,7 +137,7 @@ def run(["get-packs" | args]) do
          ])
        )
-        files = Tesla.get!(files_url).body |> Poison.decode!()
+        files = Tesla.get!(client(), files_url).body |> Jason.decode!()
        IO.puts(IO.ANSI.format(["Unpacking ", :bright, pack_name]))
@ -213,7 +213,7 @@ def run(["gen-pack", src]) do
    IO.puts("Downloading the pack and generating SHA256")
-    binary_archive = Tesla.get!(src).body
+    binary_archive = Tesla.get!(client(), src).body
    archive_sha = :crypto.hash(:sha256, binary_archive) |> Base.encode16()
    IO.puts("SHA256 is #{archive_sha}")
@ -239,7 +239,7 @@ def run(["gen-pack", src]) do
    emoji_map = Pleroma.Emoji.make_shortcode_to_file_map(tmp_pack_dir, exts)
-    File.write!(files_name, Poison.encode!(emoji_map, pretty: true))
+    File.write!(files_name, Jason.encode!(emoji_map, pretty: true))
    IO.puts("""
@ -248,11 +248,11 @@ def run(["gen-pack", src]) do
    """)
    if File.exists?("index.json") do
-      existing_data = File.read!("index.json") |> Poison.decode!()
+      existing_data = File.read!("index.json") |> Jason.decode!()
      File.write!(
        "index.json",
-        Poison.encode!(
+        Jason.encode!(
          Map.merge(
            existing_data,
            pack_json
@ -263,16 +263,16 @@ def run(["gen-pack", src]) do
      IO.puts("index.json file has been update with the #{name} pack")
    else
-      File.write!("index.json", Poison.encode!(pack_json, pretty: true))
+      File.write!("index.json", Jason.encode!(pack_json, pretty: true))
      IO.puts("index.json has been created with the #{name} pack")
    end
  end
  defp fetch_manifest(from) do
-    Poison.decode!(
+    Jason.decode!(
      if String.starts_with?(from, "http") do
-        Tesla.get!(from).body
+        Tesla.get!(client(), from).body
      else
        File.read!(from)
      end
@ -290,4 +290,12 @@ defp parse_global_opts(args) do
      ]
    )
  end
  defp client do
    middleware = [
      {Tesla.Middleware.FollowRedirects, [max_redirects: 3]}
    ]
    Tesla.client(middleware)
  end
 end
--- a/lib/mix/tasks/pleroma/user.ex
+++ b/lib/mix/tasks/pleroma/user.ex
@ -138,7 +138,7 @@ def run(["new", nickname, email | rest]) do
        bio: bio
      }
-      changeset = User.register_changeset(%User{}, params, confirmed: true)
+      changeset = User.register_changeset(%User{}, params, need_confirmation: false)
      {:ok, _user} = User.register(changeset)
      Mix.shell().info("User #{nickname} created")
--- a/lib/pleroma/activity.ex
+++ b/lib/pleroma/activity.ex
@ -6,9 +6,11 @@ defmodule Pleroma.Activity do
  use Ecto.Schema
  alias Pleroma.Activity
  alias Pleroma.Bookmark
  alias Pleroma.Notification
  alias Pleroma.Object
  alias Pleroma.Repo
  alias Pleroma.User
  import Ecto.Changeset
  import Ecto.Query
@ -35,6 +37,8 @@ defmodule Pleroma.Activity do
    field(:local, :boolean, default: true)
    field(:actor, :string)
    field(:recipients, {:array, :string}, default: [])
    # This is a fake relation, do not use outside of with_preloaded_bookmark/get_bookmark
    has_one(:bookmark, Bookmark)
    has_many(:notifications, Notification, on_delete: :delete_all)
    # Attention: this is a fake relation, don't try to preload it blindly and expect it to work!
@ -73,6 +77,16 @@ def with_preloaded_object(query) do
    |> preload([activity, object], object: object)
  end
  def with_preloaded_bookmark(query, %User{} = user) do
    from([a] in query,
      left_join: b in Bookmark,
      on: b.user_id == ^user.id and b.activity_id == a.id,
      preload: [bookmark: b]
    )
  end
  def with_preloaded_bookmark(query, _), do: query
  def get_by_ap_id(ap_id) do
    Repo.one(
      from(
@ -82,6 +96,16 @@ def get_by_ap_id(ap_id) do
    )
  end
  def get_bookmark(%Activity{} = activity, %User{} = user) do
    if Ecto.assoc_loaded?(activity.bookmark) do
      activity.bookmark
    else
      Bookmark.get(user.id, activity.id)
    end
  end
  def get_bookmark(_, _), do: nil
  def change(struct, params \\ %{}) do
    struct
    |> cast(params, [:data])
@ -267,6 +291,29 @@ def all_by_actor_and_id(actor, status_ids) do
    |> Repo.all()
  end
  def follow_requests_for_actor(%Pleroma.User{ap_id: ap_id}) do
    from(
      a in Activity,
      where:
        fragment(
          "? ->> 'type' = 'Follow'",
          a.data
        ),
      where:
        fragment(
          "? ->> 'state' = 'pending'",
          a.data
        ),
      where:
        fragment(
          "coalesce((?)->'object'->>'id', (?)->>'object') = ?",
          a.data,
          a.data,
          ^ap_id
        )
    )
  end
  @spec query_by_actor(actor()) :: Ecto.Query.t()
  def query_by_actor(actor) do
    from(a in Activity, where: a.actor == ^actor)
--- a/lib/pleroma/captcha/kocaptcha.ex
+++ b/lib/pleroma/captcha/kocaptcha.ex
@ -15,7 +15,7 @@ def new do
        %{error: "Kocaptcha service unavailable"}
      {:ok, res} ->
-        json_resp = Poison.decode!(res.body)
+        json_resp = Jason.decode!(res.body)
        %{
          type: :kocaptcha,
--- a/lib/pleroma/conversation.ex
+++ b/lib/pleroma/conversation.ex
@ -0,0 +1,75 @@
 # Pleroma: A lightweight social networking server
 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Conversation do
  alias Pleroma.Conversation.Participation
  alias Pleroma.Repo
  alias Pleroma.User
  use Ecto.Schema
  import Ecto.Changeset
  schema "conversations" do
    # This is the context ap id.
    field(:ap_id, :string)
    has_many(:participations, Participation)
    has_many(:users, through: [:participations, :user])
    timestamps()
  end
  def creation_cng(struct, params) do
    struct
    |> cast(params, [:ap_id])
    |> validate_required([:ap_id])
    |> unique_constraint(:ap_id)
  end
  def create_for_ap_id(ap_id) do
    %__MODULE__{}
    |> creation_cng(%{ap_id: ap_id})
    |> Repo.insert(
      on_conflict: [set: [updated_at: NaiveDateTime.utc_now()]],
      returning: true,
      conflict_target: :ap_id
    )
  end
  def get_for_ap_id(ap_id) do
    Repo.get_by(__MODULE__, ap_id: ap_id)
  end
  @doc """
  This will
  1. Create a conversation if there isn't one already
  2. Create a participation for all the people involved who don't have one already
  3. Bump all relevant participations to 'unread'
  """
  def create_or_bump_for(activity) do
    with true <- Pleroma.Web.ActivityPub.Visibility.is_direct?(activity),
         "Create" <- activity.data["type"],
         object <- Pleroma.Object.normalize(activity),
         "Note" <- object.data["type"],
         ap_id when is_binary(ap_id) and byte_size(ap_id) > 0 <- object.data["context"] do
      {:ok, conversation} = create_for_ap_id(ap_id)
      users = User.get_users_from_set(activity.recipients, false)
      participations =
        Enum.map(users, fn user ->
          {:ok, participation} =
            Participation.create_for_user_and_conversation(user, conversation)
          participation
        end)
      {:ok,
       %{
         conversation
         | participations: participations
       }}
    else
      e -> {:error, e}
    end
  end
 end
--- a/lib/pleroma/conversation/participation.ex
+++ b/lib/pleroma/conversation/participation.ex
@ -0,0 +1,81 @@
 # Pleroma: A lightweight social networking server
 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Conversation.Participation do
  use Ecto.Schema
  alias Pleroma.Conversation
  alias Pleroma.Repo
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.ActivityPub
  import Ecto.Changeset
  import Ecto.Query
  schema "conversation_participations" do
    belongs_to(:user, User, type: Pleroma.FlakeId)
    belongs_to(:conversation, Conversation)
    field(:read, :boolean, default: false)
    field(:last_activity_id, Pleroma.FlakeId, virtual: true)
    timestamps()
  end
  def creation_cng(struct, params) do
    struct
    |> cast(params, [:user_id, :conversation_id])
    |> validate_required([:user_id, :conversation_id])
  end
  def create_for_user_and_conversation(user, conversation) do
    %__MODULE__{}
    |> creation_cng(%{user_id: user.id, conversation_id: conversation.id})
    |> Repo.insert(
      on_conflict: [set: [read: false, updated_at: NaiveDateTime.utc_now()]],
      returning: true,
      conflict_target: [:user_id, :conversation_id]
    )
  end
  def read_cng(struct, params) do
    struct
    |> cast(params, [:read])
    |> validate_required([:read])
  end
  def mark_as_read(participation) do
    participation
    |> read_cng(%{read: true})
    |> Repo.update()
  end
  def mark_as_unread(participation) do
    participation
    |> read_cng(%{read: false})
    |> Repo.update()
  end
  def for_user(user, params \\ %{}) do
    from(p in __MODULE__,
      where: p.user_id == ^user.id,
      order_by: [desc: p.updated_at]
    )
    |> Pleroma.Pagination.fetch_paginated(params)
    |> Repo.preload(conversation: [:users])
  end
  def for_user_with_last_activity_id(user, params \\ %{}) do
    for_user(user, params)
    |> Enum.map(fn participation ->
      activity_id =
        ActivityPub.fetch_latest_activity_id_for_context(participation.conversation.ap_id, %{
          "user" => user,
          "blocking_user" => user
        })
      %{
        participation
        | last_activity_id: activity_id
      }
    end)
  end
 end
--- a/lib/pleroma/object/containment.ex
+++ b/lib/pleroma/object/containment.ex
@ -1,7 +1,5 @@
 defmodule Pleroma.Object.Containment do
  @moduledoc """
  # Object Containment
  This module contains some useful functions for containing objects to specific
  origins and determining those origins.  They previously lived in the
  ActivityPub `Transmogrifier` module.
--- a/lib/pleroma/plugs/oauth_plug.ex
+++ b/lib/pleroma/plugs/oauth_plug.ex
@ -8,6 +8,7 @@ defmodule Pleroma.Plugs.OAuthPlug do
  alias Pleroma.Repo
  alias Pleroma.User
  alias Pleroma.Web.OAuth.App
  alias Pleroma.Web.OAuth.Token
  @realm_reg Regex.compile!("Bearer\:?\s+(.*)$", "i")
@ -22,18 +23,39 @@ def call(%{params: %{"access_token" => access_token}} = conn, _) do
      |> assign(:token, token_record)
      |> assign(:user, user)
    else
-      _ -> conn
+      _ ->
        # token found, but maybe only with app
        with {:ok, app, token_record} <- fetch_app_and_token(access_token) do
          conn
          |> assign(:token, token_record)
          |> assign(:app, app)
        else
          _ -> conn
        end
    end
  end
  def call(conn, _) do
-    with {:ok, token_str} <- fetch_token_str(conn),
+    case fetch_token_str(conn) do
-         {:ok, user, token_record} <- fetch_user_and_token(token_str) do
+      {:ok, token} ->
-      conn
+        with {:ok, user, token_record} <- fetch_user_and_token(token) do
-      |> assign(:token, token_record)
+          conn
-      |> assign(:user, user)
+          |> assign(:token, token_record)
-    else
+          |> assign(:user, user)
-      _ -> conn
+        else
          _ ->
            # token found, but maybe only with app
            with {:ok, app, token_record} <- fetch_app_and_token(token) do
              conn
              |> assign(:token, token_record)
              |> assign(:app, app)
            else
              _ -> conn
            end
        end
      _ ->
        conn
    end
  end
@ -54,6 +76,16 @@ defp fetch_user_and_token(token) do
    end
  end
  @spec fetch_app_and_token(String.t()) :: {:ok, App.t(), Token.t()} | nil
  defp fetch_app_and_token(token) do
    query =
      from(t in Token, where: t.token == ^token, join: app in assoc(t, :app), preload: [app: app])
    with %Token{app: app} = token_record <- Repo.one(query) do
      {:ok, app, token_record}
    end
  end
  # Gets token from session by :oauth_token key
  #
  @spec fetch_token_from_session(Plug.Conn.t()) :: :no_token_found | {:ok, String.t()}
--- a/lib/pleroma/plugs/rate_limit_plug.ex
+++ b/lib/pleroma/plugs/rate_limit_plug.ex
@ -0,0 +1,36 @@
 # Pleroma: A lightweight social networking server
 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Plugs.RateLimitPlug do
  import Phoenix.Controller, only: [json: 2]
  import Plug.Conn
  def init(opts), do: opts
  def call(conn, opts) do
    enabled? = Pleroma.Config.get([:app_account_creation, :enabled])
    case check_rate(conn, Map.put(opts, :enabled, enabled?)) do
      {:ok, _count} -> conn
      {:error, _count} -> render_error(conn)
      %Plug.Conn{} = conn -> conn
    end
  end
  defp check_rate(conn, %{enabled: true} = opts) do
    max_requests = opts[:max_requests]
    bucket_name = conn.remote_ip |> Tuple.to_list() |> Enum.join(".")
    ExRated.check_rate(bucket_name, opts[:interval] * 1000, max_requests)
  end
  defp check_rate(conn, _), do: conn
  defp render_error(conn) do
    conn
    |> put_status(:forbidden)
    |> json(%{error: "Rate limit exceeded."})
    |> halt()
  end
 end
--- a/lib/pleroma/stats.ex
+++ b/lib/pleroma/stats.ex
@ -34,7 +34,7 @@ def schedule_update do
  def update_stats do
    peers =
      from(
-        u in Pleroma.User,
+        u in User,
        select: fragment("distinct split_part(?, '@', 2)", u.nickname),
        where: u.local != ^true
      )
@ -44,10 +44,13 @@ def update_stats do
    domain_count = Enum.count(peers)
    status_query =
-      from(u in User.local_user_query(), select: fragment("sum((?->>'note_count')::int)", u.info))
+      from(u in User.Query.build(%{local: true}),
        select: fragment("sum((?->>'note_count')::int)", u.info)
      )
    status_count = Repo.one(status_query)
-    user_count = Repo.aggregate(User.active_local_user_query(), :count, :id)
+
    user_count = Repo.aggregate(User.Query.build(%{local: true, active: true}), :count, :id)
    Agent.update(__MODULE__, fn _ ->
      {peers, %{domain_count: domain_count, status_count: status_count, user_count: user_count}}
--- a/lib/pleroma/upload.ex
+++ b/lib/pleroma/upload.ex
@ -4,7 +4,7 @@
 defmodule Pleroma.Upload do
  @moduledoc """
-  # Upload
+  Manage user uploads
  Options:
  * `:type`: presets for activity type (defaults to Document) and size limits from app configuration
--- a/lib/pleroma/uploaders/swift/keystone.ex
+++ b/lib/pleroma/uploaders/swift/keystone.ex
@ -14,7 +14,7 @@ def process_url(url) do
  def process_response_body(body) do
    body
-    |> Poison.decode!()
+    |> Jason.decode!()
  end
  def get_token do
@ -38,7 +38,7 @@ def get_token do
  end
  def make_auth_body(username, password, tenant) do
-    Poison.encode!(%{
+    Jason.encode!(%{
      :auth => %{
        :passwordCredentials => %{
          :username => username,
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@ -10,7 +10,6 @@ defmodule Pleroma.User do
  alias Comeonin.Pbkdf2
  alias Pleroma.Activity
  alias Pleroma.Bookmark
  alias Pleroma.Notification
  alias Pleroma.Object
  alias Pleroma.Registration
@ -54,7 +53,6 @@ defmodule Pleroma.User do
    field(:search_type, :integer, virtual: true)
    field(:tags, {:array, :string}, default: [])
    field(:last_refreshed_at, :naive_datetime_usec)
    has_many(:bookmarks, Bookmark)
    has_many(:notifications, Notification)
    has_many(:registrations, Registration)
    embeds_one(:info, Pleroma.User.Info)
@ -125,12 +123,9 @@ defp restrict_deactivated(query) do
  def following_count(%User{following: []}), do: 0
-  def following_count(%User{following: following, id: id}) do
+  def following_count(%User{} = user) do
-    from(u in User,
+    user
-      where: u.follower_address in ^following,
+    |> get_friends_query()
      where: u.id != ^id
    )
    |> restrict_deactivated()
    |> Repo.aggregate(:count, :id)
  end
@ -221,14 +216,15 @@ def reset_password(user, data) do
  end
  def register_changeset(struct, params \\ %{}, opts \\ []) do
-    confirmation_status =
+    need_confirmation? =
-      if opts[:confirmed] || !Pleroma.Config.get([:instance, :account_activation_required]) do
+      if is_nil(opts[:need_confirmation]) do
-        :confirmed
+        Pleroma.Config.get([:instance, :account_activation_required])
      else
-        :unconfirmed
+        opts[:need_confirmation]
      end
-    info_change = User.Info.confirmation_changeset(%User.Info{}, confirmation_status)
+    info_change =
      User.Info.confirmation_changeset(%User.Info{}, need_confirmation: need_confirmation?)
