Merge develop

2019-05-29 18:18:22 +03:00 · 2019-05-29 18:18:22 +03:00 · ce47017c89
parent f1f7a11222 57e58d2602
commit ce47017c89
151 changed files with 4765 additions and 1553 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -45,13 +45,30 @@ docs-build:
 unit-testing:
  stage: test
  services:
-  - name: postgres:9.6.2
+  - name: lainsoykaf/postgres-with-rum
    alias: postgres
    command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
  script:
    - mix deps.get
    - mix ecto.create
    - mix ecto.migrate
    - mix test --trace --preload-modules
    - mix coveralls
 unit-testing-rum:
  stage: test
  services:
  - name: lainsoykaf/postgres-with-rum
    alias: postgres
    command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
  variables:
    RUM_ENABLED: "true"
  script:
    - mix deps.get
    - mix ecto.create
    - mix ecto.migrate
    - "mix ecto.migrate --migrations-path priv/repo/optional_migrations/rum_indexing/"
    - mix test --trace --preload-modules
 lint:
  stage: test
@ -64,7 +81,6 @@ analysis:
    - mix deps.get
    - mix credo --strict --only=warnings,todo,fixme,consistency,readability
 docs-deploy:
  stage: deploy
  image: alpine:3.9
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,31 +5,46 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ## [unreleased]
 ### Added
 - Optional SSH access mode. (Needs `erlang-ssh` package on some distributions).
 - [MongooseIM](https://github.com/esl/MongooseIM) http authentication support.
 - LDAP authentication
 - External OAuth provider authentication
 - A [job queue](https://git.pleroma.social/pleroma/pleroma_job_queue) for federation, emails, web push, etc.
 - [Prometheus](https://prometheus.io/) metrics
 - Support for Mastodon's remote interaction
 - Mix Tasks: `mix pleroma.database bump_all_conversations`
 - Mix Tasks: `mix pleroma.database remove_embedded_objects`
 - Mix Tasks: `mix pleroma.database update_users_following_followers_counts`
 - Mix Tasks: `mix pleroma.user toggle_confirmed`
 - Federation: Support for reports
 - Configuration: `safe_dm_mentions` option
 - Configuration: `link_name` option
 - Configuration: `fetch_initial_posts` option
 - Configuration: `notify_email` option
 - Configuration: Media proxy `whitelist` option
 - Configuration: `report_uri` option
 - Pleroma API: User subscriptions
 - Pleroma API: Healthcheck endpoint
 - Pleroma API: `/api/v1/pleroma/mascot` per-user frontend mascot configuration endpoints
 - Admin API: Endpoints for listing/revoking invite tokens
 - Admin API: Endpoints for making users follow/unfollow each other
 - Admin API: added filters (role, tags, email, name) for users endpoint
 - Admin API: Endpoints for managing reports
 - Admin API: Endpoints for deleting and changing the scope of individual reported statuses
 - AdminFE: initial release with basic user management accessible at /pleroma/admin/
 - Mastodon API: [Scheduled statuses](https://docs.joinmastodon.org/api/rest/scheduled-statuses/)
 - Mastodon API: `/api/v1/notifications/destroy_multiple` (glitch-soc extension)
 - Mastodon API: `/api/v1/pleroma/accounts/:id/favourites` (API extension)
 - Mastodon API: [Reports](https://docs.joinmastodon.org/api/rest/reports/)
 - Mastodon API: `POST /api/v1/accounts` (account creation API)
 - ActivityPub C2S: OAuth endpoints
- Metadata RelMe provider
+- Metadata: RelMe provider
 - OAuth: added support for refresh tokens
 - Emoji packs and emoji pack manager
 - Object pruning (`mix pleroma.database prune_objects`)
 - OAuth: added job to clean expired access tokens
 - MRF: Support for rejecting reports from specific instances (`mrf_simple`)
 - MRF: Support for stripping avatars and banner images from specific instances (`mrf_simple`)
 ### Changed
 - **Breaking:** Configuration: move from Pleroma.Mailer to Pleroma.Emails.Mailer
@ -42,8 +57,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Federation: Removed `inReplyToStatusId` from objects
 - Configuration: Dedupe enabled by default
 - Configuration: Added `extra_cookie_attrs` for setting non-standard cookie attributes. Defaults to ["SameSite=Lax"] so that remote follows work.
 - Pleroma API: Support for emoji tags in `/api/pleroma/emoji` resulting in a breaking API change
 - Timelines: Messages involving people you have blocked will be excluded from the timeline in all cases instead of just repeats.
 - Admin API: Move the user related API to `api/pleroma/admin/users`
 - Pleroma API: Support for emoji tags in `/api/pleroma/emoji` resulting in a breaking API change
 - Mastodon API: Support for `exclude_types`, `limit` and `min_id` in `/api/v1/notifications`
 - Mastodon API: Add `languages` and `registrations` to `/api/v1/instance`
 - Mastodon API: Provide plaintext versions of cw/content in the Status entity
@ -57,17 +73,21 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Mastodon API: Add `with_muted` parameter to timeline endpoints
 - Mastodon API: Actual reblog hiding instead of a dummy
 - Mastodon API: Remove attachment limit in the Status entity
 - Mastodon API: Added support max_id & since_id for bookmark timeline endpoints.
 - Deps: Updated Cowboy to 2.6
 - Deps: Updated Ecto to 3.0.7
 - Don't ship finmoji by default, they can be installed as an emoji pack
- Mastodon API: Added support max_id & since_id for bookmark timeline endpoints.
+- Hide deactivated users and their statuses
 - Posts which are marked sensitive or tagged nsfw no longer have link previews.
 - HTTP connection timeout is now set to 10 seconds.
 - Respond with a 404 Not implemented JSON error message when requested API is not implemented
 ### Fixed
 - Added an FTS index on objects. Running `vacuum analyze` and setting a larger `work_mem` is recommended.
 - Followers counter not being updated when a follower is blocked
 - Deactivated users being able to request an access token
 - Limit on request body in rich media/relme parsers being ignored resulting in a possible memory leak
- proper Twitter Card generation instead of a dummy
+- Proper Twitter Card generation instead of a dummy
 - Deletions failing for users with a large number of posts
 - NodeInfo: Include admins in `staffAccounts`
 - ActivityPub: Crashing when requesting empty local user's outbox
@ -91,6 +111,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Mastodon API: Handling of `reblogs` in `/api/v1/accounts/:id/follow`
 - Mastodon API: Correct `reblogged`, `favourited`, and `bookmarked` values in the reblog status JSON
 - Mastodon API: Exposing default scope of the user to anyone
 - Mastodon API: Make `irreversible` field default to `false` [`POST /api/v1/filters`]
 - User-Agent is now sent correctly for all HTTP requests.
 - MRF: Simple policy now properly delists imported or relayed statuses
 ## Removed
 - Configuration: `config :pleroma, :fe` in favor of the more flexible `config :pleroma, :frontend_configurations`
 ## [0.9.9999] - 2019-04-05
 ### Security
--- a/8
+++ b/8
@ -15,6 +15,14 @@ priv/static/images/pleroma-tan.png
 ---
 The following files are copyright © 2019 shitposter.club, and are distributed
 under the Creative Commons Attribution 4.0 International license, you should
 have received a copy of the license file as CC-BY-4.0.
 priv/static/images/pleroma-fox-tan-shy.png
 ---
 The following files are copyright © 2017-2019 Pleroma Authors
 <https://pleroma.social/>, and are distributed under the Creative Commons
 Attribution-ShareAlike 4.0 International license, you should have received
--- a/README.md
+++ b/README.md
@ -12,7 +12,7 @@ For clients it supports both the [GNU Social API with Qvitter extensions](https:
 - [Client Applications for Pleroma](https://docs-develop.pleroma.social/clients.html)
-No release has been made yet, but several servers have been online for months already. If you want to run your own server, feel free to contact us at @lain@pleroma.soykaf.com or in our dev chat at #pleroma on freenode or via matrix at <https://matrix.heldscal.la/#/room/#freenode_#pleroma:matrix.org>.
+If you want to run your own server, feel free to contact us at @lain@pleroma.soykaf.com or in our dev chat at #pleroma on freenode or via matrix at <https://matrix.heldscal.la/#/room/#freenode_#pleroma:matrix.org>.
 ## Installation
--- a/config/config.exs
+++ b/config/config.exs
@ -48,7 +48,8 @@
 config :pleroma, Pleroma.Repo,
  types: Pleroma.PostgresTypes,
-  telemetry_event: [Pleroma.Repo.Instrumenter]
+  telemetry_event: [Pleroma.Repo.Instrumenter],
  migration_lock: nil
 config :pleroma, Pleroma.Captcha,
  enabled: false,
@ -183,14 +184,12 @@
  "application/ld+json" => ["activity+json"]
 }
 config :pleroma, :websub, Pleroma.Web.Websub
 config :pleroma, :ostatus, Pleroma.Web.OStatus
 config :pleroma, :httpoison, Pleroma.HTTP
 config :tesla, adapter: Tesla.Adapter.Hackney
 # Configures http settings, upstream proxy etc.
 config :pleroma, :http,
  proxy_url: nil,
  send_user_agent: true,
  adapter: [
    ssl_options: [
      # We don't support TLS v1.3 yet
@ -212,6 +211,11 @@
  registrations_open: true,
  federating: true,
  federation_reachability_timeout_days: 7,
  federation_publisher_modules: [
    Pleroma.Web.ActivityPub.Publisher,
    Pleroma.Web.Websub,
    Pleroma.Web.Salmon
  ],
  allow_relay: true,
  rewrite_policy: Pleroma.Web.ActivityPub.MRF.NoOpPolicy,
  public: true,
@ -232,7 +236,10 @@
  welcome_message: nil,
  max_report_comment_size: 1000,
  safe_dm_mentions: false,
-  healthcheck: false
+  healthcheck: false,
  remote_post_retention_days: 90
 config :pleroma, :app_account_creation, enabled: true, max_requests: 25, interval: 1800
 config :pleroma, :markup,
  # XXX - unfortunately, inline images must be enabled by default right now, because
@ -246,25 +253,6 @@
    Pleroma.HTML.Scrubber.Default
  ]
 # Deprecated, will be gone in 1.0
 config :pleroma, :fe,
  theme: "pleroma-dark",
  logo: "/static/logo.png",
  logo_mask: true,
  logo_margin: "0.1em",
  background: "/static/aurora_borealis.jpg",
  redirect_root_no_login: "/main/all",
  redirect_root_login: "/main/friends",
  show_instance_panel: true,
  scope_options_enabled: false,
  formatting_options_enabled: false,
  collapse_message_with_subject: false,
  hide_post_stats: false,
  hide_user_stats: false,
  scope_copy: true,
  subject_line_behavior: "email",
  always_show_subject_input: true
 config :pleroma, :frontend_configurations,
  pleroma_fe: %{
    theme: "pleroma-dark",
@ -286,6 +274,19 @@
    showInstanceSpecificPanel: true
  }
 config :pleroma, :assets,
  mascots: [
    pleroma_fox_tan: %{
      url: "/images/pleroma-fox-tan-smol.png",
      mime_type: "image/png"
    },
    pleroma_fox_tan_shy: %{
      url: "/images/pleroma-fox-tan-shy.png",
      mime_type: "image/png"
    }
  ],
  default_mascot: :pleroma_fox_tan
 config :pleroma, :activitypub,
  accept_blocks: true,
  unfollow_blocked: true,
@ -308,8 +309,11 @@
  media_removal: [],
  media_nsfw: [],
  federated_timeline_removal: [],
  report_removal: [],
  reject: [],
-  accept: []
+  accept: [],
  avatar_removal: [],
  banner_removal: []
 config :pleroma, :mrf_keyword,
  reject: [],
@ -380,6 +384,7 @@
    "activities",
    "api",
    "auth",
    "check_password",
    "dev",
    "friend-requests",
    "inbox",
@ -400,6 +405,7 @@
    "status",
    "tag",
    "user-search",
    "user_exists",
    "users",
    "web"
  ]
@ -482,7 +488,14 @@
 config :pleroma, :oauth2,
  token_expires_in: 600,
-  issue_new_refresh_token: true
+  issue_new_refresh_token: true,
  clean_expired_tokens: false,
  clean_expired_tokens_interval: 86_400_000
 config :pleroma, :database, rum_enabled: false
 config :http_signatures,
  adapter: Pleroma.Signature
 # Import environment specific config. This must remain at the bottom
 # of this file so it overrides the configuration defined above.
--- a/config/test.exs
+++ b/config/test.exs
@ -39,8 +39,6 @@
 # Reduce hash rounds for testing
 config :pbkdf2_elixir, rounds: 1
 config :pleroma, :websub, Pleroma.Web.WebsubMock
 config :pleroma, :ostatus, Pleroma.Web.OStatusMock
 config :tesla, adapter: Tesla.Mock
 config :pleroma, :rich_media, enabled: false
@ -59,6 +57,16 @@
  total_user_limit: 3,
  enabled: false
 config :pleroma, :app_account_creation, max_requests: 5
 config :pleroma, :http_security, report_uri: "https://endpoint.com"
 config :pleroma, :http, send_user_agent: false
 rum_enabled = System.get_env("RUM_ENABLED") == "true"
 config :pleroma, :database, rum_enabled: rum_enabled
 IO.puts("RUM enabled: #{rum_enabled}")
 try do
  import_config "test.secret.exs"
 rescue
--- a/docs/api/admin_api.md
+++ b/docs/api/admin_api.md
@ -24,7 +24,7 @@ Authentication is required and the user must be an admin.
 - Example: `https://mypleroma.org/api/pleroma/admin/users?query=john&filters=local,active&page=1&page_size=10&tags[]=some_tag&tags[]=another_tag&name=display_name&email=email@example.com`
 - Response:
-```JSON
+```json
 {
  "page_size": integer,
  "count": integer,
@ -45,7 +45,7 @@ Authentication is required and the user must be an admin.
 }
 ```
-## `/api/pleroma/admin/user`
+## `/api/pleroma/admin/users`
 ### Remove a user
@ -63,7 +63,7 @@ Authentication is required and the user must be an admin.
  - `password`
 - Response: User’s nickname
-## `/api/pleroma/admin/user/follow`
+## `/api/pleroma/admin/users/follow`
 ### Make a user follow another user
 - Methods: `POST`
@ -73,7 +73,7 @@ Authentication is required and the user must be an admin.
 - Response:
 - "ok"
-## `/api/pleroma/admin/user/unfollow`
+## `/api/pleroma/admin/users/unfollow`
 ### Make a user unfollow another user
 - Methods: `POST`
@ -92,7 +92,7 @@ Authentication is required and the user must be an admin.
  - `nickname`
 - Response: User’s object
-```JSON
+```json
 {
  "deactivated": bool,
  "id": integer,
@ -106,17 +106,17 @@ Authentication is required and the user must be an admin.
 - Method: `PUT`
 - Params:
-  - `nickname`
+  - `nicknames` (array)
-  - `tags`
+  - `tags` (array)
 ### Untag a list of users
 - Method: `DELETE`
 - Params:
-  - `nickname`
+  - `nicknames` (array)
-  - `tags`
+  - `tags` (array)
-## `/api/pleroma/admin/permission_group/:nickname`
+## `/api/pleroma/admin/users/:nickname/permission_group`
 ### Get user user permission groups membership
@ -124,14 +124,14 @@ Authentication is required and the user must be an admin.
 - Params: none
 - Response:
-```JSON
+```json
 {
  "is_moderator": bool,
  "is_admin": bool
 }
 ```
-## `/api/pleroma/admin/permission_group/:nickname/:permission_group`
+## `/api/pleroma/admin/users/:nickname/permission_group/:permission_group`
 Note: Available `:permission_group` is currently moderator and admin. 404 is returned when the permission group doesn’t exist.
@ -141,7 +141,7 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret
 - Params: none
 - Response:
-```JSON
+```json
 {
  "is_moderator": bool,
  "is_admin": bool
@ -165,7 +165,7 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret
  - On success: JSON of the `user.info`
 - Note: An admin cannot revoke their own admin status.
-## `/api/pleroma/admin/activation_status/:nickname`
+## `/api/pleroma/admin/users/:nickname/activation_status`
 ### Active or deactivate a user
@ -203,7 +203,7 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret
 - Response:
  - On success: URL of the unfollowed relay
-## `/api/pleroma/admin/invite_token`
+## `/api/pleroma/admin/users/invite_token`
 ### Get an account registration invite token
@ -215,7 +215,7 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret
  ]
 - Response: invite token (base64 string)
-## `/api/pleroma/admin/invites`
+## `/api/pleroma/admin/users/invites`
 ### Get a list of generated invites
@ -223,7 +223,7 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret
 - Params: none
 - Response:
-```JSON
+```json
 {
  "invites": [
@ -241,7 +241,7 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret
 }
 ```
-## `/api/pleroma/admin/revoke_invite`
+## `/api/pleroma/admin/users/revoke_invite`
 ### Revoke invite by token
@ -250,7 +250,7 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret
  - `token`
 - Response:
-```JSON
+```json
 {
  "id": integer,
  "token": string,
@ -264,7 +264,7 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret
 ```
-## `/api/pleroma/admin/email_invite`
+## `/api/pleroma/admin/users/email_invite`
 ### Sends registration invite via email
@ -273,10 +273,287 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret
  - `email`
  - `name`, optional
-## `/api/pleroma/admin/password_reset`
+## `/api/pleroma/admin/users/:nickname/password_reset`
 ### Get a password reset token for a given nickname
 - Methods: `GET`
 - Params: none
 - Response: password reset token (base64 string)
 ## `/api/pleroma/admin/reports`
 ### Get a list of reports
 - Method `GET`
 - Params:
  - `state`: optional, the state of reports. Valid values are `open`, `closed` and `resolved`
  - `limit`: optional, the number of records to retrieve
  - `since_id`: optional, returns results that are more recent than the specified id
  - `max_id`: optional, returns results that are older than the specified id
 - Response: 
  - On failure: 403 Forbidden error `{"error": "error_msg"}` when requested by anonymous or non-admin
  - On success: JSON, returns a list of reports, where:
    - `account`: the user who has been reported
    - `actor`: the user who has sent the report
    - `statuses`: list of statuses that have been included to the report
 ```json
 {
  "reports": [
    {
      "account": {
        "acct": "user",
        "avatar": "https://pleroma.example.org/images/avi.png",
        "avatar_static": "https://pleroma.example.org/images/avi.png",
        "bot": false,
        "created_at": "2019-04-23T17:32:04.000Z",
        "display_name": "User",
        "emojis": [],
        "fields": [],
        "followers_count": 1,
        "following_count": 1,
        "header": "https://pleroma.example.org/images/banner.png",
        "header_static": "https://pleroma.example.org/images/banner.png",
        "id": "9i6dAJqSGSKMzLG2Lo",
        "locked": false,
        "note": "",
        "pleroma": {
          "confirmation_pending": false,
          "hide_favorites": true,
          "hide_followers": false,
          "hide_follows": false,
          "is_admin": false,
          "is_moderator": false,
          "relationship": {},
          "tags": []
        },
        "source": {
          "note": "",
          "pleroma": {},
          "sensitive": false
        },
        "statuses_count": 3,
        "url": "https://pleroma.example.org/users/user",
        "username": "user"
      },
      "actor": {
        "acct": "lain",
        "avatar": "https://pleroma.example.org/images/avi.png",
        "avatar_static": "https://pleroma.example.org/images/avi.png",
        "bot": false,
        "created_at": "2019-03-28T17:36:03.000Z",
        "display_name": "Roger Braun",
        "emojis": [],
        "fields": [],
        "followers_count": 1,
        "following_count": 1,
        "header": "https://pleroma.example.org/images/banner.png",
        "header_static": "https://pleroma.example.org/images/banner.png",
        "id": "9hEkA5JsvAdlSrocam",
        "locked": false,
        "note": "",
        "pleroma": {
          "confirmation_pending": false,
          "hide_favorites": false,
          "hide_followers": false,
          "hide_follows": false,
          "is_admin": false,
          "is_moderator": false,
          "relationship": {},
          "tags": []
        },
        "source": {
          "note": "",
          "pleroma": {},
          "sensitive": false
        },
        "statuses_count": 1,
        "url": "https://pleroma.example.org/users/lain",
        "username": "lain"
      },
      "content": "Please delete it",
      "created_at": "2019-04-29T19:48:15.000Z",
      "id": "9iJGOv1j8hxuw19bcm",
      "state": "open",
      "statuses": [
        {
          "account": { ... },
          "application": {
            "name": "Web",
            "website": null
          },
          "bookmarked": false,
          "card": null,
          "content": "<span class=\"h-card\"><a data-user=\"9hEkA5JsvAdlSrocam\" class=\"u-url mention\" href=\"https://pleroma.example.org/users/lain\">@<span>lain</span></a></span> click on my link <a href=\"https://www.google.com/\">https://www.google.com/</a>",
          "created_at": "2019-04-23T19:15:47.000Z",
          "emojis": [],
          "favourited": false,
          "favourites_count": 0,
          "id": "9i6mQ9uVrrOmOime8m",
          "in_reply_to_account_id": null,
          "in_reply_to_id": null,
          "language": null,
          "media_attachments": [],
          "mentions": [
            {
              "acct": "lain",
              "id": "9hEkA5JsvAdlSrocam",
              "url": "https://pleroma.example.org/users/lain",
              "username": "lain"
            },
            {
              "acct": "user",
              "id": "9i6dAJqSGSKMzLG2Lo",
              "url": "https://pleroma.example.org/users/user",
              "username": "user"
            }
          ],
          "muted": false,
          "pinned": false,
          "pleroma": {
            "content": {
              "text/plain": "@lain click on my link https://www.google.com/"
            },
            "conversation_id": 28,
            "in_reply_to_account_acct": null,
            "local": true,
            "spoiler_text": {
              "text/plain": ""
            }
          },
          "reblog": null,
          "reblogged": false,
          "reblogs_count": 0,
          "replies_count": 0,
          "sensitive": false,
          "spoiler_text": "",
          "tags": [],
          "uri": "https://pleroma.example.org/objects/8717b90f-8e09-4b58-97b0-e3305472b396",
          "url": "https://pleroma.example.org/notice/9i6mQ9uVrrOmOime8m",
          "visibility": "direct"
        }
      ]
    }
  ]
 }
 ```
 ## `/api/pleroma/admin/reports/:id`
 ### Get an individual report
 - Method `GET`
 - Params:
  - `id`
 - Response:
  - On failure: 
    - 403 Forbidden `{"error": "error_msg"}`
    - 404 Not Found `"Not found"`
  - On success: JSON, Report object (see above)
 ## `/api/pleroma/admin/reports/:id`
 ### Change the state of the report
 - Method `PUT`
 - Params:
  - `id`
  - `state`: required, the new state. Valid values are `open`, `closed` and `resolved`
 - Response: 
  - On failure: 
    - 400 Bad Request `"Unsupported state"`
    - 403 Forbidden `{"error": "error_msg"}`
    - 404 Not Found `"Not found"`
  - On success: JSON, Report object (see above)
 ## `/api/pleroma/admin/reports/:id/respond`
 ### Respond to a report
 - Method `POST`
 - Params:
  - `id`
  - `status`: required, the message
 - Response: 
  - On failure: 
    - 400 Bad Request `"Invalid parameters"` when `status` is missing 
    - 403 Forbidden `{"error": "error_msg"}` 
    - 404 Not Found `"Not found"`
  - On success: JSON, created Mastodon Status entity
 ```json
 {
  "account": { ... },
  "application": {
    "name": "Web",
    "website": null
  },
  "bookmarked": false,
  "card": null,
  "content": "Your claim is going to be closed",
  "created_at": "2019-05-11T17:13:03.000Z",
  "emojis": [],
  "favourited": false,
  "favourites_count": 0,
  "id": "9ihuiSL1405I65TmEq",
  "in_reply_to_account_id": null,
  "in_reply_to_id": null,
  "language": null,
  "media_attachments": [],
  "mentions": [
    {
      "acct": "user",
      "id": "9i6dAJqSGSKMzLG2Lo",
      "url": "https://pleroma.example.org/users/user",
      "username": "user"
    },
    {
      "acct": "admin",
      "id": "9hEkA5JsvAdlSrocam",
      "url": "https://pleroma.example.org/users/admin",
      "username": "admin"
    }
  ],
  "muted": false,
  "pinned": false,
  "pleroma": {
    "content": {
      "text/plain": "Your claim is going to be closed"
    },
    "conversation_id": 35,
    "in_reply_to_account_acct": null,
    "local": true,
    "spoiler_text": {
      "text/plain": ""
    }
  },
  "reblog": null,
  "reblogged": false,
  "reblogs_count": 0,
  "replies_count": 0,
  "sensitive": false,
  "spoiler_text": "",
  "tags": [],
  "uri": "https://pleroma.example.org/objects/cab0836d-9814-46cd-a0ea-529da9db5fcb",
  "url": "https://pleroma.example.org/notice/9ihuiSL1405I65TmEq",
  "visibility": "direct"
 }
 ```
 ## `/api/pleroma/admin/statuses/:id`
 ### Change the scope of an individual reported status
 - Method `PUT`
 - Params:
  - `id`
  - `sensitive`: optional, valid values are `true` or `false`
  - `visibility`: optional, valid values are `public`, `private` and `unlisted`
 - Response: 
  - On failure: 
    - 400 Bad Request `"Unsupported visibility"`
    - 403 Forbidden `{"error": "error_msg"}` 
    - 404 Not Found `"Not found"`
  - On success: JSON, Mastodon Status entity
 ## `/api/pleroma/admin/statuses/:id`
 ### Delete an individual reported status
 - Method `DELETE`
 - Params:
  - `id`
 - Response: 
  - On failure: 
    - 403 Forbidden `{"error": "error_msg"}` 
    - 404 Not Found `"Not found"`
  - On success: 200 OK `{}`
--- a/docs/api/differences_in_mastoapi_responses.md
+++ b/docs/api/differences_in_mastoapi_responses.md
@ -87,3 +87,13 @@ Additional parameters can be added to the JSON body/Form data:
 `POST /oauth/token`
 Post here request with grant_type=refresh_token to obtain new access token. Returns an access token.
 ## Account Registration
 `POST /api/v1/accounts`
 Has theses additionnal parameters (which are the same as in Pleroma-API):
    * `fullname`: optional
    * `bio`: optional
    * `captcha_solution`: optional, contains provider-specific captcha solution,
    * `captcha_token`: optional, contains provider-specific captcha token
    * `token`: invite token required when the registerations aren't public.
--- a/docs/api/pleroma_api.md
+++ b/docs/api/pleroma_api.md
@ -61,6 +61,15 @@ Request parameters can be passed via [query strings](https://en.wikipedia.org/wi
 * Response: JSON. Returns `{"status": "success"}` if the deletion was successful, `{"error": "[error message]"}` otherwise
 * Example response: `{"error": "Invalid password."}`
 ## `/api/pleroma/disable_account`
 ### Disable an account
 * Method `POST`
 * Authentication: required
 * Params:
    * `password`: user's password
 * Response: JSON. Returns `{"status": "success"}` if the account was successfully disabled, `{"error": "[error message]"}` otherwise
 * Example response: `{"error": "Invalid password."}`
 ## `/api/account/register`
 ### Register a new user
 * Method `POST`
@ -243,6 +252,45 @@ See [Admin-API](Admin-API.md)
 ]
 ```
 ## `/api/v1/pleroma/mascot`
 ### Gets user mascot image
 * Method `GET`
 * Authentication: required
 * Response: JSON. Returns a mastodon media attachment entity.
 * Example response:
 ```json
 {
    "id": "abcdefg",
    "url": "https://pleroma.example.org/media/abcdefg.png",
    "type": "image",
    "pleroma": {
        "mime_type": "image/png"
    }
 }
 ```
 ### Updates user mascot image
 * Method `PUT`
 * Authentication: required
 * Params:
    * `image`: Multipart image
 * Response: JSON. Returns a mastodon media attachment entity
  when successful, otherwise returns HTTP 415 `{"error": "error_msg"}`
 * Example response:
 ```json
 {
    "id": "abcdefg",
    "url": "https://pleroma.example.org/media/abcdefg.png",
    "type": "image",
    "pleroma": {
        "mime_type": "image/png"
    }
 }
 ```
 * Note: Behaves exactly the same as `POST /api/v1/upload`.
  Can only accept images - any attempt to upload non-image files will be met with `HTTP 415 Unsupported Media Type`.
 ## `/api/pleroma/notification_settings`
 ### Updates user notification settings
 * Method `PUT`
--- a/docs/config.md
+++ b/docs/config.md
@ -104,6 +104,13 @@ config :pleroma, Pleroma.Emails.Mailer,
 * `max_report_comment_size`: The maximum size of the report comment (Default: `1000`)
 * `safe_dm_mentions`: If set to true, only mentions at the beginning of a post will be used to address people in direct messages. This is to prevent accidental mentioning of people when talking about them (e.g. "@friend hey i really don't like @enemy"). (Default: `false`)
 * `healthcheck`: if set to true, system data will be shown on ``/api/pleroma/healthcheck``.
 * `remote_post_retention_days`: the default amount of days to retain remote posts when pruning the database
 ## :app_account_creation
 REST API for creating an account settings
 * `enabled`: Enable/disable registration
 * `max_requests`: Number of requests allowed for creating accounts
 * `interval`: Interval for restricting requests for one ip (seconds)
 ## :logger
 * `backends`: `:console` is used to send logs to stdout, `{ExSyslogger, :ex_syslogger}` to log to syslog, and `Quack.Logger` to log to Slack
@ -197,12 +204,25 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i
 * `hide_post_stats`: Hide notices statistics(repeats, favorites, …)
 * `hide_user_stats`: Hide profile statistics(posts, posts per day, followers, followings, …)
 ## :assets
 This section configures assets to be used with various frontends. Currently the only option
 relates to mascots on the mastodon frontend
 * `mascots`: KeywordList of mascots, each element __MUST__ contain both a `url` and a
  `mime_type` key.
 * `default_mascot`: An element from `mascots` - This will be used as the default mascot
  on MastoFE (default: `:pleroma_fox_tan`)
 ## :mrf_simple
 * `media_removal`: List of instances to remove medias from
 * `media_nsfw`: List of instances to put medias as NSFW(sensitive) from
 * `federated_timeline_removal`: List of instances to remove from Federated (aka The Whole Known Network) Timeline
 * `reject`: List of instances to reject any activities from
 * `accept`: List of instances to accept any activities from
 * `report_removal`: List of instances to reject reports from
 * `avatar_removal`: List of instances to strip avatars from
 * `banner_removal`: List of instances to strip banners from
 ## :mrf_rejectnonpublic
 * `allow_followersonly`: whether to allow followers-only posts
@ -280,7 +300,8 @@ This will make Pleroma listen on `127.0.0.1` port `8080` and generate urls start
 * ``sts``: Whether to additionally send a `Strict-Transport-Security` header
 * ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent
 * ``ct_max_age``: The maximum age for the `Expect-CT` header if sent
-* ``referrer_policy``: The referrer policy to use, either `"same-origin"` or `"no-referrer"`.
