diff options
14 files changed, 121 insertions, 31 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 3860f1db9..bebd97efb 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,4 +1,4 @@
-image: elixir:1.9.4
variables: &global_variables
POSTGRES_DB: pleroma_test
@@ -26,12 +26,7 @@ stages:
- echo $MIX_ENV
- rm -rf _build/*/lib/pleroma
- - apt-get update && apt-get install -y cmake
- - mix local.hex --force
- - mix local.rebar --force
- mix deps.get
- - apt-get -qq update
- - apt-get install -y libmagic-dev
- rm -rf _build/*/lib/pleroma
@@ -88,7 +83,6 @@ unit-testing:
alias: postgres
command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
- - apt-get update && apt-get install -y libimage-exiftool-perl ffmpeg
- mix ecto.create
- mix ecto.migrate
- mix coveralls --preload-modules
@@ -146,7 +140,6 @@ unit-testing-rum:
<<: *global_variables
- - apt-get update && apt-get install -y libimage-exiftool-perl ffmpeg
- mix ecto.create
- mix ecto.migrate
- "mix ecto.migrate --migrations-path priv/repo/optional_migrations/rum_indexing/"
@@ -161,6 +154,10 @@ lint:
- "**/*.exs"
- "mix.lock"
cache: *testing_cache_policy
+ before_script:
+ - mix local.hex --force
+ - mix local.rebar --force
+ - mix deps.get
- mix format --check-formatted
@@ -184,8 +181,13 @@ cycles:
- "**/*.exs"
- "mix.lock"
cache: {}
- script:
+ before_script:
+ - mix local.hex --force
+ - mix local.rebar --force
- mix deps.get
+ - apt-get update
+ - apt-get install cmake libmagic-dev -y
+ script:
- mix compile
- mix xref graph --format cycles --label compile | awk '{print $0} END{exit ($0 != "No cycles found")}'
diff --git a/ b/
index e527f32de..79b669782 100644
--- a/
+++ b/
@@ -18,11 +18,27 @@ The format is based on [Keep a Changelog](
- Experimental support for Finch. Put `config :tesla, :adapter, {Tesla.Adapter.Finch, name: MyFinch}` in your secrets file to use it. Reverse Proxy will still use Hackney.
- AdminAPI: allow moderators to manage reports, users, invites, and custom emojis
- AdminAPI: restrict moderators to access sensitive data: change user credentials, get password reset token, read private statuses and chats, etc
+- PleromaAPI: Add remote follow API endpoint at `POST /api/v1/pleroma/remote_interaction`
+- MastoAPI: Add `GET /api/v1/accounts/lookup`
+- MastoAPI: Profile Directory support
+- MastoAPI: Support v2 Suggestions (handpicked accounts only)
+- Ability to log slow Ecto queries by configuring `:pleroma, :telemetry, :slow_queries_logging`
+- Added Phoenix LiveDashboard at `/phoenix/live_dashboard`
+- Added `/manifest.json` for progressive web apps.
### Fixed
- Subscription(Bell) Notifications: Don't create from Pipeline Ingested replies
- Handle Reject for already-accepted Follows properly
- Display OpenGraph data on alternative notice routes.
+- Fix replies count for remote replies
+- ChatAPI: Add link headers
+- Limited number of search results to 40 to prevent DoS attacks
+- ActivityPub: fixed federation of attachment dimensions
+- Fixed benchmarks
+- Elixir 1.13 support
+- Fixed crash when pinned_objects is nil
+- Fixed slow timelines when there are a lot of deactivated users
+- Fixed account deletion API
### Removed
diff --git a/ci/Dockerfile b/ci/Dockerfile
new file mode 100644
index 000000000..e6a8b438c
--- /dev/null
+++ b/ci/Dockerfile
@@ -0,0 +1,7 @@
+FROM elixir:1.9.4
+RUN apt-get update &&\
+ apt-get install -y libmagic-dev cmake libimage-exiftool-perl ffmpeg &&\
+ mix local.hex --force &&\
+ mix local.rebar --force
diff --git a/ci/ b/ci/
new file mode 100755
index 000000000..484cc2643
--- /dev/null
+++ b/ci/
@@ -0,0 +1 @@
+docker buildx build --platform linux/amd64,linux/arm64,linux/arm/v7 -t --push .
