Merge branch 'develop' of https://git.pleroma.social/pleroma/pleroma into develop

CHANGELOG.md

@@ -112,12 +112,17 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Mastodon API: Correct `reblogged`, `favourited`, and `bookmarked` values in the reblog status JSON
 - Mastodon API: Exposing default scope of the user to anyone
 - Mastodon API: Make `irreversible` field default to `false` [`POST /api/v1/filters`]
+- Mastodon API: Replace missing non-nullable Card attributes with empty strings
 - User-Agent is now sent correctly for all HTTP requests.
 - MRF: Simple policy now properly delists imported or relayed statuses
 
 ## Removed
 - Configuration: `config :pleroma, :fe` in favor of the more flexible `config :pleroma, :frontend_configurations`
 
+## [0.9.99999] - 2019-05-31
+### Security
+- Mastodon API: Fix lists leaking private posts
+
 ## [0.9.9999] - 2019-04-05
 ### Security
 - Mastodon API: Fix content warnings skipping HTML sanitization

docs/installation/alpine_linux_en.md

@@ -87,7 +87,7 @@ sudo adduser -S -s /bin/false -h /opt/pleroma -H pleroma
 ```shell
 sudo mkdir -p /opt/pleroma
 sudo chown -R pleroma:pleroma /opt/pleroma
-sudo -Hu pleroma git clone https://git.pleroma.social/pleroma/pleroma /opt/pleroma
+sudo -Hu pleroma git clone -b master https://git.pleroma.social/pleroma/pleroma /opt/pleroma
 ```
 
 * Change to the new directory:

docs/installation/arch_linux_en.md

@@ -66,7 +66,7 @@ sudo useradd -r -s /bin/false -m -d /var/lib/pleroma -U pleroma
 ```shell
 sudo mkdir -p /opt/pleroma
 sudo chown -R pleroma:pleroma /opt/pleroma
-sudo -Hu pleroma git clone https://git.pleroma.social/pleroma/pleroma /opt/pleroma
+sudo -Hu pleroma git clone -b master https://git.pleroma.social/pleroma/pleroma /opt/pleroma
 ```
 
 * Change to the new directory:

docs/installation/centos7_en.md

@@ -143,7 +143,7 @@ sudo useradd -r -s /bin/false -m -d /var/lib/pleroma -U pleroma
 ```shell
 sudo mkdir -p /opt/pleroma
 sudo chown -R pleroma:pleroma /opt/pleroma
-sudo -Hu pleroma git clone https://git.pleroma.social/pleroma/pleroma /opt/pleroma
+sudo -Hu pleroma git clone -b master https://git.pleroma.social/pleroma/pleroma /opt/pleroma
 ```
 
 * Change to the new directory:

docs/installation/debian_based_en.md

@@ -68,7 +68,7 @@ sudo useradd -r -s /bin/false -m -d /var/lib/pleroma -U pleroma
 ```shell
 sudo mkdir -p /opt/pleroma
 sudo chown -R pleroma:pleroma /opt/pleroma
-sudo -Hu pleroma git clone https://git.pleroma.social/pleroma/pleroma /opt/pleroma
+sudo -Hu pleroma git clone -b master https://git.pleroma.social/pleroma/pleroma /opt/pleroma
 ```
 
 * Change to the new directory:

docs/installation/debian_based_jp.md

@@ -69,7 +69,7 @@ cd ~
 
 *  Gitリポジトリをクローンします。
 ```
-git clone https://git.pleroma.social/pleroma/pleroma
+git clone -b master https://git.pleroma.social/pleroma/pleroma
 ```
 
 *  新しいディレクトリに移動します。

docs/installation/gentoo_en.md

@@ -106,7 +106,7 @@ It is highly recommended you use your own fork for the `https://path/to/repo` pa
 
 ```shell
  pleroma$ cd ~
- pleroma$ git clone https://path/to/repo
+ pleroma$ git clone -b master https://path/to/repo
 ```
 
 * Change to the new directory:

docs/installation/netbsd_en.md

@@ -58,7 +58,7 @@ Clone the repository:
 
 ```
 $ cd /home/pleroma
-$ git clone https://git.pleroma.social/pleroma/pleroma.git
+$ git clone -b master https://git.pleroma.social/pleroma/pleroma.git
 ```
 
 Configure Pleroma. Note that you need a domain name at this point:

docs/installation/openbsd_en.md

@@ -29,7 +29,7 @@ This creates a "pleroma" login class and sets higher values than default for dat
 Create the \_pleroma user, assign it the pleroma login class and create its home directory (/home/\_pleroma/): `useradd -m -L pleroma _pleroma`
 
 #### Clone pleroma's directory
-Enter a shell as the \_pleroma user. As root, run `su _pleroma -;cd`. Then clone the repository with `git clone https://git.pleroma.social/pleroma/pleroma.git`. Pleroma is now installed in /home/\_pleroma/pleroma/, it will be configured and started at the end of this guide.
+Enter a shell as the \_pleroma user. As root, run `su _pleroma -;cd`. Then clone the repository with `git clone -b master https://git.pleroma.social/pleroma/pleroma.git`. Pleroma is now installed in /home/\_pleroma/pleroma/, it will be configured and started at the end of this guide.
 