    changeset =
      struct
@ -271,10 +267,7 @@ defp autofollow_users(user) do
    candidates = Pleroma.Config.get([:instance, :autofollowed_nicknames])
    autofollowed_users =
-      from(u in User,
+      User.Query.build(%{nickname: candidates, local: true, deactivated: false})
        where: u.local == true,
        where: u.nickname in ^candidates
      )
      |> Repo.all()
    follow_all(user, autofollowed_users)
@ -593,20 +586,17 @@ def fetch_initial_posts(user) do
    )
  end
-  def get_followers_query(%User{id: id, follower_address: follower_address}, nil) do
+  @spec get_followers_query(User.t(), pos_integer() | nil) :: Ecto.Query.t()
-    from(
+  def get_followers_query(%User{} = user, nil) do
-      u in User,
+    User.Query.build(%{followers: user, deactivated: false})
      where: fragment("? <@ ?", ^[follower_address], u.following),
      where: u.id != ^id
    )
    |> restrict_deactivated()
  end
  def get_followers_query(user, page) do
    from(u in get_followers_query(user, nil))
-    |> paginate(page, 20)
+    |> User.Query.paginate(page, 20)
  end
  @spec get_followers_query(User.t()) :: Ecto.Query.t()
  def get_followers_query(user), do: get_followers_query(user, nil)
  def get_followers(user, page \\ nil) do
@ -621,20 +611,17 @@ def get_followers_ids(user, page \\ nil) do
    Repo.all(from(u in q, select: u.id))
  end
-  def get_friends_query(%User{id: id, following: following}, nil) do
+  @spec get_friends_query(User.t(), pos_integer() | nil) :: Ecto.Query.t()
-    from(
+  def get_friends_query(%User{} = user, nil) do
-      u in User,
+    User.Query.build(%{friends: user, deactivated: false})
      where: u.follower_address in ^following,
      where: u.id != ^id
    )
    |> restrict_deactivated()
  end
  def get_friends_query(user, page) do
    from(u in get_friends_query(user, nil))
-    |> paginate(page, 20)
+    |> User.Query.paginate(page, 20)
  end
  @spec get_friends_query(User.t()) :: Ecto.Query.t()
  def get_friends_query(user), do: get_friends_query(user, nil)
  def get_friends(user, page \\ nil) do
@ -649,33 +636,10 @@ def get_friends_ids(user, page \\ nil) do
    Repo.all(from(u in q, select: u.id))
  end
-  def get_follow_requests_query(%User{} = user) do
+  @spec get_follow_requests(User.t()) :: {:ok, [User.t()]}
    from(
      a in Activity,
      where:
        fragment(
          "? ->> 'type' = 'Follow'",
          a.data
        ),
      where:
        fragment(
          "? ->> 'state' = 'pending'",
          a.data
        ),
      where:
        fragment(
          "coalesce((?)->'object'->>'id', (?)->>'object') = ?",
          a.data,
          a.data,
          ^user.ap_id
        )
    )
  end
  def get_follow_requests(%User{} = user) do
    users =
-      user
+      Activity.follow_requests_for_actor(user)
      |> User.get_follow_requests_query()
      |> join(:inner, [a], u in User, on: a.actor == u.ap_id)
      |> where([a, u], not fragment("? @> ?", u.following, ^[user.follower_address]))
      |> group_by([a, u], u.id)
@ -747,11 +711,8 @@ def update_note_count(%User{} = user) do
  def update_follower_count(%User{} = user) do
    follower_count_query =
-      User
+      User.Query.build(%{followers: user, deactivated: false})
      |> where([u], ^user.follower_address in u.following)
      |> where([u], u.id != ^user.id)
      |> select([u], %{count: count(u.id)})
      |> restrict_deactivated()
    User
    |> where(id: ^user.id)
@ -774,38 +735,19 @@ def update_follower_count(%User{} = user) do
    end
  end
-  def get_users_from_set_query(ap_ids, false) do
+  @spec get_users_from_set([String.t()], boolean()) :: [User.t()]
    from(
      u in User,
      where: u.ap_id in ^ap_ids
    )
  end
  def get_users_from_set_query(ap_ids, true) do
    query = get_users_from_set_query(ap_ids, false)
    from(
      u in query,
      where: u.local == true
    )
  end
  def get_users_from_set(ap_ids, local_only \\ true) do
-    get_users_from_set_query(ap_ids, local_only)
+    criteria = %{ap_id: ap_ids, deactivated: false}
    criteria = if local_only, do: Map.put(criteria, :local, true), else: criteria
    User.Query.build(criteria)
    |> Repo.all()
  end
  @spec get_recipients_from_activity(Activity.t()) :: [User.t()]
  def get_recipients_from_activity(%Activity{recipients: to}) do
-    query =
+    User.Query.build(%{recipients_from_activity: to, local: true, deactivated: false})
-      from(
+    |> Repo.all()
        u in User,
        where: u.ap_id in ^to,
        or_where: fragment("? && ?", u.following, ^to)
      )
    query = from(u in query, where: u.local == true)
    Repo.all(query)
  end
  def search(query, resolve \\ false, for_user \\ nil) do
@ -1069,14 +1011,23 @@ def subscribed_to?(user, %{ap_id: ap_id}) do
    end
  end
-  def muted_users(user),
+  @spec muted_users(User.t()) :: [User.t()]
-    do: Repo.all(from(u in User, where: u.ap_id in ^user.info.mutes))
+  def muted_users(user) do
    User.Query.build(%{ap_id: user.info.mutes, deactivated: false})
    |> Repo.all()
  end
-  def blocked_users(user),
+  @spec blocked_users(User.t()) :: [User.t()]
-    do: Repo.all(from(u in User, where: u.ap_id in ^user.info.blocks))
+  def blocked_users(user) do
    User.Query.build(%{ap_id: user.info.blocks, deactivated: false})
    |> Repo.all()
  end
-  def subscribers(user),
+  @spec subscribers(User.t()) :: [User.t()]
-    do: Repo.all(from(u in User, where: u.ap_id in ^user.info.subscribers))
+  def subscribers(user) do
    User.Query.build(%{ap_id: user.info.subscribers, deactivated: false})
    |> Repo.all()
  end
  def block_domain(user, domain) do
    info_cng =
@ -1102,71 +1053,8 @@ def unblock_domain(user, domain) do
    update_and_set_cache(cng)
  end
  def maybe_local_user_query(query, local) do
    if local, do: local_user_query(query), else: query
  end
  def local_user_query(query \\ User) do
    from(
      u in query,
      where: u.local == true,
      where: not is_nil(u.nickname)
    )
  end
  def maybe_external_user_query(query, external) do
    if external, do: external_user_query(query), else: query
  end
  def external_user_query(query \\ User) do
    from(
      u in query,
      where: u.local == false,
      where: not is_nil(u.nickname)
    )
  end
  def maybe_active_user_query(query, active) do
    if active, do: active_user_query(query), else: query
  end
  def active_user_query(query \\ User) do
    from(
      u in query,
      where: fragment("not (?->'deactivated' @> 'true')", u.info),
      where: not is_nil(u.nickname)
    )
  end
  def maybe_deactivated_user_query(query, deactivated) do
    if deactivated, do: deactivated_user_query(query), else: query
  end
  def deactivated_user_query(query \\ User) do
    from(
      u in query,
      where: fragment("(?->'deactivated' @> 'true')", u.info),
      where: not is_nil(u.nickname)
    )
  end
  def active_local_user_query do
    from(
      u in local_user_query(),
      where: fragment("not (?->'deactivated' @> 'true')", u.info)
    )
  end
  def moderator_user_query do
    from(
      u in User,
      where: u.local == true,
      where: fragment("?->'is_moderator' @> 'true'", u.info)
    )
  end
  def deactivate_async(user, status \\ true) do
-    PleromaJobQueue.enqueue(:user, __MODULE__, [:deactivate_async, user, status])
+    PleromaJobQueue.enqueue(:background, __MODULE__, [:deactivate_async, user, status])
  end
  def perform(:deactivate_async, user, status), do: deactivate(user, status)
@ -1340,7 +1228,7 @@ def ap_enabled?(%User{info: info}), do: info.ap_enabled
  def ap_enabled?(_), do: false
  @doc "Gets or fetch a user by uri or nickname."
-  @spec get_or_fetch(String.t()) :: User.t()
+  @spec get_or_fetch(String.t()) :: {:ok, User.t()} | {:error, String.t()}
  def get_or_fetch("http" <> _host = uri), do: get_or_fetch_by_ap_id(uri)
  def get_or_fetch(nickname), do: get_or_fetch_by_nickname(nickname)
@ -1457,22 +1345,12 @@ def error_user(ap_id) do
    }
  end
  @spec all_superusers() :: [User.t()]
  def all_superusers do
-    from(
+    User.Query.build(%{super_users: true, local: true, deactivated: false})
      u in User,
      where: u.local == true,
      where: fragment("?->'is_admin' @> 'true' OR ?->'is_moderator' @> 'true'", u.info, u.info)
    )
    |> Repo.all()
  end
  defp paginate(query, page, page_size) do
    from(u in query,
      limit: ^page_size,
      offset: ^((page - 1) * page_size)
    )
  end
  def showing_reblogs?(%User{} = user, %User{} = target) do
    target.ap_id not in user.info.muted_reblogs
  end
--- a/lib/pleroma/user/info.ex
+++ b/lib/pleroma/user/info.ex
@ -8,6 +8,8 @@ defmodule Pleroma.User.Info do
  alias Pleroma.User.Info
  @type t :: %__MODULE__{}
  embedded_schema do
    field(:banner, :map, default: %{})
    field(:background, :map, default: %{})
@ -210,21 +212,23 @@ def profile_update(info, params) do
    ])
  end
-  def confirmation_changeset(info, :confirmed) do
+  @spec confirmation_changeset(Info.t(), keyword()) :: Ecto.Changerset.t()
-    confirmation_changeset(info, %{
+  def confirmation_changeset(info, opts) do
-      confirmation_pending: false,
+    need_confirmation? = Keyword.get(opts, :need_confirmation)
      confirmation_token: nil
    })
  end
-  def confirmation_changeset(info, :unconfirmed) do
+    params =
-    confirmation_changeset(info, %{
+      if need_confirmation? do
-      confirmation_pending: true,
+        %{
-      confirmation_token: :crypto.strong_rand_bytes(32) |> Base.url_encode64()
+          confirmation_pending: true,
-    })
+          confirmation_token: :crypto.strong_rand_bytes(32) |> Base.url_encode64()
-  end
+        }
      else
        %{
          confirmation_pending: false,
          confirmation_token: nil
        }
      end
  def confirmation_changeset(info, params) do
    cast(info, params, [:confirmation_pending, :confirmation_token])
  end
--- a/lib/pleroma/user/query.ex
+++ b/lib/pleroma/user/query.ex
@ -0,0 +1,156 @@
 # Pleroma: A lightweight social networking server
 # Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.User.Query do
  @moduledoc """
  User query builder module. Builds query from new query or another user query.
    ## Example:
        query = Pleroma.User.Query(%{nickname: "nickname"})
        another_query = Pleroma.User.Query.build(query, %{email: "email@example.com"})
        Pleroma.Repo.all(query)
        Pleroma.Repo.all(another_query)
  Adding new rules:
    - *ilike criteria*
      - add field to @ilike_criteria list
      - pass non empty string
      - e.g. Pleroma.User.Query.build(%{nickname: "nickname"})
    - *equal criteria*
      - add field to @equal_criteria list
      - pass non empty string
      - e.g. Pleroma.User.Query.build(%{email: "email@example.com"})
    - *contains criteria*
      - add field to @containns_criteria list
      - pass values list
      - e.g. Pleroma.User.Query.build(%{ap_id: ["http://ap_id1", "http://ap_id2"]})
  """
  import Ecto.Query
  import Pleroma.Web.AdminAPI.Search, only: [not_empty_string: 1]
  alias Pleroma.User
  @type criteria ::
          %{
            query: String.t(),
            tags: [String.t()],
            name: String.t(),
            email: String.t(),
            local: boolean(),
            external: boolean(),
            active: boolean(),
            deactivated: boolean(),
            is_admin: boolean(),
            is_moderator: boolean(),
            super_users: boolean(),
            followers: User.t(),
            friends: User.t(),
            recipients_from_activity: [String.t()],
            nickname: [String.t()],
            ap_id: [String.t()]
          }
          | %{}
  @ilike_criteria [:nickname, :name, :query]
  @equal_criteria [:email]
  @role_criteria [:is_admin, :is_moderator]
  @contains_criteria [:ap_id, :nickname]
  @spec build(criteria()) :: Query.t()
  def build(query \\ base_query(), criteria) do
    prepare_query(query, criteria)
  end
  @spec paginate(Ecto.Query.t(), pos_integer(), pos_integer()) :: Ecto.Query.t()
  def paginate(query, page, page_size) do
    from(u in query,
      limit: ^page_size,
      offset: ^((page - 1) * page_size)
    )
  end
  defp base_query do
    from(u in User)
  end
  defp prepare_query(query, criteria) do
    Enum.reduce(criteria, query, &compose_query/2)
  end
  defp compose_query({key, value}, query)
       when key in @ilike_criteria and not_empty_string(value) do
    # hack for :query key
    key = if key == :query, do: :nickname, else: key
    where(query, [u], ilike(field(u, ^key), ^"%#{value}%"))
  end
  defp compose_query({key, value}, query)
       when key in @equal_criteria and not_empty_string(value) do
    where(query, [u], ^[{key, value}])
  end
  defp compose_query({key, values}, query) when key in @contains_criteria and is_list(values) do
    where(query, [u], field(u, ^key) in ^values)
  end
  defp compose_query({:tags, tags}, query) when is_list(tags) and length(tags) > 0 do
    Enum.reduce(tags, query, &prepare_tag_criteria/2)
  end
  defp compose_query({key, _}, query) when key in @role_criteria do
    where(query, [u], fragment("(?->? @> 'true')", u.info, ^to_string(key)))
  end
  defp compose_query({:super_users, _}, query) do
    where(
      query,
      [u],
      fragment("?->'is_admin' @> 'true' OR ?->'is_moderator' @> 'true'", u.info, u.info)
    )
  end
  defp compose_query({:local, _}, query), do: location_query(query, true)
  defp compose_query({:external, _}, query), do: location_query(query, false)
  defp compose_query({:active, _}, query) do
    where(query, [u], fragment("not (?->'deactivated' @> 'true')", u.info))
    |> where([u], not is_nil(u.nickname))
  end
  defp compose_query({:deactivated, false}, query) do
    from(u in query,
      where: not fragment("? \\? 'deactivated' AND ?->'deactivated' @> 'true'", u.info, u.info)
    )
  end
  defp compose_query({:deactivated, true}, query) do
    where(query, [u], fragment("?->'deactivated' @> 'true'", u.info))
    |> where([u], not is_nil(u.nickname))
  end
  defp compose_query({:followers, %User{id: id, follower_address: follower_address}}, query) do
    where(query, [u], fragment("? <@ ?", ^[follower_address], u.following))
    |> where([u], u.id != ^id)
  end
  defp compose_query({:friends, %User{id: id, following: following}}, query) do
    where(query, [u], u.follower_address in ^following)
    |> where([u], u.id != ^id)
  end
  defp compose_query({:recipients_from_activity, to}, query) do
    where(query, [u], u.ap_id in ^to or fragment("? && ?", u.following, ^to))
  end
  defp compose_query(_unsupported_param, query), do: query
  defp prepare_tag_criteria(tag, query) do
    or_where(query, [u], fragment("? = any(?)", ^tag, u.tags))
  end
  defp location_query(query, local) do
    where(query, [u], u.local == ^local)
    |> where([u], not is_nil(u.nickname))
  end
 end
--- a/lib/pleroma/web/activity_pub/activity_pub.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub.ex
@ -4,7 +4,7 @@
 defmodule Pleroma.Web.ActivityPub.ActivityPub do
  alias Pleroma.Activity
-  alias Pleroma.Instances
+  alias Pleroma.Conversation
  alias Pleroma.Notification
  alias Pleroma.Object
  alias Pleroma.Object.Fetcher
@ -14,7 +14,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.MRF
  alias Pleroma.Web.ActivityPub.Transmogrifier
  alias Pleroma.Web.Federator
  alias Pleroma.Web.WebFinger
  import Ecto.Query
@ -23,8 +22,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
  require Logger
  @httpoison Application.get_env(:pleroma, :httpoison)