diff --git a/docs/development/API/ b/docs/development/API/
index 0e7367a72..2304291e5 100644
--- a/docs/development/API/
+++ b/docs/development/API/
@@ -37,7 +37,7 @@ The `/api/v1/pleroma/*` path is backwards compatible with `/api/pleroma/*` (`/ap
* Note: Same data as Mastodon API’s `/api/v1/custom_emojis` but in a different format
-## `/api/v1/pleroma/follow_import`
+## `/api/pleroma/follow_import`
### Imports your follows, for example from a Mastodon CSV file.
* Method: `POST`
* Authentication: required
@@ -46,7 +46,7 @@ The `/api/v1/pleroma/*` path is backwards compatible with `/api/pleroma/*` (`/ap
* Response: HTTP 200 on success, 500 on error
* Note: Users that can't be followed are silently skipped.
-## `/api/v1/pleroma/blocks_import`
+## `/api/pleroma/blocks_import`
### Imports your blocks.
* Method: `POST`
* Authentication: required
@@ -54,7 +54,7 @@ The `/api/v1/pleroma/*` path is backwards compatible with `/api/pleroma/*` (`/ap
* `list`: STRING or FILE containing a whitespace-separated list of accounts to block
* Response: HTTP 200 on success, 500 on error
-## `/api/v1/pleroma/mutes_import`
+## `/api/pleroma/mutes_import`
### Imports your mutes.
* Method: `POST`
* Authentication: required
@@ -70,7 +70,7 @@ The `/api/v1/pleroma/*` path is backwards compatible with `/api/pleroma/*` (`/ap
* Response: Provider specific JSON, the only guaranteed parameter is `type`
* Example response: `{"type": "kocaptcha", "token": "whatever", "url": "", "seconds_valid": 300}`
-## `/api/v1/pleroma/delete_account`
+## `/api/pleroma/delete_account`
### Delete an account
* Method `POST`
* Authentication: required
@@ -79,7 +79,7 @@ The `/api/v1/pleroma/*` path is backwards compatible with `/api/pleroma/*` (`/ap
* Response: JSON. Returns `{"status": "success"}` if the deletion was successful, `{"error": "[error message]"}` otherwise
* Example response: `{"error": "Invalid password."}`
-## `/api/v1/pleroma/disable_account`
+## `/api/pleroma/disable_account`
### Disable an account
* Method `POST`
* Authentication: required
@@ -88,21 +88,22 @@ The `/api/v1/pleroma/*` path is backwards compatible with `/api/pleroma/*` (`/ap
* Response: JSON. Returns `{"status": "success"}` if the account was successfully disabled, `{"error": "[error message]"}` otherwise
* Example response: `{"error": "Invalid password."}`
-## `/api/v1/pleroma/accounts/mfa`
+## `/api/pleroma/accounts/mfa`
#### Gets current MFA settings
* method: `GET`
* Authentication: required
* OAuth scope: `read:security`
-* Response: JSON. Returns `{"enabled": "false", "totp": false }`
+* Response: JSON. Returns `{"settings": {"enabled": "false", "totp": false }}`
+* Note: `enabled` is whether multi-factor auth is enabled for the user in general, while `totp` is one type of MFA.