+* ``referrer_policy``: The referrer policy to use, either `"same-origin"` or `"no-referrer"`
 * ``report_uri``: Adds the specified url to `report-uri` and `report-to` group in CSP header.
 ## :mrf_user_allowlist
@ -460,7 +481,7 @@ config :esshd,
  password_authenticator: "Pleroma.BBS.Authenticator"
 ```
-Feel free to adjust the priv_dir and port number. Then you will have to create the key for the keys (in the example `priv/ssh_keys`) and create the host keys with `ssh-keygen -N "" -b 2048 -t rsa -f ssh_host_rsa_key`. After restarting, you should be able to connect to your Pleroma instance with `ssh username@server -p $PORT`
+Feel free to adjust the priv_dir and port number. Then you will have to create the key for the keys (in the example `priv/ssh_keys`) and create the host keys with `ssh-keygen -m PEM -N "" -b 2048 -t rsa -f ssh_host_rsa_key`. After restarting, you should be able to connect to your Pleroma instance with `ssh username@server -p $PORT`
 ## :auth
@ -544,8 +565,25 @@ Configure OAuth 2 provider capabilities:
 * `token_expires_in` - The lifetime in seconds of the access token.
 * `issue_new_refresh_token` - Keeps old refresh token or generate new refresh token when to obtain an access token.
 * `clean_expired_tokens` - Enable a background job to clean expired oauth tokens. Defaults to `false`.
 * `clean_expired_tokens_interval` - Interval to run the job to clean expired tokens. Defaults to `86_400_000` (24 hours).
 ## :emoji
 * `shortcode_globs`: Location of custom emoji files. `*` can be used as a wildcard. Example `["/emoji/custom/**/*.png"]`
 * `groups`: Emojis are ordered in groups (tags). This is an array of key-value pairs where the key is the groupname and the value the location or array of locations. `*` can be used as a wildcard. Example `[Custom: ["/emoji/*.png", "/emoji/custom/*.png"]]`
 * `default_manifest`: Location of the JSON-manifest. This manifest contains information about the emoji-packs you can download. Currently only one manifest can be added (no arrays).
 ## Database options
 ### RUM indexing for full text search
 * `rum_enabled`: If RUM indexes should be used. Defaults to `false`.
 RUM indexes are an alternative indexing scheme that is not included in PostgreSQL by default. While they may eventually be mainlined, for now they have to be installed as a PostgreSQL extension from https://github.com/postgrespro/rum.
 Their advantage over the standard GIN indexes is that they allow efficient ordering of search results by timestamp, which makes search queries a lot faster on larger servers, by one or two orders of magnitude. They take up around 3 times as much space as GIN indexes.
 To enable them, both the `rum_enabled` flag has to be set and the following special migration has to be run:
 `mix ecto.migrate --migrations-path priv/repo/optional_migrations/rum_indexing/`
 This will probably take a long time.
--- a/docs/config/howto_mongooseim.md
+++ b/docs/config/howto_mongooseim.md
@ -0,0 +1,10 @@
 # Configuring MongooseIM (XMPP Server) to use Pleroma for authentication
 If you want to give your Pleroma users an XMPP (chat) account, you can configure [MongooseIM](https://github.com/esl/MongooseIM) to use your Pleroma server for user authentication, automatically giving every local user an XMPP account.
 In general, you just have to follow the configuration described at [https://mongooseim.readthedocs.io/en/latest/authentication-backends/HTTP-authentication-module/](https://mongooseim.readthedocs.io/en/latest/authentication-backends/HTTP-authentication-module/) and do these changes to your mongooseim.cfg.
 1. Set the auth_method to `{auth_method, http}`.
 2. Add the http auth pool like this: `{http, global, auth, [{workers, 50}], [{server, "https://yourpleromainstance.com"}]}`
 Restart your MongooseIM server, your users should now be able to connect with their Pleroma credentials.
--- a/docs/config/mrf.md
+++ b/docs/config/mrf.md
@ -5,11 +5,12 @@ Possible uses include:
 * marking incoming messages with media from a given account or instance as sensitive
 * rejecting messages from a specific instance
 * rejecting reports (flags) from a specific instance
 * removing/unlisting messages from the public timelines
 * removing media from messages
 * sending only public messages to a specific instance
-The MRF provides user-configurable policies.  The default policy is `NoOpPolicy`, which disables the MRF functionality.  Pleroma also includes an easy to use policy called `SimplePolicy` which maps messages matching certain pre-defined criterion to actions built into the policy module.  
+The MRF provides user-configurable policies.  The default policy is `NoOpPolicy`, which disables the MRF functionality.  Pleroma also includes an easy to use policy called `SimplePolicy` which maps messages matching certain pre-defined criterion to actions built into the policy module.
 It is possible to use multiple, active MRF policies at the same time.
 ## Quarantine Instances
@ -41,12 +42,13 @@ Once `SimplePolicy` is enabled, you can configure various groups in the `:mrf_si
 * `media_nsfw`: Servers in this group will have the #nsfw tag and sensitive setting injected into incoming messages which contain media.
 * `reject`: Servers in this group will have their messages rejected.
 * `federated_timeline_removal`: Servers in this group will have their messages unlisted from the public timelines by flipping the `to` and `cc` fields.
 * `report_removal`: Servers in this group will have their reports (flags) rejected.
 Servers should be configured as lists.
 ### Example
-This example will enable `SimplePolicy`, block media from `illegalporn.biz`, mark media as NSFW from `porn.biz` and `porn.business`, reject messages from `spam.com` and remove messages from `spam.university` from the federated timeline:
+This example will enable `SimplePolicy`, block media from `illegalporn.biz`, mark media as NSFW from `porn.biz` and `porn.business`, reject messages from `spam.com`, remove messages from `spam.university` from the federated timeline and block reports (flags) from `whiny.whiner`:
 ```
 config :pleroma, :instance,
@ -56,7 +58,8 @@ config :pleroma, :mrf_simple,
  media_removal: ["illegalporn.biz"],
  media_nsfw: ["porn.biz", "porn.business"],
  reject: ["spam.com"],
-  federated_timeline_removal: ["spam.university"]
+  federated_timeline_removal: ["spam.university"],
  report_removal: ["whiny.whiner"]
 ```
--- a/docs/installation/debian_based_en.md
+++ b/docs/installation/debian_based_en.md
@ -12,6 +12,7 @@ This guide will assume you are on Debian Stretch. This guide should also work wi
 * `erlang-tools`
 * `erlang-parsetools`
 * `erlang-eldap`, if you want to enable ldap authenticator
 * `erlang-ssh`
 * `erlang-xmerl`
 * `git`
 * `build-essential`
@ -49,7 +50,7 @@ sudo dpkg -i /tmp/erlang-solutions_1.0_all.deb
 ```shell
 sudo apt update
-sudo apt install elixir erlang-dev erlang-parsetools erlang-xmerl erlang-tools
+sudo apt install elixir erlang-dev erlang-parsetools erlang-xmerl erlang-tools erlang-ssh
 ```
 ### Install PleromaBE
--- a/docs/installation/debian_based_jp.md
+++ b/docs/installation/debian_based_jp.md
@ -14,6 +14,7 @@
 - erlang-dev
 - erlang-tools
 - erlang-parsetools
 - erlang-ssh
 - erlang-xmerl (Jessieではバックポートからインストールすること！)
 - git
 - build-essential
@ -44,7 +45,7 @@ wget -P /tmp/ https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb
 * ElixirとErlangをインストールします、
 ```
-apt update && apt install elixir erlang-dev erlang-parsetools erlang-xmerl erlang-tools
+apt update && apt install elixir erlang-dev erlang-parsetools erlang-xmerl erlang-tools erlang-ssh
 ```
 ### Pleroma BE (バックエンド) をインストールします
--- a/docs/introduction.md
+++ b/docs/introduction.md
@ -1,30 +1,30 @@
 # Introduction to Pleroma
 ## What is Pleroma?
-Pleroma is a federated social networking platform, compatible with GNU social, Mastodon and other OStatus and ActivityPub implementations. It is free software licensed under the AGPLv3.  
+Pleroma is a federated social networking platform, compatible with GNU social, Mastodon and other OStatus and ActivityPub implementations. It is free software licensed under the AGPLv3.
-It actually consists of two components: a backend, named simply Pleroma, and a user-facing frontend, named Pleroma-FE. It also includes the Mastodon frontend, if that's your thing.  
+It actually consists of two components: a backend, named simply Pleroma, and a user-facing frontend, named Pleroma-FE. It also includes the Mastodon frontend, if that's your thing.
-It's part of what we call the fediverse, a federated network of instances which speak common protocols and can communicate with each other.  
+It's part of what we call the fediverse, a federated network of instances which speak common protocols and can communicate with each other.
 One account on a instance is enough to talk to the entire fediverse!
-  
+
 ## How can I use it?
-Pleroma instances are already widely deployed, a list can be found here:  
+Pleroma instances are already widely deployed, a list can be found here:
 http://distsn.org/pleroma-instances.html
-If you don't feel like joining an existing instance, but instead prefer to deploy your own instance, that's easy too!  
+If you don't feel like joining an existing instance, but instead prefer to deploy your own instance, that's easy too!
-Installation instructions can be found here:  
+Installation instructions can be found here:
 [main Pleroma wiki](/)
-  
+
 ## I got an account, now what?
-Great! Now you can explore the fediverse!  
+Great! Now you can explore the fediverse!
- Open the login page for your Pleroma instance (for ex. https://pleroma.soykaf.com) and login with your username and password.  
+- Open the login page for your Pleroma instance (for ex. https://pleroma.soykaf.com) and login with your username and password.
-(If you don't have one yet, click on Register) :slightly_smiling_face:  
+(If you don't have one yet, click on Register) :slightly_smiling_face:
 At this point you will have two columns in front of you.
 ### Left column
- first block: here you can see your avatar, your nickname a bio, and statistics (Statuses, Following, Followers).  
+- first block: here you can see your avatar, your nickname a bio, and statistics (Statuses, Following, Followers).
-Under that you have a text form which allows you to post new statuses. The icon on the left is for uploading media files and attach them to your post. The number under the text form is a character counter, every instance can have a different character limit (the default is 5000).  
+Under that you have a text form which allows you to post new statuses. The icon on the left is for uploading media files and attach them to your post. The number under the text form is a character counter, every instance can have a different character limit (the default is 5000).
-If you want to mention someone, type @ + name of the person. A drop-down menu will help you in finding the right person. :slight_smile:   
+If you want to mention someone, type @ + name of the person. A drop-down menu will help you in finding the right person. :slight_smile:
 To post your status, simply press Submit.
 - second block: Here you can switch between the different timelines:
@ -38,7 +38,7 @@ To post your status, simply press Submit.
 - fourth block: This is the Notifications block, here you will get notified whenever somebody mentions you, follows you, repeats or favorites one of your statuses.
 ### Right column
-This is where the interesting stuff happens! :slight_smile:   
+This is where the interesting stuff happens! :slight_smile:
 Depending on the timeline you will see different statuses, but each status has a standard structure:
 - Icon + name + link to profile. An optional left-arrow if it's a reply to another status (hovering will reveal the replied-to status).
 - A + button on the right allows you to Expand/Collapse an entire discussion thread. It also updates in realtime!
@ -47,9 +47,9 @@ Depending on the timeline you will see different statuses, but each status has a
 - Four buttons (left to right): Reply, Repeat, Favorite, Delete.
 ## Mastodon interface
-If the Pleroma interface isn't your thing, or you're just trying something new but you want to keep using the familiar Mastodon interface, we got that too! :smile:  
+If the Pleroma interface isn't your thing, or you're just trying something new but you want to keep using the familiar Mastodon interface, we got that too! :smile:
-Just add a "/web" after your instance url (for ex. https://pleroma.soycaf.com/web) and you'll end on the Mastodon web interface, but with a Pleroma backend! MAGIC! :fireworks:  
+Just add a "/web" after your instance url (for ex. https://pleroma.soycaf.com/web) and you'll end on the Mastodon web interface, but with a Pleroma backend! MAGIC! :fireworks:
-For more information on the Mastodon interface, please look here:  
+For more information on the Mastodon interface, please look here:
 https://github.com/tootsuite/documentation/blob/master/Using-Mastodon/User-guide.md
 Remember, what you see is only the frontend part of Mastodon, the backend is still Pleroma.
--- a/installation/caddyfile-pleroma.example
+++ b/installation/caddyfile-pleroma.example
@ -10,7 +10,9 @@ example.tld  {
  gzip
-  proxy / localhost:4000 {
+  # this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
  # and `localhost.` resolves to [::0] on some systems: see issue #930
  proxy / 127.0.0.1:4000 {
    websocket
    transparent
  }
--- a/installation/pleroma-apache.conf
+++ b/installation/pleroma-apache.conf
@ -58,8 +58,10 @@ CustomLog ${APACHE_LOG_DIR}/access.log combined
    RewriteRule /(.*) ws://localhost:4000/$1 [P,L]
    ProxyRequests off
-    ProxyPass / http://localhost:4000/
+    # this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
-    ProxyPassReverse / http://localhost:4000/
+    # and `localhost.` resolves to [::0] on some systems: see issue #930
    ProxyPass / http://127.0.0.1:4000/
    ProxyPassReverse / http://127.0.0.1:4000/
    RequestHeader set Host ${servername}
    ProxyPreserveHost On
--- a/installation/pleroma.nginx
+++ b/installation/pleroma.nginx
@ -69,7 +69,9 @@ server {
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
-        proxy_pass http://localhost:4000;
+	# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
 	# and `localhost.` resolves to [::0] on some systems: see issue #930
        proxy_pass http://127.0.0.1:4000;
        client_max_body_size 16m;
    }
--- a/installation/pleroma.vcl
+++ b/installation/pleroma.vcl
@ -1,4 +1,4 @@
-vcl 4.0;
+vcl 4.1;
 import std;
 backend default {
@ -35,24 +35,6 @@ sub vcl_recv {
      }
      return(purge);
    }
    # Pleroma MediaProxy - strip headers that will affect caching
    if (req.url ~ "^/proxy/") {
      unset req.http.Cookie;
      unset req.http.Authorization;
      unset req.http.Accept;
      return (hash);
    }
    # Strip headers that will affect caching from all other static content
    # This also permits caching of individual toots and AP Activities
    if ((req.url ~ "^/(media|static)/") ||
    (req.url ~ "(?i)\.(html|js|css|jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|mp4|ogg|webm|svg|swf|ttf|pdf|woff|woff2)$"))
    {
      unset req.http.Cookie;
      unset req.http.Authorization;
      return (hash);
    }
 }
 sub vcl_backend_response {
@ -61,6 +43,12 @@ sub vcl_backend_response {
      set beresp.do_gzip = true;
    }
    # Retry broken backend responses.
    if (beresp.status == 503) {
      set bereq.http.X-Varnish-Backend-503 = "1";
      return (retry);
    }
    # CHUNKED SUPPORT
    if (bereq.http.x-range ~ "bytes=" && beresp.status == 206) {
      set beresp.ttl = 10m;
@ -73,8 +61,6 @@ sub vcl_backend_response {
      return (deliver);
    }
    # Default object caching of 86400s;
    set beresp.ttl = 86400s;
    # Allow serving cached content for 6h in case backend goes down
    set beresp.grace = 6h;
@ -90,20 +76,6 @@ sub vcl_backend_response {
      set beresp.ttl = 30s;
      return (deliver);
    }
    # Pleroma MediaProxy internally sets headers properly
    if (bereq.url ~ "^/proxy/") {
      return (deliver);
    }
    # Strip cache-restricting headers from Pleroma on static content that we want to cache
    if (bereq.url ~ "(?i)\.(js|css|jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|mp4|ogg|webm|svg|swf|ttf|pdf|woff|woff2)$")
    {
      unset beresp.http.set-cookie;
      unset beresp.http.Cache-Control;
      unset beresp.http.x-request-id;
      set beresp.http.Cache-Control = "public, max-age=86400";
    }
 }
 # The synthetic response for 301 redirects
@ -132,10 +104,32 @@ sub vcl_hash {
 }
 sub vcl_backend_fetch {
    # Be more lenient for slow servers on the fediverse
    if bereq.url ~ "^/proxy/" {
      set bereq.first_byte_timeout = 300s;
    }
    # CHUNKED SUPPORT
    if (bereq.http.x-range) {
      set bereq.http.Range = bereq.http.x-range;
    }
    if (bereq.retries == 0) {
        # Clean up the X-Varnish-Backend-503 flag that is used internally
        # to mark broken backend responses that should be retried.
        unset bereq.http.X-Varnish-Backend-503;
    } else {
        if (bereq.http.X-Varnish-Backend-503) {
            if (bereq.method != "POST" &&
              std.healthy(bereq.backend) &&
              bereq.retries <= 4) {
              # Flush broken backend response flag & try again.
              unset bereq.http.X-Varnish-Backend-503;
            } else {
              return (abandon);
            }
        }
    }
 }
 sub vcl_deliver {
@ -145,3 +139,9 @@ sub vcl_deliver {
      unset resp.http.CR;
    }
 }
 sub vcl_backend_error {
    # Retry broken backend responses.
    set bereq.http.X-Varnish-Backend-503 = "1";
    return (retry);
 }
--- a/lib/mix/tasks/pleroma/database.ex
+++ b/lib/mix/tasks/pleroma/database.ex
@ -4,6 +4,10 @@
 defmodule Mix.Tasks.Pleroma.Database do
  alias Mix.Tasks.Pleroma.Common
  alias Pleroma.Conversation
  alias Pleroma.Object
  alias Pleroma.Repo
  alias Pleroma.User
  require Logger
  use Mix.Task
@ -19,6 +23,18 @@ defmodule Mix.Tasks.Pleroma.Database do
    Options:
    - `--vacuum` - run `VACUUM FULL` after the embedded objects are replaced with their references
  ## Prune old objects from the database
      mix pleroma.database prune_objects
  ## Create a conversation for all existing DMs. Can be safely re-run.
      mix pleroma.database bump_all_conversations
  ## Remove duplicated items from following and update followers count for all users
      mix pleroma.database update_users_following_followers_counts
  """
  def run(["remove_embedded_objects" | args]) do
    {options, [], []} =
@ -32,7 +48,7 @@ def run(["remove_embedded_objects" | args]) do
    Common.start_pleroma()
    Logger.info("Removing embedded objects")
-    Pleroma.Repo.query!(
+    Repo.query!(
      "update activities set data = jsonb_set(data, '{object}'::text[], data->'object'->'id') where data->'object'->>'id' is not null;",
      [],
      timeout: :infinity
@ -41,7 +57,62 @@ def run(["remove_embedded_objects" | args]) do
    if Keyword.get(options, :vacuum) do
      Logger.info("Runnning VACUUM FULL")
-      Pleroma.Repo.query!(
+      Repo.query!(
        "vacuum full;",
        [],
        timeout: :infinity
      )
    end
  end
  def run(["bump_all_conversations"]) do
    Common.start_pleroma()
    Conversation.bump_for_all_activities()
  end
  def run(["update_users_following_followers_counts"]) do
    Common.start_pleroma()
    users = Repo.all(User)
    Enum.each(users, &User.remove_duplicated_following/1)
    Enum.each(users, &User.update_follower_count/1)
  end
  def run(["prune_objects" | args]) do
    import Ecto.Query
    {options, [], []} =
      OptionParser.parse(
        args,
        strict: [
          vacuum: :boolean
        ]
      )
    Common.start_pleroma()
    deadline = Pleroma.Config.get([:instance, :remote_post_retention_days])
    Logger.info("Pruning objects older than #{deadline} days")
    time_deadline =
      NaiveDateTime.utc_now()
      |> NaiveDateTime.add(-(deadline * 86_400))
    public = "https://www.w3.org/ns/activitystreams#Public"
    from(o in Object,
      where: fragment("?->'to' \\? ? OR ?->'cc' \\? ?", o.data, ^public, o.data, ^public),
      where: o.inserted_at < ^time_deadline,
      where:
        fragment("split_part(?->>'actor', '/', 3) != ?", o.data, ^Pleroma.Web.Endpoint.host())
    )
    |> Repo.delete_all(timeout: :infinity)
    if Keyword.get(options, :vacuum) do
      Logger.info("Runnning VACUUM FULL")
      Repo.query!(
        "vacuum full;",
        [],
        timeout: :infinity
--- a/lib/mix/tasks/pleroma/emoji.ex
+++ b/lib/mix/tasks/pleroma/emoji.ex
@ -137,7 +137,7 @@ def run(["get-packs" | args]) do
          ])
        )
-        files = Tesla.get!(client(), files_url).body |> Poison.decode!()
+        files = Tesla.get!(client(), files_url).body |> Jason.decode!()
        IO.puts(IO.ANSI.format(["Unpacking ", :bright, pack_name]))
@ -239,7 +239,7 @@ def run(["gen-pack", src]) do
    emoji_map = Pleroma.Emoji.make_shortcode_to_file_map(tmp_pack_dir, exts)
-    File.write!(files_name, Poison.encode!(emoji_map, pretty: true))
+    File.write!(files_name, Jason.encode!(emoji_map, pretty: true))
    IO.puts("""
@ -248,11 +248,11 @@ def run(["gen-pack", src]) do
    """)
    if File.exists?("index.json") do
-      existing_data = File.read!("index.json") |> Poison.decode!()
+      existing_data = File.read!("index.json") |> Jason.decode!()
      File.write!(
        "index.json",
-        Poison.encode!(
+        Jason.encode!(
          Map.merge(
            existing_data,
            pack_json
@ -263,14 +263,14 @@ def run(["gen-pack", src]) do
      IO.puts("index.json file has been update with the #{name} pack")
    else
-      File.write!("index.json", Poison.encode!(pack_json, pretty: true))
+      File.write!("index.json", Jason.encode!(pack_json, pretty: true))
      IO.puts("index.json has been created with the #{name} pack")
    end
  end
  defp fetch_manifest(from) do
-    Poison.decode!(
+    Jason.decode!(
      if String.starts_with?(from, "http") do
        Tesla.get!(client(), from).body
      else
--- a/lib/mix/tasks/pleroma/user.ex
+++ b/lib/mix/tasks/pleroma/user.ex
@ -77,6 +77,10 @@ defmodule Mix.Tasks.Pleroma.User do
  ## Delete tags from a user.
      mix pleroma.user untag NICKNAME TAGS
  ## Toggle confirmation of the user's account.
      mix pleroma.user toggle_confirmed NICKNAME
  """
  def run(["new", nickname, email | rest]) do
    {options, [], []} =
@ -138,7 +142,7 @@ def run(["new", nickname, email | rest]) do
        bio: bio
      }
-      changeset = User.register_changeset(%User{}, params, confirmed: true)
+      changeset = User.register_changeset(%User{}, params, need_confirmation: false)
      {:ok, _user} = User.register(changeset)
      Mix.shell().info("User #{nickname} created")
@ -388,6 +392,21 @@ def run(["delete_activities", nickname]) do
    end
  end
  def run(["toggle_confirmed", nickname]) do
    Common.start_pleroma()
    with %User{} = user <- User.get_cached_by_nickname(nickname) do
      {:ok, user} = User.toggle_confirmation(user)
      message = if user.info.confirmation_pending, do: "needs", else: "doesn't need"
      Mix.shell().info("#{nickname} #{message} confirmation.")
    else
      _ ->
        Mix.shell().error("No local user #{nickname}")
    end
  end
  defp set_moderator(user, value) do
    info_cng = User.Info.admin_api_update(user.info, %{is_moderator: value})
--- a/lib/pleroma/activity.ex
+++ b/lib/pleroma/activity.ex
@ -10,6 +10,7 @@ defmodule Pleroma.Activity do
  alias Pleroma.Notification
  alias Pleroma.Object
  alias Pleroma.Repo
  alias Pleroma.ThreadMute
  alias Pleroma.User
  import Ecto.Changeset
@ -37,6 +38,7 @@ defmodule Pleroma.Activity do
    field(:local, :boolean, default: true)
    field(:actor, :string)
    field(:recipients, {:array, :string}, default: [])
    field(:thread_muted?, :boolean, virtual: true)
    # This is a fake relation, do not use outside of with_preloaded_bookmark/get_bookmark
    has_one(:bookmark, Bookmark)
    has_many(:notifications, Notification, on_delete: :delete_all)
@ -60,21 +62,24 @@ defmodule Pleroma.Activity do
    timestamps()
  end
-  def with_preloaded_object(query) do
+  def with_joined_object(query) do
-    query
+    join(query, :inner, [activity], o in Object,
    |> join(
      :inner,
      [activity],
      o in Object,
      on:
        fragment(
          "(?->>'id') = COALESCE(?->'object'->>'id', ?->>'object')",
          o.data,
          activity.data,
          activity.data
-        )
+        ),
      as: :object
    )
-    |> preload([activity, object], object: object)
+  end
  def with_preloaded_object(query) do
    query
    |> has_named_binding?(:object)
    |> if(do: query, else: with_joined_object(query))
    |> preload([activity, object: object], object: object)
  end
  def with_preloaded_bookmark(query, %User{} = user) do
@ -87,6 +92,16 @@ def with_preloaded_bookmark(query, %User{} = user) do
  def with_preloaded_bookmark(query, _), do: query
  def with_set_thread_muted_field(query, %User{} = user) do
    from([a] in query,
      left_join: tm in ThreadMute,
      on: tm.user_id == ^user.id and tm.context == fragment("?->>'context'", a.data),
      select: %Activity{a | thread_muted?: not is_nil(tm.id)}
    )
  end
  def with_set_thread_muted_field(query, _), do: query
  def get_by_ap_id(ap_id) do
    Repo.one(
      from(
@ -108,7 +123,7 @@ def get_bookmark(_, _), do: nil
  def change(struct, params \\ %{}) do
    struct
-    |> cast(params, [:data])
+    |> cast(params, [:data, :recipients])
    |> validate_required([:data])
    |> unique_constraint(:ap_id, name: :activities_unique_apid_index)
  end
@ -132,7 +147,10 @@ def get_by_ap_id_with_object(ap_id) do
  end
  def get_by_id(id) do
-    Repo.get(Activity, id)
+    Activity
    |> where([a], a.id == ^id)
    |> restrict_deactivated_users()
    |> Repo.one()
  end
  def get_by_id_with_object(id) do
@ -200,6 +218,7 @@ def get_all_create_by_object_ap_id(ap_id) do
  def get_create_by_object_ap_id(ap_id) when is_binary(ap_id) do
    create_by_object_ap_id(ap_id)
    |> restrict_deactivated_users()
    |> Repo.one()
  end
@ -314,4 +333,14 @@ def follow_requests_for_actor(%Pleroma.User{ap_id: ap_id}) do
  def query_by_actor(actor) do
    from(a in Activity, where: a.actor == ^actor)
  end
  def restrict_deactivated_users(query) do
    from(activity in query,
      where:
        fragment(
          "? not in (SELECT ap_id FROM users WHERE info->'deactivated' @> 'true')",
          activity.actor
        )
    )
  end
 end
--- a/lib/pleroma/application.ex
+++ b/lib/pleroma/application.ex
@ -111,6 +111,7 @@ def start(_type, _args) do
        hackney_pool_children() ++
        [
          worker(Pleroma.Web.Federator.RetryQueue, []),
          worker(Pleroma.Web.OAuth.Token.CleanWorker, []),
          worker(Pleroma.Stats, []),
          worker(Task, [&Pleroma.Web.Push.init/0], restart: :temporary, id: :web_push_init),
          worker(Task, [&Pleroma.Web.Federator.init/0], restart: :temporary, id: :federator_init)
@ -134,19 +135,22 @@ def start(_type, _args) do
  defp setup_instrumenters do
    require Prometheus.Registry
-    :ok =
+    if Application.get_env(:prometheus, Pleroma.Repo.Instrumenter) do
-      :telemetry.attach(
+      :ok =
-        "prometheus-ecto",
+        :telemetry.attach(
-        [:pleroma, :repo, :query],
+          "prometheus-ecto",
-        &Pleroma.Repo.Instrumenter.handle_event/4,
+          [:pleroma, :repo, :query],
-        %{}
+          &Pleroma.Repo.Instrumenter.handle_event/4,
-      )
+          %{}
        )
      Pleroma.Repo.Instrumenter.setup()
    end
    Prometheus.Registry.register_collector(:prometheus_process_collector)
    Pleroma.Web.Endpoint.MetricsExporter.setup()
    Pleroma.Web.Endpoint.PipelineInstrumenter.setup()
    Pleroma.Web.Endpoint.Instrumenter.setup()
    Pleroma.Repo.Instrumenter.setup()
  end
  def enabled_hackney_pools do
--- a/lib/pleroma/bbs/handler.ex
+++ b/lib/pleroma/bbs/handler.ex
@ -95,7 +95,6 @@ def handle_command(state, "home") do
    activities =
      [user.ap_id | user.following]
      |> ActivityPub.fetch_activities(params)
      |> ActivityPub.contain_timeline(user)
    Enum.each(activities, fn activity ->
      puts_activity(activity)
--- a/lib/pleroma/captcha/kocaptcha.ex
+++ b/lib/pleroma/captcha/kocaptcha.ex
@ -15,7 +15,7 @@ def new do
        %{error: "Kocaptcha service unavailable"}
      {:ok, res} ->
-        json_resp = Poison.decode!(res.body)
+        json_resp = Jason.decode!(res.body)
        %{
          type: :kocaptcha,
--- a/lib/pleroma/config.ex
+++ b/lib/pleroma/config.ex
@ -12,8 +12,12 @@ def get(key), do: get(key, nil)
  def get([key], default), do: get(key, default)
  def get([parent_key | keys], default) do
-    Application.get_env(:pleroma, parent_key)
+    case :pleroma
-    |> get_in(keys) || default
+         |> Application.get_env(parent_key)
         |> get_in(keys) do
      nil -> default
      any -> any
    end
  end
  def get(key, default) do
--- a/lib/pleroma/config/deprecation_warnings.ex
+++ b/lib/pleroma/config/deprecation_warnings.ex
@ -5,15 +5,6 @@
 defmodule Pleroma.Config.DeprecationWarnings do
  require Logger
  def check_frontend_config_mechanism do
    if Pleroma.Config.get(:fe) do
      Logger.warn("""
      !!!DEPRECATION WARNING!!!
      You are using the old configuration mechanism for the frontend. Please check config.md.