 #### Postgresql
 Start a shell as the \_postgresql user (as root run `su _postgresql -` then run the `initdb` command to initialize postgresql:  

docs/installation/openbsd_fi.md

@@ -44,7 +44,7 @@ Vaihda pleroma-käyttäjään ja mene kotihakemistoosi:
 
 Lataa pleroman lähdekoodi:
 
-`$ git clone https://git.pleroma.social/pleroma/pleroma.git`
+`$ git clone -b master https://git.pleroma.social/pleroma/pleroma.git`
 
 `$ cd pleroma`
 

lib/healthcheck.ex

@@ -29,13 +29,13 @@ defmodule Pleroma.Healthcheck do
   end
 
   defp assign_db_info(healthcheck) do
-    database = Application.get_env(:pleroma, Repo)[:database]
+    database = Pleroma.Config.get([Repo, :database])
 
     query =
       "select state, count(pid) from pg_stat_activity where datname = '#{database}' group by state;"
 
     result = Repo.query!(query)
-    pool_size = Application.get_env(:pleroma, Repo)[:pool_size]
+    pool_size = Pleroma.Config.get([Repo, :pool_size])
 
     db_info =
       Enum.reduce(result.rows, %{active: 0, idle: 0}, fn [state, cnt], states ->

lib/pleroma/emoji.ex

@@ -22,7 +22,7 @@ defmodule Pleroma.Emoji do
 
   @ets __MODULE__.Ets
   @ets_options [:ordered_set, :protected, :named_table, {:read_concurrency, true}]
-  @groups Application.get_env(:pleroma, :emoji)[:groups]
+  @groups Pleroma.Config.get([:emoji, :groups])
 
   @doc false
   def start_link do
@@ -112,7 +112,7 @@ defmodule Pleroma.Emoji do
 
     # Compat thing for old custom emoji handling & default emoji,
     # it should run even if there are no emoji packs
-    shortcode_globs = Application.get_env(:pleroma, :emoji)[:shortcode_globs] || []
+    shortcode_globs = Pleroma.Config.get([:emoji, :shortcode_globs], [])
 
     emojis =
       (load_from_file("config/emoji.txt") ++

lib/pleroma/html.ex

@@ -104,7 +104,6 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do
   paragraphs, breaks and links are allowed through the filter.
   """
 
-  @markup Application.get_env(:pleroma, :markup)
   @valid_schemes Pleroma.Config.get([:uri_schemes, :valid_schemes], [])
 
   require HtmlSanitizeEx.Scrubber.Meta
@@ -142,9 +141,7 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do
   Meta.allow_tag_with_these_attributes("span", [])
 
   # allow inline images for custom emoji
-  @allow_inline_images Keyword.get(@markup, :allow_inline_images)
+  if Pleroma.Config.get([:markup, :allow_inline_images]) do
-
-  if @allow_inline_images do
     # restrict img tags to http/https only, because of MediaProxy.
     Meta.allow_tag_with_uri_attributes("img", ["src"], ["http", "https"])
 
@@ -168,7 +165,6 @@ defmodule Pleroma.HTML.Scrubber.Default do
   # credo:disable-for-previous-line
   # No idea how to fix this one…
 
-  @markup Application.get_env(:pleroma, :markup)
   @valid_schemes Pleroma.Config.get([:uri_schemes, :valid_schemes], [])
 
   Meta.remove_cdata_sections_before_scrub()
@@ -213,7 +209,7 @@ defmodule Pleroma.HTML.Scrubber.Default do
   Meta.allow_tag_with_this_attribute_values("span", "class", ["h-card"])
   Meta.allow_tag_with_these_attributes("span", [])
 
-  @allow_inline_images Keyword.get(@markup, :allow_inline_images)
+  @allow_inline_images Pleroma.Config.get([:markup, :allow_inline_images])
 
   if @allow_inline_images do
     # restrict img tags to http/https only, because of MediaProxy.
@@ -228,9 +224,7 @@ defmodule Pleroma.HTML.Scrubber.Default do
     ])
   end
 
-  @allow_tables Keyword.get(@markup, :allow_tables)
+  if Pleroma.Config.get([:markup, :allow_tables]) do
-
-  if @allow_tables do
     Meta.allow_tag_with_these_attributes("table", [])
     Meta.allow_tag_with_these_attributes("tbody", [])
     Meta.allow_tag_with_these_attributes("td", [])
@@ -239,9 +233,7 @@ defmodule Pleroma.HTML.Scrubber.Default do
     Meta.allow_tag_with_these_attributes("tr", [])
   end
 