-## `/api/v1/pleroma/accounts/mfa/setup/totp`
+## `/api/pleroma/accounts/mfa/setup/totp`
#### Pre-setup the MFA/TOTP method
* method: `GET`
* Authentication: required
* OAuth scope: `write:security`
* Response: JSON. Returns `{"key": [secret_key], "provisioning_uri": "[qr code uri]" }` when successful, otherwise returns HTTP 422 `{"error": "error_msg"}`
-## `/api/v1/pleroma/accounts/mfa/confirm/totp`
+## `/api/pleroma/accounts/mfa/confirm/totp`
#### Confirms & enables MFA/TOTP support for user account.
* method: `POST`
* Authentication: required
@@ -113,7 +114,7 @@ The `/api/v1/pleroma/*` path is backwards compatible with `/api/pleroma/*` (`/ap
* Response: JSON. Returns `{}` if the enable was successful, HTTP 422 `{"error": "[error message]"}` otherwise
-## `/api/v1/pleroma/accounts/mfa/totp`
+## `/api/pleroma/accounts/mfa/totp`
#### Disables MFA/TOTP method for user account.
* method: `DELETE`
* Authentication: required
@@ -123,7 +124,7 @@ The `/api/v1/pleroma/*` path is backwards compatible with `/api/pleroma/*` (`/ap
* Response: JSON. Returns `{}` if the disable was successful, HTTP 422 `{"error": "[error message]"}` otherwise
* Example response: `{"error": "Invalid password."}`
-## `/api/v1/pleroma/accounts/mfa/backup_codes`
+## `/api/pleroma/accounts/mfa/backup_codes`
#### Generstes backup codes MFA for user account.
* method: `GET`
* Authentication: required
@@ -331,7 +332,7 @@ See [Admin-API](
-## `/api/v1/pleroma/change_email`
+## `/api/pleroma/change_email`
### Change account email
* Method `POST`
* Authentication: required
diff --git a/lib/pleroma/web/api_spec/operations/account_operation.ex b/lib/pleroma/web/api_spec/operations/account_operation.ex
index 80b1c134a..35d8609ef 100644
--- a/lib/pleroma/web/api_spec/operations/account_operation.ex
+++ b/lib/pleroma/web/api_spec/operations/account_operation.ex
@@ -428,6 +428,26 @@ defmodule Pleroma.Web.ApiSpec.AccountOperation do
+ def lookup_operation do
+ %Operation{
+ tags: ["Account lookup"],
+ summary: "Find a user by nickname",
+ operationId: "AccountController.lookup",
+ parameters: [
+ Operation.parameter(
+ :acct,
+ :query,
+ :string,
+ "User nickname"
+ )
+ ],
+ responses: %{
+ 200 => Operation.response("Account", "application/json", Account),
+ 404 => Operation.response("Error", "application/json", ApiError)
+ }
+ }
+ end
def endorsements_operation do
tags: ["Retrieve account information"],
diff --git a/lib/pleroma/web/mastodon_api/controllers/account_controller.ex b/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
index c5b964d55..1e9ce2927 100644
--- a/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
@@ -32,7 +32,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
- plug(:skip_auth when action == :create)
+ plug(:skip_auth when action in [:create, :lookup])
plug(:skip_public_check when action in [:show, :statuses])
@@ -510,6 +510,18 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
|> render("index.json", users: users, for: user, as: :user)
+ @doc "GET /api/v1/accounts/lookup"
+ def lookup(conn, %{acct: nickname} = _params) do
+ with %User{} = user <- User.get_by_nickname(nickname) do