      """)
    end
  end
  def check_hellthread_threshold do
    if Pleroma.Config.get([:mrf_hellthread, :threshold]) do
      Logger.warn("""
@ -24,7 +15,6 @@ def check_hellthread_threshold do
  end
  def warn do
    check_frontend_config_mechanism()
    check_hellthread_threshold()
  end
 end
--- a/lib/pleroma/conversation.ex
+++ b/lib/pleroma/conversation.ex
@ -45,10 +45,10 @@ def get_for_ap_id(ap_id) do
  2. Create a participation for all the people involved who don't have one already
  3. Bump all relevant participations to 'unread'
  """
-  def create_or_bump_for(activity) do
+  def create_or_bump_for(activity, opts \\ []) do
    with true <- Pleroma.Web.ActivityPub.Visibility.is_direct?(activity),
         object <- Pleroma.Object.normalize(activity),
         "Create" <- activity.data["type"],
         object <- Pleroma.Object.normalize(activity),
         "Note" <- object.data["type"],
         ap_id when is_binary(ap_id) and byte_size(ap_id) > 0 <- object.data["context"] do
      {:ok, conversation} = create_for_ap_id(ap_id)
@ -58,7 +58,7 @@ def create_or_bump_for(activity) do
      participations =
        Enum.map(users, fn user ->
          {:ok, participation} =
-            Participation.create_for_user_and_conversation(user, conversation)
+            Participation.create_for_user_and_conversation(user, conversation, opts)
          participation
        end)
@ -72,4 +72,21 @@ def create_or_bump_for(activity) do
      e -> {:error, e}
    end
  end
  @doc """
  This is only meant to be run by a mix task. It creates conversations/participations for all direct messages in the database.
  """
  def bump_for_all_activities do
    stream =
      Pleroma.Web.ActivityPub.ActivityPub.fetch_direct_messages_query()
      |> Repo.stream()
    Repo.transaction(
      fn ->
        stream
        |> Enum.each(fn a -> create_or_bump_for(a, read: true) end)
      end,
      timeout: :infinity
    )
  end
 end
--- a/lib/pleroma/conversation/participation.ex
+++ b/lib/pleroma/conversation/participation.ex
@ -22,15 +22,17 @@ defmodule Pleroma.Conversation.Participation do
  def creation_cng(struct, params) do
    struct
-    |> cast(params, [:user_id, :conversation_id])
+    |> cast(params, [:user_id, :conversation_id, :read])
    |> validate_required([:user_id, :conversation_id])
  end
-  def create_for_user_and_conversation(user, conversation) do
+  def create_for_user_and_conversation(user, conversation, opts \\ []) do
    read = !!opts[:read]
    %__MODULE__{}
-    |> creation_cng(%{user_id: user.id, conversation_id: conversation.id})
+    |> creation_cng(%{user_id: user.id, conversation_id: conversation.id, read: read})
    |> Repo.insert(
-      on_conflict: [set: [read: false, updated_at: NaiveDateTime.utc_now()]],
+      on_conflict: [set: [read: read, updated_at: NaiveDateTime.utc_now()]],
      returning: true,
      conflict_target: [:user_id, :conversation_id]
    )
--- a/lib/pleroma/emails/admin_email.ex
+++ b/lib/pleroma/emails/admin_email.ex
@ -29,7 +29,7 @@ def report(to, reporter, account, statuses, comment) do
      end
    statuses_html =
-      if length(statuses) > 0 do
+      if is_list(statuses) && length(statuses) > 0 do
        statuses_list_html =
          statuses
          |> Enum.map(fn
--- a/lib/pleroma/filter.ex
+++ b/lib/pleroma/filter.ex
@ -38,7 +38,8 @@ def get_filters(%User{id: user_id} = _user) do
    query =
      from(
        f in Pleroma.Filter,
-        where: f.user_id == ^user_id
+        where: f.user_id == ^user_id,
        order_by: [desc: :id]
      )
    Repo.all(query)
--- a/lib/pleroma/formatter.ex
+++ b/lib/pleroma/formatter.ex
@ -8,7 +8,7 @@ defmodule Pleroma.Formatter do
  alias Pleroma.User
  alias Pleroma.Web.MediaProxy
-  @safe_mention_regex ~r/^(\s*(?<mentions>@.+?\s+)+)(?<rest>.*)/
+  @safe_mention_regex ~r/^(\s*(?<mentions>(@.+?\s+){1,})+)(?<rest>.*)/s
  @link_regex ~r"((?:http(s)?:\/\/)?[\w.-]+(?:\.[\w\.-]+)+[\w\-\._~%:/?#[\]@!\$&'\(\)\*\+,;=.]+)|[0-9a-z+\-\.]+:[0-9a-z$-_.+!*'(),]+"ui
  @markdown_characters_regex ~r/(`|\*|_|{|}|[|]|\(|\)|#|\+|-|\.|!)/
--- a/lib/pleroma/gopher/server.ex
+++ b/lib/pleroma/gopher/server.ex
@ -77,13 +77,13 @@ def render_activities(activities) do
      user = User.get_cached_by_ap_id(activity.data["actor"])
      object = Object.normalize(activity)
-      like_count = object["like_count"] || 0
+      like_count = object.data["like_count"] || 0
-      announcement_count = object["announcement_count"] || 0
+      announcement_count = object.data["announcement_count"] || 0
      link("Post ##{activity.id} by #{user.nickname}", "/notices/#{activity.id}") <>
        info("#{like_count} likes, #{announcement_count} repeats") <>
        "i\tfake\t(NULL)\t0\r\n" <>
-        info(HTML.strip_tags(String.replace(object["content"], "<br>", "\r")))
+        info(HTML.strip_tags(String.replace(object.data["content"], "<br>", "\r")))
    end)
    |> Enum.join("i\tfake\t(NULL)\t0\r\n")
  end
--- a/lib/pleroma/http/connection.ex
+++ b/lib/pleroma/http/connection.ex
@ -8,7 +8,7 @@ defmodule Pleroma.HTTP.Connection do
  """
  @hackney_options [
-    connect_timeout: 2_000,
+    connect_timeout: 10_000,
    recv_timeout: 20_000,
    follow_redirect: true,
    pool: :federation
@ -32,9 +32,11 @@ def new(opts \\ []) do
  defp hackney_options(opts) do
    options = Keyword.get(opts, :adapter, [])
    adapter_options = Pleroma.Config.get([:http, :adapter], [])
    proxy_url = Pleroma.Config.get([:http, :proxy_url], nil)
    @hackney_options
    |> Keyword.merge(adapter_options)
    |> Keyword.merge(options)
    |> Keyword.merge(proxy: proxy_url)
  end
 end
--- a/lib/pleroma/http/request_builder.ex
+++ b/lib/pleroma/http/request_builder.ex
@ -45,8 +45,15 @@ def url(request, u) do
  Add headers to the request
  """
  @spec headers(map(), list(tuple)) :: map()
-  def headers(request, h) do
+  def headers(request, header_list) do
-    Map.put_new(request, :headers, h)
+    header_list =
      if Pleroma.Config.get([:http, :send_user_agent]) do
        header_list ++ [{"User-Agent", Pleroma.Application.user_agent()}]
      else
        header_list
      end
    Map.put_new(request, :headers, header_list)
  end
  @doc """
--- a/lib/pleroma/keys.ex
+++ b/lib/pleroma/keys.ex
@ -0,0 +1,44 @@
 # Pleroma: A lightweight social networking server
 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Keys do
  # Native generation of RSA keys is only available since OTP 20+ and in default build conditions
  # We try at compile time to generate natively an RSA key otherwise we fallback on the old way.
  try do
    _ = :public_key.generate_key({:rsa, 2048, 65_537})
    def generate_rsa_pem do
      key = :public_key.generate_key({:rsa, 2048, 65_537})
      entry = :public_key.pem_entry_encode(:RSAPrivateKey, key)
      pem = :public_key.pem_encode([entry]) |> String.trim_trailing()
      {:ok, pem}
    end
  rescue
    _ ->
      def generate_rsa_pem do
        port = Port.open({:spawn, "openssl genrsa"}, [:binary])
        {:ok, pem} =
          receive do
            {^port, {:data, pem}} -> {:ok, pem}
          end
        Port.close(port)
        if Regex.match?(~r/RSA PRIVATE KEY/, pem) do
          {:ok, pem}
        else
          :error
        end
      end
  end
  def keys_from_pem(pem) do
    [private_key_code] = :public_key.pem_decode(pem)
    private_key = :public_key.pem_entry_decode(private_key_code)
    {:RSAPrivateKey, _, modulus, exponent, _, _, _, _, _, _, _} = private_key
    public_key = {:RSAPublicKey, modulus, exponent}
    {:ok, private_key, public_key}
  end
 end
--- a/lib/pleroma/notification.ex
+++ b/lib/pleroma/notification.ex
@ -35,6 +35,13 @@ def changeset(%Notification{} = notification, attrs) do
  def for_user_query(user) do
    Notification
    |> where(user_id: ^user.id)
    |> where(
      [n, a],
      fragment(
        "? not in (SELECT ap_id FROM users WHERE info->'deactivated' @> 'true')",
        a.actor
      )
    )
    |> join(:inner, [n], activity in assoc(n, :activity))
    |> join(:left, [n, a], object in Object,
      on:
--- a/lib/pleroma/object.ex
+++ b/lib/pleroma/object.ex
@ -130,6 +130,13 @@ def delete(%Object{data: %{"id" => id}} = object) do
    end
  end
  def prune(%Object{data: %{"id" => id}} = object) do
    with {:ok, object} <- Repo.delete(object),
         {:ok, true} <- Cachex.del(:object_cache, "object:#{id}") do
      {:ok, object}
    end
  end
  def set_cache(%Object{data: %{"id" => ap_id}} = object) do
    Cachex.put(:object_cache, "object:#{ap_id}", object)
    {:ok, object}
--- a/lib/pleroma/object/fetcher.ex
+++ b/lib/pleroma/object/fetcher.ex
@ -1,4 +1,5 @@
 defmodule Pleroma.Object.Fetcher do
  alias Pleroma.HTTP
  alias Pleroma.Object
  alias Pleroma.Object.Containment
  alias Pleroma.Web.ActivityPub.Transmogrifier
@ -6,7 +7,18 @@ defmodule Pleroma.Object.Fetcher do
  require Logger
-  @httpoison Application.get_env(:pleroma, :httpoison)
+  defp reinject_object(data) do
    Logger.debug("Reinjecting object #{data["id"]}")
    with data <- Transmogrifier.fix_object(data),
         {:ok, object} <- Object.create(data) do
      {:ok, object}
    else
      e ->
        Logger.error("Error while processing object: #{inspect(e)}")
        {:error, e}
    end
  end
  # TODO:
  # This will create a Create activity, which we need internally at the moment.
@ -26,12 +38,17 @@ def fetch_object_from_id(id) do
             "object" => data
           },
           :ok <- Containment.contain_origin(id, params),
-           {:ok, activity} <- Transmogrifier.handle_incoming(params) do
+           {:ok, activity} <- Transmogrifier.handle_incoming(params),
-        {:ok, Object.normalize(activity, false)}
+           {:object, _data, %Object{} = object} <-
             {:object, data, Object.normalize(activity, false)} do
        {:ok, object}
      else
        {:error, {:reject, nil}} ->
          {:reject, nil}
        {:object, data, nil} ->
          reinject_object(data)
        object = %Object{} ->
          {:ok, object}
@ -60,7 +77,7 @@ def fetch_and_contain_remote_object_from_id(id) do
    with true <- String.starts_with?(id, "http"),
         {:ok, %{body: body, status: code}} when code in 200..299 <-
-           @httpoison.get(
+           HTTP.get(
             id,
             [{:Accept, "application/activity+json"}]
           ),
--- a/lib/pleroma/plugs/ensure_public_or_authenticated_plug.ex
+++ b/lib/pleroma/plugs/ensure_public_or_authenticated_plug.ex
@ -0,0 +1,31 @@
 # Pleroma: A lightweight social networking server
 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug do
  import Plug.Conn
  alias Pleroma.Config
  alias Pleroma.User
  def init(options) do
    options
  end
  def call(conn, _) do
    public? = Config.get!([:instance, :public])
    case {public?, conn} do
      {true, _} ->
        conn
      {false, %{assigns: %{user: %User{}}}} ->
        conn
      {false, _} ->
        conn
        |> put_resp_content_type("application/json")
        |> send_resp(403, Jason.encode!(%{error: "This resource requires authentication."}))
        |> halt
    end
  end
 end
--- a/lib/pleroma/plugs/http_security_plug.ex
+++ b/lib/pleroma/plugs/http_security_plug.ex
@ -20,8 +20,9 @@ def call(conn, _options) do
  defp headers do
    referrer_policy = Config.get([:http_security, :referrer_policy])
    report_uri = Config.get([:http_security, :report_uri])
-    [
+    headers = [
      {"x-xss-protection", "1; mode=block"},
      {"x-permitted-cross-domain-policies", "none"},
      {"x-frame-options", "DENY"},
@ -30,12 +31,27 @@ defp headers do
      {"x-download-options", "noopen"},
      {"content-security-policy", csp_string() <> ";"}
    ]
    if report_uri do
      report_group = %{
        "group" => "csp-endpoint",
        "max-age" => 10_886_400,
        "endpoints" => [
          %{"url" => report_uri}
        ]
      }
      headers ++ [{"reply-to", Jason.encode!(report_group)}]
    else
      headers
    end
  end
  defp csp_string do
    scheme = Config.get([Pleroma.Web.Endpoint, :url])[:scheme]
    static_url = Pleroma.Web.Endpoint.static_url()
    websocket_url = Pleroma.Web.Endpoint.websocket_url()
    report_uri = Config.get([:http_security, :report_uri])
    connect_src = "connect-src 'self' #{static_url} #{websocket_url}"
@ -53,7 +69,7 @@ defp csp_string do
        "script-src 'self'"
      end
-    [
+    main_part = [
      "default-src 'none'",
      "base-uri 'self'",
      "frame-ancestors 'none'",
@ -63,11 +79,14 @@ defp csp_string do
      "font-src 'self'",
      "manifest-src 'self'",
      connect_src,
-      script_src,
+      script_src
      if scheme == "https" do
        "upgrade-insecure-requests"
      end
    ]
    report = if report_uri, do: ["report-uri #{report_uri}; report-to csp-endpoint"], else: []
    insecure = if scheme == "https", do: ["upgrade-insecure-requests"], else: []
    (main_part ++ report ++ insecure)
    |> Enum.join("; ")
  end
--- a/lib/pleroma/plugs/http_signature.ex
+++ b/lib/pleroma/plugs/http_signature.ex
@ -4,7 +4,6 @@
 defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
  alias Pleroma.Web.ActivityPub.Utils
  alias Pleroma.Web.HTTPSignatures
  import Plug.Conn
  require Logger
--- a/lib/pleroma/plugs/oauth_plug.ex
+++ b/lib/pleroma/plugs/oauth_plug.ex
@ -8,6 +8,7 @@ defmodule Pleroma.Plugs.OAuthPlug do
  alias Pleroma.Repo
  alias Pleroma.User
  alias Pleroma.Web.OAuth.App
  alias Pleroma.Web.OAuth.Token
  @realm_reg Regex.compile!("Bearer\:?\s+(.*)$", "i")
@ -22,18 +23,39 @@ def call(%{params: %{"access_token" => access_token}} = conn, _) do
      |> assign(:token, token_record)
      |> assign(:user, user)
    else
-      _ -> conn
+      _ ->
        # token found, but maybe only with app
        with {:ok, app, token_record} <- fetch_app_and_token(access_token) do
          conn
          |> assign(:token, token_record)
          |> assign(:app, app)
        else
          _ -> conn
        end
    end
  end
  def call(conn, _) do
-    with {:ok, token_str} <- fetch_token_str(conn),
+    case fetch_token_str(conn) do
-         {:ok, user, token_record} <- fetch_user_and_token(token_str) do
+      {:ok, token} ->
-      conn
+        with {:ok, user, token_record} <- fetch_user_and_token(token) do
-      |> assign(:token, token_record)
+          conn
-      |> assign(:user, user)
+          |> assign(:token, token_record)
-    else
+          |> assign(:user, user)
-      _ -> conn
+        else
          _ ->
            # token found, but maybe only with app
            with {:ok, app, token_record} <- fetch_app_and_token(token) do
              conn
              |> assign(:token, token_record)
              |> assign(:app, app)
            else
              _ -> conn
            end
        end
      _ ->
        conn
    end
  end
@ -54,6 +76,16 @@ defp fetch_user_and_token(token) do
    end
  end
  @spec fetch_app_and_token(String.t()) :: {:ok, App.t(), Token.t()} | nil
  defp fetch_app_and_token(token) do
    query =
      from(t in Token, where: t.token == ^token, join: app in assoc(t, :app), preload: [app: app])
    with %Token{app: app} = token_record <- Repo.one(query) do
      {:ok, app, token_record}
    end
  end
  # Gets token from session by :oauth_token key
  #
  @spec fetch_token_from_session(Plug.Conn.t()) :: :no_token_found | {:ok, String.t()}
--- a/lib/pleroma/plugs/rate_limit_plug.ex
+++ b/lib/pleroma/plugs/rate_limit_plug.ex
@ -0,0 +1,36 @@
 # Pleroma: A lightweight social networking server
 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Plugs.RateLimitPlug do
  import Phoenix.Controller, only: [json: 2]
  import Plug.Conn
  def init(opts), do: opts
  def call(conn, opts) do
    enabled? = Pleroma.Config.get([:app_account_creation, :enabled])
    case check_rate(conn, Map.put(opts, :enabled, enabled?)) do
      {:ok, _count} -> conn
      {:error, _count} -> render_error(conn)
      %Plug.Conn{} = conn -> conn
    end
  end
  defp check_rate(conn, %{enabled: true} = opts) do
    max_requests = opts[:max_requests]
    bucket_name = conn.remote_ip |> Tuple.to_list() |> Enum.join(".")
    ExRated.check_rate(bucket_name, opts[:interval] * 1000, max_requests)
  end
  defp check_rate(conn, _), do: conn
  defp render_error(conn) do
    conn
    |> put_status(:forbidden)
    |> json(%{error: "Rate limit exceeded."})
    |> halt()
  end
 end
--- a/lib/pleroma/reverse_proxy.ex
+++ b/lib/pleroma/reverse_proxy.ex
@ -3,6 +3,8 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.ReverseProxy do
  alias Pleroma.HTTP
  @keep_req_headers ~w(accept user-agent accept-encoding cache-control if-modified-since) ++
                      ~w(if-unmodified-since if-none-match if-range range)
  @resp_cache_headers ~w(etag date last-modified cache-control)
@ -60,7 +62,6 @@ defmodule Pleroma.ReverseProxy do
  """
  @hackney Application.get_env(:pleroma, :hackney, :hackney)
  @httpoison Application.get_env(:pleroma, :httpoison, HTTPoison)
  @default_hackney_options []
@ -97,7 +98,7 @@ def call(conn = %{method: method}, url, opts) when method in @methods do
    hackney_opts =
      @default_hackney_options
      |> Keyword.merge(Keyword.get(opts, :http, []))
-      |> @httpoison.process_request_options()
+      |> HTTP.process_request_options()
    req_headers = build_req_headers(conn.req_headers, opts)
--- a/lib/pleroma/signature.ex
+++ b/lib/pleroma/signature.ex
@ -0,0 +1,40 @@
 # Pleroma: A lightweight social networking server
 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Signature do
  @behaviour HTTPSignatures.Adapter
  alias Pleroma.Keys
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.ActivityPub
  alias Pleroma.Web.ActivityPub.Utils
  def fetch_public_key(conn) do
    with actor_id <- Utils.get_ap_id(conn.params["actor"]),
         {:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do
      {:ok, public_key}
    else
      e ->
        {:error, e}
    end
  end
  def refetch_public_key(conn) do
    with actor_id <- Utils.get_ap_id(conn.params["actor"]),
         {:ok, _user} <- ActivityPub.make_user_from_ap_id(actor_id),
         {:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do
      {:ok, public_key}
    else
      e ->
        {:error, e}
    end
  end
  def sign(%User{} = user, headers) do
    with {:ok, %{info: %{keys: keys}}} <- User.ensure_keys_present(user),
         {:ok, private_key, _} <- Keys.keys_from_pem(keys) do
      HTTPSignatures.sign(private_key, user.ap_id <> "#main-key", headers)
    end
  end
 end
--- a/lib/pleroma/uploaders/mdii.ex
+++ b/lib/pleroma/uploaders/mdii.ex
@ -4,11 +4,10 @@
 defmodule Pleroma.Uploaders.MDII do
  alias Pleroma.Config
  alias Pleroma.HTTP
  @behaviour Pleroma.Uploaders.Uploader
  @httpoison Application.get_env(:pleroma, :httpoison)
  # MDII-hosted images are never passed through the MediaPlug; only local media.
  # Delegate to Pleroma.Uploaders.Local
  def get_file(file) do
@ -25,7 +24,7 @@ def put_file(upload) do
    query = "#{cgi}?#{extension}"
    with {:ok, %{status: 200, body: body}} <-
-           @httpoison.post(query, file_data, [], adapter: [pool: :default]) do
+           HTTP.post(query, file_data, [], adapter: [pool: :default]) do
      remote_file_name = String.split(body) |> List.first()
      public_url = "#{files}/#{remote_file_name}.#{extension}"
      {:ok, {:url, public_url}}
--- a/lib/pleroma/uploaders/swift/keystone.ex
+++ b/lib/pleroma/uploaders/swift/keystone.ex
@ -14,7 +14,7 @@ def process_url(url) do
  def process_response_body(body) do
    body
-    |> Poison.decode!()
+    |> Jason.decode!()
  end
  def get_token do
@ -38,7 +38,7 @@ def get_token do
  end
  def make_auth_body(username, password, tenant) do
-    Poison.encode!(%{
+    Jason.encode!(%{
      :auth => %{
        :passwordCredentials => %{
          :username => username,
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@ -10,6 +10,7 @@ defmodule Pleroma.User do
  alias Comeonin.Pbkdf2
  alias Pleroma.Activity
  alias Pleroma.Keys
  alias Pleroma.Notification
  alias Pleroma.Object
  alias Pleroma.Registration
@ -56,7 +57,7 @@ defmodule Pleroma.User do
    field(:last_digest_emailed_at, :naive_datetime)
    has_many(:notifications, Notification)
    has_many(:registrations, Registration)
-    embeds_one(:info, Pleroma.User.Info)
+    embeds_one(:info, User.Info)
    timestamps()
  end
@ -106,10 +107,8 @@ def ap_followers(%User{follower_address: fa}) when is_binary(fa), do: fa
  def ap_followers(%User{} = user), do: "#{ap_id(user)}/followers"
  def user_info(%User{} = user) do
    oneself = if user.local, do: 1, else: 0
    %{
-      following_count: length(user.following) - oneself,
+      following_count: following_count(user),
      note_count: user.info.note_count,
      follower_count: user.info.follower_count,
      locked: user.info.locked,
@ -118,6 +117,20 @@ def user_info(%User{} = user) do
    }
  end
  def restrict_deactivated(query) do
    from(u in query,
      where: not fragment("? \\? 'deactivated' AND ?->'deactivated' @> 'true'", u.info, u.info)
    )
  end
  def following_count(%User{following: []}), do: 0
  def following_count(%User{} = user) do
    user
    |> get_friends_query()
    |> Repo.aggregate(:count, :id)
  end
  def remote_user_creation(params) do
    params =
      params
@ -155,7 +168,7 @@ def remote_user_creation(params) do
  def update_changeset(struct, params \\ %{}) do
    struct
-    |> cast(params, [:bio, :name, :avatar])
+    |> cast(params, [:bio, :name, :avatar, :following])
    |> unique_constraint(:nickname)
    |> validate_format(:nickname, local_nickname_regex())
    |> validate_length(:bio, max: 5000)
@ -205,14 +218,15 @@ def reset_password(user, data) do
  end
  def register_changeset(struct, params \\ %{}, opts \\ []) do
-    confirmation_status =
+    need_confirmation? =
-      if opts[:confirmed] || !Pleroma.Config.get([:instance, :account_activation_required]) do
+      if is_nil(opts[:need_confirmation]) do
-        :confirmed
+        Pleroma.Config.get([:instance, :account_activation_required])
      else
-        :unconfirmed
+        opts[:need_confirmation]
      end
-    info_change = User.Info.confirmation_changeset(%User.Info{}, confirmation_status)
+    info_change =
      User.Info.confirmation_changeset(%User.Info{}, need_confirmation: need_confirmation?)