-  @allow_headings Keyword.get(@markup, :allow_headings)
+  if Pleroma.Config.get([:markup, :allow_headings]) do
-
-  if @allow_headings do
     Meta.allow_tag_with_these_attributes("h1", [])
     Meta.allow_tag_with_these_attributes("h2", [])
     Meta.allow_tag_with_these_attributes("h3", [])
@@ -249,9 +241,7 @@ defmodule Pleroma.HTML.Scrubber.Default do
     Meta.allow_tag_with_these_attributes("h5", [])
   end
 
-  @allow_fonts Keyword.get(@markup, :allow_fonts)
+  if Pleroma.Config.get([:markup, :allow_fonts]) do
-
-  if @allow_fonts do
     Meta.allow_tag_with_these_attributes("font", ["face"])
   end
 

lib/pleroma/http/http.ex

@@ -65,12 +65,9 @@ defmodule Pleroma.HTTP do
   end
 
   def process_request_options(options) do
-    config = Application.get_env(:pleroma, :http, [])
+    case Pleroma.Config.get([:http, :proxy_url]) do
-    proxy = Keyword.get(config, :proxy_url, nil)
-
-    case proxy do
       nil -> options
-      _ -> options ++ [proxy: proxy]
+      proxy -> options ++ [proxy: proxy]
     end
   end
 

lib/pleroma/plugs/federating_plug.ex

@@ -10,7 +10,7 @@ defmodule Pleroma.Web.FederatingPlug do
   end
 
   def call(conn, _opts) do
-    if Keyword.get(Application.get_env(:pleroma, :instance), :federating) do
+    if Pleroma.Config.get([:instance, :federating]) do
       conn
     else
       conn

lib/pleroma/reverse_proxy.ex

@@ -61,7 +61,7 @@ defmodule Pleroma.ReverseProxy do
   * `http`: options for [hackney](https://github.com/benoitc/hackney).
 
   """
-  @hackney Application.get_env(:pleroma, :hackney, :hackney)
+  @hackney Pleroma.Config.get(:hackney, :hackney)
 
   @default_hackney_options []
 

lib/pleroma/user.ex

@@ -366,9 +366,7 @@ defmodule Pleroma.User do
   end
 
   def follow(%User{} = follower, %User{info: info} = followed) do
-    user_config = Application.get_env(:pleroma, :user)
+    deny_follow_blocked = Pleroma.Config.get([:user, :deny_follow_blocked])
-    deny_follow_blocked = Keyword.get(user_config, :deny_follow_blocked)
-
     ap_followers = followed.follower_address
 
     cond do

lib/pleroma/web/activity_pub/activity_pub.ex

@@ -399,16 +399,12 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
   end
 
   def block(blocker, blocked, activity_id \\ nil, local \\ true) do
-    ap_config = Application.get_env(:pleroma, :activitypub)
+    outgoing_blocks = Pleroma.Config.get([:activitypub, :outgoing_blocks])
-    unfollow_blocked = Keyword.get(ap_config, :unfollow_blocked)
+    unfollow_blocked = Pleroma.Config.get([:activitypub, :unfollow_blocked])
-    outgoing_blocks = Keyword.get(ap_config, :outgoing_blocks)
 
-    with true <- unfollow_blocked do
+    if unfollow_blocked do
       follow_activity = fetch_latest_follow(blocker, blocked)
-
+      if follow_activity, do: unfollow(blocker, blocked, nil, local)
-      if follow_activity do
-        unfollow(blocker, blocked, nil, local)
-      end
     end
 
     with true <- outgoing_blocks,
@@ -653,20 +649,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
 
   defp restrict_tag(query, _), do: query
 
-  defp restrict_to_cc(query, recipients_to, recipients_cc) do
-    from(
-      activity in query,
-      where:
-        fragment(
-          "(?->'to' \\?| ?) or (?->'cc' \\?| ?)",
-          activity.data,
-          ^recipients_to,
-          activity.data,
-          ^recipients_cc
-        )
-    )
-  end
-
   defp restrict_recipients(query, [], _user), do: query
 
   defp restrict_recipients(query, recipients, nil) do
@@ -889,9 +871,18 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
     |> Enum.reverse()
   end
 