+ render(conn, "show.json",
+ user: user,
+ skip_visibility_check: true
+ )
+ else
+ error -> user_visibility_error(conn, error)
+ end
+ end
@doc "GET /api/v1/endorsements"
def endorsements(%{assigns: %{user: user}} = conn, params) do
users =
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index 968446b57..67c1a3e5c 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -588,6 +588,8 @@ defmodule Pleroma.Web.Router do
get("/accounts/search", SearchController, :account_search)
get("/search", SearchController, :search)
+ get("/accounts/lookup", AccountController, :lookup)
get("/accounts/:id/statuses", AccountController, :statuses)
get("/accounts/:id/followers", AccountController, :followers)
get("/accounts/:id/following", AccountController, :following)
diff --git a/mix.exs b/mix.exs
index 360d49905..62010d166 100644
--- a/mix.exs
+++ b/mix.exs
@@ -149,8 +149,7 @@ defmodule Pleroma.Mixfile do
git: "",
ref: "f75cd55325e33cbea198fb41fe41871392f8fb76"},
{:cors_plug, "~> 2.0"},
- {:web_push_encryption,
- git: "", branch: "bugfix/otp-24"},
+ {:web_push_encryption, "~> 0.3.1"},
{:swoosh, "~> 1.0"},
{:phoenix_swoosh, "~> 0.3"},
{:gen_smtp, "~> 0.13"},
@@ -183,9 +182,7 @@ defmodule Pleroma.Mixfile do
{:ex_const, "~> 0.2"},
{:plug_static_index_html, "~> 1.0.0"},
{:flake_id, "~> 0.1.0"},
- {:concurrent_limiter,
- git: "",
- ref: "d81be41024569330f296fc472e24198d7499ba78"},
+ {:concurrent_limiter, "~> 0.1.1"},
git: "",
ref: "b647d0deecaa3acb140854fe4bda5b7e1dc6d1c8"},
diff --git a/mix.lock b/mix.lock
index f371a6e41..05630a92e 100644
--- a/mix.lock
+++ b/mix.lock
@@ -14,7 +14,7 @@
"certifi": {:hex, :certifi, "2.8.0", "d4fb0a6bb20b7c9c3643e22507e42f356ac090a1dcea9ab99e27e0376d695eba", [:rebar3], [], "hexpm", "6ac7efc1c6f8600b08d625292d4bbf584e14847ce1b6b5c44d983d273e1097ea"},
"combine": {:hex, :combine, "0.10.0", "eff8224eeb56498a2af13011d142c5e7997a80c8f5b97c499f84c841032e429f", [:mix], [], "hexpm", "1b1dbc1790073076580d0d1d64e42eae2366583e7aecd455d1215b0d16f2451b"},
"comeonin": {:hex, :comeonin, "5.3.2", "5c2f893d05c56ae3f5e24c1b983c2d5dfb88c6d979c9287a76a7feb1e1d8d646", [:mix], [], "hexpm", "d0993402844c49539aeadb3fe46a3c9bd190f1ecf86b6f9ebd71957534c95f04"},
- "concurrent_limiter": {:git, "", "d81be41024569330f296fc472e24198d7499ba78", [ref: "d81be41024569330f296fc472e24198d7499ba78"]},
+ "concurrent_limiter": {:hex, :concurrent_limiter, "0.1.1", "43ae1dc23edda1ab03dd66febc739c4ff710d047bb4d735754909f9a474ae01c", [:mix], [{:telemetry, "~> 0.3", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "53968ff238c0fbb4d7ed76ddb1af0be6f3b2f77909f6796e249e737c505a16eb"},
"connection": {:hex, :connection, "1.1.0", "ff2a49c4b75b6fb3e674bfc5536451607270aac754ffd1bdfe175abe4a6d7a68", [:mix], [], "hexpm", "722c1eb0a418fbe91ba7bd59a47e28008a189d47e37e0e7bb85585a016b2869c"},
"cors_plug": {:hex, :cors_plug, "2.0.3", "316f806d10316e6d10f09473f19052d20ba0a0ce2a1d910ddf57d663dac402ae", [:mix], [{:plug, "~> 1.8", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "ee4ae1418e6ce117fc42c2ba3e6cbdca4e95ecd2fe59a05ec6884ca16d469aea"},