  # For Announce activities, we filter the recipients based on following status for any actors
  # that match actual users.  See issue #164 for more information about why this is necessary.
  defp get_recipients(%{"type" => "Announce"} = data) do
@ -141,7 +138,14 @@ def insert(map, local \\ true, fake \\ false) when is_map(map) do
      end)
      Notification.create_notifications(activity)
      participations =
        activity
        |> Conversation.create_or_bump_for()
        |> get_participations()
      stream_out(activity)
      stream_out_participations(participations)
      {:ok, activity}
    else
      %Activity{} = activity ->
@ -164,6 +168,19 @@ def insert(map, local \\ true, fake \\ false) when is_map(map) do
    end
  end
  defp get_participations({:ok, %{participations: participations}}), do: participations
  defp get_participations(_), do: []
  def stream_out_participations(participations) do
    participations =
      participations
      |> Repo.preload(:user)
    Enum.each(participations, fn participation ->
      Pleroma.Web.Streamer.stream("participation", participation)
    end)
  end
  def stream_out(activity) do
    public = "https://www.w3.org/ns/activitystreams#Public"
@ -195,6 +212,7 @@ def stream_out(activity) do
          end
        end
      else
        # TODO: Write test, replace with visibility test
        if !Enum.member?(activity.data["cc"] || [], public) &&
             !Enum.member?(
               activity.data["to"],
@ -457,35 +475,44 @@ def flag(
    end
  end
-  def fetch_activities_for_context(context, opts \\ %{}) do
+  defp fetch_activities_for_context_query(context, opts) do
    public = ["https://www.w3.org/ns/activitystreams#Public"]
    recipients =
      if opts["user"], do: [opts["user"].ap_id | opts["user"].following] ++ public, else: public
-    query = from(activity in Activity)
+    from(activity in Activity)
-
+    |> restrict_blocked(opts)
-    query =
+    |> restrict_recipients(recipients, opts["user"])
-      query
+    |> where(
-      |> restrict_blocked(opts)
+      [activity],
-      |> restrict_recipients(recipients, opts["user"])
+      fragment(
-
+        "?->>'type' = ? and ?->>'context' = ?",
-    query =
+        activity.data,
-      from(
+        "Create",
-        activity in query,
+        activity.data,
-        where:
+        ^context
          fragment(
            "?->>'type' = ? and ?->>'context' = ?",
            activity.data,
            "Create",
            activity.data,
            ^context
          ),
        order_by: [desc: :id]
      )
-      |> Activity.with_preloaded_object()
+    )
    |> order_by([activity], desc: activity.id)
  end
-    Repo.all(query)
+  @spec fetch_activities_for_context(String.t(), keyword() | map()) :: [Activity.t()]
  def fetch_activities_for_context(context, opts \\ %{}) do
    context
    |> fetch_activities_for_context_query(opts)
    |> Activity.with_preloaded_object()
    |> Repo.all()
  end
  @spec fetch_latest_activity_id_for_context(String.t(), keyword() | map()) ::
          Pleroma.FlakeId.t() | nil
  def fetch_latest_activity_id_for_context(context, opts \\ %{}) do
    context
    |> fetch_activities_for_context_query(opts)
    |> limit(1)
    |> select([a], a.id)
    |> Repo.one()
  end
  def fetch_public_activities(opts \\ %{}) do
@ -784,11 +811,32 @@ defp maybe_preload_objects(query, _) do
    |> Activity.with_preloaded_object()
  end
  defp maybe_preload_bookmarks(query, %{"skip_preload" => true}), do: query
  defp maybe_preload_bookmarks(query, opts) do
    query
    |> Activity.with_preloaded_bookmark(opts["user"])
  end
  defp maybe_order(query, %{order: :desc}) do
    query
    |> order_by(desc: :id)
  end
  defp maybe_order(query, %{order: :asc}) do
    query
    |> order_by(asc: :id)
  end
  defp maybe_order(query, _), do: query
  def fetch_activities_query(recipients, opts \\ %{}) do
    base_query = from(activity in Activity)
    base_query
    |> maybe_preload_objects(opts)
    |> maybe_preload_bookmarks(opts)
    |> maybe_order(opts)
    |> restrict_recipients(recipients, opts["user"])
    |> restrict_tag(opts)
    |> restrict_tag_reject(opts)
@ -910,89 +958,6 @@ def make_user_from_nickname(nickname) do
    end
  end
  def should_federate?(inbox, public) do
    if public do
      true
    else
      inbox_info = URI.parse(inbox)
      !Enum.member?(Pleroma.Config.get([:instance, :quarantined_instances], []), inbox_info.host)
    end
  end
  def publish(actor, activity) do
    remote_followers =
      if actor.follower_address in activity.recipients do
        {:ok, followers} = User.get_followers(actor)
        followers |> Enum.filter(&(!&1.local))
      else
        []
      end
    public = is_public?(activity)
    {:ok, data} = Transmogrifier.prepare_outgoing(activity.data)
    json = Jason.encode!(data)
    (Pleroma.Web.Salmon.remote_users(activity) ++ remote_followers)
    |> Enum.filter(fn user -> User.ap_enabled?(user) end)
    |> Enum.map(fn %{info: %{source_data: data}} ->
      (is_map(data["endpoints"]) && Map.get(data["endpoints"], "sharedInbox")) || data["inbox"]
    end)
    |> Enum.uniq()
    |> Enum.filter(fn inbox -> should_federate?(inbox, public) end)
    |> Instances.filter_reachable()
    |> Enum.each(fn {inbox, unreachable_since} ->
      Federator.publish_single_ap(%{
        inbox: inbox,
        json: json,
        actor: actor,
        id: activity.data["id"],
        unreachable_since: unreachable_since
      })
    end)
  end
  def publish_one(%{inbox: inbox, json: json, actor: actor, id: id} = params) do
    Logger.info("Federating #{id} to #{inbox}")
    host = URI.parse(inbox).host
    digest = "SHA-256=" <> (:crypto.hash(:sha256, json) |> Base.encode64())
    date =
      NaiveDateTime.utc_now()
      |> Timex.format!("{WDshort}, {0D} {Mshort} {YYYY} {h24}:{m}:{s} GMT")
    signature =
      Pleroma.Web.HTTPSignatures.sign(actor, %{
        host: host,
        "content-length": byte_size(json),
        digest: digest,
        date: date
      })
    with {:ok, %{status: code}} when code in 200..299 <-
           result =
             @httpoison.post(
               inbox,
               json,
               [
                 {"Content-Type", "application/activity+json"},
                 {"Date", date},
                 {"signature", signature},
                 {"digest", digest}
               ]
             ) do
      if !Map.has_key?(params, :unreachable_since) || params[:unreachable_since],
        do: Instances.set_reachable(inbox)
      result
    else
      {_post_result, response} ->
        unless params[:unreachable_since], do: Instances.set_unreachable(inbox)
        {:error, response}
    end
  end
  # filter out broken threads
  def contain_broken_threads(%Activity{} = activity, %User{} = user) do
    entire_thread_visible_for_user?(activity, user)
--- a/lib/pleroma/web/activity_pub/mrf/anti_followbot_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/anti_followbot_policy.ex
@ -5,6 +5,8 @@
 defmodule Pleroma.Web.ActivityPub.MRF.AntiFollowbotPolicy do
  alias Pleroma.User
  @moduledoc "Prevent followbots from following with a bit of heuristic"
  @behaviour Pleroma.Web.ActivityPub.MRF
  # XXX: this should become User.normalize_by_ap_id() or similar, really.
--- a/lib/pleroma/web/activity_pub/mrf/drop_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/drop_policy.ex
@ -4,6 +4,7 @@
 defmodule Pleroma.Web.ActivityPub.MRF.DropPolicy do
  require Logger
  @moduledoc "Drop and log everything received"
  @behaviour Pleroma.Web.ActivityPub.MRF
  @impl true
--- a/lib/pleroma/web/activity_pub/mrf/ensure_re_prepended.ex
+++ b/lib/pleroma/web/activity_pub/mrf/ensure_re_prepended.ex
@ -5,6 +5,7 @@
 defmodule Pleroma.Web.ActivityPub.MRF.EnsureRePrepended do
  alias Pleroma.Object
  @moduledoc "Ensure a re: is prepended on replies to a post with a Subject"
  @behaviour Pleroma.Web.ActivityPub.MRF
  @reply_prefix Regex.compile!("^re:[[:space:]]*", [:caseless])
--- a/lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex
@ -4,6 +4,8 @@
 defmodule Pleroma.Web.ActivityPub.MRF.HellthreadPolicy do
  alias Pleroma.User
  @moduledoc "Block messages with too much mentions (configurable)"
  @behaviour Pleroma.Web.ActivityPub.MRF
  defp delist_message(message, threshold) when threshold > 0 do
--- a/lib/pleroma/web/activity_pub/mrf/keyword_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/keyword_policy.ex
@ -3,6 +3,8 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Web.ActivityPub.MRF.KeywordPolicy do
  @moduledoc "Reject or Word-Replace messages with a keyword or regex"
  @behaviour Pleroma.Web.ActivityPub.MRF
  defp string_matches?(string, _) when not is_binary(string) do
    false
--- a/lib/pleroma/web/activity_pub/mrf/no_placeholder_text_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/no_placeholder_text_policy.ex
@ -3,6 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Web.ActivityPub.MRF.NoPlaceholderTextPolicy do
  @moduledoc "Ensure no content placeholder is present (such as the dot from mastodon)"
  @behaviour Pleroma.Web.ActivityPub.MRF
  @impl true
--- a/lib/pleroma/web/activity_pub/mrf/noop_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/noop_policy.ex
@ -3,6 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Web.ActivityPub.MRF.NoOpPolicy do
  @moduledoc "Does nothing (lets the messages go through unmodified)"
  @behaviour Pleroma.Web.ActivityPub.MRF
  @impl true
--- a/lib/pleroma/web/activity_pub/mrf/normalize_markup.ex
+++ b/lib/pleroma/web/activity_pub/mrf/normalize_markup.ex
@ -3,6 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Web.ActivityPub.MRF.NormalizeMarkup do
  @moduledoc "Scrub configured hypertext markup"
  alias Pleroma.HTML
  @behaviour Pleroma.Web.ActivityPub.MRF
--- a/lib/pleroma/web/activity_pub/mrf/reject_non_public.ex
+++ b/lib/pleroma/web/activity_pub/mrf/reject_non_public.ex
@ -4,6 +4,7 @@
 defmodule Pleroma.Web.ActivityPub.MRF.RejectNonPublic do
  alias Pleroma.User
  @moduledoc "Rejects non-public (followers-only, direct) activities"
  @behaviour Pleroma.Web.ActivityPub.MRF
  @impl true
--- a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex
@ -4,6 +4,7 @@
 defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
  alias Pleroma.User
  @moduledoc "Filter activities depending on their origin instance"
  @behaviour Pleroma.Web.ActivityPub.MRF
  defp check_accept(%{host: actor_host} = _actor_info, object) do
--- a/lib/pleroma/web/activity_pub/mrf/tag_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/tag_policy.ex
@ -5,6 +5,19 @@
 defmodule Pleroma.Web.ActivityPub.MRF.TagPolicy do
  alias Pleroma.User
  @behaviour Pleroma.Web.ActivityPub.MRF
  @moduledoc """
     Apply policies based on user tags
     This policy applies policies on a user activities depending on their tags
     on your instance.
     - `mrf_tag:media-force-nsfw`: Mark as sensitive on presence of attachments
     - `mrf_tag:media-strip`: Remove attachments
     - `mrf_tag:force-unlisted`: Mark as unlisted (removes from the federated timeline)
     - `mrf_tag:sandbox`: Remove from public (local and federated) timelines
     - `mrf_tag:disable-remote-subscription`: Reject non-local follow requests
     - `mrf_tag:disable-any-subscription`: Reject any follow requests
  """
  defp get_tags(%User{tags: tags}) when is_list(tags), do: tags
  defp get_tags(_), do: []
--- a/lib/pleroma/web/activity_pub/mrf/user_allowlist.ex
+++ b/lib/pleroma/web/activity_pub/mrf/user_allowlist.ex
@ -5,6 +5,7 @@
 defmodule Pleroma.Web.ActivityPub.MRF.UserAllowListPolicy do
  alias Pleroma.Config
  @moduledoc "Accept-list of users from specified instances"
  @behaviour Pleroma.Web.ActivityPub.MRF
  defp filter_by_list(object, []), do: {:ok, object}
--- a/lib/pleroma/web/activity_pub/publisher.ex
+++ b/lib/pleroma/web/activity_pub/publisher.ex
@ -0,0 +1,152 @@
 # Pleroma: A lightweight social networking server
 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Web.ActivityPub.Publisher do
  alias Pleroma.Activity
  alias Pleroma.Config
  alias Pleroma.Instances
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.Relay
  alias Pleroma.Web.ActivityPub.Transmogrifier
  import Pleroma.Web.ActivityPub.Visibility
  @behaviour Pleroma.Web.Federator.Publisher
  require Logger
  @httpoison Application.get_env(:pleroma, :httpoison)
  @moduledoc """
  ActivityPub outgoing federation module.
  """
  @doc """
  Determine if an activity can be represented by running it through Transmogrifier.
  """
  def is_representable?(%Activity{} = activity) do
    with {:ok, _data} <- Transmogrifier.prepare_outgoing(activity.data) do
      true
    else
      _e ->
        false
    end
  end
  @doc """
  Publish a single message to a peer.  Takes a struct with the following
  parameters set:
  * `inbox`: the inbox to publish to
  * `json`: the JSON message body representing the ActivityPub message
  * `actor`: the actor which is signing the message
  * `id`: the ActivityStreams URI of the message
  """
  def publish_one(%{inbox: inbox, json: json, actor: %User{} = actor, id: id} = params) do
    Logger.info("Federating #{id} to #{inbox}")
    host = URI.parse(inbox).host
    digest = "SHA-256=" <> (:crypto.hash(:sha256, json) |> Base.encode64())
    date =
      NaiveDateTime.utc_now()
      |> Timex.format!("{WDshort}, {0D} {Mshort} {YYYY} {h24}:{m}:{s} GMT")
    signature =
      Pleroma.Web.HTTPSignatures.sign(actor, %{
        host: host,
        "content-length": byte_size(json),
        digest: digest,
        date: date
      })
    with {:ok, %{status: code}} when code in 200..299 <-
           result =
             @httpoison.post(
               inbox,
               json,
               [
                 {"Content-Type", "application/activity+json"},
                 {"Date", date},
                 {"signature", signature},
                 {"digest", digest}
               ]
             ) do
      if !Map.has_key?(params, :unreachable_since) || params[:unreachable_since],
        do: Instances.set_reachable(inbox)
      result
    else
      {_post_result, response} ->
        unless params[:unreachable_since], do: Instances.set_unreachable(inbox)
        {:error, response}
    end
  end
  defp should_federate?(inbox, public) do
    if public do
      true
    else
      inbox_info = URI.parse(inbox)
      !Enum.member?(Pleroma.Config.get([:instance, :quarantined_instances], []), inbox_info.host)
    end
  end
  @doc """
  Publishes an activity to all relevant peers.