-  def fetch_activities_bounded(recipients_to, recipients_cc, opts \\ %{}) do
+  def fetch_activities_bounded_query(query, recipients, recipients_with_public) do
+    from(activity in query,
+      where:
+        fragment("? && ?", activity.recipients, ^recipients) or
+          (fragment("? && ?", activity.recipients, ^recipients_with_public) and
+             "https://www.w3.org/ns/activitystreams#Public" in activity.recipients)
+    )
+  end
+
+  def fetch_activities_bounded(recipients, recipients_with_public, opts \\ %{}) do
     fetch_activities_query([], opts)
-    |> restrict_to_cc(recipients_to, recipients_cc)
+    |> fetch_activities_bounded_query(recipients, recipients_with_public)
     |> Pagination.fetch_paginated(opts)
     |> Enum.reverse()
   end

lib/pleroma/web/activity_pub/activity_pub_controller.ex

@@ -27,7 +27,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
   plug(:relay_active? when action in [:relay])
 
   def relay_active?(conn, _) do
-    if Keyword.get(Application.get_env(:pleroma, :instance), :allow_relay) do
+    if Pleroma.Config.get([:instance, :allow_relay]) do
       conn
     else
       conn

lib/pleroma/web/activity_pub/mrf.ex

@@ -17,9 +17,7 @@ defmodule Pleroma.Web.ActivityPub.MRF do
   end
 
   def get_policies do
-    Application.get_env(:pleroma, :instance, [])
+    Pleroma.Config.get([:instance, :rewrite_policy], []) |> get_policies()
-    |> Keyword.get(:rewrite_policy, [])
-    |> get_policies()
   end
 
   defp get_policies(policy) when is_atom(policy), do: [policy]

lib/pleroma/web/activity_pub/transmogrifier.ex

@@ -93,7 +93,10 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
       object
       |> Utils.determine_explicit_mentions()
 
-    explicit_mentions = explicit_mentions ++ ["https://www.w3.org/ns/activitystreams#Public"]
+    follower_collection = User.get_cached_by_ap_id(Containment.get_actor(object)).follower_address
+
+    explicit_mentions =
+      explicit_mentions ++ ["https://www.w3.org/ns/activitystreams#Public", follower_collection]
 
     object
     |> fix_explicit_addressing(explicit_mentions)

lib/pleroma/web/endpoint.ex

@@ -66,7 +66,7 @@ defmodule Pleroma.Web.Endpoint do
     parsers: [:urlencoded, :multipart, :json],
     pass: ["*/*"],
     json_decoder: Jason,
-    length: Application.get_env(:pleroma, :instance) |> Keyword.get(:upload_limit),
+    length: Pleroma.Config.get([:instance, :upload_limit]),
     body_reader: {Pleroma.Web.Plugs.DigestPlug, :read_body, []}
   )
 

lib/pleroma/web/mastodon_api/views/status_view.ex

@@ -290,8 +290,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
       provider_url: page_url_data.scheme <> "://" <> page_url_data.host,
       url: page_url,
       image: image_url |> MediaProxy.url(),
-      title: rich_media[:title],
+      title: rich_media[:title] || "",
-      description: rich_media[:description],
+      description: rich_media[:description] || "",
       pleroma: %{
         opengraph: rich_media
       }

lib/pleroma/web/media_proxy/media_proxy.ex

@@ -12,25 +12,27 @@ defmodule Pleroma.Web.MediaProxy do
   def url("/" <> _ = url), do: url
 
   def url(url) do
-    config = Application.get_env(:pleroma, :media_proxy, [])
+    if !enabled?() or local?(url) or whitelisted?(url) do
-    domain = URI.parse(url).host
-
-    cond do
-      !Keyword.get(config, :enabled, false) or String.starts_with?(url, Pleroma.Web.base_url()) ->
       url
-
+    else
-      Enum.any?(Pleroma.Config.get([:media_proxy, :whitelist]), fn pattern ->
-        String.equivalent?(domain, pattern)
-      end) ->
-        url
-
-      true ->
       encode_url(url)
     end
   end
 
+  defp enabled?, do: Pleroma.Config.get([:media_proxy, :enabled], false)
+
+  defp local?(url), do: String.starts_with?(url, Pleroma.Web.base_url())
+
+  defp whitelisted?(url) do
+    %{host: domain} = URI.parse(url)
+
+    Enum.any?(Pleroma.Config.get([:media_proxy, :whitelist]), fn pattern ->
+      String.equivalent?(domain, pattern)
+    end)
+  end
+
   def encode_url(url) do
-    secret = Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base]
+    secret = Pleroma.Config.get([Pleroma.Web.Endpoint, :secret_key_base])
 
     # Must preserve `%2F` for compatibility with S3
     # https://git.pleroma.social/pleroma/pleroma/issues/580
@@ -52,7 +54,7 @@ defmodule Pleroma.Web.MediaProxy do
   end
 
   def decode_url(sig, url) do
-    secret = Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base]
+    secret = Pleroma.Config.get([Pleroma.Web.Endpoint, :secret_key_base])
     sig = Base.url_decode64!(sig, @base64_opts)
     local_sig = :crypto.hmac(:sha, secret, url)
 

lib/pleroma/web/nodeinfo/nodeinfo_controller.ex

@@ -32,20 +32,15 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do
   # returns a nodeinfo 2.0 map, since 2.1 just adds a repository field
   # under software.
   def raw_nodeinfo do
-    instance = Application.get_env(:pleroma, :instance)
-    media_proxy = Application.get_env(:pleroma, :media_proxy)
-    suggestions = Application.get_env(:pleroma, :suggestions)
-    chat = Application.get_env(:pleroma, :chat)
-    gopher = Application.get_env(:pleroma, :gopher)
     stats = Stats.get_stats()
 
     mrf_simple =
-      Application.get_env(:pleroma, :mrf_simple)
+      Config.get(:mrf_simple)
       |> Enum.into(%{})
 