    changeset =
      struct
@ -221,7 +235,7 @@ def register_changeset(struct, params \\ %{}, opts \\ []) do
      |> validate_confirmation(:password)
      |> unique_constraint(:email)
      |> unique_constraint(:nickname)
-      |> validate_exclusion(:nickname, Pleroma.Config.get([Pleroma.User, :restricted_nicknames]))
+      |> validate_exclusion(:nickname, Pleroma.Config.get([User, :restricted_nicknames]))
      |> validate_format(:nickname, local_nickname_regex())
      |> validate_format(:email, @email_regex)
      |> validate_length(:bio, max: 1000)
@ -255,7 +269,7 @@ defp autofollow_users(user) do
    candidates = Pleroma.Config.get([:instance, :autofollowed_nicknames])
    autofollowed_users =
-      User.Query.build(%{nickname: candidates, local: true})
+      User.Query.build(%{nickname: candidates, local: true, deactivated: false})
      |> Repo.all()
    follow_all(user, autofollowed_users)
@ -266,7 +280,7 @@ def register(%Ecto.Changeset{} = changeset) do
    with {:ok, user} <- Repo.insert(changeset),
         {:ok, user} <- autofollow_users(user),
         {:ok, user} <- set_cache(user),
-         {:ok, _} <- Pleroma.User.WelcomeMessage.post_welcome_message_to_user(user),
+         {:ok, _} <- User.WelcomeMessage.post_welcome_message_to_user(user),
         {:ok, _} <- try_send_confirmation_email(user) do
      {:ok, user}
    end
@ -413,24 +427,6 @@ def following?(%User{} = follower, %User{} = followed) do
    Enum.member?(follower.following, followed.follower_address)
  end
  def follow_import(%User{} = follower, followed_identifiers)
      when is_list(followed_identifiers) do
    Enum.map(
      followed_identifiers,
      fn followed_identifier ->
        with {:ok, %User{} = followed} <- get_or_fetch(followed_identifier),
             {:ok, follower} <- maybe_direct_follow(follower, followed),
             {:ok, _} <- ActivityPub.follow(follower, followed) do
          followed
        else
          err ->
            Logger.debug("follow_import failed for #{followed_identifier} with: #{inspect(err)}")
            err
        end
      end
    )
  end
  def locked?(%User{} = user) do
    user.info.locked || false
  end
@ -552,8 +548,7 @@ def get_or_fetch_by_nickname(nickname) do
        with [_nick, _domain] <- String.split(nickname, "@"),
             {:ok, user} <- fetch_by_nickname(nickname) do
          if Pleroma.Config.get([:fetch_initial_posts, :enabled]) do
-            # TODO turn into job
+            fetch_initial_posts(user)
            {:ok, _} = Task.start(__MODULE__, :fetch_initial_posts, [user])
          end
          {:ok, user}
@ -564,19 +559,12 @@ def get_or_fetch_by_nickname(nickname) do
  end
  @doc "Fetch some posts when the user has just been federated with"
-  def fetch_initial_posts(user) do
+  def fetch_initial_posts(user),
-    pages = Pleroma.Config.get!([:fetch_initial_posts, :pages])
+    do: PleromaJobQueue.enqueue(:background, __MODULE__, [:fetch_initial_posts, user])
    Enum.each(
      # Insert all the posts in reverse order, so they're in the right order on the timeline
      Enum.reverse(Utils.fetch_ordered_collection(user.info.source_data["outbox"], pages)),
      &Pleroma.Web.Federator.incoming_ap_doc/1
    )
  end
  @spec get_followers_query(User.t(), pos_integer() | nil) :: Ecto.Query.t()
  def get_followers_query(%User{} = user, nil) do
-    User.Query.build(%{followers: user})
+    User.Query.build(%{followers: user, deactivated: false})
  end
  def get_followers_query(user, page) do
@ -601,7 +589,7 @@ def get_followers_ids(user, page \\ nil) do
  @spec get_friends_query(User.t(), pos_integer() | nil) :: Ecto.Query.t()
  def get_friends_query(%User{} = user, nil) do
-    User.Query.build(%{friends: user})
+    User.Query.build(%{friends: user, deactivated: false})
  end
  def get_friends_query(user, page) do
@ -691,16 +679,16 @@ def update_note_count(%User{} = user) do
    info_cng = User.Info.set_note_count(user.info, note_count)
-    cng =
+    user
-      change(user)
+    |> change()
-      |> put_embed(:info, info_cng)
+    |> put_embed(:info, info_cng)
-
+    |> update_and_set_cache()
    update_and_set_cache(cng)
  end
  def update_follower_count(%User{} = user) do
    follower_count_query =
-      User.Query.build(%{followers: user}) |> select([u], %{count: count(u.id)})
+      User.Query.build(%{followers: user, deactivated: false})
      |> select([u], %{count: count(u.id)})
    User
    |> where(id: ^user.id)
@ -723,9 +711,21 @@ def update_follower_count(%User{} = user) do
    end
  end
  def remove_duplicated_following(%User{following: following} = user) do
    uniq_following = Enum.uniq(following)
    if length(following) == length(uniq_following) do
      {:ok, user}
    else
      user
      |> update_changeset(%{following: uniq_following})
      |> update_and_set_cache()
    end
  end
  @spec get_users_from_set([String.t()], boolean()) :: [User.t()]
  def get_users_from_set(ap_ids, local_only \\ true) do
-    criteria = %{ap_id: ap_ids}
+    criteria = %{ap_id: ap_ids, deactivated: false}
    criteria = if local_only, do: Map.put(criteria, :local, true), else: criteria
    User.Query.build(criteria)
@ -734,7 +734,7 @@ def get_users_from_set(ap_ids, local_only \\ true) do
  @spec get_recipients_from_activity(Activity.t()) :: [User.t()]
  def get_recipients_from_activity(%Activity{recipients: to}) do
-    User.Query.build(%{recipients_from_activity: to, local: true})
+    User.Query.build(%{recipients_from_activity: to, local: true, deactivated: false})
    |> Repo.all()
  end
@ -832,6 +832,7 @@ defp fts_search_subquery(term, query \\ User) do
          ^processed_query
        )
    )
    |> restrict_deactivated()
  end
  defp trigram_search_subquery(term) do
@ -850,23 +851,7 @@ defp trigram_search_subquery(term) do
      },
      where: fragment("trim(? || ' ' || coalesce(?, '')) % ?", u.nickname, u.name, ^term)
    )
-  end
+    |> restrict_deactivated()
  def blocks_import(%User{} = blocker, blocked_identifiers) when is_list(blocked_identifiers) do
    Enum.map(
      blocked_identifiers,
      fn blocked_identifier ->
        with {:ok, %User{} = blocked} <- get_or_fetch(blocked_identifier),
             {:ok, blocker} <- block(blocker, blocked),
             {:ok, _} <- ActivityPub.block(blocker, blocked) do
          blocked
        else
          err ->
            Logger.debug("blocks_import failed for #{blocked_identifier} with: #{inspect(err)}")
            err
        end
      end
    )
  end
  def mute(muter, %User{ap_id: ap_id}) do
@ -999,19 +984,19 @@ def subscribed_to?(user, %{ap_id: ap_id}) do
  @spec muted_users(User.t()) :: [User.t()]
  def muted_users(user) do
-    User.Query.build(%{ap_id: user.info.mutes})
+    User.Query.build(%{ap_id: user.info.mutes, deactivated: false})
    |> Repo.all()
  end
  @spec blocked_users(User.t()) :: [User.t()]
  def blocked_users(user) do
-    User.Query.build(%{ap_id: user.info.blocks})
+    User.Query.build(%{ap_id: user.info.blocks, deactivated: false})
    |> Repo.all()
  end
  @spec subscribers(User.t()) :: [User.t()]
  def subscribers(user) do
-    User.Query.build(%{ap_id: user.info.subscribers})
+    User.Query.build(%{ap_id: user.info.subscribers, deactivated: false})
    |> Repo.all()
  end
@ -1039,14 +1024,25 @@ def unblock_domain(user, domain) do
    update_and_set_cache(cng)
  end
  def deactivate_async(user, status \\ true) do
    PleromaJobQueue.enqueue(:background, __MODULE__, [:deactivate_async, user, status])
  end
  def deactivate(%User{} = user, status \\ true) do
    info_cng = User.Info.set_activation_status(user.info, status)
-    cng =
+    with {:ok, friends} <- User.get_friends(user),
-      change(user)
+         {:ok, followers} <- User.get_followers(user),
-      |> put_embed(:info, info_cng)
+         {:ok, user} <-
           user
           |> change()
           |> put_embed(:info, info_cng)
           |> update_and_set_cache() do
      Enum.each(followers, &invalidate_cache(&1))
      Enum.each(friends, &update_follower_count(&1))
-    update_and_set_cache(cng)
+      {:ok, user}
    end
  end
  def update_notification_settings(%User{} = user, settings \\ %{}) do
@ -1077,11 +1073,79 @@ def perform(:delete, %User{} = user) do
    delete_user_activities(user)
  end
  @spec perform(atom(), User.t()) :: {:ok, User.t()}
  def perform(:fetch_initial_posts, %User{} = user) do
    pages = Pleroma.Config.get!([:fetch_initial_posts, :pages])
    Enum.each(
      # Insert all the posts in reverse order, so they're in the right order on the timeline
      Enum.reverse(Utils.fetch_ordered_collection(user.info.source_data["outbox"], pages)),
      &Pleroma.Web.Federator.incoming_ap_doc/1
    )
    {:ok, user}
  end
  def perform(:deactivate_async, user, status), do: deactivate(user, status)
  @spec perform(atom(), User.t(), list()) :: list() | {:error, any()}
  def perform(:blocks_import, %User{} = blocker, blocked_identifiers)
      when is_list(blocked_identifiers) do
    Enum.map(
      blocked_identifiers,
      fn blocked_identifier ->
        with {:ok, %User{} = blocked} <- get_or_fetch(blocked_identifier),
             {:ok, blocker} <- block(blocker, blocked),
             {:ok, _} <- ActivityPub.block(blocker, blocked) do
          blocked
        else
          err ->
            Logger.debug("blocks_import failed for #{blocked_identifier} with: #{inspect(err)}")
            err
        end
      end
    )
  end
  @spec perform(atom(), User.t(), list()) :: list() | {:error, any()}
  def perform(:follow_import, %User{} = follower, followed_identifiers)
      when is_list(followed_identifiers) do
    Enum.map(
      followed_identifiers,
      fn followed_identifier ->
        with {:ok, %User{} = followed} <- get_or_fetch(followed_identifier),
             {:ok, follower} <- maybe_direct_follow(follower, followed),
             {:ok, _} <- ActivityPub.follow(follower, followed) do
          followed
        else
          err ->
            Logger.debug("follow_import failed for #{followed_identifier} with: #{inspect(err)}")
            err
        end
      end
    )
  end
  def blocks_import(%User{} = blocker, blocked_identifiers) when is_list(blocked_identifiers),
    do:
      PleromaJobQueue.enqueue(:background, __MODULE__, [
        :blocks_import,
        blocker,
        blocked_identifiers
      ])
  def follow_import(%User{} = follower, followed_identifiers) when is_list(followed_identifiers),
    do:
      PleromaJobQueue.enqueue(:background, __MODULE__, [
        :follow_import,
        follower,
        followed_identifiers
      ])
  def delete_user_activities(%User{ap_id: ap_id} = user) do
    stream =
      ap_id
      |> Activity.query_by_actor()
      |> Activity.with_preloaded_object()
      |> Repo.stream()
    Repo.transaction(fn -> Enum.each(stream, &delete_activity(&1)) end, timeout: :infinity)
@ -1130,8 +1194,8 @@ def get_or_fetch_by_ap_id(ap_id) do
      resp = fetch_by_ap_id(ap_id)
      if should_fetch_initial do
-        with {:ok, %User{} = user} = resp do
+        with {:ok, %User{} = user} <- resp do
-          {:ok, _} = Task.start(__MODULE__, :fetch_initial_posts, [user])
+          fetch_initial_posts(user)
        end
      end
@ -1320,7 +1384,7 @@ def error_user(ap_id) do
  @spec all_superusers() :: [User.t()]
  def all_superusers do
-    User.Query.build(%{super_users: true, local: true})
+    User.Query.build(%{super_users: true, local: true, deactivated: false})
    |> Repo.all()
  end
@ -1401,4 +1465,57 @@ def touch_last_digest_emailed_at(user) do
    updated_user
  end
  @spec toggle_confirmation(User.t()) :: {:ok, User.t()} | {:error, Changeset.t()}
  def toggle_confirmation(%User{} = user) do
    need_confirmation? = !user.info.confirmation_pending
    info_changeset =
      User.Info.confirmation_changeset(user.info, need_confirmation: need_confirmation?)
    user
    |> change()
    |> put_embed(:info, info_changeset)
    |> update_and_set_cache()
  end
  def get_mascot(%{info: %{mascot: %{} = mascot}}) when not is_nil(mascot) do
    mascot
  end
  def get_mascot(%{info: %{mascot: mascot}}) when is_nil(mascot) do
    # use instance-default
    config = Pleroma.Config.get([:assets, :mascots])
    default_mascot = Pleroma.Config.get([:assets, :default_mascot])
    mascot = Keyword.get(config, default_mascot)
    %{
      "id" => "default-mascot",
      "url" => mascot[:url],
      "preview_url" => mascot[:url],
      "pleroma" => %{
        "mime_type" => mascot[:mime_type]
      }
    }
  end
  def ensure_keys_present(user) do
    info = user.info
    if info.keys do
      {:ok, user}
    else
      {:ok, pem} = Keys.generate_rsa_pem()
      info_cng =
        info
        |> User.Info.set_keys(pem)
      cng =
        Ecto.Changeset.change(user)
        |> Ecto.Changeset.put_embed(:info, info_cng)
      update_and_set_cache(cng)
    end
  end
 end
--- a/lib/pleroma/user/info.ex
+++ b/lib/pleroma/user/info.ex
@ -44,6 +44,7 @@ defmodule Pleroma.User.Info do
    field(:pinned_activities, {:array, :string}, default: [])
    field(:flavour, :string, default: nil)
    field(:email_notifications, :map, default: %{"digest" => false})
    field(:mascot, :map, default: nil)
    field(:emoji, {:array, :map}, default: [])
    field(:notification_settings, :map,
@ -237,21 +238,23 @@ def profile_update(info, params) do
    ])
  end
-  def confirmation_changeset(info, :confirmed) do
+  @spec confirmation_changeset(Info.t(), keyword()) :: Changeset.t()
-    confirmation_changeset(info, %{
+  def confirmation_changeset(info, opts) do
-      confirmation_pending: false,
+    need_confirmation? = Keyword.get(opts, :need_confirmation)
      confirmation_token: nil
    })
  end
-  def confirmation_changeset(info, :unconfirmed) do
+    params =
-    confirmation_changeset(info, %{
+      if need_confirmation? do
-      confirmation_pending: true,
+        %{
-      confirmation_token: :crypto.strong_rand_bytes(32) |> Base.url_encode64()
+          confirmation_pending: true,
-    })
+          confirmation_token: :crypto.strong_rand_bytes(32) |> Base.url_encode64()
-  end
+        }
      else
        %{
          confirmation_pending: false,
          confirmation_token: nil
        }
      end
  def confirmation_changeset(info, params) do
    cast(info, params, [:confirmation_pending, :confirmation_token])
  end
@ -271,6 +274,14 @@ def mastodon_flavour_update(info, flavour) do
    |> validate_required([:flavour])
  end
  def mascot_update(info, url) do
    params = %{mascot: url}
    info
    |> cast(params, [:mascot])
    |> validate_required([:mascot])
  end
  def set_source_data(info, source_data) do
    params = %{source_data: source_data}
--- a/lib/pleroma/user/query.ex
+++ b/lib/pleroma/user/query.ex
@ -118,7 +118,11 @@ defp compose_query({:active, _}, query) do
    |> where([u], not is_nil(u.nickname))
  end
-  defp compose_query({:deactivated, _}, query) do
+  defp compose_query({:deactivated, false}, query) do
    User.restrict_deactivated(query)
  end
  defp compose_query({:deactivated, true}, query) do
    where(query, [u], fragment("?->'deactivated' @> 'true'", u.info))
    |> where([u], not is_nil(u.nickname))
  end
--- a/lib/pleroma/web/activity_pub/activity_pub.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub.ex
@ -5,7 +5,6 @@
 defmodule Pleroma.Web.ActivityPub.ActivityPub do
  alias Pleroma.Activity
  alias Pleroma.Conversation
  alias Pleroma.Instances
  alias Pleroma.Notification
  alias Pleroma.Object
  alias Pleroma.Object.Fetcher
@ -15,7 +14,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.MRF
  alias Pleroma.Web.ActivityPub.Transmogrifier
  alias Pleroma.Web.Federator
  alias Pleroma.Web.WebFinger
  import Ecto.Query
@ -24,8 +22,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
  require Logger
  @httpoison Application.get_env(:pleroma, :httpoison)
  # For Announce activities, we filter the recipients based on following status for any actors
  # that match actual users.  See issue #164 for more information about why this is necessary.
  defp get_recipients(%{"type" => "Announce"} = data) do
@ -137,9 +133,7 @@ def insert(map, local \\ true, fake \\ false) when is_map(map) do
          activity
        end
-      Task.start(fn ->
+      PleromaJobQueue.enqueue(:background, Pleroma.Web.RichMedia.Helpers, [:fetch, activity])
        Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity)
      end)
      Notification.create_notifications(activity)
@ -546,8 +540,6 @@ defp restrict_visibility(query, %{visibility: visibility})
            )
        )
      Ecto.Adapters.SQL.to_sql(:all, Repo, query)
      query
    else
      Logger.error("Could not restrict visibility to #{visibility}")
@ -563,8 +555,6 @@ defp restrict_visibility(query, %{visibility: visibility})
          fragment("activity_visibility(?, ?, ?) = ?", a.actor, a.recipients, a.data, ^visibility)
      )
    Ecto.Adapters.SQL.to_sql(:all, Repo, query)
    query
  end
@ -575,6 +565,18 @@ defp restrict_visibility(_query, %{visibility: visibility})
  defp restrict_visibility(query, _visibility), do: query
  defp restrict_thread_visibility(query, %{"user" => %User{ap_id: ap_id}}) do
    query =
      from(
        a in query,
        where: fragment("thread_visibility(?, (?)->>'id') = true", ^ap_id, a.data)
      )
    query
  end
  defp restrict_thread_visibility(query, _), do: query
  def fetch_user_activities(user, reading_user, params \\ %{}) do
    params =
      params
@ -701,6 +703,12 @@ defp restrict_type(query, %{"type" => type}) do
  defp restrict_type(query, _), do: query
  defp restrict_state(query, %{"state" => state}) do
    from(activity in query, where: fragment("?->>'state' = ?", activity.data, ^state))
  end
  defp restrict_state(query, _), do: query
  defp restrict_favorited_by(query, %{"favorited_by" => ap_id}) do
    from(
      activity in query,
@ -756,8 +764,11 @@ defp restrict_blocked(query, %{"blocking_user" => %User{info: info}}) do
    blocks = info.blocks || []
    domain_blocks = info.domain_blocks || []
    query =
      if has_named_binding?(query, :object), do: query, else: Activity.with_joined_object(query)
    from(
-      activity in query,
+      [activity, object: o] in query,
      where: fragment("not (? = ANY(?))", activity.actor, ^blocks),
      where: fragment("not (? && ?)", activity.recipients, ^blocks),
      where:
@ -767,7 +778,8 @@ defp restrict_blocked(query, %{"blocking_user" => %User{info: info}}) do
          activity.data,
          ^blocks
        ),
-      where: fragment("not (split_part(?, '/', 3) = ANY(?))", activity.actor, ^domain_blocks)
+      where: fragment("not (split_part(?, '/', 3) = ANY(?))", activity.actor, ^domain_blocks),
      where: fragment("not (split_part(?->>'actor', '/', 3) = ANY(?))", o.data, ^domain_blocks)
    )
  end
@ -822,6 +834,13 @@ defp maybe_preload_bookmarks(query, opts) do
    |> Activity.with_preloaded_bookmark(opts["user"])
  end
  defp maybe_set_thread_muted_field(query, %{"skip_preload" => true}), do: query
  defp maybe_set_thread_muted_field(query, opts) do
    query
    |> Activity.with_set_thread_muted_field(opts["user"])
  end
  defp maybe_order(query, %{order: :desc}) do
    query
    |> order_by(desc: :id)
@ -840,6 +859,7 @@ def fetch_activities_query(recipients, opts \\ %{}) do
    base_query
    |> maybe_preload_objects(opts)
    |> maybe_preload_bookmarks(opts)
    |> maybe_set_thread_muted_field(opts)
    |> maybe_order(opts)
    |> restrict_recipients(recipients, opts["user"])
    |> restrict_tag(opts)
@ -849,15 +869,18 @@ def fetch_activities_query(recipients, opts \\ %{}) do
    |> restrict_local(opts)
    |> restrict_actor(opts)
    |> restrict_type(opts)
    |> restrict_state(opts)
    |> restrict_favorited_by(opts)
    |> restrict_blocked(opts)
    |> restrict_muted(opts)
    |> restrict_media(opts)
    |> restrict_visibility(opts)
    |> restrict_thread_visibility(opts)
    |> restrict_replies(opts)
    |> restrict_reblogs(opts)
    |> restrict_pinned(opts)
    |> restrict_muted_reblogs(opts)
    |> Activity.restrict_deactivated_users()
  end
  def fetch_activities(recipients, opts \\ %{}) do
@ -886,7 +909,7 @@ def upload(file, opts \\ []) do
    end
  end
-  def user_data_from_user_object(data) do
+  defp object_to_user_data(data) do
    avatar =
      data["icon"]["url"] &&
        %{
@ -933,9 +956,19 @@ def user_data_from_user_object(data) do
    {:ok, user_data}
  end
  def user_data_from_user_object(data) do
    with {:ok, data} <- MRF.filter(data),
         {:ok, data} <- object_to_user_data(data) do
      {:ok, data}
    else
      e -> {:error, e}
    end
  end
  def fetch_and_prepare_user_from_ap_id(ap_id) do
-    with {:ok, data} <- Fetcher.fetch_and_contain_remote_object_from_id(ap_id) do
+    with {:ok, data} <- Fetcher.fetch_and_contain_remote_object_from_id(ap_id),
-      user_data_from_user_object(data)
+         {:ok, data} <- user_data_from_user_object(data) do
      {:ok, data}
    else
      e -> Logger.error("Could not decode user at fetch #{ap_id}, #{inspect(e)}")
    end
@ -961,89 +994,6 @@ def make_user_from_nickname(nickname) do
    end
  end
  def should_federate?(inbox, public) do
    if public do
      true
    else
      inbox_info = URI.parse(inbox)
      !Enum.member?(Pleroma.Config.get([:instance, :quarantined_instances], []), inbox_info.host)
    end
  end
  def publish(actor, activity) do
    remote_followers =
      if actor.follower_address in activity.recipients do
        {:ok, followers} = User.get_followers(actor)
        followers |> Enum.filter(&(!&1.local))
      else
        []
      end
    public = is_public?(activity)
    {:ok, data} = Transmogrifier.prepare_outgoing(activity.data)
    json = Jason.encode!(data)
    (Pleroma.Web.Salmon.remote_users(activity) ++ remote_followers)
    |> Enum.filter(fn user -> User.ap_enabled?(user) end)
    |> Enum.map(fn %{info: %{source_data: data}} ->
      (is_map(data["endpoints"]) && Map.get(data["endpoints"], "sharedInbox")) || data["inbox"]
    end)
    |> Enum.uniq()
    |> Enum.filter(fn inbox -> should_federate?(inbox, public) end)
    |> Instances.filter_reachable()
    |> Enum.each(fn {inbox, unreachable_since} ->
      Federator.publish_single_ap(%{
        inbox: inbox,
        json: json,
        actor: actor,
        id: activity.data["id"],
        unreachable_since: unreachable_since
      })
    end)
  end
  def publish_one(%{inbox: inbox, json: json, actor: actor, id: id} = params) do
    Logger.info("Federating #{id} to #{inbox}")
    host = URI.parse(inbox).host
    digest = "SHA-256=" <> (:crypto.hash(:sha256, json) |> Base.encode64())
    date =
      NaiveDateTime.utc_now()
      |> Timex.format!("{WDshort}, {0D} {Mshort} {YYYY} {h24}:{m}:{s} GMT")
    signature =
      Pleroma.Web.HTTPSignatures.sign(actor, %{
        host: host,
        "content-length": byte_size(json),
        digest: digest,
        date: date
      })
    with {:ok, %{status: code}} when code in 200..299 <-
           result =
             @httpoison.post(
               inbox,
               json,
               [
                 {"Content-Type", "application/activity+json"},
                 {"Date", date},
                 {"signature", signature},
                 {"digest", digest}
               ]
             ) do
      if !Map.has_key?(params, :unreachable_since) || params[:unreachable_since],
        do: Instances.set_reachable(inbox)
      result
    else
      {_post_result, response} ->
        unless params[:unreachable_since], do: Instances.set_unreachable(inbox)
        {:error, response}
    end
  end
  # filter out broken threads
  def contain_broken_threads(%Activity{} = activity, %User{} = user) do
    entire_thread_visible_for_user?(activity, user)
@ -1054,11 +1004,10 @@ def contain_activity(%Activity{} = activity, %User{} = user) do
    contain_broken_threads(activity, user)
  end
-  # do post-processing on a timeline
+  def fetch_direct_messages_query do
-  def contain_timeline(timeline, user) do
+    Activity
-    timeline
+    |> restrict_type(%{"type" => "Create"})
-    |> Enum.filter(fn activity ->
+    |> restrict_visibility(%{visibility: "direct"})
-      contain_activity(activity, user)
+    |> order_by([activity], asc: activity.id)
    end)
  end
 end
--- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
@ -39,7 +39,7 @@ def relay_active?(conn, _) do
  def user(conn, %{"nickname" => nickname}) do
    with %User{} = user <- User.get_cached_by_nickname(nickname),
-         {:ok, user} <- Pleroma.Web.WebFinger.ensure_keys_present(user) do
+         {:ok, user} <- User.ensure_keys_present(user) do
      conn
      |> put_resp_header("content-type", "application/activity+json")
      |> json(UserView.render("user.json", %{user: user}))
@ -106,7 +106,7 @@ def activity(conn, %{"uuid" => uuid}) do
  def following(conn, %{"nickname" => nickname, "page" => page}) do
    with %User{} = user <- User.get_cached_by_nickname(nickname),
-         {:ok, user} <- Pleroma.Web.WebFinger.ensure_keys_present(user) do
+         {:ok, user} <- User.ensure_keys_present(user) do
      {page, _} = Integer.parse(page)
      conn
@ -117,7 +117,7 @@ def following(conn, %{"nickname" => nickname, "page" => page}) do
  def following(conn, %{"nickname" => nickname}) do
    with %User{} = user <- User.get_cached_by_nickname(nickname),
-         {:ok, user} <- Pleroma.Web.WebFinger.ensure_keys_present(user) do
+         {:ok, user} <- User.ensure_keys_present(user) do
      conn
      |> put_resp_header("content-type", "application/activity+json")
      |> json(UserView.render("following.json", %{user: user}))
@ -126,7 +126,7 @@ def following(conn, %{"nickname" => nickname}) do
  def followers(conn, %{"nickname" => nickname, "page" => page}) do
    with %User{} = user <- User.get_cached_by_nickname(nickname),
-         {:ok, user} <- Pleroma.Web.WebFinger.ensure_keys_present(user) do
+         {:ok, user} <- User.ensure_keys_present(user) do
      {page, _} = Integer.parse(page)
      conn
@ -137,7 +137,7 @@ def followers(conn, %{"nickname" => nickname, "page" => page}) do
  def followers(conn, %{"nickname" => nickname}) do
    with %User{} = user <- User.get_cached_by_nickname(nickname),
-         {:ok, user} <- Pleroma.Web.WebFinger.ensure_keys_present(user) do
+         {:ok, user} <- User.ensure_keys_present(user) do
      conn
      |> put_resp_header("content-type", "application/activity+json")
      |> json(UserView.render("followers.json", %{user: user}))
@ -146,7 +146,7 @@ def followers(conn, %{"nickname" => nickname}) do
  def outbox(conn, %{"nickname" => nickname} = params) do
    with %User{} = user <- User.get_cached_by_nickname(nickname),
-         {:ok, user} <- Pleroma.Web.WebFinger.ensure_keys_present(user) do
+         {:ok, user} <- User.ensure_keys_present(user) do
      conn
      |> put_resp_header("content-type", "application/activity+json")
      |> json(UserView.render("outbox.json", %{user: user, max_id: params["max_id"]}))
@ -195,7 +195,7 @@ def inbox(conn, params) do
  def relay(conn, _params) do
    with %User{} = user <- Relay.get_actor(),
-         {:ok, user} <- Pleroma.Web.WebFinger.ensure_keys_present(user) do
+         {:ok, user} <- User.ensure_keys_present(user) do
      conn
      |> put_resp_header("content-type", "application/activity+json")
      |> json(UserView.render("user.json", %{user: user}))
--- a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex
@ -48,14 +48,13 @@ defp check_media_nsfw(
         %{host: actor_host} = _actor_info,
         %{
           "type" => "Create",
-           "object" => %{"attachment" => child_attachment} = child_object
+           "object" => child_object
         } = object
-       )
+       ) do
       when length(child_attachment) > 0 do
    object =
      if Enum.member?(Pleroma.Config.get([:mrf_simple, :media_nsfw]), actor_host) do
        tags = (child_object["tag"] || []) ++ ["nsfw"]
-        child_object = Map.put(child_object, "tags", tags)
+        child_object = Map.put(child_object, "tag", tags)
        child_object = Map.put(child_object, "sensitive", true)
        Map.put(object, "object", child_object)
      else
@ -75,8 +74,7 @@ defp check_ftl_removal(%{host: actor_host} = _actor_info, object) do
               actor_host
             ),
           user <- User.get_cached_by_ap_id(object["actor"]),
-           true <- "https://www.w3.org/ns/activitystreams#Public" in object["to"],
+           true <- "https://www.w3.org/ns/activitystreams#Public" in object["to"] do
           true <- user.follower_address in object["cc"] do
        to =
          List.delete(object["to"], "https://www.w3.org/ns/activitystreams#Public") ++
            [user.follower_address]
@ -95,18 +93,63 @@ defp check_ftl_removal(%{host: actor_host} = _actor_info, object) do
    {:ok, object}
  end
  defp check_report_removal(%{host: actor_host} = _actor_info, %{"type" => "Flag"} = object) do
    if actor_host in Pleroma.Config.get([:mrf_simple, :report_removal]) do
      {:reject, nil}
    else
      {:ok, object}
    end
  end
  defp check_report_removal(_actor_info, object), do: {:ok, object}
  defp check_avatar_removal(%{host: actor_host} = _actor_info, %{"icon" => _icon} = object) do
    if actor_host in Pleroma.Config.get([:mrf_simple, :avatar_removal]) do
      {:ok, Map.delete(object, "icon")}
    else
      {:ok, object}
    end
  end
  defp check_avatar_removal(_actor_info, object), do: {:ok, object}
  defp check_banner_removal(%{host: actor_host} = _actor_info, %{"image" => _image} = object) do
    if actor_host in Pleroma.Config.get([:mrf_simple, :banner_removal]) do
      {:ok, Map.delete(object, "image")}
    else
      {:ok, object}
    end
  end
  defp check_banner_removal(_actor_info, object), do: {:ok, object}
  @impl true
-  def filter(object) do
+  def filter(%{"actor" => actor} = object) do
-    actor_info = URI.parse(object["actor"])
+    actor_info = URI.parse(actor)
    with {:ok, object} <- check_accept(actor_info, object),
         {:ok, object} <- check_reject(actor_info, object),
         {:ok, object} <- check_media_removal(actor_info, object),
         {:ok, object} <- check_media_nsfw(actor_info, object),
-         {:ok, object} <- check_ftl_removal(actor_info, object) do
+         {:ok, object} <- check_ftl_removal(actor_info, object),
         {:ok, object} <- check_report_removal(actor_info, object) do
      {:ok, object}
    else
      _e -> {:reject, nil}
    end
  end
  def filter(%{"id" => actor, "type" => obj_type} = object)
      when obj_type in ["Application", "Group", "Organization", "Person", "Service"] do
    actor_info = URI.parse(actor)
    with {:ok, object} <- check_avatar_removal(actor_info, object),
         {:ok, object} <- check_banner_removal(actor_info, object) do
      {:ok, object}
    else
      _e -> {:reject, nil}
    end
  end
  def filter(object), do: {:ok, object}
 end
--- a/lib/pleroma/web/activity_pub/mrf/tag_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/tag_policy.ex
@ -31,7 +31,7 @@ defp process_tag(
    object =
      object
-      |> Map.put("tags", tags)
+      |> Map.put("tag", tags)
      |> Map.put("sensitive", true)
    message = Map.put(message, "object", object)
--- a/lib/pleroma/web/activity_pub/mrf/user_allowlist.ex
+++ b/lib/pleroma/web/activity_pub/mrf/user_allowlist.ex
@ -19,10 +19,12 @@ defp filter_by_list(%{"actor" => actor} = object, allow_list) do
  end
  @impl true
-  def filter(object) do
+  def filter(%{"actor" => actor} = object) do
-    actor_info = URI.parse(object["actor"])
+    actor_info = URI.parse(actor)
    allow_list = Config.get([:mrf_user_allowlist, String.to_atom(actor_info.host)], [])
    filter_by_list(object, allow_list)
  end
  def filter(object), do: {:ok, object}
 end
--- a/lib/pleroma/web/activity_pub/publisher.ex
+++ b/lib/pleroma/web/activity_pub/publisher.ex
@ -0,0 +1,151 @@
 # Pleroma: A lightweight social networking server
 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Web.ActivityPub.Publisher do
  alias Pleroma.Activity
  alias Pleroma.Config
  alias Pleroma.HTTP
  alias Pleroma.Instances
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.Relay
  alias Pleroma.Web.ActivityPub.Transmogrifier
  import Pleroma.Web.ActivityPub.Visibility
  @behaviour Pleroma.Web.Federator.Publisher
  require Logger
  @moduledoc """
  ActivityPub outgoing federation module.
  """
  @doc """
  Determine if an activity can be represented by running it through Transmogrifier.
  """
  def is_representable?(%Activity{} = activity) do
    with {:ok, _data} <- Transmogrifier.prepare_outgoing(activity.data) do
      true
    else
      _e ->
        false
    end
  end
  @doc """
  Publish a single message to a peer.  Takes a struct with the following
  parameters set:
  * `inbox`: the inbox to publish to
  * `json`: the JSON message body representing the ActivityPub message
  * `actor`: the actor which is signing the message
  * `id`: the ActivityStreams URI of the message
  """
  def publish_one(%{inbox: inbox, json: json, actor: %User{} = actor, id: id} = params) do
    Logger.info("Federating #{id} to #{inbox}")
    host = URI.parse(inbox).host
    digest = "SHA-256=" <> (:crypto.hash(:sha256, json) |> Base.encode64())
    date =
      NaiveDateTime.utc_now()
      |> Timex.format!("{WDshort}, {0D} {Mshort} {YYYY} {h24}:{m}:{s} GMT")
    signature =
      Pleroma.Signature.sign(actor, %{
        host: host,
        "content-length": byte_size(json),
        digest: digest,
        date: date
      })
    with {:ok, %{status: code}} when code in 200..299 <-
           result =
             HTTP.post(
               inbox,
               json,
               [
                 {"Content-Type", "application/activity+json"},
                 {"Date", date},
                 {"signature", signature},
                 {"digest", digest}
               ]
             ) do
      if !Map.has_key?(params, :unreachable_since) || params[:unreachable_since],
        do: Instances.set_reachable(inbox)
      result
    else
      {_post_result, response} ->
        unless params[:unreachable_since], do: Instances.set_unreachable(inbox)
        {:error, response}
    end
  end
  defp should_federate?(inbox, public) do
    if public do
      true
    else
      inbox_info = URI.parse(inbox)
      !Enum.member?(Pleroma.Config.get([:instance, :quarantined_instances], []), inbox_info.host)
    end
  end
  @doc """
  Publishes an activity to all relevant peers.