  """
  def publish(%User{} = actor, %Activity{} = activity) do
    remote_followers =
      if actor.follower_address in activity.recipients do
        {:ok, followers} = User.get_followers(actor)
        followers |> Enum.filter(&(!&1.local))
      else
        []
      end
    public = is_public?(activity)
    if public && Config.get([:instance, :allow_relay]) do
      Logger.info(fn -> "Relaying #{activity.data["id"]} out" end)
      Relay.publish(activity)
    end
    {:ok, data} = Transmogrifier.prepare_outgoing(activity.data)
    json = Jason.encode!(data)
    (Pleroma.Web.Salmon.remote_users(activity) ++ remote_followers)
    |> Enum.filter(fn user -> User.ap_enabled?(user) end)
    |> Enum.map(fn %{info: %{source_data: data}} ->
      (is_map(data["endpoints"]) && Map.get(data["endpoints"], "sharedInbox")) || data["inbox"]
    end)
    |> Enum.uniq()
    |> Enum.filter(fn inbox -> should_federate?(inbox, public) end)
    |> Instances.filter_reachable()
    |> Enum.each(fn {inbox, unreachable_since} ->
      Pleroma.Web.Federator.Publisher.enqueue_one(
        __MODULE__,
        %{
          inbox: inbox,
          json: json,
          actor: actor,
          id: activity.data["id"],
          unreachable_since: unreachable_since
        }
      )
    end)
  end
  def gather_webfinger_links(%User{} = user) do
    [
      %{"rel" => "self", "type" => "application/activity+json", "href" => user.ap_id},
      %{
        "rel" => "self",
        "type" => "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"",
        "href" => user.ap_id
      }
    ]
  end
  def gather_nodeinfo_protocol_names, do: ["activitypub"]
 end
--- a/lib/pleroma/web/activity_pub/utils.ex
+++ b/lib/pleroma/web/activity_pub/utils.ex
@ -682,7 +682,7 @@ def make_flag_data(params, additional) do
  """
  def fetch_ordered_collection(from, pages_left, acc \\ []) do
    with {:ok, response} <- Tesla.get(from),
-         {:ok, collection} <- Poison.decode(response.body) do
+         {:ok, collection} <- Jason.decode(response.body) do
      case collection["type"] do
        "OrderedCollection" ->
          # If we've encountered the OrderedCollection and not the page,
--- a/lib/pleroma/web/admin_api/admin_api_controller.ex
+++ b/lib/pleroma/web/admin_api/admin_api_controller.ex
@ -59,7 +59,7 @@ def user_create(
      bio: "."
    }
-    changeset = User.register_changeset(%User{}, user_data, confirmed: true)
+    changeset = User.register_changeset(%User{}, user_data, need_confirmation: false)
    {:ok, user} = User.register(changeset)
    conn
@ -101,7 +101,10 @@ def list_users(conn, params) do
    search_params = %{
      query: params["query"],
      page: page,
-      page_size: page_size
+      page_size: page_size,
      tags: params["tags"],
      name: params["name"],
      email: params["email"]
    }
    with {:ok, users, count} <- Search.user(Map.merge(search_params, filters)),
@ -116,11 +119,11 @@ def list_users(conn, params) do
           )
  end
-  @filters ~w(local external active deactivated)
+  @filters ~w(local external active deactivated is_admin is_moderator)
  defp maybe_parse_filters(filters) when is_nil(filters) or filters == "", do: %{}
  @spec maybe_parse_filters(String.t()) :: %{required(String.t()) => true} | %{}
  defp maybe_parse_filters(filters) when is_nil(filters) or filters == "", do: %{}
  defp maybe_parse_filters(filters) do
    filters
    |> String.split(",")
--- a/lib/pleroma/web/admin_api/search.ex
+++ b/lib/pleroma/web/admin_api/search.ex
@ -10,45 +10,23 @@ defmodule Pleroma.Web.AdminAPI.Search do
  @page_size 50
-  def user(%{query: term} = params) when is_nil(term) or term == "" do
+  defmacro not_empty_string(string) do
-    query = maybe_filtered_query(params)
+    quote do
      is_binary(unquote(string)) and unquote(string) != ""
    end
  end
  @spec user(map()) :: {:ok, [User.t()], pos_integer()}
  def user(params \\ %{}) do
    query = User.Query.build(params) |> order_by([u], u.nickname)
    paginated_query =
-      maybe_filtered_query(params)
+      User.Query.paginate(query, params[:page] || 1, params[:page_size] || @page_size)
      |> paginate(params[:page] || 1, params[:page_size] || @page_size)
-    count = query |> Repo.aggregate(:count, :id)
+    count = Repo.aggregate(query, :count, :id)
    results = Repo.all(paginated_query)
    {:ok, results, count}
  end
  def user(%{query: term} = params) when is_binary(term) do
    search_query = from(u in maybe_filtered_query(params), where: ilike(u.nickname, ^"%#{term}%"))
    count = search_query |> Repo.aggregate(:count, :id)
    results =
      search_query
      |> paginate(params[:page] || 1, params[:page_size] || @page_size)
      |> Repo.all()
    {:ok, results, count}
  end
  defp maybe_filtered_query(params) do
    from(u in User, order_by: u.nickname)
    |> User.maybe_local_user_query(params[:local])
    |> User.maybe_external_user_query(params[:external])
    |> User.maybe_active_user_query(params[:active])
    |> User.maybe_deactivated_user_query(params[:deactivated])
  end
  defp paginate(query, page, page_size) do
    from(u in query,
      limit: ^page_size,
      offset: ^((page - 1) * page_size)
    )
  end
 end
--- a/lib/pleroma/web/auth/pleroma_authenticator.ex
+++ b/lib/pleroma/web/auth/pleroma_authenticator.ex
@ -74,7 +74,7 @@ def create_from_registration(
               password_confirmation: random_password
             },
             external: true,
-             confirmed: true
+             need_confirmation: false
           )
           |> Repo.insert(),
         {:ok, _} <-
--- a/lib/pleroma/web/controller_helper.ex
+++ b/lib/pleroma/web/controller_helper.ex
@ -10,12 +10,6 @@ defmodule Pleroma.Web.ControllerHelper do
  def truthy_param?(blank_value) when blank_value in [nil, ""], do: nil
  def truthy_param?(value), do: value not in @falsy_param_values
  def oauth_scopes(params, default) do
    # Note: `scopes` is used by Mastodon — supporting it but sticking to
    # OAuth's standard `scope` wherever we control it
    Pleroma.Web.OAuth.parse_scopes(params["scope"] || params["scopes"], default)
  end
  def json_response(conn, status, json) do
    conn
    |> put_status(status)
--- a/lib/pleroma/web/endpoint.ex
+++ b/lib/pleroma/web/endpoint.ex
@ -29,6 +29,13 @@ defmodule Pleroma.Web.Endpoint do
    # credo:disable-for-previous-line Credo.Check.Readability.MaxLineLength
  )
  plug(Plug.Static.IndexHtml, at: "/pleroma/admin/")
  plug(Plug.Static,
    at: "/pleroma/admin/",
    from: {:pleroma, "priv/static/adminfe/"}
  )
  # Code reloading can be explicitly enabled under the
  # :code_reloader configuration of your endpoint.
  if code_reloading? do
--- a/lib/pleroma/web/federator/federator.ex
+++ b/lib/pleroma/web/federator/federator.ex
@ -7,13 +7,10 @@ defmodule Pleroma.Web.Federator do
  alias Pleroma.Object.Containment
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.ActivityPub
  alias Pleroma.Web.ActivityPub.Relay
  alias Pleroma.Web.ActivityPub.Transmogrifier
  alias Pleroma.Web.ActivityPub.Utils
-  alias Pleroma.Web.ActivityPub.Visibility
+  alias Pleroma.Web.Federator.Publisher
  alias Pleroma.Web.Federator.RetryQueue
  alias Pleroma.Web.OStatus
  alias Pleroma.Web.Salmon
  alias Pleroma.Web.WebFinger
  alias Pleroma.Web.Websub
@ -42,14 +39,6 @@ def publish(activity, priority \\ 1) do
    PleromaJobQueue.enqueue(:federator_outgoing, __MODULE__, [:publish, activity], priority)
  end
  def publish_single_ap(params) do
    PleromaJobQueue.enqueue(:federator_outgoing, __MODULE__, [:publish_single_ap, params])
  end
  def publish_single_websub(websub) do
    PleromaJobQueue.enqueue(:federator_outgoing, __MODULE__, [:publish_single_websub, websub])
  end
  def verify_websub(websub) do
    PleromaJobQueue.enqueue(:federator_outgoing, __MODULE__, [:verify_websub, websub])
  end
@ -62,10 +51,6 @@ def refresh_subscriptions do
    PleromaJobQueue.enqueue(:federator_outgoing, __MODULE__, [:refresh_subscriptions])
  end
  def publish_single_salmon(params) do
    PleromaJobQueue.enqueue(:federator_outgoing, __MODULE__, [:publish_single_salmon, params])
  end
  # Job Worker Callbacks
  def perform(:refresh_subscriptions) do
@ -95,23 +80,7 @@ def perform(:publish, activity) do
    with actor when not is_nil(actor) <- User.get_cached_by_ap_id(activity.data["actor"]) do
      {:ok, actor} = WebFinger.ensure_keys_present(actor)
-      if Visibility.is_public?(activity) do
+      Publisher.publish(actor, activity)
        if OStatus.is_representable?(activity) do
          Logger.info(fn -> "Sending #{activity.data["id"]} out via WebSub" end)
          Websub.publish(Pleroma.Web.OStatus.feed_path(actor), actor, activity)
          Logger.info(fn -> "Sending #{activity.data["id"]} out via Salmon" end)
          Pleroma.Web.Salmon.publish(actor, activity)
        end
        if Keyword.get(Application.get_env(:pleroma, :instance), :allow_relay) do
          Logger.info(fn -> "Relaying #{activity.data["id"]} out" end)
          Relay.publish(activity)
        end
      end
      Logger.info(fn -> "Sending #{activity.data["id"]} out via AP" end)
      Pleroma.Web.ActivityPub.ActivityPub.publish(actor, activity)
    end
  end
@ -148,25 +117,11 @@ def perform(:incoming_ap_doc, params) do
      _e ->
        # Just drop those for now
        Logger.info("Unhandled activity")
-        Logger.info(Poison.encode!(params, pretty: 2))
+        Logger.info(Jason.encode!(params, pretty: true))
        :error
    end
  end
  def perform(:publish_single_salmon, params) do
    Salmon.send_to_user(params)
  end
  def perform(:publish_single_ap, params) do
    case ActivityPub.publish_one(params) do
      {:ok, _} ->
        :ok
      {:error, _} ->
        RetryQueue.enqueue(params, ActivityPub)
    end
  end
  def perform(
        :publish_single_websub,
        %{xml: _xml, topic: _topic, callback: _callback, secret: _secret} = params
--- a/lib/pleroma/web/federator/publisher.ex
+++ b/lib/pleroma/web/federator/publisher.ex
@ -0,0 +1,95 @@
 # Pleroma: A lightweight social networking server
 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Web.Federator.Publisher do
  alias Pleroma.Activity
  alias Pleroma.Config
  alias Pleroma.User
  alias Pleroma.Web.Federator.RetryQueue
  require Logger
  @moduledoc """
  Defines the contract used by federation implementations to publish messages to
  their peers.
  """
  @doc """
  Determine whether an activity can be relayed using the federation module.
  """
  @callback is_representable?(Pleroma.Activity.t()) :: boolean()
  @doc """
  Relays an activity to a specified peer, determined by the parameters.  The
  parameters used are controlled by the federation module.
  """
  @callback publish_one(Map.t()) :: {:ok, Map.t()} | {:error, any()}
  @doc """
  Enqueue publishing a single activity.
  """
  @spec enqueue_one(module(), Map.t()) :: :ok
  def enqueue_one(module, %{} = params),
    do: PleromaJobQueue.enqueue(:federation_outgoing, __MODULE__, [:publish_one, module, params])
  @spec perform(atom(), module(), any()) :: {:ok, any()} | {:error, any()}
  def perform(:publish_one, module, params) do
    case apply(module, :publish_one, [params]) do
      {:ok, _} ->
        :ok
      {:error, _e} ->
        RetryQueue.enqueue(params, module)
    end
  end
  def perform(type, _, _) do
    Logger.debug("Unknown task: #{type}")
    {:error, "Don't know what to do with this"}
  end
  @doc """
  Relays an activity to all specified peers.
  """
  @callback publish(Pleroma.User.t(), Pleroma.Activity.t()) :: :ok | {:error, any()}
  @spec publish(Pleroma.User.t(), Pleroma.Activity.t()) :: :ok
  def publish(%User{} = user, %Activity{} = activity) do
    Config.get([:instance, :federation_publisher_modules])
    |> Enum.each(fn module ->
      if module.is_representable?(activity) do
        Logger.info("Publishing #{activity.data["id"]} using #{inspect(module)}")
        module.publish(user, activity)
      end
    end)
    :ok
  end
  @doc """
  Gathers links used by an outgoing federation module for WebFinger output.
  """
  @callback gather_webfinger_links(Pleroma.User.t()) :: list()
  @spec gather_webfinger_links(Pleroma.User.t()) :: list()
  def gather_webfinger_links(%User{} = user) do
    Config.get([:instance, :federation_publisher_modules])
    |> Enum.reduce([], fn module, links ->
      links ++ module.gather_webfinger_links(user)
    end)
  end
  @doc """
  Gathers nodeinfo protocol names supported by the federation module.