     # This horror is needed to convert regex sigils to strings
     mrf_keyword =
-      Application.get_env(:pleroma, :mrf_keyword, [])
+      Config.get(:mrf_keyword, [])
       |> Enum.map(fn {key, value} ->
         {key,
          Enum.map(value, fn
@@ -74,14 +69,7 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do
       MRF.get_policies()
       |> Enum.map(fn policy -> to_string(policy) |> String.split(".") |> List.last() end)
 
-    quarantined = Keyword.get(instance, :quarantined_instances)
+    quarantined = Config.get([:instance, :quarantined_instances], [])
-
-    quarantined =
-      if is_list(quarantined) do
-        quarantined
-      else
-        []
-      end
 
     staff_accounts =
       User.all_superusers()
@@ -92,7 +80,7 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do
       |> Enum.into(%{}, fn {k, v} -> {k, length(v)} end)
 
     federation_response =
-      if Keyword.get(instance, :mrf_transparency) do
+      if Config.get([:instance, :mrf_transparency]) do
         %{
           mrf_policies: mrf_policies,
           mrf_simple: mrf_simple,
@@ -109,22 +97,22 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do
         "pleroma_api",
         "mastodon_api",
         "mastodon_api_streaming",
-        if Keyword.get(media_proxy, :enabled) do
+        if Config.get([:media_proxy, :enabled]) do
           "media_proxy"
         end,
-        if Keyword.get(gopher, :enabled) do
+        if Config.get([:gopher, :enabled]) do
           "gopher"
         end,
-        if Keyword.get(chat, :enabled) do
+        if Config.get([:chat, :enabled]) do
           "chat"
         end,
-        if Keyword.get(suggestions, :enabled) do
+        if Config.get([:suggestions, :enabled]) do
           "suggestions"
         end,
-        if Keyword.get(instance, :allow_relay) do
+        if Config.get([:instance, :allow_relay]) do
           "relay"
         end,
-        if Keyword.get(instance, :safe_dm_mentions) do
+        if Config.get([:instance, :safe_dm_mentions]) do
           "safe_dm_mentions"
         end
       ]
@@ -141,7 +129,7 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do
         inbound: [],
         outbound: []
       },
-      openRegistrations: Keyword.get(instance, :registrations_open),
+      openRegistrations: Config.get([:instance, :registrations_open]),
       usage: %{
         users: %{
           total: stats.user_count || 0
@@ -149,29 +137,29 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do
         localPosts: stats.status_count || 0
       },
       metadata: %{
-        nodeName: Keyword.get(instance, :name),
+        nodeName: Config.get([:instance, :name]),
-        nodeDescription: Keyword.get(instance, :description),
+        nodeDescription: Config.get([:instance, :description]),
-        private: !Keyword.get(instance, :public, true),
+        private: !Config.get([:instance, :public], true),
         suggestions: %{
-          enabled: Keyword.get(suggestions, :enabled, false),
+          enabled: Config.get([:suggestions, :enabled], false),
-          thirdPartyEngine: Keyword.get(suggestions, :third_party_engine, ""),
+          thirdPartyEngine: Config.get([:suggestions, :third_party_engine], ""),
-          timeout: Keyword.get(suggestions, :timeout, 5000),
+          timeout: Config.get([:suggestions, :timeout], 5000),
-          limit: Keyword.get(suggestions, :limit, 23),
+          limit: Config.get([:suggestions, :limit], 23),
-          web: Keyword.get(suggestions, :web, "")
+          web: Config.get([:suggestions, :web], "")
         },
         staffAccounts: staff_accounts,
         federation: federation_response,
-        postFormats: Keyword.get(instance, :allowed_post_formats),
+        postFormats: Config.get([:instance, :allowed_post_formats]),
         uploadLimits: %{
-          general: Keyword.get(instance, :upload_limit),
+          general: Config.get([:instance, :upload_limit]),
-          avatar: Keyword.get(instance, :avatar_upload_limit),
+          avatar: Config.get([:instance, :avatar_upload_limit]),
-          banner: Keyword.get(instance, :banner_upload_limit),
+          banner: Config.get([:instance, :banner_upload_limit]),
-          background: Keyword.get(instance, :background_upload_limit)
+          background: Config.get([:instance, :background_upload_limit])
         },
-        accountActivationRequired: Keyword.get(instance, :account_activation_required, false),
+        accountActivationRequired: Config.get([:instance, :account_activation_required], false),
-        invitesEnabled: Keyword.get(instance, :invites_enabled, false),
+        invitesEnabled: Config.get([:instance, :invites_enabled], false),
         features: features,
-        restrictedNicknames: Pleroma.Config.get([Pleroma.User, :restricted_nicknames])
+        restrictedNicknames: Config.get([Pleroma.User, :restricted_nicknames])
       }
     }
   end

lib/pleroma/web/rich_media/parser.ex

@@ -37,7 +37,10 @@ defmodule Pleroma.Web.RichMedia.Parser do
     try do
       {:ok, %Tesla.Env{body: html}} = Pleroma.HTTP.get(url, [], adapter: @hackney_options)
 