  """
  def publish(%User{} = actor, %Activity{} = activity) do
    remote_followers =
      if actor.follower_address in activity.recipients do
        {:ok, followers} = User.get_followers(actor)
        followers |> Enum.filter(&(!&1.local))
      else
        []
      end
    public = is_public?(activity)
    if public && Config.get([:instance, :allow_relay]) do
      Logger.info(fn -> "Relaying #{activity.data["id"]} out" end)
      Relay.publish(activity)
    end
    {:ok, data} = Transmogrifier.prepare_outgoing(activity.data)
    json = Jason.encode!(data)
    (Pleroma.Web.Salmon.remote_users(activity) ++ remote_followers)
    |> Enum.filter(fn user -> User.ap_enabled?(user) end)
    |> Enum.map(fn %{info: %{source_data: data}} ->
      (is_map(data["endpoints"]) && Map.get(data["endpoints"], "sharedInbox")) || data["inbox"]
    end)
    |> Enum.uniq()
    |> Enum.filter(fn inbox -> should_federate?(inbox, public) end)
    |> Instances.filter_reachable()
    |> Enum.each(fn {inbox, unreachable_since} ->
      Pleroma.Web.Federator.Publisher.enqueue_one(
        __MODULE__,
        %{
          inbox: inbox,
          json: json,
          actor: actor,
          id: activity.data["id"],
          unreachable_since: unreachable_since
        }
      )
    end)
  end
  def gather_webfinger_links(%User{} = user) do
    [
      %{"rel" => "self", "type" => "application/activity+json", "href" => user.ap_id},
      %{
        "rel" => "self",
        "type" => "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"",
        "href" => user.ap_id
      }
    ]
  end
  def gather_nodeinfo_protocol_names, do: ["activitypub"]
 end
--- a/lib/pleroma/web/activity_pub/transmogrifier.ex
+++ b/lib/pleroma/web/activity_pub/transmogrifier.ex
@ -11,7 +11,6 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
  alias Pleroma.Object.Containment
  alias Pleroma.Repo
  alias Pleroma.User
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.ActivityPub
  alias Pleroma.Web.ActivityPub.Utils
  alias Pleroma.Web.ActivityPub.Visibility
--- a/lib/pleroma/web/activity_pub/utils.ex
+++ b/lib/pleroma/web/activity_pub/utils.ex
@ -20,6 +20,8 @@ defmodule Pleroma.Web.ActivityPub.Utils do
  require Logger
  @supported_object_types ["Article", "Note", "Video", "Page"]
  @supported_report_states ~w(open closed resolved)
  @valid_visibilities ~w(public unlisted private direct)
  # Some implementations send the actor URI as the actor field, others send the entire actor object,
  # so figure out what the actor's URI is based on what we have.
@ -670,7 +672,8 @@ def make_flag_data(params, additional) do
      "actor" => params.actor.ap_id,
      "content" => params.content,
      "object" => object,
-      "context" => params.context
+      "context" => params.context,
      "state" => "open"
    }
    |> Map.merge(additional)
  end
@ -682,7 +685,7 @@ def make_flag_data(params, additional) do
  """
  def fetch_ordered_collection(from, pages_left, acc \\ []) do
    with {:ok, response} <- Tesla.get(from),
-         {:ok, collection} <- Poison.decode(response.body) do
+         {:ok, collection} <- Jason.decode(response.body) do
      case collection["type"] do
        "OrderedCollection" ->
          # If we've encountered the OrderedCollection and not the page,
@ -713,4 +716,77 @@ def fetch_ordered_collection(from, pages_left, acc \\ []) do
      end
    end
  end
  #### Report-related helpers
  def update_report_state(%Activity{} = activity, state) when state in @supported_report_states do
    with new_data <- Map.put(activity.data, "state", state),
         changeset <- Changeset.change(activity, data: new_data),
         {:ok, activity} <- Repo.update(changeset) do
      {:ok, activity}
    end
  end
  def update_report_state(_, _), do: {:error, "Unsupported state"}
  def update_activity_visibility(activity, visibility) when visibility in @valid_visibilities do
    [to, cc, recipients] =
      activity
      |> get_updated_targets(visibility)
      |> Enum.map(&Enum.uniq/1)
    object_data =
      activity.object.data
      |> Map.put("to", to)
      |> Map.put("cc", cc)
    {:ok, object} =
      activity.object
      |> Object.change(%{data: object_data})
      |> Object.update_and_set_cache()
    activity_data =
      activity.data
      |> Map.put("to", to)
      |> Map.put("cc", cc)
    activity
    |> Map.put(:object, object)
    |> Activity.change(%{data: activity_data, recipients: recipients})
    |> Repo.update()
  end
  def update_activity_visibility(_, _), do: {:error, "Unsupported visibility"}
  defp get_updated_targets(
         %Activity{data: %{"to" => to} = data, recipients: recipients},
         visibility
       ) do
    cc = Map.get(data, "cc", [])
    follower_address = User.get_cached_by_ap_id(data["actor"]).follower_address
    public = "https://www.w3.org/ns/activitystreams#Public"
    case visibility do
      "public" ->
        to = [public | List.delete(to, follower_address)]
        cc = [follower_address | List.delete(cc, public)]
        recipients = [public | recipients]
        [to, cc, recipients]
      "private" ->
        to = [follower_address | List.delete(to, public)]
        cc = List.delete(cc, public)
        recipients = List.delete(recipients, public)
        [to, cc, recipients]
      "unlisted" ->
        to = [follower_address | List.delete(to, public)]
        cc = [public | List.delete(cc, follower_address)]
        recipients = recipients ++ [follower_address, public]
        [to, cc, recipients]
      _ ->
        [to, cc, recipients]
    end
  end
 end
--- a/lib/pleroma/web/activity_pub/views/user_view.ex
+++ b/lib/pleroma/web/activity_pub/views/user_view.ex
@ -5,6 +5,7 @@
 defmodule Pleroma.Web.ActivityPub.UserView do
  use Pleroma.Web, :view
  alias Pleroma.Keys
  alias Pleroma.Repo
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.ActivityPub
@ -12,8 +13,6 @@ defmodule Pleroma.Web.ActivityPub.UserView do
  alias Pleroma.Web.ActivityPub.Utils
  alias Pleroma.Web.Endpoint
  alias Pleroma.Web.Router.Helpers
  alias Pleroma.Web.Salmon
  alias Pleroma.Web.WebFinger
  import Ecto.Query
@ -34,8 +33,8 @@ def render("endpoints.json", _), do: %{}
  # the instance itself is not a Person, but instead an Application
  def render("user.json", %{user: %{nickname: nil} = user}) do
-    {:ok, user} = WebFinger.ensure_keys_present(user)
+    {:ok, user} = User.ensure_keys_present(user)
-    {:ok, _, public_key} = Salmon.keys_from_pem(user.info.keys)
+    {:ok, _, public_key} = Keys.keys_from_pem(user.info.keys)
    public_key = :public_key.pem_entry_encode(:SubjectPublicKeyInfo, public_key)
    public_key = :public_key.pem_encode([public_key])
@ -62,8 +61,8 @@ def render("user.json", %{user: %{nickname: nil} = user}) do
  end
  def render("user.json", %{user: user}) do
-    {:ok, user} = WebFinger.ensure_keys_present(user)
+    {:ok, user} = User.ensure_keys_present(user)
-    {:ok, _, public_key} = Salmon.keys_from_pem(user.info.keys)
+    {:ok, _, public_key} = Keys.keys_from_pem(user.info.keys)
    public_key = :public_key.pem_entry_encode(:SubjectPublicKeyInfo, public_key)
    public_key = :public_key.pem_encode([public_key])
--- a/lib/pleroma/web/activity_pub/visibility.ex
+++ b/lib/pleroma/web/activity_pub/visibility.ex
@ -1,6 +1,7 @@
 defmodule Pleroma.Web.ActivityPub.Visibility do
  alias Pleroma.Activity
  alias Pleroma.Object
  alias Pleroma.Repo
  alias Pleroma.User
  def is_public?(%Object{data: %{"type" => "Tombstone"}}), do: false
@ -13,11 +14,12 @@ def is_public?(data) do
  end
  def is_private?(activity) do
-    unless is_public?(activity) do
+    with false <- is_public?(activity),
-      follower_address = User.get_cached_by_ap_id(activity.data["actor"]).follower_address
+         %User{follower_address: follower_address} <-
-      Enum.any?(activity.data["to"], &(&1 == follower_address))
+           User.get_cached_by_ap_id(activity.data["actor"]) do
      follower_address in activity.data["to"]
    else
-      false
+      _ -> false
    end
  end
@ -38,24 +40,37 @@ def visible_for_user?(activity, user) do
    visible_for_user?(activity, nil) || Enum.any?(x, &(&1 in y))
  end
-  # guard
+  def entire_thread_visible_for_user?(%Activity{} = activity, %User{} = user) do
-  def entire_thread_visible_for_user?(nil, _user), do: false
+    {:ok, %{rows: [[result]]}} =
      Ecto.Adapters.SQL.query(Repo, "SELECT thread_visibility($1, $2)", [
        user.ap_id,
        activity.data["id"]
      ])
-  # XXX: Probably even more inefficient than the previous implementation intended to be a placeholder untill https://git.pleroma.social/pleroma/pleroma/merge_requests/971 is in develop
+    result
-  # credo:disable-for-previous-line Credo.Check.Readability.MaxLineLength
+  end
-  def entire_thread_visible_for_user?(
+  def get_visibility(object) do
-        %Activity{} = tail,
+    public = "https://www.w3.org/ns/activitystreams#Public"
-        # %Activity{data: %{"object" => %{"inReplyTo" => parent_id}}} = tail,
+    to = object.data["to"] || []
-        user
+    cc = object.data["cc"] || []
      ) do
    case Object.normalize(tail) do
      %{data: %{"inReplyTo" => parent_id}} when is_binary(parent_id) ->
        parent = Activity.get_in_reply_to_activity(tail)
        visible_for_user?(tail, user) && entire_thread_visible_for_user?(parent, user)
-      _ ->
+    cond do
-        visible_for_user?(tail, user)
+      public in to ->
        "public"
      public in cc ->
        "unlisted"
      # this should use the sql for the object's activity
      Enum.any?(to, &String.contains?(&1, "/followers")) ->
        "private"
      length(cc) > 0 ->
        "private"
      true ->
        "direct"
    end
  end
 end
--- a/lib/pleroma/web/admin_api/admin_api_controller.ex
+++ b/lib/pleroma/web/admin_api/admin_api_controller.ex
@ -4,11 +4,16 @@
 defmodule Pleroma.Web.AdminAPI.AdminAPIController do
  use Pleroma.Web, :controller
  alias Pleroma.Activity
  alias Pleroma.User
  alias Pleroma.UserInviteToken
  alias Pleroma.Web.ActivityPub.ActivityPub
  alias Pleroma.Web.ActivityPub.Relay
  alias Pleroma.Web.AdminAPI.AccountView
  alias Pleroma.Web.AdminAPI.ReportView
  alias Pleroma.Web.AdminAPI.Search
  alias Pleroma.Web.CommonAPI
  alias Pleroma.Web.MastodonAPI.StatusView
  import Pleroma.Web.ControllerHelper, only: [json_response: 3]
@ -59,7 +64,7 @@ def user_create(
      bio: "."
    }
-    changeset = User.register_changeset(%User{}, user_data, confirmed: true)
+    changeset = User.register_changeset(%User{}, user_data, need_confirmation: false)
    {:ok, user} = User.register(changeset)
    conn
@ -287,12 +292,88 @@ def get_password_reset(conn, %{"nickname" => nickname}) do
    |> json(token.token)
  end
  def list_reports(conn, params) do
    params =
      params
      |> Map.put("type", "Flag")
      |> Map.put("skip_preload", true)
    reports =
      []
      |> ActivityPub.fetch_activities(params)
      |> Enum.reverse()
    conn
    |> put_view(ReportView)
    |> render("index.json", %{reports: reports})
  end
  def report_show(conn, %{"id" => id}) do
    with %Activity{} = report <- Activity.get_by_id(id) do
      conn
      |> put_view(ReportView)
      |> render("show.json", %{report: report})
    else
      _ -> {:error, :not_found}
    end
  end
  def report_update_state(conn, %{"id" => id, "state" => state}) do
    with {:ok, report} <- CommonAPI.update_report_state(id, state) do
      conn
      |> put_view(ReportView)
      |> render("show.json", %{report: report})
    end
  end
  def report_respond(%{assigns: %{user: user}} = conn, %{"id" => id} = params) do
    with false <- is_nil(params["status"]),
         %Activity{} <- Activity.get_by_id(id) do
      params =
        params
        |> Map.put("in_reply_to_status_id", id)
        |> Map.put("visibility", "direct")
      {:ok, activity} = CommonAPI.post(user, params)
      conn
      |> put_view(StatusView)
      |> render("status.json", %{activity: activity})
    else
      true ->
        {:param_cast, nil}
      nil ->
        {:error, :not_found}
    end
  end
  def status_update(conn, %{"id" => id} = params) do
    with {:ok, activity} <- CommonAPI.update_activity_scope(id, params) do
      conn
      |> put_view(StatusView)
      |> render("status.json", %{activity: activity})
    end
  end
  def status_delete(%{assigns: %{user: user}} = conn, %{"id" => id}) do
    with {:ok, %Activity{}} <- CommonAPI.delete(id, user) do
      json(conn, %{})
    end
  end
  def errors(conn, {:error, :not_found}) do
    conn
    |> put_status(404)
    |> json("Not found")
  end
  def errors(conn, {:error, reason}) do
    conn
    |> put_status(400)
    |> json(reason)
  end
  def errors(conn, {:param_cast, _}) do
    conn
    |> put_status(400)
--- a/lib/pleroma/web/admin_api/views/report_view.ex
+++ b/lib/pleroma/web/admin_api/views/report_view.ex
@ -0,0 +1,41 @@
 # Pleroma: A lightweight social networking server
 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Web.AdminAPI.ReportView do
  use Pleroma.Web, :view
  alias Pleroma.Activity
  alias Pleroma.User
  alias Pleroma.Web.CommonAPI.Utils
  alias Pleroma.Web.MastodonAPI.AccountView
  alias Pleroma.Web.MastodonAPI.StatusView
  def render("index.json", %{reports: reports}) do
    %{
      reports: render_many(reports, __MODULE__, "show.json", as: :report)
    }
  end
  def render("show.json", %{report: report}) do
    user = User.get_cached_by_ap_id(report.data["actor"])
    created_at = Utils.to_masto_date(report.data["published"])
    [account_ap_id | status_ap_ids] = report.data["object"]
    account = User.get_cached_by_ap_id(account_ap_id)
    statuses =
      Enum.map(status_ap_ids, fn ap_id ->
        Activity.get_by_ap_id_with_object(ap_id)
      end)
    %{
      id: report.id,
      account: AccountView.render("account.json", %{user: account}),
      actor: AccountView.render("account.json", %{user: user}),
      content: report.data["content"],
      created_at: created_at,
      statuses: StatusView.render("index.json", %{activities: statuses, as: :activity}),
      state: report.data["state"]
    }
  end
 end
--- a/lib/pleroma/web/auth/pleroma_authenticator.ex
+++ b/lib/pleroma/web/auth/pleroma_authenticator.ex
@ -74,7 +74,7 @@ def create_from_registration(
               password_confirmation: random_password
             },
             external: true,
-             confirmed: true
+             need_confirmation: false
           )
           |> Repo.insert(),
         {:ok, _} <-
--- a/lib/pleroma/web/common_api/common_api.ex
+++ b/lib/pleroma/web/common_api/common_api.ex
@ -71,6 +71,9 @@ def delete(activity_id, user) do
         {:ok, _} <- unpin(activity_id, user),
         {:ok, delete} <- ActivityPub.delete(object) do
      {:ok, delete}
    else
      _ ->
        {:error, "Could not delete"}
    end
  end
@ -116,32 +119,34 @@ def unfavorite(id_or_ap_id, user) do
    end
  end
-  def get_visibility(%{"visibility" => visibility})
+  def get_visibility(%{"visibility" => visibility}, in_reply_to)
      when visibility in ~w{public unlisted private direct},
-      do: visibility
+      do: {visibility, get_replied_to_visibility(in_reply_to)}
-  def get_visibility(%{"in_reply_to_status_id" => status_id}) when not is_nil(status_id) do
+  def get_visibility(_, in_reply_to) when not is_nil(in_reply_to) do
-    case get_replied_to_activity(status_id) do
+    visibility = get_replied_to_visibility(in_reply_to)
-      nil ->
+    {visibility, visibility}
-        "public"
+  end
-      in_reply_to ->
+  def get_visibility(_, in_reply_to), do: {"public", get_replied_to_visibility(in_reply_to)}
-        # XXX: these heuristics should be moved out of MastodonAPI.
+
-        with %Object{} = object <- Object.normalize(in_reply_to) do
+  def get_replied_to_visibility(nil), do: nil
-          Pleroma.Web.MastodonAPI.StatusView.get_visibility(object)
+
-        end
+  def get_replied_to_visibility(activity) do
    with %Object{} = object <- Object.normalize(activity) do
      Pleroma.Web.ActivityPub.Visibility.get_visibility(object)
    end
  end
  def get_visibility(_), do: "public"
  def post(user, %{"status" => status} = data) do
    visibility = get_visibility(data)
    limit = Pleroma.Config.get([:instance, :limit])
    with status <- String.trim(status),
         attachments <- attachments_from_ids(data),
         in_reply_to <- get_replied_to_activity(data["in_reply_to_status_id"]),
         {visibility, in_reply_to_visibility} <- get_visibility(data, in_reply_to),
         {_, false} <-
           {:private_to_public, in_reply_to_visibility == "direct" && visibility != "direct"},
         {content_html, mentions, tags} <-
           make_content_html(
             status,
@ -152,6 +157,7 @@ def post(user, %{"status" => status} = data) do
         {to, cc} <- to_for_user_and_mentions(user, mentions, in_reply_to, visibility),
         context <- make_context(in_reply_to),
         cw <- data["spoiler_text"] || "",
         sensitive <- data["sensitive"] || Enum.member?(tags, {"#nsfw", "nsfw"}),
         full_payload <- String.trim(status <> cw),
         length when length in 1..limit <- String.length(full_payload),
         object <-
@ -164,7 +170,8 @@ def post(user, %{"status" => status} = data) do
             in_reply_to,
             tags,
             cw,
-             cc
+             cc,
             sensitive
           ),
         object <-
           Map.put(
@ -185,6 +192,8 @@ def post(user, %{"status" => status} = data) do
        )
      res
    else
      e -> {:error, e}
    end
  end
@ -193,7 +202,7 @@ def update(user) do
    user =
      with emoji <- emoji_from_profile(user),
           source_data <- (user.info.source_data || %{}) |> Map.put("tag", emoji),
-           info_cng <- Pleroma.User.Info.set_source_data(user.info, source_data),
+           info_cng <- User.Info.set_source_data(user.info, source_data),
           change <- Ecto.Changeset.change(user) |> Ecto.Changeset.put_embed(:info, info_cng),
           {:ok, user} <- User.update_and_set_cache(change) do
        user
@ -226,7 +235,7 @@ def pin(id_or_ap_id, %{ap_id: user_ap_id} = user) do
         } = activity <- get_by_id_or_ap_id(id_or_ap_id),
         true <- Enum.member?(object_to, "https://www.w3.org/ns/activitystreams#Public"),
         %{valid?: true} = info_changeset <-
-           Pleroma.User.Info.add_pinnned_activity(user.info, activity),
+           User.Info.add_pinnned_activity(user.info, activity),
         changeset <-
           Ecto.Changeset.change(user) |> Ecto.Changeset.put_embed(:info, info_changeset),
         {:ok, _user} <- User.update_and_set_cache(changeset) do
@ -243,7 +252,7 @@ def pin(id_or_ap_id, %{ap_id: user_ap_id} = user) do
  def unpin(id_or_ap_id, user) do
    with %Activity{} = activity <- get_by_id_or_ap_id(id_or_ap_id),
         %{valid?: true} = info_changeset <-
-           Pleroma.User.Info.remove_pinnned_activity(user.info, activity),
+           User.Info.remove_pinnned_activity(user.info, activity),
         changeset <-
           Ecto.Changeset.change(user) |> Ecto.Changeset.put_embed(:info, info_changeset),
         {:ok, _user} <- User.update_and_set_cache(changeset) do
@ -311,6 +320,60 @@ def report(user, data) do
    end
  end
  def update_report_state(activity_id, state) do
    with %Activity{} = activity <- Activity.get_by_id(activity_id),
         {:ok, activity} <- Utils.update_report_state(activity, state) do
      {:ok, activity}
    else
      nil ->
        {:error, :not_found}
      {:error, reason} ->
        {:error, reason}
      _ ->
        {:error, "Could not update state"}
    end
  end
  def update_activity_scope(activity_id, opts \\ %{}) do
    with %Activity{} = activity <- Activity.get_by_id_with_object(activity_id),
         {:ok, activity} <- toggle_sensitive(activity, opts),
         {:ok, activity} <- set_visibility(activity, opts) do
      {:ok, activity}
    else
      nil ->
        {:error, :not_found}
      {:error, reason} ->
        {:error, reason}
    end
  end
  defp toggle_sensitive(activity, %{"sensitive" => sensitive}) when sensitive in ~w(true false) do
    toggle_sensitive(activity, %{"sensitive" => String.to_existing_atom(sensitive)})
  end
  defp toggle_sensitive(%Activity{object: object} = activity, %{"sensitive" => sensitive})
       when is_boolean(sensitive) do
    new_data = Map.put(object.data, "sensitive", sensitive)
    {:ok, object} =
      object
      |> Object.change(%{data: new_data})
      |> Object.update_and_set_cache()
    {:ok, Map.put(activity, :object, object)}
  end
  defp toggle_sensitive(activity, _), do: {:ok, activity}
  defp set_visibility(activity, %{"visibility" => visibility}) do
    Utils.update_activity_visibility(activity, visibility)
  end
  defp set_visibility(activity, _), do: {:ok, activity}
  def hide_reblogs(user, muted) do
    ap_id = muted.ap_id
--- a/lib/pleroma/web/common_api/utils.ex
+++ b/lib/pleroma/web/common_api/utils.ex
@ -223,7 +223,8 @@ def make_note_data(
        in_reply_to,
        tags,
        cw \\ nil,
-        cc \\ []
+        cc \\ [],
        sensitive \\ false
      ) do
    object = %{
      "type" => "Note",
@ -231,19 +232,18 @@ def make_note_data(
      "cc" => cc,
      "content" => content_html,
      "summary" => cw,
      "sensitive" => !Enum.member?(["false", "False", "0", false], sensitive),
      "context" => context,
      "attachment" => attachments,
      "actor" => actor,
      "tag" => tags |> Enum.map(fn {_, tag} -> tag end) |> Enum.uniq()
    }
-    if in_reply_to do
+    with false <- is_nil(in_reply_to),
-      in_reply_to_object = Object.normalize(in_reply_to)
+         %Object{} = in_reply_to_object <- Object.normalize(in_reply_to) do
-
+      Map.put(object, "inReplyTo", in_reply_to_object.data["id"])
      object
      |> Map.put("inReplyTo", in_reply_to_object.data["id"])
    else
-      object
+      _ -> object
    end
  end
--- a/lib/pleroma/web/endpoint.ex
+++ b/lib/pleroma/web/endpoint.ex
@ -16,17 +16,32 @@ defmodule Pleroma.Web.Endpoint do
  plug(Pleroma.Plugs.UploadedMedia)
  @static_cache_control "public, no-cache"
  # InstanceStatic needs to be before Plug.Static to be able to override shipped-static files
  # If you're adding new paths to `only:` you'll need to configure them in InstanceStatic as well
-  plug(Pleroma.Plugs.InstanceStatic, at: "/")
+  # Cache-control headers are duplicated in case we turn off etags in the future
  plug(Pleroma.Plugs.InstanceStatic,
    at: "/",
    gzip: true,
    cache_control_for_etags: @static_cache_control,
    headers: %{
      "cache-control" => @static_cache_control
    }
  )
  plug(
    Plug.Static,
    at: "/",
    from: :pleroma,
    only:
-      ~w(index.html robots.txt static finmoji emoji packs sounds images instance sw.js sw-pleroma.js favicon.png schemas doc)
+      ~w(index.html robots.txt static finmoji emoji packs sounds images instance sw.js sw-pleroma.js favicon.png schemas doc),
    # credo:disable-for-previous-line Credo.Check.Readability.MaxLineLength
    gzip: true,
    cache_control_for_etags: @static_cache_control,
    headers: %{
      "cache-control" => @static_cache_control
    }
  )
  plug(Plug.Static.IndexHtml, at: "/pleroma/admin/")
--- a/lib/pleroma/web/federator/federator.ex
+++ b/lib/pleroma/web/federator/federator.ex
@ -7,21 +7,15 @@ defmodule Pleroma.Web.Federator do
  alias Pleroma.Object.Containment
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.ActivityPub
  alias Pleroma.Web.ActivityPub.Relay
  alias Pleroma.Web.ActivityPub.Transmogrifier
  alias Pleroma.Web.ActivityPub.Utils
-  alias Pleroma.Web.ActivityPub.Visibility
+  alias Pleroma.Web.Federator.Publisher
  alias Pleroma.Web.Federator.RetryQueue
  alias Pleroma.Web.OStatus
  alias Pleroma.Web.Salmon
  alias Pleroma.Web.WebFinger
  alias Pleroma.Web.Websub
  require Logger
  @websub Application.get_env(:pleroma, :websub)
  @ostatus Application.get_env(:pleroma, :ostatus)
  def init do
    # 1 minute
    Process.sleep(1000 * 60)
@ -42,14 +36,6 @@ def publish(activity, priority \\ 1) do
    PleromaJobQueue.enqueue(:federator_outgoing, __MODULE__, [:publish, activity], priority)
  end
  def publish_single_ap(params) do
    PleromaJobQueue.enqueue(:federator_outgoing, __MODULE__, [:publish_single_ap, params])
  end
  def publish_single_websub(websub) do
    PleromaJobQueue.enqueue(:federator_outgoing, __MODULE__, [:publish_single_websub, websub])
  end
  def verify_websub(websub) do
    PleromaJobQueue.enqueue(:federator_outgoing, __MODULE__, [:verify_websub, websub])
  end
@ -62,10 +48,6 @@ def refresh_subscriptions do
    PleromaJobQueue.enqueue(:federator_outgoing, __MODULE__, [:refresh_subscriptions])
  end
  def publish_single_salmon(params) do
    PleromaJobQueue.enqueue(:federator_outgoing, __MODULE__, [:publish_single_salmon, params])
  end
  # Job Worker Callbacks
  def perform(:refresh_subscriptions) do
@ -92,26 +74,9 @@ def perform(:request_subscription, websub) do
  def perform(:publish, activity) do
    Logger.debug(fn -> "Running publish for #{activity.data["id"]}" end)
-    with actor when not is_nil(actor) <- User.get_cached_by_ap_id(activity.data["actor"]) do
+    with %User{} = actor <- User.get_cached_by_ap_id(activity.data["actor"]),
-      {:ok, actor} = WebFinger.ensure_keys_present(actor)
+         {:ok, actor} <- User.ensure_keys_present(actor) do
-
+      Publisher.publish(actor, activity)
      if Visibility.is_public?(activity) do
        if OStatus.is_representable?(activity) do
          Logger.info(fn -> "Sending #{activity.data["id"]} out via WebSub" end)
          Websub.publish(Pleroma.Web.OStatus.feed_path(actor), actor, activity)
          Logger.info(fn -> "Sending #{activity.data["id"]} out via Salmon" end)
          Pleroma.Web.Salmon.publish(actor, activity)
        end
        if Keyword.get(Application.get_env(:pleroma, :instance), :allow_relay) do
          Logger.info(fn -> "Relaying #{activity.data["id"]} out" end)
          Relay.publish(activity)
        end
      end
      Logger.info(fn -> "Sending #{activity.data["id"]} out via AP" end)
      Pleroma.Web.ActivityPub.ActivityPub.publish(actor, activity)
    end
  end
@ -120,12 +85,12 @@ def perform(:verify_websub, websub) do
      "Running WebSub verification for #{websub.id} (#{websub.topic}, #{websub.callback})"
    end)
-    @websub.verify(websub)
+    Websub.verify(websub)
  end
  def perform(:incoming_doc, doc) do
    Logger.info("Got document, trying to parse")
-    @ostatus.handle_incoming(doc)
+    OStatus.handle_incoming(doc)
  end
  def perform(:incoming_ap_doc, params) do
@ -148,25 +113,11 @@ def perform(:incoming_ap_doc, params) do
      _e ->
        # Just drop those for now
        Logger.info("Unhandled activity")
-        Logger.info(Poison.encode!(params, pretty: 2))
+        Logger.info(Jason.encode!(params, pretty: true))
        :error
    end
  end
  def perform(:publish_single_salmon, params) do
    Salmon.send_to_user(params)
  end
  def perform(:publish_single_ap, params) do
    case ActivityPub.publish_one(params) do
      {:ok, _} ->
        :ok
      {:error, _} ->
        RetryQueue.enqueue(params, ActivityPub)
    end
  end
  def perform(
        :publish_single_websub,
        %{xml: _xml, topic: _topic, callback: _callback, secret: _secret} = params
--- a/lib/pleroma/web/federator/publisher.ex
+++ b/lib/pleroma/web/federator/publisher.ex
@ -0,0 +1,95 @@
 # Pleroma: A lightweight social networking server
 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Web.Federator.Publisher do
  alias Pleroma.Activity
  alias Pleroma.Config
  alias Pleroma.User
  alias Pleroma.Web.Federator.RetryQueue
  require Logger
  @moduledoc """
  Defines the contract used by federation implementations to publish messages to
  their peers.
  """
  @doc """
  Determine whether an activity can be relayed using the federation module.
  """
  @callback is_representable?(Pleroma.Activity.t()) :: boolean()
  @doc """
  Relays an activity to a specified peer, determined by the parameters.  The
  parameters used are controlled by the federation module.
  """
  @callback publish_one(Map.t()) :: {:ok, Map.t()} | {:error, any()}
  @doc """
  Enqueue publishing a single activity.
  """
  @spec enqueue_one(module(), Map.t()) :: :ok
  def enqueue_one(module, %{} = params),
    do: PleromaJobQueue.enqueue(:federator_outgoing, __MODULE__, [:publish_one, module, params])
  @spec perform(atom(), module(), any()) :: {:ok, any()} | {:error, any()}
  def perform(:publish_one, module, params) do
    case apply(module, :publish_one, [params]) do
      {:ok, _} ->
        :ok
      {:error, _e} ->
        RetryQueue.enqueue(params, module)
    end
  end
  def perform(type, _, _) do
    Logger.debug("Unknown task: #{type}")
    {:error, "Don't know what to do with this"}
  end
  @doc """
  Relays an activity to all specified peers.
  """
  @callback publish(User.t(), Activity.t()) :: :ok | {:error, any()}
  @spec publish(User.t(), Activity.t()) :: :ok
  def publish(%User{} = user, %Activity{} = activity) do
    Config.get([:instance, :federation_publisher_modules])
    |> Enum.each(fn module ->
      if module.is_representable?(activity) do
        Logger.info("Publishing #{activity.data["id"]} using #{inspect(module)}")
        module.publish(user, activity)
      end
    end)
    :ok
  end
  @doc """
  Gathers links used by an outgoing federation module for WebFinger output.