  """
  @callback gather_nodeinfo_protocol_names() :: list()
  @spec gather_nodeinfo_protocol_names() :: list()
  def gather_nodeinfo_protocol_names do
    Config.get([:instance, :federation_publisher_modules])
    |> Enum.reduce([], fn module, links ->
      links ++ module.gather_nodeinfo_protocol_names()
    end)
  end
 end
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@ -8,6 +8,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
  alias Pleroma.Activity
  alias Pleroma.Bookmark
  alias Pleroma.Config
  alias Pleroma.Conversation.Participation
  alias Pleroma.Filter
  alias Pleroma.Formatter
  alias Pleroma.Notification
@ -24,6 +25,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
  alias Pleroma.Web.CommonAPI
  alias Pleroma.Web.MastodonAPI.AccountView
  alias Pleroma.Web.MastodonAPI.AppView
  alias Pleroma.Web.MastodonAPI.ConversationView
  alias Pleroma.Web.MastodonAPI.FilterView
  alias Pleroma.Web.MastodonAPI.ListView
  alias Pleroma.Web.MastodonAPI.MastodonAPI
@ -35,20 +37,31 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
  alias Pleroma.Web.MediaProxy
  alias Pleroma.Web.OAuth.App
  alias Pleroma.Web.OAuth.Authorization
  alias Pleroma.Web.OAuth.Scopes
  alias Pleroma.Web.OAuth.Token
  alias Pleroma.Web.TwitterAPI.TwitterAPI
  alias Pleroma.Web.ControllerHelper
  import Ecto.Query
  require Logger
  plug(
    Pleroma.Plugs.RateLimitPlug,
    %{
      max_requests: Config.get([:app_account_creation, :max_requests]),
      interval: Config.get([:app_account_creation, :interval])
    }
    when action in [:account_register]
  )
  @httpoison Application.get_env(:pleroma, :httpoison)
  @local_mastodon_name "Mastodon-Local"
  action_fallback(:errors)
  def create_app(conn, params) do
-    scopes = ControllerHelper.oauth_scopes(params, ["read"])
+    scopes = Scopes.fetch_scopes(params, ["read"])
    app_attrs =
      params
@ -165,7 +178,7 @@ def user(%{assigns: %{user: for_user}} = conn, %{"id" => nickname_or_id}) do
    end
  end
-  @mastodon_api_level "2.5.0"
+  @mastodon_api_level "2.7.2"
  def masto_instance(conn, _params) do
    instance = Config.get(:instance)
@ -293,8 +306,6 @@ def home_timeline(%{assigns: %{user: user}} = conn, params) do
      |> ActivityPub.contain_timeline(user)
      |> Enum.reverse()
    user = Repo.preload(user, bookmarks: :activity)
    conn
    |> add_link_headers(:home_timeline, activities)
    |> put_view(StatusView)
@ -313,8 +324,6 @@ def public_timeline(%{assigns: %{user: user}} = conn, params) do
      |> ActivityPub.fetch_public_activities()
      |> Enum.reverse()
    user = Repo.preload(user, bookmarks: :activity)
    conn
    |> add_link_headers(:public_timeline, activities, false, %{"local" => local_only})
    |> put_view(StatusView)
@ -322,8 +331,7 @@ def public_timeline(%{assigns: %{user: user}} = conn, params) do
  end
  def user_statuses(%{assigns: %{user: reading_user}} = conn, params) do
-    with %User{} = user <- User.get_cached_by_id(params["id"]),
+    with %User{} = user <- User.get_cached_by_id(params["id"]) do
         reading_user <- Repo.preload(reading_user, :bookmarks) do
      activities = ActivityPub.fetch_user_activities(user, reading_user, params)
      conn
@ -350,8 +358,6 @@ def dm_timeline(%{assigns: %{user: user}} = conn, params) do
      |> ActivityPub.fetch_activities_query(params)
      |> Pagination.fetch_paginated(params)
    user = Repo.preload(user, bookmarks: :activity)
    conn
    |> add_link_headers(:dm_timeline, activities)
    |> put_view(StatusView)
@ -361,8 +367,6 @@ def dm_timeline(%{assigns: %{user: user}} = conn, params) do
  def get_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do
    with %Activity{} = activity <- Activity.get_by_id_with_object(id),
         true <- Visibility.visible_for_user?(activity, user) do
      user = Repo.preload(user, bookmarks: :activity)
      conn
      |> put_view(StatusView)
      |> try_render("status.json", %{activity: activity, for: user})
@ -512,8 +516,6 @@ def delete_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do
  def reblog_status(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do
    with {:ok, announce, _activity} <- CommonAPI.repeat(ap_id_or_id, user),
         %Activity{} = announce <- Activity.normalize(announce.data) do
      user = Repo.preload(user, bookmarks: :activity)
      conn
      |> put_view(StatusView)
      |> try_render("status.json", %{activity: announce, for: user, as: :activity})
@ -523,8 +525,6 @@ def reblog_status(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do
  def unreblog_status(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do
    with {:ok, _unannounce, %{data: %{"id" => id}}} <- CommonAPI.unrepeat(ap_id_or_id, user),
         %Activity{} = activity <- Activity.get_create_by_object_ap_id_with_object(id) do
      user = Repo.preload(user, bookmarks: :activity)
      conn
      |> put_view(StatusView)
      |> try_render("status.json", %{activity: activity, for: user, as: :activity})
@ -575,8 +575,6 @@ def bookmark_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do
         %User{} = user <- User.get_cached_by_nickname(user.nickname),
         true <- Visibility.visible_for_user?(activity, user),
         {:ok, _bookmark} <- Bookmark.create(user.id, activity.id) do
      user = Repo.preload(user, bookmarks: :activity)
      conn
      |> put_view(StatusView)
      |> try_render("status.json", %{activity: activity, for: user, as: :activity})
@ -588,8 +586,6 @@ def unbookmark_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do
         %User{} = user <- User.get_cached_by_nickname(user.nickname),
         true <- Visibility.visible_for_user?(activity, user),
         {:ok, _bookmark} <- Bookmark.destroy(user.id, activity.id) do
      user = Repo.preload(user, bookmarks: :activity)
      conn
      |> put_view(StatusView)
      |> try_render("status.json", %{activity: activity, for: user, as: :activity})
@ -1110,8 +1106,6 @@ def favourites(%{assigns: %{user: user}} = conn, params) do
      ActivityPub.fetch_activities([], params)
      |> Enum.reverse()
    user = Repo.preload(user, bookmarks: :activity)
    conn
    |> add_link_headers(:favourites, activities)
    |> put_view(StatusView)
@ -1157,7 +1151,6 @@ def user_favourites(%{assigns: %{user: for_user}} = conn, %{"id" => id} = params
  def bookmarks(%{assigns: %{user: user}} = conn, params) do
    user = User.get_cached_by_id(user.id)
    user = Repo.preload(user, bookmarks: :activity)
    bookmarks =
      Bookmark.for_user_query(user.id)
@ -1165,7 +1158,7 @@ def bookmarks(%{assigns: %{user: user}} = conn, params) do
    activities =
      bookmarks
-      |> Enum.map(fn b -> b.activity end)
+      |> Enum.map(fn b -> Map.put(b.activity, :bookmark, Map.delete(b, :activity)) end)
    conn
    |> add_link_headers(:bookmarks, bookmarks)
@ -1274,8 +1267,6 @@ def list_timeline(%{assigns: %{user: user}} = conn, %{"list_id" => id} = params)
        |> ActivityPub.fetch_activities_bounded(following, params)
        |> Enum.reverse()
      user = Repo.preload(user, bookmarks: :activity)
      conn
      |> put_view(StatusView)
      |> render("index.json", %{activities: activities, for: user, as: :activity})
@ -1555,7 +1546,7 @@ def create_filter(
      user_id: user.id,
      phrase: phrase,
      context: context,
-      hide: Map.get(params, "irreversible", nil),
+      hide: Map.get(params, "irreversible", false),
      whole_word: Map.get(params, "boolean", true)
      # expires_at
    }
@ -1712,6 +1703,78 @@ def reports(%{assigns: %{user: user}} = conn, params) do
    end
  end
  def account_register(
        %{assigns: %{app: app}} = conn,
        %{"username" => nickname, "email" => _, "password" => _, "agreement" => true} = params
      ) do
    params =
      params
      |> Map.take([
        "email",
        "captcha_solution",
        "captcha_token",
        "captcha_answer_data",
        "token",
        "password"
      ])
      |> Map.put("nickname", nickname)
      |> Map.put("fullname", params["fullname"] || nickname)
      |> Map.put("bio", params["bio"] || "")
      |> Map.put("confirm", params["password"])
    with {:ok, user} <- TwitterAPI.register_user(params, need_confirmation: true),
         {:ok, token} <- Token.create_token(app, user, %{scopes: app.scopes}) do
      json(conn, %{
        token_type: "Bearer",
        access_token: token.token,
        scope: app.scopes,
        created_at: Token.Utils.format_created_at(token)
      })
    else
      {:error, errors} ->
        conn
        |> put_status(400)
        |> json(Jason.encode!(errors))
    end
  end
  def account_register(%{assigns: %{app: _app}} = conn, _params) do
    conn
    |> put_status(400)
    |> json(%{error: "Missing parameters"})
  end
  def account_register(conn, _) do
    conn
    |> put_status(403)
    |> json(%{error: "Invalid credentials"})
  end
  def conversations(%{assigns: %{user: user}} = conn, params) do
    participations = Participation.for_user_with_last_activity_id(user, params)
    conversations =
      Enum.map(participations, fn participation ->
        ConversationView.render("participation.json", %{participation: participation, user: user})
      end)
    conn
    |> add_link_headers(:conversations, participations)
    |> json(conversations)
  end
  def conversation_read(%{assigns: %{user: user}} = conn, %{"id" => participation_id}) do
    with %Participation{} = participation <-
           Repo.get_by(Participation, id: participation_id, user_id: user.id),
         {:ok, participation} <- Participation.mark_as_read(participation) do
      participation_view =
        ConversationView.render("participation.json", %{participation: participation, user: user})
      conn
      |> json(participation_view)
    end
  end
  def try_render(conn, target, params)
      when is_binary(target) do
    res = render(conn, target, params)
--- a/lib/pleroma/web/mastodon_api/views/conversation_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/conversation_view.ex
@ -0,0 +1,38 @@
 defmodule Pleroma.Web.MastodonAPI.ConversationView do
  use Pleroma.Web, :view
  alias Pleroma.Activity
  alias Pleroma.Repo
  alias Pleroma.Web.ActivityPub.ActivityPub
  alias Pleroma.Web.MastodonAPI.AccountView
  alias Pleroma.Web.MastodonAPI.StatusView
  def render("participation.json", %{participation: participation, user: user}) do
    participation = Repo.preload(participation, conversation: :users)
    last_activity_id =
      with nil <- participation.last_activity_id do
        ActivityPub.fetch_latest_activity_id_for_context(participation.conversation.ap_id, %{
          "user" => user,
          "blocking_user" => user
        })
      end
    activity = Activity.get_by_id_with_object(last_activity_id)
    last_status = StatusView.render("status.json", %{activity: activity, for: user})
    accounts =
      AccountView.render("accounts.json", %{
        users: participation.conversation.users,
        as: :user
      })
    %{
      id: participation.id |> to_string(),
      accounts: accounts,
      unread: !participation.read,
      last_status: last_status
    }
  end
 end
--- a/lib/pleroma/web/mastodon_api/views/status_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/status_view.ex
@ -75,18 +75,22 @@ def render("index.json", opts) do
  def render(
        "status.json",
-        %{activity: %{data: %{"type" => "Announce", "object" => object}} = activity} = opts
+        %{activity: %{data: %{"type" => "Announce", "object" => _object}} = activity} = opts
      ) do
    user = get_user(activity.data["actor"])
    created_at = Utils.to_masto_date(activity.data["published"])
    activity_object = Object.normalize(activity)
    reblogged_activity =
      Activity.create_by_object_ap_id(activity_object.data["id"])
      |> Activity.with_preloaded_bookmark(opts[:for])
      |> Repo.one()
    reblogged_activity = Activity.get_create_by_object_ap_id(object)
    reblogged = render("status.json", Map.put(opts, :activity, reblogged_activity))
    activity_object = Object.normalize(activity)
    favorited = opts[:for] && opts[:for].ap_id in (activity_object.data["likes"] || [])
-    bookmarked = opts[:for] && CommonAPI.bookmarked?(opts[:for], reblogged_activity)
+    bookmarked = Activity.get_bookmark(reblogged_activity, opts[:for]) != nil
    mentions =
      activity.recipients
@ -96,8 +100,8 @@ def render(
    %{
      id: to_string(activity.id),
-      uri: object,
+      uri: activity_object.data["id"],
-      url: object,
+      url: activity_object.data["id"],
      account: AccountView.render("account.json", %{user: user}),
      in_reply_to_id: nil,
      in_reply_to_account_id: nil,
@ -149,7 +153,7 @@ def render("status.json", %{activity: %{data: %{"object" => _object}} = activity
    favorited = opts[:for] && opts[:for].ap_id in (object.data["likes"] || [])
-    bookmarked = opts[:for] && CommonAPI.bookmarked?(opts[:for], activity)
+    bookmarked = Activity.get_bookmark(activity, opts[:for]) != nil
    attachment_data = object.data["attachment"] || []
    attachments = render_many(attachment_data, StatusView, "attachment.json", as: :attachment)
--- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
+++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
@ -10,6 +10,7 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do
  alias Pleroma.User
  alias Pleroma.Web
  alias Pleroma.Web.ActivityPub.MRF
  alias Pleroma.Web.Federator.Publisher
  plug(Pleroma.Web.FederatingPlug)
@ -137,7 +138,7 @@ def raw_nodeinfo do
        name: Pleroma.Application.name() |> String.downcase(),
        version: Pleroma.Application.version()
      },
-      protocols: ["ostatus", "activitypub"],
+      protocols: Publisher.gather_nodeinfo_protocol_names(),
      services: %{
        inbound: [],
        outbound: []
--- a/lib/pleroma/web/oauth.ex
+++ b/lib/pleroma/web/oauth.ex
@ -3,18 +3,4 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Web.OAuth do
  def parse_scopes(scopes, _default) when is_list(scopes) do
    Enum.filter(scopes, &(&1 not in [nil, ""]))
  end
  def parse_scopes(scopes, default) when is_binary(scopes) do
    scopes
    |> String.trim()
    |> String.split(~r/[\s,]+/)
    |> parse_scopes(default)
  end
  def parse_scopes(_, default) do
    default
  end
 end
--- a/lib/pleroma/web/oauth/app.ex
+++ b/lib/pleroma/web/oauth/app.ex
@ -7,6 +7,7 @@ defmodule Pleroma.Web.OAuth.App do
  import Ecto.Changeset
  @type t :: %__MODULE__{}
  schema "apps" do
    field(:client_name, :string)
    field(:redirect_uris, :string)
--- a/lib/pleroma/web/oauth/authorization.ex
+++ b/lib/pleroma/web/oauth/authorization.ex
@ -14,6 +14,7 @@ defmodule Pleroma.Web.OAuth.Authorization do
  import Ecto.Query
  @type t :: %__MODULE__{}
  schema "oauth_authorizations" do
    field(:token, :string)
    field(:scopes, {:array, :string}, default: [])
@ -25,28 +26,45 @@ defmodule Pleroma.Web.OAuth.Authorization do
    timestamps()
  end
  @spec create_authorization(App.t(), User.t() | %{}, [String.t()] | nil) ::
          {:ok, Authorization.t()} | {:error, Changeset.t()}
  def create_authorization(%App{} = app, %User{} = user, scopes \\ nil) do
-    scopes = scopes || app.scopes
+    %{
-    token = :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
+      scopes: scopes || app.scopes,
    authorization = %Authorization{
      token: token,
      used: false,
      user_id: user.id,
-      app_id: app.id,
+      app_id: app.id
      scopes: scopes,
      valid_until: NaiveDateTime.add(NaiveDateTime.utc_now(), 60 * 10)
    }
-
+    |> create_changeset()
-    Repo.insert(authorization)
+    |> Repo.insert()
  end
  @spec create_changeset(map()) :: Changeset.t()
  def create_changeset(attrs \\ %{}) do
    %Authorization{}
    |> cast(attrs, [:user_id, :app_id, :scopes, :valid_until])
    |> validate_required([:app_id, :scopes])
    |> add_token()
    |> add_lifetime()
  end
  defp add_token(changeset) do
    token = :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
    put_change(changeset, :token, token)
  end
  defp add_lifetime(changeset) do
    put_change(changeset, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), 60 * 10))
  end
  @spec use_changeset(Authtorizatiton.t(), map()) :: Changeset.t()
  def use_changeset(%Authorization{} = auth, params) do
    auth
    |> cast(params, [:used])
    |> validate_required([:used])
  end
  @spec use_token(Authorization.t()) ::
          {:ok, Authorization.t()} | {:error, Changeset.t()} | {:error, String.t()}
  def use_token(%Authorization{used: false, valid_until: valid_until} = auth) do
    if NaiveDateTime.diff(NaiveDateTime.utc_now(), valid_until) < 0 do
      Repo.update(use_changeset(auth, %{used: true}))
@ -57,6 +75,7 @@ def use_token(%Authorization{used: false, valid_until: valid_until} = auth) do
  def use_token(%Authorization{used: true}), do: {:error, "already used"}
  @spec delete_user_authorizations(User.t()) :: {integer(), any()}
  def delete_user_authorizations(%User{id: user_id}) do
    from(
      a in Pleroma.Web.OAuth.Authorization,
--- a/lib/pleroma/web/oauth/oauth_controller.ex
+++ b/lib/pleroma/web/oauth/oauth_controller.ex
@ -15,8 +15,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do
  alias Pleroma.Web.OAuth.Token
  alias Pleroma.Web.OAuth.Token.Strategy.RefreshToken
  alias Pleroma.Web.OAuth.Token.Strategy.Revoke, as: RevokeToken
-
+  alias Pleroma.Web.OAuth.Scopes
  import Pleroma.Web.ControllerHelper, only: [oauth_scopes: 2]
  if Pleroma.Config.oauth_consumer_enabled?(), do: plug(Ueberauth)
@ -57,7 +56,7 @@ def authorize(conn, params), do: do_authorize(conn, params)
  defp do_authorize(conn, params) do
    app = Repo.get_by(App, client_id: params["client_id"])
    available_scopes = (app && app.scopes) || []
-    scopes = oauth_scopes(params, nil) || available_scopes
+    scopes = Scopes.fetch_scopes(params, available_scopes)
    # Note: `params` might differ from `conn.params`; use `@params` not `@conn.params` in template
    render(conn, Authenticator.auth_template(), %{
@ -113,7 +112,7 @@ def after_create_authorization(conn, auth, %{
  defp handle_create_authorization_error(
         conn,
-         {scopes_issue, _},
+         {:error, scopes_issue},
         %{"authorization" => _} = params
       )
       when scopes_issue in [:unsupported_scopes, :missing_scopes] do
@ -184,9 +183,7 @@ def token_exchange(
         %App{} = app <- get_app_from_request(conn, params),
         {:auth_active, true} <- {:auth_active, User.auth_active?(user)},
         {:user_active, true} <- {:user_active, !user.info.deactivated},
-         scopes <- oauth_scopes(params, app.scopes),
+         {:ok, scopes} <- validate_scopes(app, params),
         [] <- scopes -- app.scopes,
         true <- Enum.any?(scopes),
         {:ok, auth} <- Authorization.create_authorization(app, user, scopes),
         {:ok, token} <- Token.exchange_token(app, auth) do
      json(conn, response_token(user, token))
@ -221,6 +218,28 @@ def token_exchange(
    token_exchange(conn, params)
  end
  def token_exchange(conn, %{"grant_type" => "client_credentials"} = params) do
    with %App{} = app <- get_app_from_request(conn, params),
         {:ok, auth} <- Authorization.create_authorization(app, %User{}),
         {:ok, token} <- Token.exchange_token(app, auth),
         {:ok, inserted_at} <- DateTime.from_naive(token.inserted_at, "Etc/UTC") do
      response = %{
        token_type: "Bearer",
        access_token: token.token,
        refresh_token: token.refresh_token,
        created_at: DateTime.to_unix(inserted_at),
        expires_in: 60 * 10,
        scope: Enum.join(token.scopes, " ")
      }
      json(conn, response)
    else
      _error ->
        put_status(conn, 400)
        |> json(%{error: "Invalid credentials"})
    end
  end
  # Bad request
  def token_exchange(conn, params), do: bad_request(conn, params)
@ -247,14 +266,15 @@ defp bad_request(conn, _) do
  @doc "Prepares OAuth request to provider for Ueberauth"
  def prepare_request(conn, %{"provider" => provider, "authorization" => auth_attrs}) do
    scope =
-      oauth_scopes(auth_attrs, [])
+      auth_attrs
-      |> Enum.join(" ")
+      |> Scopes.fetch_scopes([])
      |> Scopes.to_string()
    state =
      auth_attrs
      |> Map.delete("scopes")
      |> Map.put("scope", scope)
-      |> Poison.encode!()
+      |> Jason.encode!()
    params =
      auth_attrs
@ -318,7 +338,7 @@ def callback(conn, params) do
  end
  defp callback_params(%{"state" => state} = params) do
-    Map.merge(params, Poison.decode!(state))
+    Map.merge(params, Jason.decode!(state))
  end
  def registration_details(conn, %{"authorization" => auth_attrs}) do
@ -326,7 +346,7 @@ def registration_details(conn, %{"authorization" => auth_attrs}) do
      client_id: auth_attrs["client_id"],
      redirect_uri: auth_attrs["redirect_uri"],
      state: auth_attrs["state"],
-      scopes: oauth_scopes(auth_attrs, []),
+      scopes: Scopes.fetch_scopes(auth_attrs, []),
      nickname: auth_attrs["nickname"],
      email: auth_attrs["email"]
    })
@ -401,10 +421,7 @@ defp do_create_authorization(
           {:get_user, (user && {:ok, user}) || Authenticator.get_user(conn)},
         %App{} = app <- Repo.get_by(App, client_id: client_id),
         true <- redirect_uri in String.split(app.redirect_uris),
-         scopes <- oauth_scopes(auth_attrs, []),
+         {:ok, scopes} <- validate_scopes(app, auth_attrs),
         {:unsupported_scopes, []} <- {:unsupported_scopes, scopes -- app.scopes},
         # Note: `scope` param is intentionally not optional in this context
         {:missing_scopes, false} <- {:missing_scopes, scopes == []},
         {:auth_active, true} <- {:auth_active, User.auth_active?(user)} do
      Authorization.create_authorization(app, user, scopes)
    end
@ -458,4 +475,12 @@ defp response_token(%User{} = user, token, opts \\ %{}) do
    }
    |> Map.merge(opts)
  end
  @spec validate_scopes(App.t(), map()) ::
          {:ok, list()} | {:error, :missing_scopes | :unsupported_scopes}
  defp validate_scopes(app, params) do
    params
    |> Scopes.fetch_scopes(app.scopes)
    |> Scopes.validates(app.scopes)
  end
 end
--- a/lib/pleroma/web/oauth/scopes.ex
+++ b/lib/pleroma/web/oauth/scopes.ex
@ -0,0 +1,67 @@
 # Pleroma: A lightweight social networking server
 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Web.OAuth.Scopes do
  @moduledoc """
  Functions for dealing with scopes.