-      html |> maybe_parse() |> clean_parsed_data() |> check_parsed_data()
+      html
+      |> maybe_parse()
+      |> clean_parsed_data()
+      |> check_parsed_data()
     rescue
       e ->
         {:error, "Parsing error: #{inspect(e)}"}

lib/pleroma/web/templates/layout/app.html.eex

@@ -4,7 +4,7 @@
     <meta charset="utf-8" />
     <meta name="viewport" content="width=device-width,initial-scale=1,minimal-ui" />
     <title>
-    <%= Application.get_env(:pleroma, :instance)[:name] %>
+    <%= Pleroma.Config.get([:instance, :name]) %>
     </title>
     <style>
       body {
@@ -194,7 +194,7 @@
   </head>
   <body>
     <div class="container">
-      <h1><%= Application.get_env(:pleroma, :instance)[:name] %></h1>
+      <h1><%= Pleroma.Config.get([:instance, :name]) %></h1>
       <%= render @view_module, @view_template, assigns %>
     </div>
   </body>

lib/pleroma/web/templates/mastodon_api/mastodon/index.html.eex

@@ -4,7 +4,7 @@
 <meta charset='utf-8'>
 <meta content='width=device-width, initial-scale=1' name='viewport'>
 <title>
-<%= Application.get_env(:pleroma, :instance)[:name] %>
+<%= Pleroma.Config.get([:instance, :name]) %>
 </title>
 <link rel="icon" type="image/png" href="/favicon.png"/>
 <script crossorigin='anonymous' src="/packs/locales.js"></script>

lib/pleroma/web/twitter_api/twitter_api_controller.ex

@@ -728,7 +728,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do
   def only_if_public_instance(%{assigns: %{user: %User{}}} = conn, _), do: conn
 
   def only_if_public_instance(conn, _) do
-    if Keyword.get(Application.get_env(:pleroma, :instance), :public) do
+    if Pleroma.Config.get([:instance, :public]) do
       conn
     else
       conn

test/fixtures/rich_media/ogp-missing-data.html

@@ -0,0 +1,8 @@
+<html prefix="og: http://ogp.me/ns#">
+  <head>
+    <title>Pleroma</title>
+    <meta property="og:title" content="Pleroma" />
+    <meta property="og:type" content="website" />
+    <meta property="og:url" content="https://pleroma.social/" />
+  </head>
+</html>

test/fixtures/rich_media/ogp.html

@@ -5,5 +5,6 @@
     <meta property="og:type" content="video.movie" />
     <meta property="og:url" content="http://www.imdb.com/title/tt0117500/" />
     <meta property="og:image" content="http://ia.media-imdb.com/images/rock.jpg" />
+    <meta property="og:description" content="Directed by Michael Bay. With Sean Connery, Nicolas Cage, Ed Harris, John Spencer.">
   </head>
 </html>

test/support/http_request_mock.ex

@@ -728,6 +728,14 @@ defmodule HttpRequestMock do
     {:ok, %Tesla.Env{status: 200, body: File.read!("test/fixtures/rich_media/ogp.html")}}
   end
 
+  def get("http://example.com/ogp-missing-data", _, _, _) do
+    {:ok,
+     %Tesla.Env{
+       status: 200,
+       body: File.read!("test/fixtures/rich_media/ogp-missing-data.html")
+     }}
+  end
+
   def get("http://example.com/malformed", _, _, _) do
     {:ok,
      %Tesla.Env{status: 200, body: File.read!("test/fixtures/rich_media/malformed-data.html")}}

test/web/activity_pub/activity_pub_test.exs

@@ -1186,4 +1186,33 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
   def data_uri do
     File.read!("test/fixtures/avatar_data_uri")
   end
+
+  describe "fetch_activities_bounded" do
+    test "fetches private posts for followed users" do
+      user = insert(:user)
+
+      {:ok, activity} =
+        CommonAPI.post(user, %{
+          "status" => "thought I looked cute might delete later :3",
+          "visibility" => "private"
+        })
+
+      [result] = ActivityPub.fetch_activities_bounded([user.follower_address], [])
+      assert result.id == activity.id
+    end
+
+    test "fetches only public posts for other users" do
+      user = insert(:user)
+      {:ok, activity} = CommonAPI.post(user, %{"status" => "#cofe", "visibility" => "public"})
+
+      {:ok, _private_activity} =
+        CommonAPI.post(user, %{
+          "status" => "why is tenshi eating a corndog so cute?",
+          "visibility" => "private"
+        })
+
+      [result] = ActivityPub.fetch_activities_bounded([], [user.follower_address])
+      assert result.id == activity.id
+    end
+  end
 end