  """
  @callback gather_webfinger_links(User.t()) :: list()
  @spec gather_webfinger_links(User.t()) :: list()
  def gather_webfinger_links(%User{} = user) do
    Config.get([:instance, :federation_publisher_modules])
    |> Enum.reduce([], fn module, links ->
      links ++ module.gather_webfinger_links(user)
    end)
  end
  @doc """
  Gathers nodeinfo protocol names supported by the federation module.
  """
  @callback gather_nodeinfo_protocol_names() :: list()
  @spec gather_nodeinfo_protocol_names() :: list()
  def gather_nodeinfo_protocol_names do
    Config.get([:instance, :federation_publisher_modules])
    |> Enum.reduce([], fn module, links ->
      links ++ module.gather_nodeinfo_protocol_names()
    end)
  end
 end
--- a/lib/pleroma/web/http_signatures/http_signatures.ex
+++ b/lib/pleroma/web/http_signatures/http_signatures.ex
@ -1,91 +0,0 @@
 # Pleroma: A lightweight social networking server
 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 # https://tools.ietf.org/html/draft-cavage-http-signatures-08
 defmodule Pleroma.Web.HTTPSignatures do
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.ActivityPub
  alias Pleroma.Web.ActivityPub.Utils
  require Logger
  def split_signature(sig) do
    default = %{"headers" => "date"}
    sig =
      sig
      |> String.trim()
      |> String.split(",")
      |> Enum.reduce(default, fn part, acc ->
        [key | rest] = String.split(part, "=")
        value = Enum.join(rest, "=")
        Map.put(acc, key, String.trim(value, "\""))
      end)
    Map.put(sig, "headers", String.split(sig["headers"], ~r/\s/))
  end
  def validate(headers, signature, public_key) do
    sigstring = build_signing_string(headers, signature["headers"])
    Logger.debug("Signature: #{signature["signature"]}")
    Logger.debug("Sigstring: #{sigstring}")
    {:ok, sig} = Base.decode64(signature["signature"])
    :public_key.verify(sigstring, :sha256, sig, public_key)
  end
  def validate_conn(conn) do
    # TODO: How to get the right key and see if it is actually valid for that request.
    # For now, fetch the key for the actor.
    with actor_id <- Utils.get_ap_id(conn.params["actor"]),
         {:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do
      if validate_conn(conn, public_key) do
        true
      else
        Logger.debug("Could not validate, re-fetching user and trying one more time")
        # Fetch user anew and try one more time
        with actor_id <- Utils.get_ap_id(conn.params["actor"]),
             {:ok, _user} <- ActivityPub.make_user_from_ap_id(actor_id),
             {:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do
          validate_conn(conn, public_key)
        end
      end
    else
      _e ->
        Logger.debug("Could not public key!")
        false
    end
  end
  def validate_conn(conn, public_key) do
    headers = Enum.into(conn.req_headers, %{})
    signature = split_signature(headers["signature"])
    validate(headers, signature, public_key)
  end
  def build_signing_string(headers, used_headers) do
    used_headers
    |> Enum.map(fn header -> "#{header}: #{headers[header]}" end)
    |> Enum.join("\n")
  end
  def sign(user, headers) do
    with {:ok, %{info: %{keys: keys}}} <- Pleroma.Web.WebFinger.ensure_keys_present(user),
         {:ok, private_key, _} = Pleroma.Web.Salmon.keys_from_pem(keys) do
      sigstring = build_signing_string(headers, Map.keys(headers))
      signature =
        :public_key.sign(sigstring, :sha256, private_key)
        |> Base.encode64()
      [
        keyId: user.ap_id <> "#main-key",
        algorithm: "rsa-sha256",
        headers: Map.keys(headers) |> Enum.join(" "),
        signature: signature
      ]
      |> Enum.map(fn {k, v} -> "#{k}=\"#{v}\"" end)
      |> Enum.join(",")
    end
  end
 end
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@ -11,6 +11,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
  alias Pleroma.Conversation.Participation
  alias Pleroma.Filter
  alias Pleroma.Formatter
  alias Pleroma.HTTP
  alias Pleroma.Notification
  alias Pleroma.Object
  alias Pleroma.Object.Fetcher
@ -39,13 +40,22 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
  alias Pleroma.Web.OAuth.Authorization
  alias Pleroma.Web.OAuth.Scopes
  alias Pleroma.Web.OAuth.Token
  alias Pleroma.Web.TwitterAPI.TwitterAPI
  alias Pleroma.Web.ControllerHelper
  import Ecto.Query
  require Logger
-  @httpoison Application.get_env(:pleroma, :httpoison)
+  plug(
    Pleroma.Plugs.RateLimitPlug,
    %{
      max_requests: Config.get([:app_account_creation, :max_requests]),
      interval: Config.get([:app_account_creation, :interval])
    }
    when action in [:account_register]
  )
  @local_mastodon_name "Mastodon-Local"
  action_fallback(:errors)
@ -168,7 +178,7 @@ def user(%{assigns: %{user: for_user}} = conn, %{"id" => nickname_or_id}) do
    end
  end
-  @mastodon_api_level "2.6.5"
+  @mastodon_api_level "2.7.2"
  def masto_instance(conn, _params) do
    instance = Config.get(:instance)
@ -293,7 +303,6 @@ def home_timeline(%{assigns: %{user: user}} = conn, params) do
    activities =
      [user.ap_id | user.following]
      |> ActivityPub.fetch_activities(params)
      |> ActivityPub.contain_timeline(user)
      |> Enum.reverse()
    conn
@ -698,6 +707,41 @@ def upload(%{assigns: %{user: user}} = conn, %{"file" => file} = data) do
    end
  end
  def set_mascot(%{assigns: %{user: user}} = conn, %{"file" => file}) do
    with {:ok, object} <- ActivityPub.upload(file, actor: User.ap_id(user)),
         %{} = attachment_data <- Map.put(object.data, "id", object.id),
         %{type: type} = rendered <-
           StatusView.render("attachment.json", %{attachment: attachment_data}) do
      # Reject if not an image
      if type == "image" do
        # Sure!
        # Save to the user's info
        info_changeset = User.Info.mascot_update(user.info, rendered)
        user_changeset =
          user
          |> Ecto.Changeset.change()
          |> Ecto.Changeset.put_embed(:info, info_changeset)
        {:ok, _user} = User.update_and_set_cache(user_changeset)
        conn
        |> json(rendered)
      else
        conn
        |> put_resp_content_type("application/json")
        |> send_resp(415, Jason.encode!(%{"error" => "mascots can only be images"}))
      end
    end
  end
  def get_mascot(%{assigns: %{user: user}} = conn, _params) do
    mascot = User.get_mascot(user)
    conn
    |> json(mascot)
  end
  def favourited_by(%{assigns: %{user: user}} = conn, %{"id" => id}) do
    with %Activity{data: %{"object" => object}} <- Repo.get(Activity, id),
         %Object{data: %{"likes" => likes}} <- Object.normalize(object) do
@ -1000,6 +1044,30 @@ def unsubscribe(%{assigns: %{user: user}} = conn, %{"id" => id}) do
    end
  end
  def status_search_query_with_gin(q, query) do
    from([a, o] in q,
      where:
        fragment(
          "to_tsvector('english', ?->>'content') @@ plainto_tsquery('english', ?)",
          o.data,
          ^query
        ),
      order_by: [desc: :id]
    )
  end
  def status_search_query_with_rum(q, query) do
    from([a, o] in q,
      where:
        fragment(
          "? @@ plainto_tsquery('english', ?)",
          o.fts_content,
          ^query
        ),
      order_by: [fragment("? <=> now()::date", o.inserted_at)]
    )
  end
  def status_search(user, query) do
    fetched =
      if Regex.match?(~r/https?:/, query) do
@ -1013,20 +1081,19 @@ def status_search(user, query) do
      end || []
    q =
-      from(
+      from([a, o] in Activity.with_preloaded_object(Activity),
        [a, o] in Activity.with_preloaded_object(Activity),
        where: fragment("?->>'type' = 'Create'", a.data),
        where: "https://www.w3.org/ns/activitystreams#Public" in a.recipients,
-        where:
+        limit: 20
          fragment(
            "to_tsvector('english', ?->>'content') @@ plainto_tsquery('english', ?)",
            o.data,
            ^query
          ),
        limit: 20,
        order_by: [desc: :id]
      )
    q =
      if Pleroma.Config.get([:database, :rum_enabled]) do
        status_search_query_with_rum(q, query)
      else
        status_search_query_with_gin(q, query)
      end
    Repo.all(q) ++ fetched
  end
@ -1213,7 +1280,7 @@ def remove_from_list(%{assigns: %{user: user}} = conn, %{"id" => id, "account_id
    accounts
    |> Enum.each(fn account_id ->
      with %Pleroma.List{} = list <- Pleroma.List.get(id, user),
-           %User{} = followed <- Pleroma.User.get_cached_by_id(account_id) do
+           %User{} = followed <- User.get_cached_by_id(account_id) do
        Pleroma.List.unfollow(list, followed)
      end
    end)
@ -1297,7 +1364,7 @@ def index(%{assigns: %{user: user}} = conn, _params) do
            display_sensitive_media: false,
            reduce_motion: false,
            max_toot_chars: limit,
-            mascot: "/images/pleroma-fox-tan-smol.png"
+            mascot: User.get_mascot(user)["url"]
          },
          rights: %{
            delete_others_notice: present?(user.info.is_moderator),
@ -1536,7 +1603,7 @@ def create_filter(
      user_id: user.id,
      phrase: phrase,
      context: context,
-      hide: Map.get(params, "irreversible", nil),
+      hide: Map.get(params, "irreversible", false),
      whole_word: Map.get(params, "boolean", true)
      # expires_at
    }
@ -1624,7 +1691,7 @@ def suggestions(%{assigns: %{user: user}} = conn, _) do
        |> String.replace("{{user}}", user)
      with {:ok, %{status: 200, body: body}} <-
-             @httpoison.get(
+             HTTP.get(
               url,
               [],
               adapter: [
@ -1693,6 +1760,53 @@ def reports(%{assigns: %{user: user}} = conn, params) do
    end
  end
  def account_register(
        %{assigns: %{app: app}} = conn,
        %{"username" => nickname, "email" => _, "password" => _, "agreement" => true} = params
      ) do
    params =
      params
      |> Map.take([
        "email",
        "captcha_solution",
        "captcha_token",
        "captcha_answer_data",
        "token",
        "password"
      ])
      |> Map.put("nickname", nickname)
      |> Map.put("fullname", params["fullname"] || nickname)
      |> Map.put("bio", params["bio"] || "")
      |> Map.put("confirm", params["password"])
    with {:ok, user} <- TwitterAPI.register_user(params, need_confirmation: true),
         {:ok, token} <- Token.create_token(app, user, %{scopes: app.scopes}) do
      json(conn, %{
        token_type: "Bearer",
        access_token: token.token,
        scope: app.scopes,
        created_at: Token.Utils.format_created_at(token)
      })
    else
      {:error, errors} ->
        conn
        |> put_status(400)
        |> json(Jason.encode!(errors))
    end
  end
  def account_register(%{assigns: %{app: _app}} = conn, _params) do
    conn
    |> put_status(400)
    |> json(%{error: "Missing parameters"})
  end
  def account_register(conn, _) do
    conn
    |> put_status(403)
    |> json(%{error: "Invalid credentials"})
  end
  def conversations(%{assigns: %{user: user}} = conn, params) do
    participations = Participation.for_user_with_last_activity_id(user, params)
--- a/lib/pleroma/web/mastodon_api/views/account_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/account_view.ex
@ -40,7 +40,7 @@ def render("relationship.json", %{user: %User{} = user, target: %User{} = target
    follow_activity = Pleroma.Web.ActivityPub.Utils.fetch_latest_follow(user, target)
    requested =
-      if follow_activity do
+      if follow_activity && !User.following?(target, user) do
        follow_activity.data["state"] == "pending"
      else
        false
@ -112,7 +112,7 @@ defp do_render("account.json", %{user: user} = opts) do
      fields: fields,
      bot: bot,
      source: %{
-        note: "",
+        note: HTML.strip_tags((user.bio || "") |> String.replace("<br>", "\n")),
        sensitive: false,
        pleroma: %{}
      },
--- a/lib/pleroma/web/mastodon_api/views/status_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/status_view.ex
@ -16,6 +16,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
  alias Pleroma.Web.MastodonAPI.StatusView
  alias Pleroma.Web.MediaProxy
  import Pleroma.Web.ActivityPub.Visibility, only: [get_visibility: 1]
  # TODO: Add cached version.
  defp get_replied_to_activities(activities) do
    activities
@ -155,6 +157,12 @@ def render("status.json", %{activity: %{data: %{"object" => _object}} = activity
    bookmarked = Activity.get_bookmark(activity, opts[:for]) != nil
    thread_muted? =
      case activity.thread_muted? do
        thread_muted? when is_boolean(thread_muted?) -> thread_muted?
        nil -> CommonAPI.thread_muted?(user, activity)
      end
    attachment_data = object.data["attachment"] || []
    attachments = render_many(attachment_data, StatusView, "attachment.json", as: :attachment)
@ -226,7 +234,7 @@ def render("status.json", %{activity: %{data: %{"object" => _object}} = activity
      reblogged: reblogged?(activity, opts[:for]),
      favourited: present?(favorited),
      bookmarked: present?(bookmarked),
-      muted: CommonAPI.thread_muted?(user, activity) || User.mutes?(opts[:for], user),
+      muted: thread_muted? || User.mutes?(opts[:for], user),
      pinned: pinned?(activity, user),
      sensitive: sensitive,
      spoiler_text: summary_html,
@ -340,30 +348,6 @@ def get_reply_to(%{data: %{"object" => _object}} = activity, _) do
    end
  end
  def get_visibility(object) do
    public = "https://www.w3.org/ns/activitystreams#Public"
    to = object.data["to"] || []
    cc = object.data["cc"] || []
    cond do
      public in to ->
        "public"
      public in cc ->
        "unlisted"
      # this should use the sql for the object's activity
      Enum.any?(to, &String.contains?(&1, "/followers")) ->
        "private"
      length(cc) > 0 ->
        "private"
      true ->
        "direct"
    end
  end
  def render_content(%{data: %{"type" => "Video"}} = object) do
    with name when not is_nil(name) and name != "" <- object.data["name"] do
      "<p><a href=\"#{object.data["id"]}\">#{name}</a></p>#{object.data["content"]}"
--- a/lib/pleroma/web/mongooseim/mongoose_im_controller.ex
+++ b/lib/pleroma/web/mongooseim/mongoose_im_controller.ex
@ -0,0 +1,41 @@
 # Pleroma: A lightweight social networking server
 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Web.MongooseIM.MongooseIMController do
  use Pleroma.Web, :controller
  alias Comeonin.Pbkdf2
  alias Pleroma.Repo
  alias Pleroma.User
  def user_exists(conn, %{"user" => username}) do
    with %User{} <- Repo.get_by(User, nickname: username, local: true) do
      conn
      |> json(true)
    else
      _ ->
        conn
        |> put_status(:not_found)
        |> json(false)
    end
  end
  def check_password(conn, %{"user" => username, "pass" => password}) do
    with %User{password_hash: password_hash} <-
           Repo.get_by(User, nickname: username, local: true),
         true <- Pbkdf2.checkpw(password, password_hash) do
      conn
      |> json(true)
    else
      false ->
        conn
        |> put_status(403)
        |> json(false)
      _ ->
        conn
        |> put_status(:not_found)
        |> json(false)
    end
  end
 end
--- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
+++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
@ -10,8 +10,7 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do
  alias Pleroma.User
  alias Pleroma.Web
  alias Pleroma.Web.ActivityPub.MRF
-
+  alias Pleroma.Web.Federator.Publisher
  plug(Pleroma.Web.FederatingPlug)
  def schemas(conn, _params) do
    response = %{
@ -137,7 +136,7 @@ def raw_nodeinfo do
        name: Pleroma.Application.name() |> String.downcase(),
        version: Pleroma.Application.version()
      },
-      protocols: ["ostatus", "activitypub"],
+      protocols: Publisher.gather_nodeinfo_protocol_names(),
      services: %{
        inbound: [],
        outbound: []
--- a/lib/pleroma/web/oauth/app.ex
+++ b/lib/pleroma/web/oauth/app.ex
@ -7,6 +7,7 @@ defmodule Pleroma.Web.OAuth.App do
  import Ecto.Changeset
  @type t :: %__MODULE__{}
  schema "apps" do
    field(:client_name, :string)
    field(:redirect_uris, :string)
--- a/lib/pleroma/web/oauth/authorization.ex
+++ b/lib/pleroma/web/oauth/authorization.ex
@ -14,39 +14,57 @@ defmodule Pleroma.Web.OAuth.Authorization do
  import Ecto.Query
  @type t :: %__MODULE__{}
  schema "oauth_authorizations" do
    field(:token, :string)
    field(:scopes, {:array, :string}, default: [])
    field(:valid_until, :naive_datetime_usec)
    field(:used, :boolean, default: false)
-    belongs_to(:user, Pleroma.User, type: Pleroma.FlakeId)
+    belongs_to(:user, User, type: Pleroma.FlakeId)
    belongs_to(:app, App)
    timestamps()
  end
  @spec create_authorization(App.t(), User.t() | %{}, [String.t()] | nil) ::
          {:ok, Authorization.t()} | {:error, Changeset.t()}
  def create_authorization(%App{} = app, %User{} = user, scopes \\ nil) do
-    scopes = scopes || app.scopes
+    %{
-    token = :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
+      scopes: scopes || app.scopes,
    authorization = %Authorization{
      token: token,
      used: false,
      user_id: user.id,
-      app_id: app.id,
+      app_id: app.id
      scopes: scopes,
      valid_until: NaiveDateTime.add(NaiveDateTime.utc_now(), 60 * 10)
    }
-
+    |> create_changeset()
-    Repo.insert(authorization)
+    |> Repo.insert()
  end
  @spec create_changeset(map()) :: Changeset.t()
  def create_changeset(attrs \\ %{}) do
    %Authorization{}
    |> cast(attrs, [:user_id, :app_id, :scopes, :valid_until])
    |> validate_required([:app_id, :scopes])
    |> add_token()
    |> add_lifetime()
  end
  defp add_token(changeset) do
    token = :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
    put_change(changeset, :token, token)
  end
  defp add_lifetime(changeset) do
    put_change(changeset, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), 60 * 10))
  end
  @spec use_changeset(Authtorizatiton.t(), map()) :: Changeset.t()
  def use_changeset(%Authorization{} = auth, params) do
    auth
    |> cast(params, [:used])
    |> validate_required([:used])
  end
  @spec use_token(Authorization.t()) ::
          {:ok, Authorization.t()} | {:error, Changeset.t()} | {:error, String.t()}
  def use_token(%Authorization{used: false, valid_until: valid_until} = auth) do
    if NaiveDateTime.diff(NaiveDateTime.utc_now(), valid_until) < 0 do
      Repo.update(use_changeset(auth, %{used: true}))
@ -57,6 +75,7 @@ def use_token(%Authorization{used: false, valid_until: valid_until} = auth) do
  def use_token(%Authorization{used: true}), do: {:error, "already used"}
  @spec delete_user_authorizations(User.t()) :: {integer(), any()}
  def delete_user_authorizations(%User{id: user_id}) do
    from(
      a in Pleroma.Web.OAuth.Authorization,
--- a/lib/pleroma/web/oauth/oauth_controller.ex
+++ b/lib/pleroma/web/oauth/oauth_controller.ex
@ -19,8 +19,6 @@ defmodule Pleroma.Web.OAuth.OAuthController do
  if Pleroma.Config.oauth_consumer_enabled?(), do: plug(Ueberauth)
  @expires_in Pleroma.Config.get([:oauth2, :token_expires_in], 600)
  plug(:fetch_session)
  plug(:fetch_flash)
@ -144,14 +142,14 @@ defp handle_create_authorization_error(conn, error, %{"authorization" => _}) do
  @doc "Renew access_token with refresh_token"
  def token_exchange(
        conn,
-        %{"grant_type" => "refresh_token", "refresh_token" => token} = params
+        %{"grant_type" => "refresh_token", "refresh_token" => token} = _params
      ) do
-    with %App{} = app <- get_app_from_request(conn, params),
+    with {:ok, app} <- Token.Utils.fetch_app(conn),
         {:ok, %{user: user} = token} <- Token.get_by_refresh_token(app, token),
         {:ok, token} <- RefreshToken.grant(token) do
      response_attrs = %{created_at: Token.Utils.format_created_at(token)}
-      json(conn, response_token(user, token, response_attrs))
+      json(conn, Token.Response.build(user, token, response_attrs))
    else
      _error ->
        put_status(conn, 400)
@ -160,14 +158,14 @@ def token_exchange(
  end
  def token_exchange(conn, %{"grant_type" => "authorization_code"} = params) do
-    with %App{} = app <- get_app_from_request(conn, params),
+    with {:ok, app} <- Token.Utils.fetch_app(conn),
         fixed_token = Token.Utils.fix_padding(params["code"]),
         {:ok, auth} <- Authorization.get_by_token(app, fixed_token),
         %User{} = user <- User.get_cached_by_id(auth.user_id),
         {:ok, token} <- Token.exchange_token(app, auth) do
      response_attrs = %{created_at: Token.Utils.format_created_at(token)}
-      json(conn, response_token(user, token, response_attrs))
+      json(conn, Token.Response.build(user, token, response_attrs))
    else
      _error ->
        put_status(conn, 400)
@ -179,14 +177,14 @@ def token_exchange(
        conn,
        %{"grant_type" => "password"} = params
      ) do
-    with {_, {:ok, %User{} = user}} <- {:get_user, Authenticator.get_user(conn)},
+    with {:ok, %User{} = user} <- Authenticator.get_user(conn),
-         %App{} = app <- get_app_from_request(conn, params),
+         {:ok, app} <- Token.Utils.fetch_app(conn),
         {:auth_active, true} <- {:auth_active, User.auth_active?(user)},
         {:user_active, true} <- {:user_active, !user.info.deactivated},
         {:ok, scopes} <- validate_scopes(app, params),
         {:ok, auth} <- Authorization.create_authorization(app, user, scopes),
         {:ok, token} <- Token.exchange_token(app, auth) do
-      json(conn, response_token(user, token))
+      json(conn, Token.Response.build(user, token))
    else
      {:auth_active, false} ->
        # Per https://github.com/tootsuite/mastodon/blob/
@ -218,11 +216,23 @@ def token_exchange(
    token_exchange(conn, params)
  end
  def token_exchange(conn, %{"grant_type" => "client_credentials"} = _params) do
    with {:ok, app} <- Token.Utils.fetch_app(conn),
         {:ok, auth} <- Authorization.create_authorization(app, %User{}),
         {:ok, token} <- Token.exchange_token(app, auth) do
      json(conn, Token.Response.build_for_client_credentials(token))
    else
      _error ->
        put_status(conn, 400)
        |> json(%{error: "Invalid credentials"})
    end
  end
  # Bad request
  def token_exchange(conn, params), do: bad_request(conn, params)
  def token_revoke(conn, %{"token" => _token} = params) do
-    with %App{} = app <- get_app_from_request(conn, params),
+    with {:ok, app} <- Token.Utils.fetch_app(conn),
         {:ok, _token} <- RevokeToken.revoke(app, params) do
      json(conn, %{})
    else
@ -252,7 +262,7 @@ def prepare_request(conn, %{"provider" => provider, "authorization" => auth_attr
      auth_attrs
      |> Map.delete("scopes")
      |> Map.put("scope", scope)
-      |> Poison.encode!()
+      |> Jason.encode!()
    params =
      auth_attrs
@ -316,7 +326,7 @@ def callback(conn, params) do
  end
  defp callback_params(%{"state" => state} = params) do
-    Map.merge(params, Poison.decode!(state))
+    Map.merge(params, Jason.decode!(state))
  end
  def registration_details(conn, %{"authorization" => auth_attrs}) do
@ -405,33 +415,6 @@ defp do_create_authorization(
    end
  end
  defp get_app_from_request(conn, params) do
    conn
    |> fetch_client_credentials(params)
    |> fetch_client
  end
  defp fetch_client({id, secret}) when is_binary(id) and is_binary(secret) do
    Repo.get_by(App, client_id: id, client_secret: secret)
  end
  defp fetch_client({_id, _secret}), do: nil
  defp fetch_client_credentials(conn, params) do
    # Per RFC 6749, HTTP Basic is preferred to body params
    with ["Basic " <> encoded] <- get_req_header(conn, "authorization"),
         {:ok, decoded} <- Base.decode64(encoded),
         [id, secret] <-
           Enum.map(
             String.split(decoded, ":"),
             fn s -> URI.decode_www_form(s) end
           ) do
      {id, secret}
    else
      _ -> {params["client_id"], params["client_secret"]}
    end
  end
  # Special case: Local MastodonFE
  defp redirect_uri(conn, "."), do: mastodon_api_url(conn, :login)
@ -442,18 +425,6 @@ defp get_session_registration_id(conn), do: get_session(conn, :registration_id)
  defp put_session_registration_id(conn, registration_id),
    do: put_session(conn, :registration_id, registration_id)
  defp response_token(%User{} = user, token, opts \\ %{}) do
    %{
      token_type: "Bearer",
      access_token: token.token,
      refresh_token: token.refresh_token,
      expires_in: @expires_in,
      scope: Enum.join(token.scopes, " "),
      me: user.ap_id
    }
    |> Map.merge(opts)
  end
  @spec validate_scopes(App.t(), map()) ::
          {:ok, list()} | {:error, :missing_scopes | :unsupported_scopes}
  defp validate_scopes(app, params) do
--- a/lib/pleroma/web/oauth/token.ex
+++ b/lib/pleroma/web/oauth/token.ex
@ -5,7 +5,6 @@
 defmodule Pleroma.Web.OAuth.Token do
  use Ecto.Schema
  import Ecto.Query
  import Ecto.Changeset
  alias Pleroma.Repo
@ -13,6 +12,7 @@ defmodule Pleroma.Web.OAuth.Token do
  alias Pleroma.Web.OAuth.App
  alias Pleroma.Web.OAuth.Authorization
  alias Pleroma.Web.OAuth.Token
  alias Pleroma.Web.OAuth.Token.Query
  @expires_in Pleroma.Config.get([:oauth2, :token_expires_in], 600)
  @type t :: %__MODULE__{}
@ -22,7 +22,7 @@ defmodule Pleroma.Web.OAuth.Token do
    field(:refresh_token, :string)
    field(:scopes, {:array, :string}, default: [])
    field(:valid_until, :naive_datetime_usec)
-    belongs_to(:user, Pleroma.User, type: Pleroma.FlakeId)
+    belongs_to(:user, User, type: Pleroma.FlakeId)
    belongs_to(:app, App)
    timestamps()
@ -31,26 +31,30 @@ defmodule Pleroma.Web.OAuth.Token do
  @doc "Gets token for app by access token"
  @spec get_by_token(App.t(), String.t()) :: {:ok, t()} | {:error, :not_found}
  def get_by_token(%App{id: app_id} = _app, token) do
-    from(t in __MODULE__, where: t.app_id == ^app_id and t.token == ^token)
+    Query.get_by_app(app_id)
    |> Query.get_by_token(token)
    |> Repo.find_resource()
  end
  @doc "Gets token for app by refresh token"
  @spec get_by_refresh_token(App.t(), String.t()) :: {:ok, t()} | {:error, :not_found}
  def get_by_refresh_token(%App{id: app_id} = _app, token) do
-    from(t in __MODULE__,
+    Query.get_by_app(app_id)
-      where: t.app_id == ^app_id and t.refresh_token == ^token,
+    |> Query.get_by_refresh_token(token)
-      preload: [:user]
+    |> Query.preload([:user])
    )
    |> Repo.find_resource()
  end
  @spec exchange_token(App.t(), Authorization.t()) ::
          {:ok, Token.t()} | {:error, Changeset.t()}
  def exchange_token(app, auth) do
    with {:ok, auth} <- Authorization.use_token(auth),
         true <- auth.app_id == app.id do
      user = if auth.user_id, do: User.get_cached_by_id(auth.user_id), else: %User{}
      create_token(
        app,
-        User.get_cached_by_id(auth.user_id),
+        user,
        %{scopes: auth.scopes}
      )
    end
@ -81,40 +85,37 @@ defp put_valid_until(changeset, attrs) do
    |> validate_required([:valid_until])
  end
  @spec create_token(App.t(), User.t(), map()) :: {:ok, Token} | {:error, Changeset.t()}
  def create_token(%App{} = app, %User{} = user, attrs \\ %{}) do
    %__MODULE__{user_id: user.id, app_id: app.id}
    |> cast(%{scopes: attrs[:scopes] || app.scopes}, [:scopes])
-    |> validate_required([:scopes, :user_id, :app_id])
+    |> validate_required([:scopes, :app_id])
    |> put_valid_until(attrs)
-    |> put_token
+    |> put_token()
    |> put_refresh_token(attrs)
    |> Repo.insert()
  end
  def delete_user_tokens(%User{id: user_id}) do
-    from(
+    Query.get_by_user(user_id)
      t in Token,
      where: t.user_id == ^user_id
    )
    |> Repo.delete_all()
  end
  def delete_user_token(%User{id: user_id}, token_id) do
-    from(
+    Query.get_by_user(user_id)
-      t in Token,
+    |> Query.get_by_id(token_id)
-      where: t.user_id == ^user_id,
+    |> Repo.delete_all()
-      where: t.id == ^token_id
+  end
-    )
+
  def delete_expired_tokens do
    Query.get_expired_tokens()
    |> Repo.delete_all()
  end
  def get_user_tokens(%User{id: user_id}) do
-    from(
+    Query.get_by_user(user_id)
-      t in Token,
+    |> Query.preload([:app])
      where: t.user_id == ^user_id
    )
    |> Repo.all()
    |> Repo.preload(:app)
  end
  def is_expired?(%__MODULE__{valid_until: valid_until}) do
--- a/lib/pleroma/web/oauth/token/clean_worker.ex
+++ b/lib/pleroma/web/oauth/token/clean_worker.ex
@ -0,0 +1,41 @@
 # Pleroma: A lightweight social networking server
 # Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Web.OAuth.Token.CleanWorker do
  @moduledoc """
  The module represents functions to clean an expired oauth tokens.