  """
  @doc """
  Fetch scopes from requiest params.
  Note: `scopes` is used by Mastodon — supporting it but sticking to
  OAuth's standard `scope` wherever we control it
  """
  @spec fetch_scopes(map(), list()) :: list()
  def fetch_scopes(params, default) do
    parse_scopes(params["scope"] || params["scopes"], default)
  end
  def parse_scopes(scopes, _default) when is_list(scopes) do
    Enum.filter(scopes, &(&1 not in [nil, ""]))
  end
  def parse_scopes(scopes, default) when is_binary(scopes) do
    scopes
    |> to_list
    |> parse_scopes(default)
  end
  def parse_scopes(_, default) do
    default
  end
  @doc """
  Convert scopes string to list
  """
  @spec to_list(binary()) :: [binary()]
  def to_list(nil), do: []
  def to_list(str) do
    str
    |> String.trim()
    |> String.split(~r/[\s,]+/)
  end
  @doc """
  Convert scopes list to string
  """
  @spec to_string(list()) :: binary()
  def to_string(scopes), do: Enum.join(scopes, " ")
  @doc """
  Validates scopes.
  """
  @spec validates(list() | nil, list()) ::
          {:ok, list()} | {:error, :missing_scopes | :unsupported_scopes}
  def validates([], _app_scopes), do: {:error, :missing_scopes}
  def validates(nil, _app_scopes), do: {:error, :missing_scopes}
  def validates(scopes, app_scopes) do
    case scopes -- app_scopes do
      [] -> {:ok, scopes}
      _ -> {:error, :unsupported_scopes}
    end
  end
 end
--- a/lib/pleroma/web/oauth/token.ex
+++ b/lib/pleroma/web/oauth/token.ex
@ -45,12 +45,16 @@ def get_by_refresh_token(%App{id: app_id} = _app, token) do
    |> Repo.find_resource()
  end
  @spec exchange_token(App.t(), Authorization.t()) ::
          {:ok, Token.t()} | {:error, Changeset.t()}
  def exchange_token(app, auth) do
    with {:ok, auth} <- Authorization.use_token(auth),
         true <- auth.app_id == app.id do
      user = if auth.user_id, do: User.get_cached_by_id(auth.user_id), else: %User{}
      create_token(
        app,
-        User.get_cached_by_id(auth.user_id),
+        user,
        %{scopes: auth.scopes}
      )
    end
@ -81,12 +85,13 @@ defp put_valid_until(changeset, attrs) do
    |> validate_required([:valid_until])
  end
  @spec create_token(App.t(), User.t(), map()) :: {:ok, Token} | {:error, Changeset.t()}
  def create_token(%App{} = app, %User{} = user, attrs \\ %{}) do
    %__MODULE__{user_id: user.id, app_id: app.id}
    |> cast(%{scopes: attrs[:scopes] || app.scopes}, [:scopes])
-    |> validate_required([:scopes, :user_id, :app_id])
+    |> validate_required([:scopes, :app_id])
    |> put_valid_until(attrs)
-    |> put_token
+    |> put_token()
    |> put_refresh_token(attrs)
    |> Repo.insert()
  end
--- a/lib/pleroma/web/ostatus/activity_representer.ex
+++ b/lib/pleroma/web/ostatus/activity_representer.ex
@ -18,15 +18,18 @@ defp get_href(id) do
    end
  end
-  defp get_in_reply_to(%{"object" => %{"inReplyTo" => in_reply_to}}) do
+  defp get_in_reply_to(activity) do
-    [
+    with %Object{data: %{"inReplyTo" => in_reply_to}} <- Object.normalize(activity) do
-      {:"thr:in-reply-to",
+      [
-       [ref: to_charlist(in_reply_to), href: to_charlist(get_href(in_reply_to))], []}
+        {:"thr:in-reply-to",
-    ]
+         [ref: to_charlist(in_reply_to), href: to_charlist(get_href(in_reply_to))], []}
      ]
    else
      _ ->
        []
    end
  end
  defp get_in_reply_to(_), do: []
  defp get_mentions(to) do
    Enum.map(to, fn id ->
      cond do
@ -98,7 +101,7 @@ def to_simple_form(%{data: %{"type" => "Create"}} = activity, user, with_author)
         []}
      end)
-    in_reply_to = get_in_reply_to(activity.data)
+    in_reply_to = get_in_reply_to(activity)
    author = if with_author, do: [{:author, UserRepresenter.to_simple_form(user)}], else: []
    mentions = activity.recipients |> get_mentions
@ -146,7 +149,6 @@ def to_simple_form(%{data: %{"type" => "Like"}} = activity, user, with_author) d
    updated_at = activity.data["published"]
    inserted_at = activity.data["published"]
    _in_reply_to = get_in_reply_to(activity.data)
    author = if with_author, do: [{:author, UserRepresenter.to_simple_form(user)}], else: []
    mentions = activity.recipients |> get_mentions
@ -177,7 +179,6 @@ def to_simple_form(%{data: %{"type" => "Announce"}} = activity, user, with_autho
    updated_at = activity.data["published"]
    inserted_at = activity.data["published"]
    _in_reply_to = get_in_reply_to(activity.data)
    author = if with_author, do: [{:author, UserRepresenter.to_simple_form(user)}], else: []
    retweeted_activity = Activity.get_create_by_object_ap_id(activity.data["object"])
--- a/lib/pleroma/web/ostatus/ostatus.ex
+++ b/lib/pleroma/web/ostatus/ostatus.ex
@ -16,6 +16,7 @@ defmodule Pleroma.Web.OStatus do
  alias Pleroma.Web
  alias Pleroma.Web.ActivityPub.ActivityPub
  alias Pleroma.Web.ActivityPub.Transmogrifier
  alias Pleroma.Web.ActivityPub.Visibility
  alias Pleroma.Web.OStatus.DeleteHandler
  alias Pleroma.Web.OStatus.FollowHandler
  alias Pleroma.Web.OStatus.NoteHandler
@ -30,7 +31,7 @@ def is_representable?(%Activity{} = activity) do
      is_nil(object) ->
        false
-      object.data["type"] == "Note" ->
+      Visibility.is_public?(activity) && object.data["type"] == "Note" ->
        true
      true ->
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@ -146,34 +146,52 @@ defmodule Pleroma.Web.Router do
  scope "/api/pleroma/admin", Pleroma.Web.AdminAPI do
    pipe_through([:admin_api, :oauth_write])
-    post("/user/follow", AdminAPIController, :user_follow)
+    post("/users/follow", AdminAPIController, :user_follow)
-    post("/user/unfollow", AdminAPIController, :user_unfollow)
+    post("/users/unfollow", AdminAPIController, :user_unfollow)
    get("/users", AdminAPIController, :list_users)
    get("/users/:nickname", AdminAPIController, :user_show)
    # TODO: to be removed at version 1.0
    delete("/user", AdminAPIController, :user_delete)
    patch("/users/:nickname/toggle_activation", AdminAPIController, :user_toggle_activation)
    post("/user", AdminAPIController, :user_create)
    delete("/users", AdminAPIController, :user_delete)
    post("/users", AdminAPIController, :user_create)
    patch("/users/:nickname/toggle_activation", AdminAPIController, :user_toggle_activation)
    put("/users/tag", AdminAPIController, :tag_users)
    delete("/users/tag", AdminAPIController, :untag_users)
    # TODO: to be removed at version 1.0
    get("/permission_group/:nickname", AdminAPIController, :right_get)
    get("/permission_group/:nickname/:permission_group", AdminAPIController, :right_get)
    post("/permission_group/:nickname/:permission_group", AdminAPIController, :right_add)
    delete("/permission_group/:nickname/:permission_group", AdminAPIController, :right_delete)
-    put("/activation_status/:nickname", AdminAPIController, :set_activation_status)
+    get("/users/:nickname/permission_group", AdminAPIController, :right_get)
    get("/users/:nickname/permission_group/:permission_group", AdminAPIController, :right_get)
    post("/users/:nickname/permission_group/:permission_group", AdminAPIController, :right_add)
    delete(
      "/users/:nickname/permission_group/:permission_group",
      AdminAPIController,
      :right_delete
    )
    put("/users/:nickname/activation_status", AdminAPIController, :set_activation_status)
    post("/relay", AdminAPIController, :relay_follow)
    delete("/relay", AdminAPIController, :relay_unfollow)
-    get("/invite_token", AdminAPIController, :get_invite_token)
+    get("/users/invite_token", AdminAPIController, :get_invite_token)
-    get("/invites", AdminAPIController, :invites)
+    get("/users/invites", AdminAPIController, :invites)
-    post("/revoke_invite", AdminAPIController, :revoke_invite)
+    post("/users/revoke_invite", AdminAPIController, :revoke_invite)
-    post("/email_invite", AdminAPIController, :email_invite)
+    post("/users/email_invite", AdminAPIController, :email_invite)
    # TODO: to be removed at version 1.0
    get("/password_reset", AdminAPIController, :get_password_reset)
    get("/users/:nickname/password_reset", AdminAPIController, :get_password_reset)
    get("/users", AdminAPIController, :list_users)
    get("/users/:nickname", AdminAPIController, :user_show)
  end
  scope "/", Pleroma.Web.TwitterAPI do
@ -277,6 +295,9 @@ defmodule Pleroma.Web.Router do
      get("/suggestions", MastodonAPIController, :suggestions)
      get("/conversations", MastodonAPIController, :conversations)
      post("/conversations/:id/read", MastodonAPIController, :conversation_read)
      get("/endorsements", MastodonAPIController, :empty_array)
      get("/pleroma/flavour", MastodonAPIController, :get_flavour)
@ -365,6 +386,8 @@ defmodule Pleroma.Web.Router do
  scope "/api/v1", Pleroma.Web.MastodonAPI do
    pipe_through(:api)
    post("/accounts", MastodonAPIController, :account_register)
    get("/instance", MastodonAPIController, :masto_instance)
    get("/instance/peers", MastodonAPIController, :peers)
    post("/apps", MastodonAPIController, :create_app)
--- a/lib/pleroma/web/salmon/salmon.ex
+++ b/lib/pleroma/web/salmon/salmon.ex
@ -3,12 +3,18 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Web.Salmon do
  @behaviour Pleroma.Web.Federator.Publisher
  @httpoison Application.get_env(:pleroma, :httpoison)
  use Bitwise
  alias Pleroma.Activity
  alias Pleroma.Instances
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.Visibility
  alias Pleroma.Web.Federator.Publisher
  alias Pleroma.Web.OStatus
  alias Pleroma.Web.OStatus.ActivityRepresenter
  alias Pleroma.Web.XML
@ -165,12 +171,12 @@ def remote_users(%{data: %{"to" => to} = data}) do
  end
  @doc "Pushes an activity to remote account."