test/web/activity_pub/transmogrifier_test.exs

@@ -1209,4 +1209,44 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
       {:ok, _} = Transmogrifier.prepare_outgoing(activity.data)
     end
   end
+
+  describe "fix_explicit_addressing" do
+    test "moves non-explicitly mentioned actors to cc" do
+      user = insert(:user)
+
+      explicitly_mentioned_actors = [
+        "https://pleroma.gold/users/user1",
+        "https://pleroma.gold/user2"
+      ]
+
+      object = %{
+        "actor" => user.ap_id,
+        "to" => explicitly_mentioned_actors ++ ["https://social.beepboop.ga/users/dirb"],
+        "cc" => [],
+        "tag" =>
+          Enum.map(explicitly_mentioned_actors, fn href ->
+            %{"type" => "Mention", "href" => href}
+          end)
+      }
+
+      fixed_object = Transmogrifier.fix_explicit_addressing(object)
+      assert Enum.all?(explicitly_mentioned_actors, &(&1 in fixed_object["to"]))
+      refute "https://social.beepboop.ga/users/dirb" in fixed_object["to"]
+      assert "https://social.beepboop.ga/users/dirb" in fixed_object["cc"]
+    end
+
+    test "does not move actor's follower collection to cc" do
+      user = insert(:user)
+
+      object = %{
+        "actor" => user.ap_id,
+        "to" => [user.follower_address],
+        "cc" => []
+      }
+
+      fixed_object = Transmogrifier.fix_explicit_addressing(object)
+      assert user.follower_address in fixed_object["to"]
+      refute user.follower_address in fixed_object["cc"]
+    end
+  end
 end

test/web/mastodon_api/mastodon_api_controller_test.exs

@@ -2684,34 +2684,51 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
                |> post("/api/v1/statuses/#{activity_two.id}/pin")
                |> json_response(400)
     end
+  end
 
-    test "Status rich-media Card", %{conn: conn, user: user} do
+  describe "cards" do
+    setup do
       Pleroma.Config.put([:rich_media, :enabled], true)
+
+      on_exit(fn ->
+        Pleroma.Config.put([:rich_media, :enabled], false)
+      end)
+
+      user = insert(:user)
+      %{user: user}
+    end
+
+    test "returns rich-media card", %{conn: conn, user: user} do
       {:ok, activity} = CommonAPI.post(user, %{"status" => "http://example.com/ogp"})
 
-      response =
+      card_data = %{
-        conn
-        |> get("/api/v1/statuses/#{activity.id}/card")
-        |> json_response(200)
-
-      assert response == %{
         "image" => "http://ia.media-imdb.com/images/rock.jpg",
         "provider_name" => "www.imdb.com",
         "provider_url" => "http://www.imdb.com",
         "title" => "The Rock",
         "type" => "link",
         "url" => "http://www.imdb.com/title/tt0117500/",
-               "description" => nil,
+        "description" =>
+          "Directed by Michael Bay. With Sean Connery, Nicolas Cage, Ed Harris, John Spencer.",
         "pleroma" => %{
           "opengraph" => %{
             "image" => "http://ia.media-imdb.com/images/rock.jpg",
             "title" => "The Rock",
             "type" => "video.movie",
-                   "url" => "http://www.imdb.com/title/tt0117500/"
+            "url" => "http://www.imdb.com/title/tt0117500/",
+            "description" =>
+              "Directed by Michael Bay. With Sean Connery, Nicolas Cage, Ed Harris, John Spencer."
           }
         }
       }
 
+      response =
+        conn
+        |> get("/api/v1/statuses/#{activity.id}/card")
+        |> json_response(200)
+
+      assert response == card_data
+
       # works with private posts
       {:ok, activity} =
         CommonAPI.post(user, %{"status" => "http://example.com/ogp", "visibility" => "direct"})
@@ -2722,9 +2739,33 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
         |> get("/api/v1/statuses/#{activity.id}/card")
         |> json_response(200)
 
-      assert response_two == response
+      assert response_two == card_data
+    end
 