  """
  # 10 seconds
  @start_interval 10_000
  @interval Pleroma.Config.get(
              # 24 hours
              [:oauth2, :clean_expired_tokens_interval],
              86_400_000
            )
  @queue :background
  alias Pleroma.Web.OAuth.Token
  def start_link, do: GenServer.start_link(__MODULE__, nil)
  def init(_) do
    if Pleroma.Config.get([:oauth2, :clean_expired_tokens], false) do
      Process.send_after(self(), :perform, @start_interval)
      {:ok, nil}
    else
      :ignore
    end
  end
  @doc false
  def handle_info(:perform, state) do
    Process.send_after(self(), :perform, @interval)
    PleromaJobQueue.enqueue(@queue, __MODULE__, [:clean])
    {:noreply, state}
  end
  # Job Worker Callbacks
  def perform(:clean), do: Token.delete_expired_tokens()
 end
--- a/lib/pleroma/web/oauth/token/query.ex
+++ b/lib/pleroma/web/oauth/token/query.ex
@ -0,0 +1,55 @@
 # Pleroma: A lightweight social networking server
 # Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Web.OAuth.Token.Query do
  @moduledoc """
  Contains queries for OAuth Token.
  """
  import Ecto.Query, only: [from: 2]
  @type query :: Ecto.Queryable.t() | Token.t()
  alias Pleroma.Web.OAuth.Token
  @spec get_by_refresh_token(query, String.t()) :: query
  def get_by_refresh_token(query \\ Token, refresh_token) do
    from(q in query, where: q.refresh_token == ^refresh_token)
  end
  @spec get_by_token(query, String.t()) :: query
  def get_by_token(query \\ Token, token) do
    from(q in query, where: q.token == ^token)
  end
  @spec get_by_app(query, String.t()) :: query
  def get_by_app(query \\ Token, app_id) do
    from(q in query, where: q.app_id == ^app_id)
  end
  @spec get_by_id(query, String.t()) :: query
  def get_by_id(query \\ Token, id) do
    from(q in query, where: q.id == ^id)
  end
  @spec get_expired_tokens(query, DateTime.t() | nil) :: query
  def get_expired_tokens(query \\ Token, date \\ nil) do
    expired_date = date || Timex.now()
    from(q in query, where: fragment("?", q.valid_until) < ^expired_date)
  end
  @spec get_by_user(query, String.t()) :: query
  def get_by_user(query \\ Token, user_id) do
    from(q in query, where: q.user_id == ^user_id)
  end
  @spec preload(query, any) :: query
  def preload(query \\ Token, assoc_preload \\ [])
  def preload(query, assoc_preload) when is_list(assoc_preload) do
    from(q in query, preload: ^assoc_preload)
  end
  def preload(query, _assoc_preload), do: query
 end
--- a/lib/pleroma/web/oauth/token/response.ex
+++ b/lib/pleroma/web/oauth/token/response.ex
@ -0,0 +1,32 @@
 defmodule Pleroma.Web.OAuth.Token.Response do
  @moduledoc false
  alias Pleroma.User
  alias Pleroma.Web.OAuth.Token.Utils
  @expires_in Pleroma.Config.get([:oauth2, :token_expires_in], 600)
  @doc false
  def build(%User{} = user, token, opts \\ %{}) do
    %{
      token_type: "Bearer",
      access_token: token.token,
      refresh_token: token.refresh_token,
      expires_in: @expires_in,
      scope: Enum.join(token.scopes, " "),
      me: user.ap_id
    }
    |> Map.merge(opts)
  end
  def build_for_client_credentials(token) do
    %{
      token_type: "Bearer",
      access_token: token.token,
      refresh_token: token.refresh_token,
      created_at: Utils.format_created_at(token),
      expires_in: @expires_in,
      scope: Enum.join(token.scopes, " ")
    }
  end
 end
--- a/lib/pleroma/web/oauth/token/utils.ex
+++ b/lib/pleroma/web/oauth/token/utils.ex
@ -3,6 +3,44 @@ defmodule Pleroma.Web.OAuth.Token.Utils do
  Auxiliary functions for dealing with tokens.
  """
  alias Pleroma.Repo
  alias Pleroma.Web.OAuth.App
  @doc "Fetch app by client credentials from request"
  @spec fetch_app(Plug.Conn.t()) :: {:ok, App.t()} | {:error, :not_found}
  def fetch_app(conn) do
    res =
      conn
      |> fetch_client_credentials()
      |> fetch_client
    case res do
      %App{} = app -> {:ok, app}
      _ -> {:error, :not_found}
    end
  end
  defp fetch_client({id, secret}) when is_binary(id) and is_binary(secret) do
    Repo.get_by(App, client_id: id, client_secret: secret)
  end
  defp fetch_client({_id, _secret}), do: nil
  defp fetch_client_credentials(conn) do
    # Per RFC 6749, HTTP Basic is preferred to body params
    with ["Basic " <> encoded] <- Plug.Conn.get_req_header(conn, "authorization"),
         {:ok, decoded} <- Base.decode64(encoded),
         [id, secret] <-
           Enum.map(
             String.split(decoded, ":"),
             fn s -> URI.decode_www_form(s) end
           ) do
      {id, secret}
    else
      _ -> {conn.params["client_id"], conn.params["client_secret"]}
    end
  end
  @doc "convert token inserted_at to unix timestamp"
  def format_created_at(%{inserted_at: inserted_at} = _token) do
    inserted_at
--- a/lib/pleroma/web/ostatus/activity_representer.ex
+++ b/lib/pleroma/web/ostatus/activity_representer.ex
@ -18,15 +18,18 @@ defp get_href(id) do
    end
  end
-  defp get_in_reply_to(%{"object" => %{"inReplyTo" => in_reply_to}}) do
+  defp get_in_reply_to(activity) do
-    [
+    with %Object{data: %{"inReplyTo" => in_reply_to}} <- Object.normalize(activity) do
-      {:"thr:in-reply-to",
+      [
-       [ref: to_charlist(in_reply_to), href: to_charlist(get_href(in_reply_to))], []}
+        {:"thr:in-reply-to",
-    ]
+         [ref: to_charlist(in_reply_to), href: to_charlist(get_href(in_reply_to))], []}
      ]
    else
      _ ->
        []
    end
  end
  defp get_in_reply_to(_), do: []
  defp get_mentions(to) do
    Enum.map(to, fn id ->
      cond do
@ -98,7 +101,7 @@ def to_simple_form(%{data: %{"type" => "Create"}} = activity, user, with_author)
         []}
      end)
-    in_reply_to = get_in_reply_to(activity.data)
+    in_reply_to = get_in_reply_to(activity)
    author = if with_author, do: [{:author, UserRepresenter.to_simple_form(user)}], else: []
    mentions = activity.recipients |> get_mentions
@ -146,7 +149,6 @@ def to_simple_form(%{data: %{"type" => "Like"}} = activity, user, with_author) d
    updated_at = activity.data["published"]
    inserted_at = activity.data["published"]
    _in_reply_to = get_in_reply_to(activity.data)
    author = if with_author, do: [{:author, UserRepresenter.to_simple_form(user)}], else: []
    mentions = activity.recipients |> get_mentions
@ -177,7 +179,6 @@ def to_simple_form(%{data: %{"type" => "Announce"}} = activity, user, with_autho
    updated_at = activity.data["published"]
    inserted_at = activity.data["published"]
    _in_reply_to = get_in_reply_to(activity.data)
    author = if with_author, do: [{:author, UserRepresenter.to_simple_form(user)}], else: []
    retweeted_activity = Activity.get_create_by_object_ap_id(activity.data["object"])
--- a/lib/pleroma/web/ostatus/ostatus.ex
+++ b/lib/pleroma/web/ostatus/ostatus.ex
@ -3,19 +3,19 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Web.OStatus do
  @httpoison Application.get_env(:pleroma, :httpoison)
  import Ecto.Query
  import Pleroma.Web.XML
  require Logger
  alias Pleroma.Activity
  alias Pleroma.HTTP
  alias Pleroma.Object
  alias Pleroma.Repo
  alias Pleroma.User
  alias Pleroma.Web
  alias Pleroma.Web.ActivityPub.ActivityPub
  alias Pleroma.Web.ActivityPub.Transmogrifier
  alias Pleroma.Web.ActivityPub.Visibility
  alias Pleroma.Web.OStatus.DeleteHandler
  alias Pleroma.Web.OStatus.FollowHandler
  alias Pleroma.Web.OStatus.NoteHandler
@ -30,7 +30,7 @@ def is_representable?(%Activity{} = activity) do
      is_nil(object) ->
        false
-      object.data["type"] == "Note" ->
+      Visibility.is_public?(activity) && object.data["type"] == "Note" ->
        true
      true ->
@ -362,7 +362,7 @@ def get_atom_url(body) do
  def fetch_activity_from_atom_url(url) do
    with true <- String.starts_with?(url, "http"),
         {:ok, %{body: body, status: code}} when code in 200..299 <-
-           @httpoison.get(
+           HTTP.get(
             url,
             [{:Accept, "application/atom+xml"}]
           ) do
@ -379,7 +379,7 @@ def fetch_activity_from_html_url(url) do
    Logger.debug("Trying to fetch #{url}")
    with true <- String.starts_with?(url, "http"),
-         {:ok, %{body: body}} <- @httpoison.get(url, []),
+         {:ok, %{body: body}} <- HTTP.get(url, []),
         {:ok, atom_url} <- get_atom_url(body) do
      fetch_activity_from_atom_url(atom_url)
    else
--- a/lib/pleroma/web/rich_media/helpers.ex
+++ b/lib/pleroma/web/rich_media/helpers.ex
@ -24,6 +24,7 @@ defp validate_page_url(_), do: :error
  def fetch_data_for_activity(%Activity{data: %{"type" => "Create"}} = activity) do
    with true <- Pleroma.Config.get([:rich_media, :enabled]),
         %Object{} = object <- Object.normalize(activity),
         false <- object.data["sensitive"] || false,
         {:ok, page_url} <- HTML.extract_first_external_url(object, object.data["content"]),
         :ok <- validate_page_url(page_url),
         {:ok, rich_media} <- Parser.parse(page_url) do
@ -34,4 +35,6 @@ def fetch_data_for_activity(%Activity{data: %{"type" => "Create"}} = activity) d
  end
  def fetch_data_for_activity(_), do: %{}
  def perform(:fetch, %Activity{} = activity), do: fetch_data_for_activity(activity)
 end
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@ -84,11 +84,13 @@ defmodule Pleroma.Web.Router do
    plug(Pleroma.Plugs.EnsureUserKeyPlug)
  end
-  pipeline :oauth_read_or_unauthenticated do
+  pipeline :oauth_read_or_public do
    plug(Pleroma.Plugs.OAuthScopesPlug, %{
      scopes: ["read"],
      fallback: :proceed_unauthenticated
    })
    plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
  end
  pipeline :oauth_read do
@ -146,34 +148,60 @@ defmodule Pleroma.Web.Router do
  scope "/api/pleroma/admin", Pleroma.Web.AdminAPI do
    pipe_through([:admin_api, :oauth_write])
-    post("/user/follow", AdminAPIController, :user_follow)
+    post("/users/follow", AdminAPIController, :user_follow)
-    post("/user/unfollow", AdminAPIController, :user_unfollow)
+    post("/users/unfollow", AdminAPIController, :user_unfollow)
    get("/users", AdminAPIController, :list_users)
    get("/users/:nickname", AdminAPIController, :user_show)
    # TODO: to be removed at version 1.0
    delete("/user", AdminAPIController, :user_delete)
    patch("/users/:nickname/toggle_activation", AdminAPIController, :user_toggle_activation)
    post("/user", AdminAPIController, :user_create)
    delete("/users", AdminAPIController, :user_delete)
    post("/users", AdminAPIController, :user_create)
    patch("/users/:nickname/toggle_activation", AdminAPIController, :user_toggle_activation)
    put("/users/tag", AdminAPIController, :tag_users)
    delete("/users/tag", AdminAPIController, :untag_users)
    # TODO: to be removed at version 1.0
    get("/permission_group/:nickname", AdminAPIController, :right_get)
    get("/permission_group/:nickname/:permission_group", AdminAPIController, :right_get)
    post("/permission_group/:nickname/:permission_group", AdminAPIController, :right_add)
    delete("/permission_group/:nickname/:permission_group", AdminAPIController, :right_delete)
-    put("/activation_status/:nickname", AdminAPIController, :set_activation_status)
+    get("/users/:nickname/permission_group", AdminAPIController, :right_get)
    get("/users/:nickname/permission_group/:permission_group", AdminAPIController, :right_get)
    post("/users/:nickname/permission_group/:permission_group", AdminAPIController, :right_add)
    delete(
      "/users/:nickname/permission_group/:permission_group",
      AdminAPIController,
      :right_delete
    )
    put("/users/:nickname/activation_status", AdminAPIController, :set_activation_status)
    post("/relay", AdminAPIController, :relay_follow)
    delete("/relay", AdminAPIController, :relay_unfollow)
-    get("/invite_token", AdminAPIController, :get_invite_token)
+    get("/users/invite_token", AdminAPIController, :get_invite_token)
-    get("/invites", AdminAPIController, :invites)
+    get("/users/invites", AdminAPIController, :invites)
-    post("/revoke_invite", AdminAPIController, :revoke_invite)
+    post("/users/revoke_invite", AdminAPIController, :revoke_invite)
-    post("/email_invite", AdminAPIController, :email_invite)
+    post("/users/email_invite", AdminAPIController, :email_invite)
    # TODO: to be removed at version 1.0
    get("/password_reset", AdminAPIController, :get_password_reset)
    get("/users/:nickname/password_reset", AdminAPIController, :get_password_reset)
    get("/users", AdminAPIController, :list_users)
    get("/users/:nickname", AdminAPIController, :user_show)
    get("/reports", AdminAPIController, :list_reports)
    get("/reports/:id", AdminAPIController, :report_show)
    put("/reports/:id", AdminAPIController, :report_update_state)
    post("/reports/:id/respond", AdminAPIController, :report_respond)
    put("/statuses/:id", AdminAPIController, :status_update)
    delete("/statuses/:id", AdminAPIController, :status_delete)
  end
  scope "/", Pleroma.Web.TwitterAPI do
@ -197,6 +225,7 @@ defmodule Pleroma.Web.Router do
      post("/change_password", UtilController, :change_password)
      post("/delete_account", UtilController, :delete_account)
      put("/notification_settings", UtilController, :update_notificaton_settings)
      post("/disable_account", UtilController, :disable_account)
    end
    scope [] do
@ -323,6 +352,9 @@ defmodule Pleroma.Web.Router do
      post("/pleroma/flavour/:flavour", MastodonAPIController, :set_flavour)
      get("/pleroma/mascot", MastodonAPIController, :get_mascot)
      put("/pleroma/mascot", MastodonAPIController, :set_mascot)
      post("/reports", MastodonAPIController, :reports)
    end
@ -367,6 +399,8 @@ defmodule Pleroma.Web.Router do
  scope "/api/v1", Pleroma.Web.MastodonAPI do
    pipe_through(:api)
    post("/accounts", MastodonAPIController, :account_register)
    get("/instance", MastodonAPIController, :masto_instance)
    get("/instance/peers", MastodonAPIController, :peers)
    post("/apps", MastodonAPIController, :create_app)
@ -380,10 +414,15 @@ defmodule Pleroma.Web.Router do
    get("/trends", MastodonAPIController, :empty_array)
-    get("/accounts/search", MastodonAPIController, :account_search)
+    scope [] do
      pipe_through(:oauth_read)
      get("/search", MastodonAPIController, :search)
      get("/accounts/search", MastodonAPIController, :account_search)
    end
    scope [] do
-      pipe_through(:oauth_read_or_unauthenticated)
+      pipe_through(:oauth_read_or_public)
      get("/timelines/public", MastodonAPIController, :public_timeline)
      get("/timelines/tag/:tag", MastodonAPIController, :hashtag_timeline)
@ -397,14 +436,12 @@ defmodule Pleroma.Web.Router do
      get("/accounts/:id/following", MastodonAPIController, :following)
      get("/accounts/:id", MastodonAPIController, :user)
      get("/search", MastodonAPIController, :search)
      get("/pleroma/accounts/:id/favourites", MastodonAPIController, :user_favourites)
    end
  end
  scope "/api/v2", Pleroma.Web.MastodonAPI do
-    pipe_through([:api, :oauth_read_or_unauthenticated])
+    pipe_through([:api, :oauth_read])
    get("/search", MastodonAPIController, :search2)
  end
@ -434,7 +471,7 @@ defmodule Pleroma.Web.Router do
    )
    scope [] do
-      pipe_through(:oauth_read_or_unauthenticated)
+      pipe_through(:oauth_read_or_public)
      get("/statuses/user_timeline", TwitterAPI.Controller, :user_timeline)
      get("/qvitter/statuses/user_timeline", TwitterAPI.Controller, :user_timeline)
@ -446,13 +483,18 @@ defmodule Pleroma.Web.Router do
      get("/statuses/show/:id", TwitterAPI.Controller, :fetch_status)
      get("/statusnet/conversation/:id", TwitterAPI.Controller, :fetch_conversation)
      get("/search", TwitterAPI.Controller, :search)
      get("/statusnet/tags/timeline/:tag", TwitterAPI.Controller, :public_and_external_timeline)
    end
    scope [] do
      pipe_through(:oauth_read)
      get("/search", TwitterAPI.Controller, :search)
    end
  end
  scope "/api", Pleroma.Web do
-    pipe_through([:api, :oauth_read_or_unauthenticated])
+    pipe_through([:api, :oauth_read_or_public])
    get("/statuses/public_timeline", TwitterAPI.Controller, :public_timeline)
@ -466,7 +508,7 @@ defmodule Pleroma.Web.Router do
  end
  scope "/api", Pleroma.Web, as: :twitter_api_search do
-    pipe_through([:api, :oauth_read_or_unauthenticated])
+    pipe_through([:api, :oauth_read])
    get("/pleroma/search_user", TwitterAPI.Controller, :search_user)
  end
@ -652,7 +694,7 @@ defmodule Pleroma.Web.Router do
    delete("/auth/sign_out", MastodonAPIController, :logout)
    scope [] do
-      pipe_through(:oauth_read_or_unauthenticated)
+      pipe_through(:oauth_read_or_public)
      get("/web/*path", MastodonAPIController, :index)
    end
  end
@ -675,9 +717,15 @@ defmodule Pleroma.Web.Router do
    end
  end
  scope "/", Pleroma.Web.MongooseIM do
    get("/user_exists", MongooseIMController, :user_exists)
    get("/check_password", MongooseIMController, :check_password)
  end
  scope "/", Fallback do
    get("/registration/:token", RedirectController, :registration_page)
    get("/:maybe_nickname_or_id", RedirectController, :redirector_with_meta)
    get("/api*path", RedirectController, :api_not_implemented)
    get("/*path", RedirectController, :redirector)
    options("/*path", RedirectController, :empty)
@ -689,6 +737,12 @@ defmodule Fallback.RedirectController do
  alias Pleroma.User
  alias Pleroma.Web.Metadata
  def api_not_implemented(conn, _params) do
    conn
    |> put_status(404)
    |> json(%{error: "Not implemented"})
  end
  def redirector(conn, _params, code \\ 200) do
    conn
    |> put_resp_content_type("text/html")
--- a/lib/pleroma/web/salmon/salmon.ex
+++ b/lib/pleroma/web/salmon/salmon.ex
@ -3,12 +3,18 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Web.Salmon do
-  @httpoison Application.get_env(:pleroma, :httpoison)
+  @behaviour Pleroma.Web.Federator.Publisher
  use Bitwise
  alias Pleroma.Activity
  alias Pleroma.HTTP
  alias Pleroma.Instances
  alias Pleroma.Keys
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.Visibility
  alias Pleroma.Web.Federator.Publisher
  alias Pleroma.Web.OStatus
  alias Pleroma.Web.OStatus.ActivityRepresenter
  alias Pleroma.Web.XML
@ -83,45 +89,6 @@ def encode_key({:RSAPublicKey, modulus, exponent}) do
    "RSA.#{modulus_enc}.#{exponent_enc}"
  end
  # Native generation of RSA keys is only available since OTP 20+ and in default build conditions
  # We try at compile time to generate natively an RSA key otherwise we fallback on the old way.
  try do
    _ = :public_key.generate_key({:rsa, 2048, 65_537})
    def generate_rsa_pem do
      key = :public_key.generate_key({:rsa, 2048, 65_537})
      entry = :public_key.pem_entry_encode(:RSAPrivateKey, key)
      pem = :public_key.pem_encode([entry]) |> String.trim_trailing()
      {:ok, pem}
    end
  rescue
    _ ->
      def generate_rsa_pem do
        port = Port.open({:spawn, "openssl genrsa"}, [:binary])
        {:ok, pem} =
          receive do
            {^port, {:data, pem}} -> {:ok, pem}
          end
        Port.close(port)
        if Regex.match?(~r/RSA PRIVATE KEY/, pem) do
          {:ok, pem}
        else
          :error
        end
      end
  end
  def keys_from_pem(pem) do
    [private_key_code] = :public_key.pem_decode(pem)
    private_key = :public_key.pem_entry_decode(private_key_code)
    {:RSAPrivateKey, _, modulus, exponent, _, _, _, _, _, _, _} = private_key
    public_key = {:RSAPublicKey, modulus, exponent}
    {:ok, private_key, public_key}
  end
  def encode(private_key, doc) do
    type = "application/atom+xml"
    encoding = "base64url"
@ -165,12 +132,12 @@ def remote_users(%{data: %{"to" => to} = data}) do
  end
  @doc "Pushes an activity to remote account."
-  def send_to_user(%{recipient: %{info: %{salmon: salmon}}} = params),
+  def publish_one(%{recipient: %{info: %{salmon: salmon}}} = params),
-    do: send_to_user(Map.put(params, :recipient, salmon))
+    do: publish_one(Map.put(params, :recipient, salmon))
-  def send_to_user(%{recipient: url, feed: feed, poster: poster} = params) when is_binary(url) do
+  def publish_one(%{recipient: url, feed: feed} = params) when is_binary(url) do
    with {:ok, %{status: code}} when code in 200..299 <-
-           poster.(
+           HTTP.post(
             url,
             feed,
             [{"Content-Type", "application/magic-envelope+xml"}]
@ -184,11 +151,11 @@ def send_to_user(%{recipient: url, feed: feed, poster: poster} = params) when is
      e ->
        unless params[:unreachable_since], do: Instances.set_reachable(url)
        Logger.debug(fn -> "Pushing Salmon to #{url} failed, #{inspect(e)}" end)
-        :error
+        {:error, "Unreachable instance"}
    end
  end
-  def send_to_user(_), do: :noop
+  def publish_one(_), do: :noop
  @supported_activities [
    "Create",
@ -199,13 +166,19 @@ def send_to_user(_), do: :noop
    "Delete"
  ]
  def is_representable?(%Activity{data: %{"type" => type}} = activity)
      when type in @supported_activities,
      do: Visibility.is_public?(activity)
  def is_representable?(_), do: false
  @doc """
  Publishes an activity to remote accounts
  """
-  @spec publish(User.t(), Pleroma.Activity.t(), Pleroma.HTTP.t()) :: none
+  @spec publish(User.t(), Pleroma.Activity.t()) :: none
-  def publish(user, activity, poster \\ &@httpoison.post/3)
+  def publish(user, activity)
-  def publish(%{info: %{keys: keys}} = user, %{data: %{"type" => type}} = activity, poster)
+  def publish(%{info: %{keys: keys}} = user, %{data: %{"type" => type}} = activity)
      when type in @supported_activities do
    feed = ActivityRepresenter.to_simple_form(activity, user, true)
@ -215,7 +188,7 @@ def publish(%{info: %{keys: keys}} = user, %{data: %{"type" => type}} = activity
        |> :xmerl.export_simple(:xmerl_xml)
        |> to_string
-      {:ok, private, _} = keys_from_pem(keys)
+      {:ok, private, _} = Keys.keys_from_pem(keys)
      {:ok, feed} = encode(private, feed)
      remote_users = remote_users(activity)
@ -229,15 +202,29 @@ def publish(%{info: %{keys: keys}} = user, %{data: %{"type" => type}} = activity
      |> Enum.each(fn remote_user ->
        Logger.debug(fn -> "Sending Salmon to #{remote_user.ap_id}" end)
-        Pleroma.Web.Federator.publish_single_salmon(%{
+        Publisher.enqueue_one(__MODULE__, %{
          recipient: remote_user,
          feed: feed,
          poster: poster,
          unreachable_since: reachable_urls_metadata[remote_user.info.salmon]
        })
      end)
    end
  end
-  def publish(%{id: id}, _, _), do: Logger.debug(fn -> "Keys missing for user #{id}" end)
+  def publish(%{id: id}, _), do: Logger.debug(fn -> "Keys missing for user #{id}" end)
  def gather_webfinger_links(%User{} = user) do
    {:ok, _private, public} = Keys.keys_from_pem(user.info.keys)
    magic_key = encode_key(public)
    [
      %{"rel" => "salmon", "href" => OStatus.salmon_path(user)},
      %{
        "rel" => "magic-public-key",
        "href" => "data:application/magic-public-key,#{magic_key}"
      }
    ]
  end
  def gather_nodeinfo_protocol_names, do: []
 end
--- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
@ -173,8 +173,6 @@ def notifications_read(%{assigns: %{user: user}} = conn, %{"id" => notification_
  def config(conn, _params) do
    instance = Pleroma.Config.get(:instance)
    instance_fe = Pleroma.Config.get(:fe)
    instance_chat = Pleroma.Config.get(:chat)
    case get_format(conn) do
      "xml" ->
@ -219,31 +217,7 @@ def config(conn, _params) do
            if(Pleroma.Config.get([:instance, :safe_dm_mentions]), do: "1", else: "0")
        }
-        pleroma_fe =
+        pleroma_fe = Pleroma.Config.get([:frontend_configurations, :pleroma_fe])
          if instance_fe do
            %{
              theme: Keyword.get(instance_fe, :theme),
              background: Keyword.get(instance_fe, :background),
              logo: Keyword.get(instance_fe, :logo),
              logoMask: Keyword.get(instance_fe, :logo_mask),
              logoMargin: Keyword.get(instance_fe, :logo_margin),
              redirectRootNoLogin: Keyword.get(instance_fe, :redirect_root_no_login),
              redirectRootLogin: Keyword.get(instance_fe, :redirect_root_login),
              chatDisabled: !Keyword.get(instance_chat, :enabled),
              showInstanceSpecificPanel: Keyword.get(instance_fe, :show_instance_panel),
              scopeOptionsEnabled: Keyword.get(instance_fe, :scope_options_enabled),
              formattingOptionsEnabled: Keyword.get(instance_fe, :formatting_options_enabled),
              collapseMessageWithSubject:
                Keyword.get(instance_fe, :collapse_message_with_subject),
              hidePostStats: Keyword.get(instance_fe, :hide_post_stats),
              hideUserStats: Keyword.get(instance_fe, :hide_user_stats),
              scopeCopy: Keyword.get(instance_fe, :scope_copy),
              subjectLineBehavior: Keyword.get(instance_fe, :subject_line_behavior),
              alwaysShowSubjectInput: Keyword.get(instance_fe, :always_show_subject_input)
            }
          else
            Pleroma.Config.get([:frontend_configurations, :pleroma_fe])
          end
        managed_config = Keyword.get(instance, :managed_config)
@ -309,8 +283,13 @@ def follow_import(%{assigns: %{user: follower}} = conn, %{"list" => list}) do
           Enum.map(lines, fn line ->
             String.split(line, ",") |> List.first()
           end)
-           |> List.delete("Account address"),
+           |> List.delete("Account address") do
-         {:ok, _} = Task.start(fn -> User.follow_import(follower, followed_identifiers) end) do
+      PleromaJobQueue.enqueue(:background, User, [
        :follow_import,
        follower,
        followed_identifiers
      ])
      json(conn, "job started")
    end
  end
@ -320,8 +299,13 @@ def blocks_import(conn, %{"list" => %Plug.Upload{} = listfile}) do
  end
  def blocks_import(%{assigns: %{user: blocker}} = conn, %{"list" => list}) do
-    with blocked_identifiers <- String.split(list),
+    with blocked_identifiers <- String.split(list) do
-         {:ok, _} = Task.start(fn -> User.blocks_import(blocker, blocked_identifiers) end) do
+      PleromaJobQueue.enqueue(:background, User, [
        :blocks_import,
        blocker,
        blocked_identifiers
      ])
      json(conn, "job started")
    end
  end
@ -360,6 +344,17 @@ def delete_account(%{assigns: %{user: user}} = conn, params) do
    end
  end
  def disable_account(%{assigns: %{user: user}} = conn, params) do
    case CommonAPI.Utils.confirm_current_password(user, params["password"]) do
      {:ok, user} ->
        User.deactivate_async(user)
        json(conn, %{status: "success"})
      {:error, msg} ->
        json(conn, %{error: msg})
    end
  end
  def captcha(conn, _params) do
    json(conn, Pleroma.Captcha.new())
  end
--- a/lib/pleroma/web/twitter_api/twitter_api.ex
+++ b/lib/pleroma/web/twitter_api/twitter_api.ex
@ -128,7 +128,7 @@ def upload(%Plug.Upload{} = file, %User{} = user, format \\ "xml") do
    end
  end
-  def register_user(params) do
+  def register_user(params, opts \\ []) do
    token = params["token"]
    params = %{
@ -162,13 +162,22 @@ def register_user(params) do
      # I have no idea how this error handling works
      {:error, %{error: Jason.encode!(%{captcha: [error]})}}
    else
-      registrations_open = Pleroma.Config.get([:instance, :registrations_open])
+      registration_process(
-      registration_process(registrations_open, params, token)
+        params,
        %{
          registrations_open: Pleroma.Config.get([:instance, :registrations_open]),
          token: token
        },
        opts
      )
    end
  end
-  defp registration_process(registration_open, params, token)
+  defp registration_process(params, %{registrations_open: true}, opts) do
-       when registration_open == false or is_nil(registration_open) do
+    create_user(params, opts)
  end
  defp registration_process(params, %{token: token}, opts) do
    invite =
      unless is_nil(token) do
        Repo.get_by(UserInviteToken, %{token: token})
@ -182,19 +191,15 @@ defp registration_process(registration_open, params, token)
      invite when valid_invite? ->
        UserInviteToken.update_usage!(invite)
-        create_user(params)
+        create_user(params, opts)
      _ ->
        {:error, "Expired token"}
    end
  end
-  defp registration_process(true, params, _token) do
+  defp create_user(params, opts) do
-    create_user(params)
+    changeset = User.register_changeset(%User{}, params, opts)
  end
  defp create_user(params) do
    changeset = User.register_changeset(%User{}, params)
    case User.register(changeset) do
      {:ok, user} ->
@ -231,12 +236,15 @@ def password_reset(nickname_or_email) do
  def get_user(user \\ nil, params) do
    case params do
      %{"user_id" => user_id} ->
-        case target = User.get_cached_by_nickname_or_id(user_id) do
+        case User.get_cached_by_nickname_or_id(user_id) do
          nil ->
            {:error, "No user with such user_id"}
-          _ ->
+          %User{info: %{deactivated: true}} ->
-            {:ok, target}
+            {:error, "User has been disabled"}
          user ->
            {:ok, user}
        end
      %{"screen_name" => nickname} ->
--- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex
+++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex
@ -101,9 +101,7 @@ def friends_timeline(%{assigns: %{user: user}} = conn, params) do
      |> Map.put("blocking_user", user)
      |> Map.put("user", user)
-    activities =
+    activities = ActivityPub.fetch_activities([user.ap_id | user.following], params)
      ActivityPub.fetch_activities([user.ap_id | user.following], params)
      |> ActivityPub.contain_timeline(user)
    conn
    |> put_view(ActivityView)
@ -440,7 +438,7 @@ def confirm_email(conn, %{"user_id" => uid, "token" => token}) do
         true <- user.local,
         true <- user.info.confirmation_pending,
         true <- user.info.confirmation_token == token,
-         info_change <- User.Info.confirmation_changeset(user.info, :confirmed),
+         info_change <- User.Info.confirmation_changeset(user.info, need_confirmation: false),
         changeset <- Changeset.change(user) |> Changeset.put_embed(:info, info_change),
         {:ok, _} <- User.update_and_set_cache(changeset) do
      conn
--- a/lib/pleroma/web/twitter_api/views/activity_view.ex
+++ b/lib/pleroma/web/twitter_api/views/activity_view.ex
@ -284,6 +284,12 @@ def render(
        Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity)
      )
    thread_muted? =
      case activity.thread_muted? do
        thread_muted? when is_boolean(thread_muted?) -> thread_muted?