-  def send_to_user(%{recipient: %{info: %{salmon: salmon}}} = params),
+  def publish_one(%{recipient: %{info: %{salmon: salmon}}} = params),
-    do: send_to_user(Map.put(params, :recipient, salmon))
+    do: publish_one(Map.put(params, :recipient, salmon))
-  def send_to_user(%{recipient: url, feed: feed, poster: poster} = params) when is_binary(url) do
+  def publish_one(%{recipient: url, feed: feed} = params) when is_binary(url) do
    with {:ok, %{status: code}} when code in 200..299 <-
-           poster.(
+           @httpoison.post(
             url,
             feed,
             [{"Content-Type", "application/magic-envelope+xml"}]
@ -184,11 +190,11 @@ def send_to_user(%{recipient: url, feed: feed, poster: poster} = params) when is
      e ->
        unless params[:unreachable_since], do: Instances.set_reachable(url)
        Logger.debug(fn -> "Pushing Salmon to #{url} failed, #{inspect(e)}" end)
-        :error
+        {:error, "Unreachable instance"}
    end
  end
-  def send_to_user(_), do: :noop
+  def publish_one(_), do: :noop
  @supported_activities [
    "Create",
@ -199,13 +205,19 @@ def send_to_user(_), do: :noop
    "Delete"
  ]
  def is_representable?(%Activity{data: %{"type" => type}} = activity)
      when type in @supported_activities,
      do: Visibility.is_public?(activity)
  def is_representable?(_), do: false
  @doc """
  Publishes an activity to remote accounts
  """
-  @spec publish(User.t(), Pleroma.Activity.t(), Pleroma.HTTP.t()) :: none
+  @spec publish(User.t(), Pleroma.Activity.t()) :: none
-  def publish(user, activity, poster \\ &@httpoison.post/3)
+  def publish(user, activity)
-  def publish(%{info: %{keys: keys}} = user, %{data: %{"type" => type}} = activity, poster)
+  def publish(%{info: %{keys: keys}} = user, %{data: %{"type" => type}} = activity)
      when type in @supported_activities do
    feed = ActivityRepresenter.to_simple_form(activity, user, true)
@ -229,15 +241,29 @@ def publish(%{info: %{keys: keys}} = user, %{data: %{"type" => type}} = activity
      |> Enum.each(fn remote_user ->
        Logger.debug(fn -> "Sending Salmon to #{remote_user.ap_id}" end)
-        Pleroma.Web.Federator.publish_single_salmon(%{
+        Publisher.enqueue_one(__MODULE__, %{
          recipient: remote_user,
          feed: feed,
          poster: poster,
          unreachable_since: reachable_urls_metadata[remote_user.info.salmon]
        })
      end)
    end
  end
-  def publish(%{id: id}, _, _), do: Logger.debug(fn -> "Keys missing for user #{id}" end)
+  def publish(%{id: id}, _), do: Logger.debug(fn -> "Keys missing for user #{id}" end)
  def gather_webfinger_links(%User{} = user) do
    {:ok, _private, public} = keys_from_pem(user.info.keys)
    magic_key = encode_key(public)
    [
      %{"rel" => "salmon", "href" => OStatus.salmon_path(user)},
      %{
        "rel" => "magic-public-key",
        "href" => "data:application/magic-public-key,#{magic_key}"
      }
    ]
  end
  def gather_nodeinfo_protocol_names, do: []
 end
--- a/lib/pleroma/web/streamer.ex
+++ b/lib/pleroma/web/streamer.ex
@ -6,6 +6,7 @@ defmodule Pleroma.Web.Streamer do
  use GenServer
  require Logger
  alias Pleroma.Activity
  alias Pleroma.Conversation.Participation
  alias Pleroma.Notification
  alias Pleroma.Object
  alias Pleroma.User
@ -71,6 +72,15 @@ def handle_cast(%{action: :stream, topic: "direct", item: item}, topics) do
    {:noreply, topics}
  end
  def handle_cast(%{action: :stream, topic: "participation", item: participation}, topics) do
    user_topic = "direct:#{participation.user_id}"
    Logger.debug("Trying to push a conversation participation to #{user_topic}\n\n")
    push_to_socket(topics, user_topic, participation)
    {:noreply, topics}
  end
  def handle_cast(%{action: :stream, topic: "list", item: item}, topics) do
    # filter the recipient list if the activity is not public, see #270.
    recipient_lists =
@ -192,6 +202,19 @@ defp represent_update(%Activity{} = activity) do
    |> Jason.encode!()
  end
  def represent_conversation(%Participation{} = participation) do
    %{
      event: "conversation",
      payload:
        Pleroma.Web.MastodonAPI.ConversationView.render("participation.json", %{
          participation: participation,
          user: participation.user
        })
        |> Jason.encode!()
    }
    |> Jason.encode!()
  end
  def push_to_socket(topics, topic, %Activity{data: %{"type" => "Announce"}} = item) do
    Enum.each(topics[topic] || [], fn socket ->
      # Get the current user so we have up-to-date blocks etc.
@ -214,6 +237,12 @@ def push_to_socket(topics, topic, %Activity{data: %{"type" => "Announce"}} = ite
    end)
  end
  def push_to_socket(topics, topic, %Participation{} = participation) do
    Enum.each(topics[topic] || [], fn socket ->
      send(socket.transport_pid, {:text, represent_conversation(participation)})
    end)
  end
  def push_to_socket(topics, topic, %Activity{
        data: %{"type" => "Delete", "deleted_activity_id" => deleted_activity_id}
      }) do
--- a/lib/pleroma/web/twitter_api/twitter_api.ex
+++ b/lib/pleroma/web/twitter_api/twitter_api.ex
@ -128,7 +128,7 @@ def upload(%Plug.Upload{} = file, %User{} = user, format \\ "xml") do
    end
  end
-  def register_user(params) do
+  def register_user(params, opts \\ []) do
    token = params["token"]
    params = %{
@ -162,13 +162,22 @@ def register_user(params) do
      # I have no idea how this error handling works
      {:error, %{error: Jason.encode!(%{captcha: [error]})}}
    else
-      registrations_open = Pleroma.Config.get([:instance, :registrations_open])
+      registration_process(
-      registration_process(registrations_open, params, token)
+        params,
        %{
          registrations_open: Pleroma.Config.get([:instance, :registrations_open]),
          token: token
        },
        opts
      )
    end
  end
-  defp registration_process(registration_open, params, token)
+  defp registration_process(params, %{registrations_open: true}, opts) do
-       when registration_open == false or is_nil(registration_open) do
+    create_user(params, opts)
  end
  defp registration_process(params, %{token: token}, opts) do
    invite =
      unless is_nil(token) do
        Repo.get_by(UserInviteToken, %{token: token})
@ -182,19 +191,15 @@ defp registration_process(registration_open, params, token)
      invite when valid_invite? ->
        UserInviteToken.update_usage!(invite)
-        create_user(params)
+        create_user(params, opts)
      _ ->
        {:error, "Expired token"}
    end
  end
-  defp registration_process(true, params, _token) do
+  defp create_user(params, opts) do
-    create_user(params)
+    changeset = User.register_changeset(%User{}, params, opts)
  end
  defp create_user(params) do
    changeset = User.register_changeset(%User{}, params)
    case User.register(changeset) do
      {:ok, user} ->
--- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex
+++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex
@ -182,6 +182,7 @@ def dm_timeline(%{assigns: %{user: user}} = conn, params) do
      |> Map.put("blocking_user", user)
      |> Map.put("user", user)
      |> Map.put(:visibility, "direct")
      |> Map.put(:order, :desc)
    activities =
      ActivityPub.fetch_activities_query([user.ap_id], params)
@ -439,7 +440,7 @@ def confirm_email(conn, %{"user_id" => uid, "token" => token}) do
         true <- user.local,
         true <- user.info.confirmation_pending,
         true <- user.info.confirmation_token == token,
-         info_change <- User.Info.confirmation_changeset(user.info, :confirmed),
+         info_change <- User.Info.confirmation_changeset(user.info, need_confirmation: false),
         changeset <- Changeset.change(user) |> Changeset.put_embed(:info, info_change),
         {:ok, _} <- User.update_and_set_cache(changeset) do
      conn
--- a/lib/pleroma/web/twitter_api/views/activity_view.ex
+++ b/lib/pleroma/web/twitter_api/views/activity_view.ex
@ -170,7 +170,7 @@ def render("activity.json", %{activity: %{data: %{"type" => "Announce"}} = activ
    created_at = activity.data["published"] |> Utils.date_to_asctime()
    announced_activity = Activity.get_create_by_object_ap_id(activity.data["object"])
-    text = "#{user.nickname} retweeted a status."
+    text = "#{user.nickname} repeated a status."
    retweeted_status = render("activity.json", Map.merge(opts, %{activity: announced_activity}))
--- a/lib/pleroma/web/web_finger/web_finger.ex
+++ b/lib/pleroma/web/web_finger/web_finger.ex
@ -7,7 +7,7 @@ defmodule Pleroma.Web.WebFinger do
  alias Pleroma.User
  alias Pleroma.Web
-  alias Pleroma.Web.OStatus
+  alias Pleroma.Web.Federator.Publisher
  alias Pleroma.Web.Salmon
  alias Pleroma.Web.XML
  alias Pleroma.XmlBuilder
@ -50,70 +50,40 @@ def webfinger(resource, fmt) when fmt in ["XML", "JSON"] do
    end
  end
  defp gather_links(%User{} = user) do
    [
      %{
        "rel" => "http://webfinger.net/rel/profile-page",
        "type" => "text/html",
        "href" => user.ap_id
      }
    ] ++ Publisher.gather_webfinger_links(user)
  end
  def represent_user(user, "JSON") do
    {:ok, user} = ensure_keys_present(user)
    {:ok, _private, public} = Salmon.keys_from_pem(user.info.keys)
    magic_key = Salmon.encode_key(public)
    %{
      "subject" => "acct:#{user.nickname}@#{Pleroma.Web.Endpoint.host()}",
      "aliases" => [user.ap_id],
-      "links" => [
+      "links" => gather_links(user)
        %{
          "rel" => "http://schemas.google.com/g/2010#updates-from",
          "type" => "application/atom+xml",
          "href" => OStatus.feed_path(user)
        },
        %{
          "rel" => "http://webfinger.net/rel/profile-page",
          "type" => "text/html",
          "href" => user.ap_id
        },
        %{"rel" => "salmon", "href" => OStatus.salmon_path(user)},
        %{
          "rel" => "magic-public-key",
          "href" => "data:application/magic-public-key,#{magic_key}"
        },
        %{"rel" => "self", "type" => "application/activity+json", "href" => user.ap_id},
        %{
          "rel" => "self",
          "type" => "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"",
          "href" => user.ap_id
        },
        %{
          "rel" => "http://ostatus.org/schema/1.0/subscribe",
          "template" => OStatus.remote_follow_path()
        }
      ]
    }
  end
  def represent_user(user, "XML") do
    {:ok, user} = ensure_keys_present(user)
-    {:ok, _private, public} = Salmon.keys_from_pem(user.info.keys)
+
-    magic_key = Salmon.encode_key(public)
+    links =
      gather_links(user)
      |> Enum.map(fn link -> {:Link, link} end)
    {
      :XRD,
      %{xmlns: "http://docs.oasis-open.org/ns/xri/xrd-1.0"},
      [
        {:Subject, "acct:#{user.nickname}@#{Pleroma.Web.Endpoint.host()}"},
-        {:Alias, user.ap_id},
+        {:Alias, user.ap_id}
-        {:Link,
+      ] ++ links
         %{
           rel: "http://schemas.google.com/g/2010#updates-from",
           type: "application/atom+xml",
           href: OStatus.feed_path(user)
         }},
        {:Link,
         %{rel: "http://webfinger.net/rel/profile-page", type: "text/html", href: user.ap_id}},
        {:Link, %{rel: "salmon", href: OStatus.salmon_path(user)}},
        {:Link,
         %{rel: "magic-public-key", href: "data:application/magic-public-key,#{magic_key}"}},
        {:Link, %{rel: "self", type: "application/activity+json", href: user.ap_id}},
        {:Link,
         %{rel: "http://ostatus.org/schema/1.0/subscribe", template: OStatus.remote_follow_path()}}
      ]
    }
    |> XmlBuilder.to_doc()
  end
--- a/lib/pleroma/web/websub/websub.ex
+++ b/lib/pleroma/web/websub/websub.ex
@ -4,10 +4,14 @@
 defmodule Pleroma.Web.Websub do
  alias Ecto.Changeset
  alias Pleroma.Activity
  alias Pleroma.Instances
  alias Pleroma.Repo
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.Visibility
  alias Pleroma.Web.Endpoint
  alias Pleroma.Web.Federator
  alias Pleroma.Web.Federator.Publisher
  alias Pleroma.Web.OStatus
  alias Pleroma.Web.OStatus.FeedRepresenter
  alias Pleroma.Web.Router.Helpers
@ -18,6 +22,8 @@ defmodule Pleroma.Web.Websub do
  import Ecto.Query
  @behaviour Pleroma.Web.Federator.Publisher
  @httpoison Application.get_env(:pleroma, :httpoison)
  def verify(subscription, getter \\ &@httpoison.get/3) do
@ -56,6 +62,13 @@ def verify(subscription, getter \\ &@httpoison.get/3) do
    "Undo",
    "Delete"
  ]
  def is_representable?(%Activity{data: %{"type" => type}} = activity)
      when type in @supported_activities,
      do: Visibility.is_public?(activity)
  def is_representable?(_), do: false
  def publish(topic, user, %{data: %{"type" => type}} = activity)
      when type in @supported_activities do
    response =
@ -88,12 +101,14 @@ def publish(topic, user, %{data: %{"type" => type}} = activity)
        unreachable_since: reachable_callbacks_metadata[sub.callback]
      }
-      Federator.publish_single_websub(data)
+      Publisher.enqueue_one(__MODULE__, data)
    end)
  end
  def publish(_, _, _), do: ""
  def publish(actor, activity), do: publish(Pleroma.Web.OStatus.feed_path(actor), actor, activity)
  def sign(secret, doc) do
    :crypto.hmac(:sha, secret, to_string(doc)) |> Base.encode16() |> String.downcase()
  end
@ -299,4 +314,20 @@ def publish_one(%{xml: xml, topic: topic, callback: callback, secret: secret} =
        {:error, response}
    end
  end
  def gather_webfinger_links(%User{} = user) do
    [
      %{
        "rel" => "http://schemas.google.com/g/2010#updates-from",
        "type" => "application/atom+xml",
        "href" => OStatus.feed_path(user)
      },
      %{
        "rel" => "http://ostatus.org/schema/1.0/subscribe",
        "template" => OStatus.remote_follow_path()
      }
    ]
  end
  def gather_nodeinfo_protocol_names, do: ["ostatus"]
 end
--- a/lib/xml_builder.ex
+++ b/lib/xml_builder.ex