-      Pleroma.Config.put([:rich_media, :enabled], false)
+    test "replaces missing description with an empty string", %{conn: conn, user: user} do
+      {:ok, activity} = CommonAPI.post(user, %{"status" => "http://example.com/ogp-missing-data"})
+
+      response =
+        conn
+        |> get("/api/v1/statuses/#{activity.id}/card")
+        |> json_response(:ok)
+
+      assert response == %{
+               "type" => "link",
+               "title" => "Pleroma",
+               "description" => "",
+               "image" => nil,
+               "provider_name" => "pleroma.social",
+               "provider_url" => "https://pleroma.social",
+               "url" => "https://pleroma.social/",
+               "pleroma" => %{
+                 "opengraph" => %{
+                   "title" => "Pleroma",
+                   "type" => "website",
+                   "url" => "https://pleroma.social/"
+                 }
+               }
+             }
     end
   end
 

test/web/plugs/federating_plug_test.exs

@@ -6,11 +6,7 @@ defmodule Pleroma.Web.FederatingPlugTest do
   use Pleroma.Web.ConnCase
 
   test "returns and halt the conn when federating is disabled" do
-    instance =
+    Pleroma.Config.put([:instance, :federating], false)
-      Application.get_env(:pleroma, :instance)
-      |> Keyword.put(:federating, false)
-
-    Application.put_env(:pleroma, :instance, instance)
 
     conn =
       build_conn()
@@ -19,11 +15,7 @@ defmodule Pleroma.Web.FederatingPlugTest do
     assert conn.status == 404
     assert conn.halted
 
-    instance =
+    Pleroma.Config.put([:instance, :federating], true)
-      Application.get_env(:pleroma, :instance)
-      |> Keyword.put(:federating, true)
-
-    Application.put_env(:pleroma, :instance, instance)
   end
 
   test "does nothing when federating is enabled" do

test/web/rich_media/parser_test.exs

@@ -44,6 +44,8 @@ defmodule Pleroma.Web.RichMedia.ParserTest do
               %{
                 image: "http://ia.media-imdb.com/images/rock.jpg",
                 title: "The Rock",
+                description:
+                  "Directed by Michael Bay. With Sean Connery, Nicolas Cage, Ed Harris, John Spencer.",
                 type: "video.movie",
                 url: "http://www.imdb.com/title/tt0117500/"
               }}

test/web/twitter_api/twitter_api_controller_test.exs

@@ -144,41 +144,25 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
     end
 
     test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do
-      instance =
+      Pleroma.Config.put([:instance, :public], false)
-        Application.get_env(:pleroma, :instance)
-        |> Keyword.put(:public, false)
-
-      Application.put_env(:pleroma, :instance, instance)
 
       conn
       |> get("/api/statuses/public_timeline.json")
       |> json_response(403)
 
-      instance =
+      Pleroma.Config.put([:instance, :public], true)
-        Application.get_env(:pleroma, :instance)
-        |> Keyword.put(:public, true)
-
-      Application.put_env(:pleroma, :instance, instance)
     end
 
     test "returns 200 to authenticated request when the instance is not public",
          %{conn: conn, user: user} do
-      instance =
+      Pleroma.Config.put([:instance, :public], false)
-        Application.get_env(:pleroma, :instance)
-        |> Keyword.put(:public, false)
-
-      Application.put_env(:pleroma, :instance, instance)
 
       conn
       |> with_credentials(user.nickname, "test")
       |> get("/api/statuses/public_timeline.json")
       |> json_response(200)
 
-      instance =
+      Pleroma.Config.put([:instance, :public], true)
-        Application.get_env(:pleroma, :instance)
-        |> Keyword.put(:public, true)
-
-      Application.put_env(:pleroma, :instance, instance)
     end
 
     test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do
@@ -214,41 +198,25 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
     setup [:valid_user]
 
     test "returns 403 to unauthenticated request when the instance is not public", %{conn: conn} do
-      instance =
+      Pleroma.Config.put([:instance, :public], false)
-        Application.get_env(:pleroma, :instance)
-        |> Keyword.put(:public, false)
-
-      Application.put_env(:pleroma, :instance, instance)
 
       conn
       |> get("/api/statuses/public_and_external_timeline.json")
       |> json_response(403)
 
-      instance =
+      Pleroma.Config.put([:instance, :public], true)
-        Application.get_env(:pleroma, :instance)
-        |> Keyword.put(:public, true)
-
-      Application.put_env(:pleroma, :instance, instance)
     end
 
     test "returns 200 to authenticated request when the instance is not public",
          %{conn: conn, user: user} do
-      instance =
+      Pleroma.Config.put([:instance, :public], false)
-        Application.get_env(:pleroma, :instance)
-        |> Keyword.put(:public, false)
-
-      Application.put_env(:pleroma, :instance, instance)
 
       conn
       |> with_credentials(user.nickname, "test")
       |> get("/api/statuses/public_and_external_timeline.json")
       |> json_response(200)
 
-      instance =
+      Pleroma.Config.put([:instance, :public], true)
-        Application.get_env(:pleroma, :instance)
-        |> Keyword.put(:public, true)
-
-      Application.put_env(:pleroma, :instance, instance)
     end
 
     test "returns 200 to unauthenticated request when the instance is public", %{conn: conn} do