        nil -> CommonAPI.thread_muted?(user, activity)
      end
    %{
      "id" => activity.id,
      "uri" => object.data["id"],
@ -310,11 +316,11 @@ def render(
      "tags" => tags,
      "activity_type" => "post",
      "possibly_sensitive" => possibly_sensitive,
-      "visibility" => StatusView.get_visibility(object),
+      "visibility" => Pleroma.Web.ActivityPub.Visibility.get_visibility(object),
      "summary" => summary,
      "summary_html" => summary |> Formatter.emojify(object.data["emoji"]),
      "card" => card,
-      "muted" => CommonAPI.thread_muted?(user, activity) || User.mutes?(opts[:for], user)
+      "muted" => thread_muted? || User.mutes?(opts[:for], user)
    }
  end
--- a/lib/pleroma/web/web_finger/web_finger.ex
+++ b/lib/pleroma/web/web_finger/web_finger.ex
@ -3,12 +3,10 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 defmodule Pleroma.Web.WebFinger do
-  @httpoison Application.get_env(:pleroma, :httpoison)
+  alias Pleroma.HTTP
  alias Pleroma.User
  alias Pleroma.Web
-  alias Pleroma.Web.OStatus
+  alias Pleroma.Web.Federator.Publisher
  alias Pleroma.Web.Salmon
  alias Pleroma.Web.XML
  alias Pleroma.XmlBuilder
  require Jason
@ -50,95 +48,44 @@ def webfinger(resource, fmt) when fmt in ["XML", "JSON"] do
    end
  end
  defp gather_links(%User{} = user) do
    [
      %{
        "rel" => "http://webfinger.net/rel/profile-page",
        "type" => "text/html",
        "href" => user.ap_id
      }
    ] ++ Publisher.gather_webfinger_links(user)
  end
  def represent_user(user, "JSON") do
-    {:ok, user} = ensure_keys_present(user)
+    {:ok, user} = User.ensure_keys_present(user)
    {:ok, _private, public} = Salmon.keys_from_pem(user.info.keys)
    magic_key = Salmon.encode_key(public)
    %{
      "subject" => "acct:#{user.nickname}@#{Pleroma.Web.Endpoint.host()}",
      "aliases" => [user.ap_id],
-      "links" => [
+      "links" => gather_links(user)
        %{
          "rel" => "http://schemas.google.com/g/2010#updates-from",
          "type" => "application/atom+xml",
          "href" => OStatus.feed_path(user)
        },
        %{
          "rel" => "http://webfinger.net/rel/profile-page",
          "type" => "text/html",
          "href" => user.ap_id
        },
        %{"rel" => "salmon", "href" => OStatus.salmon_path(user)},
        %{
          "rel" => "magic-public-key",
          "href" => "data:application/magic-public-key,#{magic_key}"
        },
        %{"rel" => "self", "type" => "application/activity+json", "href" => user.ap_id},
        %{
          "rel" => "self",
          "type" => "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"",
          "href" => user.ap_id
        },
        %{
          "rel" => "http://ostatus.org/schema/1.0/subscribe",
          "template" => OStatus.remote_follow_path()
        }
      ]
    }
  end
  def represent_user(user, "XML") do
-    {:ok, user} = ensure_keys_present(user)
+    {:ok, user} = User.ensure_keys_present(user)
-    {:ok, _private, public} = Salmon.keys_from_pem(user.info.keys)
+
-    magic_key = Salmon.encode_key(public)
+    links =
      gather_links(user)
      |> Enum.map(fn link -> {:Link, link} end)
    {
      :XRD,
      %{xmlns: "http://docs.oasis-open.org/ns/xri/xrd-1.0"},
      [
        {:Subject, "acct:#{user.nickname}@#{Pleroma.Web.Endpoint.host()}"},
-        {:Alias, user.ap_id},
+        {:Alias, user.ap_id}
-        {:Link,
+      ] ++ links
         %{
           rel: "http://schemas.google.com/g/2010#updates-from",
           type: "application/atom+xml",
           href: OStatus.feed_path(user)
         }},
        {:Link,
         %{rel: "http://webfinger.net/rel/profile-page", type: "text/html", href: user.ap_id}},
        {:Link, %{rel: "salmon", href: OStatus.salmon_path(user)}},
        {:Link,
         %{rel: "magic-public-key", href: "data:application/magic-public-key,#{magic_key}"}},
        {:Link, %{rel: "self", type: "application/activity+json", href: user.ap_id}},
        {:Link,
         %{rel: "http://ostatus.org/schema/1.0/subscribe", template: OStatus.remote_follow_path()}}
      ]
    }
    |> XmlBuilder.to_doc()
  end
  # This seems a better fit in Salmon
  def ensure_keys_present(user) do
    info = user.info
    if info.keys do
      {:ok, user}
    else
      {:ok, pem} = Salmon.generate_rsa_pem()
      info_cng =
        info
        |> Pleroma.User.Info.set_keys(pem)
      cng =
        Ecto.Changeset.change(user)
        |> Ecto.Changeset.put_embed(:info, info_cng)
      User.update_and_set_cache(cng)
    end
  end
  defp get_magic_key(magic_key) do
    "data:application/magic-public-key," <> magic_key = magic_key
    {:ok, magic_key}
@ -228,11 +175,11 @@ def get_template_from_xml(body) do
  def find_lrdd_template(domain) do
    with {:ok, %{status: status, body: body}} when status in 200..299 <-
-           @httpoison.get("http://#{domain}/.well-known/host-meta", []) do
+           HTTP.get("http://#{domain}/.well-known/host-meta", []) do
      get_template_from_xml(body)
    else
      _ ->
-        with {:ok, %{body: body}} <- @httpoison.get("https://#{domain}/.well-known/host-meta", []) do
+        with {:ok, %{body: body}} <- HTTP.get("https://#{domain}/.well-known/host-meta", []) do
          get_template_from_xml(body)
        else
          e -> {:error, "Can't find LRDD template: #{inspect(e)}"}
@ -261,7 +208,7 @@ def finger(account) do
      end
    with response <-
-           @httpoison.get(
+           HTTP.get(
             address,
             Accept: "application/xrd+xml,application/jrd+json"
           ),
--- a/lib/pleroma/web/websub/websub.ex
+++ b/lib/pleroma/web/websub/websub.ex
@ -4,10 +4,15 @@
 defmodule Pleroma.Web.Websub do
  alias Ecto.Changeset
  alias Pleroma.Activity
  alias Pleroma.HTTP
  alias Pleroma.Instances
  alias Pleroma.Repo
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.Visibility
  alias Pleroma.Web.Endpoint
  alias Pleroma.Web.Federator
  alias Pleroma.Web.Federator.Publisher
  alias Pleroma.Web.OStatus
  alias Pleroma.Web.OStatus.FeedRepresenter
  alias Pleroma.Web.Router.Helpers
@ -18,9 +23,9 @@ defmodule Pleroma.Web.Websub do
  import Ecto.Query
-  @httpoison Application.get_env(:pleroma, :httpoison)
+  @behaviour Pleroma.Web.Federator.Publisher
-  def verify(subscription, getter \\ &@httpoison.get/3) do
+  def verify(subscription, getter \\ &HTTP.get/3) do
    challenge = Base.encode16(:crypto.strong_rand_bytes(8))
    lease_seconds = NaiveDateTime.diff(subscription.valid_until, subscription.updated_at)
    lease_seconds = lease_seconds |> to_string
@ -56,6 +61,13 @@ def verify(subscription, getter \\ &@httpoison.get/3) do
    "Undo",
    "Delete"
  ]
  def is_representable?(%Activity{data: %{"type" => type}} = activity)
      when type in @supported_activities,
      do: Visibility.is_public?(activity)
  def is_representable?(_), do: false
  def publish(topic, user, %{data: %{"type" => type}} = activity)
      when type in @supported_activities do
    response =
@ -88,12 +100,14 @@ def publish(topic, user, %{data: %{"type" => type}} = activity)
        unreachable_since: reachable_callbacks_metadata[sub.callback]
      }
-      Federator.publish_single_websub(data)
+      Publisher.enqueue_one(__MODULE__, data)
    end)
  end
  def publish(_, _, _), do: ""
  def publish(actor, activity), do: publish(Pleroma.Web.OStatus.feed_path(actor), actor, activity)
  def sign(secret, doc) do
    :crypto.hmac(:sha, secret, to_string(doc)) |> Base.encode16() |> String.downcase()
  end
@ -192,7 +206,7 @@ def subscribe(subscriber, subscribed, requester \\ &request_subscription/1) do
    requester.(subscription)
  end
-  def gather_feed_data(topic, getter \\ &@httpoison.get/1) do
+  def gather_feed_data(topic, getter \\ &HTTP.get/1) do
    with {:ok, response} <- getter.(topic),
         status when status in 200..299 <- response.status,
         body <- response.body,
@ -221,7 +235,7 @@ def gather_feed_data(topic, getter \\ &@httpoison.get/1) do
    end
  end
-  def request_subscription(websub, poster \\ &@httpoison.post/3, timeout \\ 10_000) do
+  def request_subscription(websub, poster \\ &HTTP.post/3, timeout \\ 10_000) do
    data = [
      "hub.mode": "subscribe",
      "hub.topic": websub.topic,
@ -279,7 +293,7 @@ def publish_one(%{xml: xml, topic: topic, callback: callback, secret: secret} =
    Logger.info(fn -> "Pushing #{topic} to #{callback}" end)
    with {:ok, %{status: code}} when code in 200..299 <-
-           @httpoison.post(
+           HTTP.post(
             callback,
             xml,
             [
@ -299,4 +313,20 @@ def publish_one(%{xml: xml, topic: topic, callback: callback, secret: secret} =
        {:error, response}
    end
  end
  def gather_webfinger_links(%User{} = user) do
    [
      %{
        "rel" => "http://schemas.google.com/g/2010#updates-from",
        "type" => "application/atom+xml",
        "href" => OStatus.feed_path(user)
      },
      %{
        "rel" => "http://ostatus.org/schema/1.0/subscribe",
        "template" => OStatus.remote_follow_path()
      }
    ]
  end
  def gather_nodeinfo_protocol_names, do: ["ostatus"]
 end
--- a/lib/xml_builder.ex
+++ b/lib/xml_builder.ex
@ -35,6 +35,7 @@ def to_doc(content), do: ~s(<?xml version="1.0" encoding="UTF-8"?>) <> to_xml(co
  defp make_open_tag(tag, attributes) do
    attributes_string =
      for {attribute, value} <- attributes do
        value = String.replace(value, "\"", "&quot;")
        "#{attribute}=\"#{value}\""
      end
      |> Enum.join(" ")
--- a/mix.exs
+++ b/mix.exs
@ -13,6 +13,7 @@ def project do
      start_permanent: Mix.env() == :prod,
      aliases: aliases(),
      deps: deps(),
      test_coverage: [tool: ExCoveralls],
      # Docs
      name: "Pleroma",
@ -41,7 +42,7 @@ def project do
  def application do
    [
      mod: {Pleroma.Application, []},
-      extra_applications: [:logger, :runtime_tools, :comeonin, :esshd, :quack],
+      extra_applications: [:logger, :runtime_tools, :comeonin, :quack],
      included_applications: [:ex_syslogger]
    ]
  end
@ -65,7 +66,7 @@ defp deps do
      {:plug_cowboy, "~> 2.0"},
      {:phoenix_pubsub, "~> 1.1"},
      {:phoenix_ecto, "~> 4.0"},
-      {:ecto_sql, "~>3.0.5"},
+      {:ecto_sql, "~> 3.1"},
      {:postgrex, ">= 0.13.5"},
      {:gettext, "~> 0.15"},
      {:comeonin, "~> 4.1.1"},
@ -104,6 +105,9 @@ defp deps do
      {:auto_linker,
       git: "https://git.pleroma.social/pleroma/auto_linker.git",
       ref: "c00c4e75b35367fa42c95ffd9b8c455bf9995829"},
      {:http_signatures,
       git: "https://git.pleroma.social/pleroma/http_signatures.git",
       ref: "9789401987096ead65646b52b5a2ca6bf52fc531"},
      {:pleroma_job_queue, "~> 0.2.0"},
      {:telemetry, "~> 0.3"},
      {:prometheus_ex, "~> 3.0"},
@ -116,8 +120,10 @@ defp deps do
      {:quantum, "~> 2.3"},
      {:joken, "~> 2.0"},
      {:benchee, "~> 1.0"},
-      {:esshd, "~> 0.1.0"},
+      {:esshd, "~> 0.1.0", runtime: Application.get_env(:esshd, :enabled, false)},
-      {:plug_static_index_html, "~> 1.0.0"}
+      {:ex_rated, "~> 1.2"},
      {:plug_static_index_html, "~> 1.0.0"},
      {:excoveralls, "~> 0.11.1", only: :test}
    ] ++ oauth_deps
  end
--- a/mix.lock
+++ b/mix.lock
@ -21,15 +21,18 @@
  "decimal": {:hex, :decimal, "1.7.0", "30d6b52c88541f9a66637359ddf85016df9eb266170d53105f02e4a67e00c5aa", [:mix], [], "hexpm"},
  "deep_merge": {:hex, :deep_merge, "1.0.0", "b4aa1a0d1acac393bdf38b2291af38cb1d4a52806cf7a4906f718e1feb5ee961", [:mix], [], "hexpm"},
  "earmark": {:hex, :earmark, "1.3.2", "b840562ea3d67795ffbb5bd88940b1bed0ed9fa32834915125ea7d02e35888a5", [:mix], [], "hexpm"},
-  "ecto": {:hex, :ecto, "3.0.8", "9eb6a1fcfc593e6619d45ef51afe607f1554c21ca188a1cd48eecc27223567f1", [:mix], [{:decimal, "~> 1.6", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:poison, "~> 2.2 or ~> 3.0", [hex: :poison, repo: "hexpm", optional: true]}], "hexpm"},
+  "ecto": {:hex, :ecto, "3.1.4", "69d852da7a9f04ede725855a35ede48d158ca11a404fe94f8b2fb3b2162cd3c9", [:mix], [{:decimal, "~> 1.6", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}], "hexpm"},
-  "ecto_sql": {:hex, :ecto_sql, "3.0.5", "7e44172b4f7aca4469f38d7f6a3da394dbf43a1bcf0ca975e958cb957becd74e", [:mix], [{:db_connection, "~> 2.0", [hex: :db_connection, repo: "hexpm", optional: false]}, {:ecto, "~> 3.0.6", [hex: :ecto, repo: "hexpm", optional: false]}, {:mariaex, "~> 0.9.1", [hex: :mariaex, repo: "hexpm", optional: true]}, {:postgrex, "~> 0.14.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.3.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm"},
+  "ecto_sql": {:hex, :ecto_sql, "3.1.3", "2c536139190492d9de33c5fefac7323c5eaaa82e1b9bf93482a14649042f7cd9", [:mix], [{:db_connection, "~> 2.0", [hex: :db_connection, repo: "hexpm", optional: false]}, {:ecto, "~> 3.1.0", [hex: :ecto, repo: "hexpm", optional: false]}, {:mariaex, "~> 0.9.1", [hex: :mariaex, repo: "hexpm", optional: true]}, {:myxql, "~> 0.2.0", [hex: :myxql, repo: "hexpm", optional: true]}, {:postgrex, "~> 0.14.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm"},
  "eternal": {:hex, :eternal, "1.2.1", "d5b6b2499ba876c57be2581b5b999ee9bdf861c647401066d3eeed111d096bc4", [:mix], [], "hexpm"},
  "esshd": {:hex, :esshd, "0.1.0", "6f93a2062adb43637edad0ea7357db2702a4b80dd9683482fe00f5134e97f4c1", [:mix], [], "hexpm"},
  "eternal": {:hex, :eternal, "1.2.0", "e2a6b6ce3b8c248f7dc31451aefca57e3bdf0e48d73ae5043229380a67614c41", [:mix], [], "hexpm"},
  "ex2ms": {:hex, :ex2ms, "1.5.0", "19e27f9212be9a96093fed8cdfbef0a2b56c21237196d26760f11dfcfae58e97", [:mix], [], "hexpm"},
  "ex_aws": {:hex, :ex_aws, "2.1.0", "b92651527d6c09c479f9013caa9c7331f19cba38a650590d82ebf2c6c16a1d8a", [:mix], [{:configparser_ex, "~> 2.0", [hex: :configparser_ex, repo: "hexpm", optional: true]}, {:hackney, "1.6.3 or 1.6.5 or 1.7.1 or 1.8.6 or ~> 1.9", [hex: :hackney, repo: "hexpm", optional: true]}, {:jsx, "~> 2.8", [hex: :jsx, repo: "hexpm", optional: true]}, {:poison, ">= 1.2.0", [hex: :poison, repo: "hexpm", optional: true]}, {:sweet_xml, "~> 0.6", [hex: :sweet_xml, repo: "hexpm", optional: true]}, {:xml_builder, "~> 0.1.0", [hex: :xml_builder, repo: "hexpm", optional: true]}], "hexpm"},
  "ex_aws_s3": {:hex, :ex_aws_s3, "2.0.1", "9e09366e77f25d3d88c5393824e613344631be8db0d1839faca49686e99b6704", [:mix], [{:ex_aws, "~> 2.0", [hex: :ex_aws, repo: "hexpm", optional: false]}, {:sweet_xml, ">= 0.0.0", [hex: :sweet_xml, repo: "hexpm", optional: true]}], "hexpm"},
  "ex_doc": {:hex, :ex_doc, "0.20.2", "1bd0dfb0304bade58beb77f20f21ee3558cc3c753743ae0ddbb0fd7ba2912331", [:mix], [{:earmark, "~> 1.3", [hex: :earmark, repo: "hexpm", optional: false]}, {:makeup_elixir, "~> 0.10", [hex: :makeup_elixir, repo: "hexpm", optional: false]}], "hexpm"},
  "ex_machina": {:hex, :ex_machina, "2.3.0", "92a5ad0a8b10ea6314b876a99c8c9e3f25f4dde71a2a835845b136b9adaf199a", [:mix], [{:ecto, "~> 2.2 or ~> 3.0", [hex: :ecto, repo: "hexpm", optional: true]}, {:ecto_sql, "~> 3.0", [hex: :ecto_sql, repo: "hexpm", optional: true]}], "hexpm"},
  "ex_rated": {:hex, :ex_rated, "1.3.2", "6aeb32abb46ea6076f417a9ce8cb1cf08abf35fb2d42375beaad4dd72b550bf1", [:mix], [{:ex2ms, "~> 1.5", [hex: :ex2ms, repo: "hexpm", optional: false]}], "hexpm"},
  "ex_syslogger": {:git, "https://github.com/slashmili/ex_syslogger.git", "f3963399047af17e038897c69e20d552e6899e1d", [tag: "1.4.0"]},
  "excoveralls": {:hex, :excoveralls, "0.11.1", "dd677fbdd49114fdbdbf445540ec735808250d56b011077798316505064edb2c", [:mix], [{:hackney, "~> 1.0", [hex: :hackney, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm"},
  "floki": {:hex, :floki, "0.20.4", "be42ac911fece24b4c72f3b5846774b6e61b83fe685c2fc9d62093277fb3bc86", [:mix], [{:html_entities, "~> 0.4.0", [hex: :html_entities, repo: "hexpm", optional: false]}, {:mochiweb, "~> 2.15", [hex: :mochiweb, repo: "hexpm", optional: false]}], "hexpm"},
  "gen_smtp": {:hex, :gen_smtp, "0.13.0", "11f08504c4bdd831dc520b8f84a1dce5ce624474a797394e7aafd3c29f5dcd25", [:rebar3], [], "hexpm"},
  "gen_stage": {:hex, :gen_stage, "0.14.1", "9d46723fda072d4f4bb31a102560013f7960f5d80ea44dcb96fd6304ed61e7a4", [:mix], [], "hexpm"},
@ -38,6 +41,7 @@
  "hackney": {:hex, :hackney, "1.15.1", "9f8f471c844b8ce395f7b6d8398139e26ddca9ebc171a8b91342ee15a19963f4", [:rebar3], [{:certifi, "2.5.1", [hex: :certifi, repo: "hexpm", optional: false]}, {:idna, "6.0.0", [hex: :idna, repo: "hexpm", optional: false]}, {:metrics, "1.0.1", [hex: :metrics, repo: "hexpm", optional: false]}, {:mimerl, "~>1.1", [hex: :mimerl, repo: "hexpm", optional: false]}, {:ssl_verify_fun, "1.1.4", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}], "hexpm"},
  "html_entities": {:hex, :html_entities, "0.4.0", "f2fee876858cf6aaa9db608820a3209e45a087c5177332799592142b50e89a6b", [:mix], [], "hexpm"},
  "html_sanitize_ex": {:hex, :html_sanitize_ex, "1.3.0", "f005ad692b717691203f940c686208aa3d8ffd9dd4bb3699240096a51fa9564e", [:mix], [{:mochiweb, "~> 2.15", [hex: :mochiweb, repo: "hexpm", optional: false]}], "hexpm"},
  "http_signatures": {:git, "https://git.pleroma.social/pleroma/http_signatures.git", "9789401987096ead65646b52b5a2ca6bf52fc531", [ref: "9789401987096ead65646b52b5a2ca6bf52fc531"]},
  "httpoison": {:hex, :httpoison, "1.2.0", "2702ed3da5fd7a8130fc34b11965c8cfa21ade2f232c00b42d96d4967c39a3a3", [:mix], [{:hackney, "~> 1.8", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm"},
  "idna": {:hex, :idna, "6.0.0", "689c46cbcdf3524c44d5f3dde8001f364cd7608a99556d8fbd8239a5798d4c10", [:rebar3], [{:unicode_util_compat, "0.4.1", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm"},
  "jason": {:hex, :jason, "1.1.2", "b03dedea67a99223a2eaf9f1264ce37154564de899fd3d8b9a21b1a6fd64afe7", [:mix], [{:decimal, "~> 1.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm"},
@ -67,7 +71,8 @@
  "plug_crypto": {:hex, :plug_crypto, "1.0.0", "18e49317d3fa343f24620ed22795ec29d4a5e602d52d1513ccea0b07d8ea7d4d", [:mix], [], "hexpm"},
  "plug_static_index_html": {:hex, :plug_static_index_html, "1.0.0", "840123d4d3975585133485ea86af73cb2600afd7f2a976f9f5fd8b3808e636a0", [:mix], [{:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm"},
  "poison": {:hex, :poison, "3.1.0", "d9eb636610e096f86f25d9a46f35a9facac35609a7591b3be3326e99a0484665", [:mix], [], "hexpm"},
-  "postgrex": {:hex, :postgrex, "0.14.2", "6680591bbce28d92f043249205e8b01b36cab9ef2a7911abc43649242e1a3b78", [:mix], [{:connection, "~> 1.0", [hex: :connection, repo: "hexpm", optional: false]}, {:db_connection, "~> 2.0", [hex: :db_connection, repo: "hexpm", optional: false]}, {:decimal, "~> 1.5", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}], "hexpm"},
+  "poolboy": {:hex, :poolboy, "1.5.2", "392b007a1693a64540cead79830443abf5762f5d30cf50bc95cb2c1aaafa006b", [:rebar3], [], "hexpm"},
  "postgrex": {:hex, :postgrex, "0.14.3", "5754dee2fdf6e9e508cbf49ab138df964278700b764177e8f3871e658b345a1e", [:mix], [{:connection, "~> 1.0", [hex: :connection, repo: "hexpm", optional: false]}, {:db_connection, "~> 2.0", [hex: :db_connection, repo: "hexpm", optional: false]}, {:decimal, "~> 1.5", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}], "hexpm"},
  "prometheus": {:hex, :prometheus, "4.2.2", "a830e77b79dc6d28183f4db050a7cac926a6c58f1872f9ef94a35cd989aceef8", [:mix, :rebar3], [], "hexpm"},
  "prometheus_ecto": {:hex, :prometheus_ecto, "1.4.1", "6c768ea9654de871e5b32fab2eac348467b3021604ebebbcbd8bcbe806a65ed5", [:mix], [{:ecto, "~> 2.0 or ~> 3.0", [hex: :ecto, repo: "hexpm", optional: false]}, {:prometheus_ex, "~> 1.1 or ~> 2.0 or ~> 3.0", [hex: :prometheus_ex, repo: "hexpm", optional: false]}], "hexpm"},
  "prometheus_ex": {:hex, :prometheus_ex, "3.0.5", "fa58cfd983487fc5ead331e9a3e0aa622c67232b3ec71710ced122c4c453a02f", [:mix], [{:prometheus, "~> 4.0", [hex: :prometheus, repo: "hexpm", optional: false]}], "hexpm"},
@ -82,7 +87,7 @@
  "swarm": {:hex, :swarm, "3.4.0", "64f8b30055d74640d2186c66354b33b999438692a91be275bb89cdc7e401f448", [:mix], [{:gen_state_machine, "~> 2.0", [hex: :gen_state_machine, repo: "hexpm", optional: false]}, {:libring, "~> 1.0", [hex: :libring, repo: "hexpm", optional: false]}], "hexpm"},
  "swoosh": {:hex, :swoosh, "0.23.1", "209b7cc6d862c09d2a064c16caa4d4d1c9c936285476459e16591e0065f8432b", [:mix], [{:cowboy, "~> 1.0.1 or ~> 1.1 or ~> 2.4", [hex: :cowboy, repo: "hexpm", optional: true]}, {:gen_smtp, "~> 0.12", [hex: :gen_smtp, repo: "hexpm", optional: true]}, {:hackney, "~> 1.9", [hex: :hackney, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:mail, "~> 0.2", [hex: :mail, repo: "hexpm", optional: true]}, {:mime, "~> 1.1", [hex: :mime, repo: "hexpm", optional: false]}, {:plug_cowboy, ">= 1.0.0", [hex: :plug_cowboy, repo: "hexpm", optional: true]}], "hexpm"},
  "syslog": {:git, "https://github.com/Vagabond/erlang-syslog.git", "4a6c6f2c996483e86c1320e9553f91d337bcb6aa", [tag: "1.0.5"]},
-  "telemetry": {:hex, :telemetry, "0.3.0", "099a7f3ce31e4780f971b4630a3c22ec66d22208bc090fe33a2a3a6a67754a73", [:rebar3], [], "hexpm"},
+  "telemetry": {:hex, :telemetry, "0.4.0", "8339bee3fa8b91cb84d14c2935f8ecf399ccd87301ad6da6b71c09553834b2ab", [:rebar3], [], "hexpm"},
  "tesla": {:hex, :tesla, "1.2.1", "864783cc27f71dd8c8969163704752476cec0f3a51eb3b06393b3971dc9733ff", [:mix], [{:exjsx, ">= 3.0.0", [hex: :exjsx, repo: "hexpm", optional: true]}, {:fuse, "~> 2.4", [hex: :fuse, repo: "hexpm", optional: true]}, {:hackney, "~> 1.6", [hex: :hackney, repo: "hexpm", optional: true]}, {:ibrowse, "~> 4.4.0", [hex: :ibrowse, repo: "hexpm", optional: true]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: true]}, {:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}, {:poison, ">= 1.0.0", [hex: :poison, repo: "hexpm", optional: true]}], "hexpm"},
  "timex": {:hex, :timex, "3.5.0", "b0a23167da02d0fe4f1a4e104d1f929a00d348502b52432c05de875d0b9cffa5", [:mix], [{:combine, "~> 0.10", [hex: :combine, repo: "hexpm", optional: false]}, {:gettext, "~> 0.10", [hex: :gettext, repo: "hexpm", optional: false]}, {:tzdata, "~> 0.1.8 or ~> 0.5", [hex: :tzdata, repo: "hexpm", optional: false]}], "hexpm"},
  "trailing_format_plug": {:hex, :trailing_format_plug, "0.0.7", "64b877f912cf7273bed03379936df39894149e35137ac9509117e59866e10e45", [:mix], [{:plug, "> 0.12.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm"},
--- a/priv/repo/migrations/20190411094120_add_index_on_user_info_deactivated.exs
+++ b/priv/repo/migrations/20190411094120_add_index_on_user_info_deactivated.exs
@ -0,0 +1,7 @@
 defmodule Pleroma.Repo.Migrations.AddIndexOnUserInfoDeactivated do
  use Ecto.Migration
  def change do
    create(index(:users, ["(info->'deactivated')"], name: :users_deactivated_index, using: :gin))
  end
 end
--- a/priv/repo/migrations/20190511191044_set_default_state_to_reports.exs
+++ b/priv/repo/migrations/20190511191044_set_default_state_to_reports.exs
@ -0,0 +1,19 @@
 defmodule Pleroma.Repo.Migrations.SetDefaultStateToReports do
  use Ecto.Migration
  def up do
    execute """
      UPDATE activities AS a
      SET data = jsonb_set(data, '{state}', '"open"', true)
      WHERE data->>'type' = 'Flag'
    """
  end
  def down do
    execute """
      UPDATE activities AS a
      SET data = data #- '{state}'
      WHERE data->>'type' = 'Flag'
    """
  end
 end
--- a/Show More
+++ b/Show More