@ -35,6 +35,7 @@ def to_doc(content), do: ~s(<?xml version="1.0" encoding="UTF-8"?>) <> to_xml(co
  defp make_open_tag(tag, attributes) do
    attributes_string =
      for {attribute, value} <- attributes do
        value = String.replace(value, "\"", "&quot;")
        "#{attribute}=\"#{value}\""
      end
      |> Enum.join(" ")
--- a/mix.exs
+++ b/mix.exs
@ -87,7 +87,7 @@ defp deps do
      {:bbcode, "~> 0.1"},
      {:ex_machina, "~> 2.3", only: :test},
      {:credo, "~> 0.9.3", only: [:dev, :test]},
-      {:mock, "~> 0.3.1", only: :test},
+      {:mock, "~> 0.3.3", only: :test},
      {:crypt,
       git: "https://github.com/msantos/crypt", ref: "1f2b58927ab57e72910191a7ebaeff984382a1d3"},
      {:cors_plug, "~> 1.5"},
@ -113,7 +113,9 @@ defp deps do
      {:recon, github: "ferd/recon", tag: "2.4.0"},
      {:quack, "~> 0.1.1"},
      {:benchee, "~> 1.0"},
-      {:esshd, "~> 0.1.0"}
+      {:esshd, "~> 0.1.0"},
      {:ex_rated, "~> 1.2"},
      {:plug_static_index_html, "~> 1.0.0"}
    ] ++ oauth_deps
  end
--- a/mix.lock
+++ b/mix.lock
@ -24,10 +24,12 @@
  "ecto_sql": {:hex, :ecto_sql, "3.0.5", "7e44172b4f7aca4469f38d7f6a3da394dbf43a1bcf0ca975e958cb957becd74e", [:mix], [{:db_connection, "~> 2.0", [hex: :db_connection, repo: "hexpm", optional: false]}, {:ecto, "~> 3.0.6", [hex: :ecto, repo: "hexpm", optional: false]}, {:mariaex, "~> 0.9.1", [hex: :mariaex, repo: "hexpm", optional: true]}, {:postgrex, "~> 0.14.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.3.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm"},
  "esshd": {:hex, :esshd, "0.1.0", "6f93a2062adb43637edad0ea7357db2702a4b80dd9683482fe00f5134e97f4c1", [:mix], [], "hexpm"},
  "eternal": {:hex, :eternal, "1.2.0", "e2a6b6ce3b8c248f7dc31451aefca57e3bdf0e48d73ae5043229380a67614c41", [:mix], [], "hexpm"},
  "ex2ms": {:hex, :ex2ms, "1.5.0", "19e27f9212be9a96093fed8cdfbef0a2b56c21237196d26760f11dfcfae58e97", [:mix], [], "hexpm"},
  "ex_aws": {:hex, :ex_aws, "2.1.0", "b92651527d6c09c479f9013caa9c7331f19cba38a650590d82ebf2c6c16a1d8a", [:mix], [{:configparser_ex, "~> 2.0", [hex: :configparser_ex, repo: "hexpm", optional: true]}, {:hackney, "1.6.3 or 1.6.5 or 1.7.1 or 1.8.6 or ~> 1.9", [hex: :hackney, repo: "hexpm", optional: true]}, {:jsx, "~> 2.8", [hex: :jsx, repo: "hexpm", optional: true]}, {:poison, ">= 1.2.0", [hex: :poison, repo: "hexpm", optional: true]}, {:sweet_xml, "~> 0.6", [hex: :sweet_xml, repo: "hexpm", optional: true]}, {:xml_builder, "~> 0.1.0", [hex: :xml_builder, repo: "hexpm", optional: true]}], "hexpm"},
  "ex_aws_s3": {:hex, :ex_aws_s3, "2.0.1", "9e09366e77f25d3d88c5393824e613344631be8db0d1839faca49686e99b6704", [:mix], [{:ex_aws, "~> 2.0", [hex: :ex_aws, repo: "hexpm", optional: false]}, {:sweet_xml, ">= 0.0.0", [hex: :sweet_xml, repo: "hexpm", optional: true]}], "hexpm"},
  "ex_doc": {:hex, :ex_doc, "0.20.2", "1bd0dfb0304bade58beb77f20f21ee3558cc3c753743ae0ddbb0fd7ba2912331", [:mix], [{:earmark, "~> 1.3", [hex: :earmark, repo: "hexpm", optional: false]}, {:makeup_elixir, "~> 0.10", [hex: :makeup_elixir, repo: "hexpm", optional: false]}], "hexpm"},
  "ex_machina": {:hex, :ex_machina, "2.3.0", "92a5ad0a8b10ea6314b876a99c8c9e3f25f4dde71a2a835845b136b9adaf199a", [:mix], [{:ecto, "~> 2.2 or ~> 3.0", [hex: :ecto, repo: "hexpm", optional: true]}, {:ecto_sql, "~> 3.0", [hex: :ecto_sql, repo: "hexpm", optional: true]}], "hexpm"},
  "ex_rated": {:hex, :ex_rated, "1.3.2", "6aeb32abb46ea6076f417a9ce8cb1cf08abf35fb2d42375beaad4dd72b550bf1", [:mix], [{:ex2ms, "~> 1.5", [hex: :ex2ms, repo: "hexpm", optional: false]}], "hexpm"},
  "ex_syslogger": {:git, "https://github.com/slashmili/ex_syslogger.git", "f3963399047af17e038897c69e20d552e6899e1d", [tag: "1.4.0"]},
  "floki": {:hex, :floki, "0.20.4", "be42ac911fece24b4c72f3b5846774b6e61b83fe685c2fc9d62093277fb3bc86", [:mix], [{:html_entities, "~> 0.4.0", [hex: :html_entities, repo: "hexpm", optional: false]}, {:mochiweb, "~> 2.15", [hex: :mochiweb, repo: "hexpm", optional: false]}], "hexpm"},
  "gen_smtp": {:hex, :gen_smtp, "0.13.0", "11f08504c4bdd831dc520b8f84a1dce5ce624474a797394e7aafd3c29f5dcd25", [:rebar3], [], "hexpm"},
@ -46,7 +48,7 @@
  "mime": {:hex, :mime, "1.3.1", "30ce04ab3175b6ad0bdce0035cba77bba68b813d523d1aac73d9781b4d193cf8", [:mix], [], "hexpm"},
  "mimerl": {:hex, :mimerl, "1.2.0", "67e2d3f571088d5cfd3e550c383094b47159f3eee8ffa08e64106cdf5e981be3", [:rebar3], [], "hexpm"},
  "mochiweb": {:hex, :mochiweb, "2.15.0", "e1daac474df07651e5d17cc1e642c4069c7850dc4508d3db7263a0651330aacc", [:rebar3], [], "hexpm"},
-  "mock": {:hex, :mock, "0.3.1", "994f00150f79a0ea50dc9d86134cd9ebd0d177ad60bd04d1e46336cdfdb98ff9", [:mix], [{:meck, "~> 0.8.8", [hex: :meck, repo: "hexpm", optional: false]}], "hexpm"},
+  "mock": {:hex, :mock, "0.3.3", "42a433794b1291a9cf1525c6d26b38e039e0d3a360732b5e467bfc77ef26c914", [:mix], [{:meck, "~> 0.8.13", [hex: :meck, repo: "hexpm", optional: false]}], "hexpm"},
  "mogrify": {:hex, :mogrify, "0.6.1", "de1b527514f2d95a7bbe9642eb556061afb337e220cf97adbf3a4e6438ed70af", [:mix], [], "hexpm"},
  "nimble_parsec": {:hex, :nimble_parsec, "0.5.0", "90e2eca3d0266e5c53f8fbe0079694740b9c91b6747f2b7e3c5d21966bba8300", [:mix], [], "hexpm"},
  "parse_trans": {:hex, :parse_trans, "3.3.0", "09765507a3c7590a784615cfd421d101aec25098d50b89d7aa1d66646bc571c1", [:rebar3], [], "hexpm"},
@ -59,6 +61,7 @@
  "plug": {:hex, :plug, "1.7.2", "d7b7db7fbd755e8283b6c0a50be71ec0a3d67d9213d74422d9372effc8e87fd1", [:mix], [{:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}, {:plug_crypto, "~> 1.0", [hex: :plug_crypto, repo: "hexpm", optional: false]}], "hexpm"},
  "plug_cowboy": {:hex, :plug_cowboy, "2.0.1", "d798f8ee5acc86b7d42dbe4450b8b0dadf665ce588236eb0a751a132417a980e", [:mix], [{:cowboy, "~> 2.5", [hex: :cowboy, repo: "hexpm", optional: false]}, {:plug, "~> 1.7", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm"},
  "plug_crypto": {:hex, :plug_crypto, "1.0.0", "18e49317d3fa343f24620ed22795ec29d4a5e602d52d1513ccea0b07d8ea7d4d", [:mix], [], "hexpm"},
  "plug_static_index_html": {:hex, :plug_static_index_html, "1.0.0", "840123d4d3975585133485ea86af73cb2600afd7f2a976f9f5fd8b3808e636a0", [:mix], [{:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm"},
  "poison": {:hex, :poison, "3.1.0", "d9eb636610e096f86f25d9a46f35a9facac35609a7591b3be3326e99a0484665", [:mix], [], "hexpm"},
  "poolboy": {:hex, :poolboy, "1.5.2", "392b007a1693a64540cead79830443abf5762f5d30cf50bc95cb2c1aaafa006b", [:rebar3], [], "hexpm"},
  "postgrex": {:hex, :postgrex, "0.14.1", "63247d4a5ad6b9de57a0bac5d807e1c32d41e39c04b8a4156a26c63bcd8a2e49", [:mix], [{:connection, "~> 1.0", [hex: :connection, repo: "hexpm", optional: false]}, {:db_connection, "~> 2.0", [hex: :db_connection, repo: "hexpm", optional: false]}, {:decimal, "~> 1.5", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}], "hexpm"},
--- a/priv/repo/migrations/20190408123347_create_conversations.exs
+++ b/priv/repo/migrations/20190408123347_create_conversations.exs
@ -0,0 +1,26 @@
 # Pleroma: A lightweight social networking server
 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Repo.Migrations.CreateConversations do
  use Ecto.Migration
  def change do
    create table(:conversations) do
      add(:ap_id, :string, null: false)
      timestamps()
    end
    create table(:conversation_participations) do
      add(:user_id, references(:users, type: :uuid, on_delete: :delete_all))
      add(:conversation_id, references(:conversations, on_delete: :delete_all))
      add(:read, :boolean, default: false)
      timestamps()
    end
    create index(:conversation_participations, [:conversation_id])
    create unique_index(:conversation_participations, [:user_id, :conversation_id])
    create unique_index(:conversations, [:ap_id])
  end
 end
--- a/priv/repo/migrations/20190410152859_add_participation_updated_at_index.exs
+++ b/priv/repo/migrations/20190410152859_add_participation_updated_at_index.exs
@ -0,0 +1,7 @@
 defmodule Pleroma.Repo.Migrations.AddParticipationUpdatedAtIndex do
  use Ecto.Migration
  def change do
    create index(:conversation_participations, ["updated_at desc"])
  end
 end
--- a/priv/repo/migrations/20190513175809_change_hide_column_in_filter_table.exs
+++ b/priv/repo/migrations/20190513175809_change_hide_column_in_filter_table.exs
@ -0,0 +1,9 @@
 defmodule Pleroma.Repo.Migrations.ChangeHideColumnInFilterTable do
  use Ecto.Migration
  def change do
    alter table(:filters) do
      modify :hide, :boolean, default: false
    end
  end
 end
--- a/priv/static/adminfe/favicon.ico
+++ b/priv/static/adminfe/favicon.ico
--- a/priv/static/adminfe/index.html
+++ b/priv/static/adminfe/index.html
@ -0,0 +1 @@
 <!DOCTYPE html><html><head><meta charset=utf-8><meta http-equiv=X-UA-Compatible content="IE=edge,chrome=1"><meta name=renderer content=webkit><meta name=viewport content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no"><title>Admin FE</title><link rel="shortcut icon" href=favicon.ico><link href=static/css/chunk-elementUI.4296cedf.css rel=stylesheet><link href=static/css/chunk-libs.bd17d456.css rel=stylesheet><link href=static/css/app.cea15678.css rel=stylesheet></head><body><script src=/pleroma/admin/static/tinymce4.7.5/tinymce.min.js></script><div id=app></div><script type=text/javascript src=static/js/runtime.7144b2cf.js></script><script type=text/javascript src=static/js/chunk-elementUI.d388c21d.js></script><script type=text/javascript src=static/js/chunk-libs.48e79a9e.js></script><script type=text/javascript src=static/js/app.25699e3d.js></script></body></html>
--- a/priv/static/adminfe/static/css/app.cea15678.css
+++ b/priv/static/adminfe/static/css/app.cea15678.css
--- a/priv/static/adminfe/static/css/chunk-18e1.6aaab273.css
+++ b/priv/static/adminfe/static/css/chunk-18e1.6aaab273.css
--- a/priv/static/adminfe/static/css/chunk-50cf.1db1ed5b.css
+++ b/priv/static/adminfe/static/css/chunk-50cf.1db1ed5b.css
--- a/priv/static/adminfe/static/css/chunk-8b70.9ba0945c.css
+++ b/priv/static/adminfe/static/css/chunk-8b70.9ba0945c.css
--- a/priv/static/adminfe/static/css/chunk-elementUI.4296cedf.css
+++ b/priv/static/adminfe/static/css/chunk-elementUI.4296cedf.css
--- a/priv/static/adminfe/static/css/chunk-f018.0d22684d.css
+++ b/priv/static/adminfe/static/css/chunk-f018.0d22684d.css
--- a/priv/static/adminfe/static/css/chunk-libs.bd17d456.css
+++ b/priv/static/adminfe/static/css/chunk-libs.bd17d456.css
--- a/priv/static/adminfe/static/fonts/element-icons.2fad952.woff
+++ b/priv/static/adminfe/static/fonts/element-icons.2fad952.woff
--- a/priv/static/adminfe/static/fonts/element-icons.6f0a763.ttf
+++ b/priv/static/adminfe/static/fonts/element-icons.6f0a763.ttf
--- a/priv/static/adminfe/static/img/401.089007e.gif
+++ b/priv/static/adminfe/static/img/401.089007e.gif
--- a/priv/static/adminfe/static/img/404.a57b6f3.png
+++ b/priv/static/adminfe/static/img/404.a57b6f3.png
--- a/priv/static/adminfe/static/js/7zzA.e1ae1c94.js
+++ b/priv/static/adminfe/static/js/7zzA.e1ae1c94.js
--- a/priv/static/adminfe/static/js/JEtC.f9ba4594.js
+++ b/priv/static/adminfe/static/js/JEtC.f9ba4594.js
--- a/priv/static/adminfe/static/js/app.25699e3d.js
+++ b/priv/static/adminfe/static/js/app.25699e3d.js
--- a/priv/static/adminfe/static/js/chunk-18e1.7f9c377c.js
+++ b/priv/static/adminfe/static/js/chunk-18e1.7f9c377c.js
--- a/priv/static/adminfe/static/js/chunk-50cf.b9b1df43.js
+++ b/priv/static/adminfe/static/js/chunk-50cf.b9b1df43.js
--- a/priv/static/adminfe/static/js/chunk-8b70.46525646.js
+++ b/priv/static/adminfe/static/js/chunk-8b70.46525646.js
--- a/priv/static/adminfe/static/js/chunk-elementUI.d388c21d.js
+++ b/priv/static/adminfe/static/js/chunk-elementUI.d388c21d.js
--- a/priv/static/adminfe/static/js/chunk-f018.e1a7a454.js
+++ b/priv/static/adminfe/static/js/chunk-f018.e1a7a454.js
--- a/priv/static/adminfe/static/js/chunk-libs.48e79a9e.js
+++ b/priv/static/adminfe/static/js/chunk-libs.48e79a9e.js
--- a/priv/static/adminfe/static/js/runtime.7144b2cf.js
+++ b/priv/static/adminfe/static/js/runtime.7144b2cf.js
--- a/priv/static/adminfe/static/tinymce4.7.5/langs/zh_CN.js
+++ b/priv/static/adminfe/static/tinymce4.7.5/langs/zh_CN.js
--- a/priv/static/adminfe/static/tinymce4.7.5/plugins/codesample/css/prism.css
+++ b/priv/static/adminfe/static/tinymce4.7.5/plugins/codesample/css/prism.css
--- a/priv/static/adminfe/static/tinymce4.7.5/plugins/emoticons/img/smiley-cool.gif
+++ b/priv/static/adminfe/static/tinymce4.7.5/plugins/emoticons/img/smiley-cool.gif
--- a/priv/static/adminfe/static/tinymce4.7.5/plugins/emoticons/img/smiley-cry.gif
+++ b/priv/static/adminfe/static/tinymce4.7.5/plugins/emoticons/img/smiley-cry.gif
--- a/priv/static/adminfe/static/tinymce4.7.5/plugins/emoticons/img/smiley-embarassed.gif
+++ b/priv/static/adminfe/static/tinymce4.7.5/plugins/emoticons/img/smiley-embarassed.gif
--- a/priv/static/adminfe/static/tinymce4.7.5/plugins/emoticons/img/smiley-foot-in-mouth.gif
+++ b/priv/static/adminfe/static/tinymce4.7.5/plugins/emoticons/img/smiley-foot-in-mouth.gif
--- a/Show More
+++ b/Show More
		`@ -0,0 +1 @@`
							<!DOCTYPE html><html><head><meta charset=utf-8><meta http-equiv=X-UA-Compatible content="IE=edge,chrome=1"><meta name=renderer content=webkit><meta name=viewport content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no"><title>Admin FE</title><link rel="shortcut icon" href=favicon.ico><link href=static/css/chunk-elementUI.4296cedf.css rel=stylesheet><link href=static/css/chunk-libs.bd17d456.css rel=stylesheet><link href=static/css/app.cea15678.css rel=stylesheet></head><body><script src=/pleroma/admin/static/tinymce4.7.5/tinymce.min.js></script><div id=app></div><script type=text/javascript src=static/js/runtime.7144b2cf.js></script><script type=text/javascript src=static/js/chunk-elementUI.d388c21d.js></script><script type=text/javascript src=static/js/chunk-libs.48e79a9e.js></script><script type=text/javascript src=static/js/app.25699e3d.js></script></body></html>