"cowboy": {:hex, :cowboy, "2.9.0", "865dd8b6607e14cf03282e10e934023a1bd8be6f6bacf921a7e2a96d800cd452", [:make, :rebar3], [{:cowlib, "2.11.0", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "1.8.0", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "2c729f934b4e1aa149aff882f57c6372c15399a20d54f65c8d67bef583021bde"},
@@ -133,6 +133,6 @@
"ueberauth": {:hex, :ueberauth, "0.6.3", "d42ace28b870e8072cf30e32e385579c57b9cc96ec74fa1f30f30da9c14f3cc0", [:mix], [{:plug, "~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "afc293d8a1140d6591b53e3eaf415ca92842cb1d32fad3c450c6f045f7f91b60"},
"unicode_util_compat": {:hex, :unicode_util_compat, "0.7.0", "bc84380c9ab48177092f43ac89e4dfa2c6d62b40b8bd132b1059ecc7232f9a78", [:rebar3], [], "hexpm", "25eee6d67df61960cf6a794239566599b09e17e668d3700247bc498638152521"},
"unsafe": {:hex, :unsafe, "1.0.1", "a27e1874f72ee49312e0a9ec2e0b27924214a05e3ddac90e91727bc76f8613d8", [:mix], [], "hexpm", "6c7729a2d214806450d29766abc2afaa7a2cbecf415be64f36a6691afebb50e5"},
- "web_push_encryption": {:git, "", "026a043037a89db4da8f07560bc8f9c68bcf0cc0", [branch: "bugfix/otp-24"]},
+ "web_push_encryption": {:hex, :web_push_encryption, "0.3.1", "76d0e7375142dfee67391e7690e89f92578889cbcf2879377900b5620ee4708d", [:mix], [{:httpoison, "~> 1.0", [hex: :httpoison, repo: "hexpm", optional: false]}, {:jose, "~> 1.11.1", [hex: :jose, repo: "hexpm", optional: false]}], "hexpm", "4f82b2e57622fb9337559058e8797cb0df7e7c9790793bdc4e40bc895f70e2a2"},
"websocket_client": {:git, "", "9a6f65d05ebf2725d62fb19262b21f1805a59fbf", []},
diff --git a/priv/repo/migrations/20211229075801_user_relationships_target_id_relationship_type_index.exs b/priv/repo/migrations/20211229075801_user_relationships_target_id_relationship_type_index.exs
new file mode 100644
index 000000000..f3eb8409f
--- /dev/null
+++ b/priv/repo/migrations/20211229075801_user_relationships_target_id_relationship_type_index.exs
@@ -0,0 +1,7 @@
+defmodule Pleroma.Repo.Migrations.UserRelationshipsTargetIdRelationshipTypeIndex do
+ use Ecto.Migration
+ def change do
+ create_if_not_exists(index(:user_relationships, [:target_id, :relationship_type]))
+ end
diff --git a/test/pleroma/web/mastodon_api/controllers/account_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/account_controller_test.exs
index 966a4072d..374e2048a 100644
--- a/test/pleroma/web/mastodon_api/controllers/account_controller_test.exs
+++ b/test/pleroma/web/mastodon_api/controllers/account_controller_test.exs
@@ -1798,6 +1798,30 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do
assert [%{"id" => ^id2}] = result
+ test "account lookup", %{conn: conn} do
+ %{nickname: acct} = insert(:user, %{nickname: "nickname"})
+ %{nickname: acct_two} = insert(:user, %{nickname: ""})
+ result =
+ conn
+ |> get("/api/v1/accounts/lookup?acct=#{acct}")
+ |> json_response_and_validate_schema(200)
+ assert %{"acct" => ^acct} = result
+ result =
+ conn
+ |> get("/api/v1/accounts/lookup?acct=#{acct_two}")
+ |> json_response_and_validate_schema(200)
+ assert %{"acct" => ^acct_two} = result
+ _result =
+ conn
+ |> get("/api/v1/accounts/lookup?acct=unexisting_nickname")
+ |> json_response_and_validate_schema(404)
+ end
test "create a note on a user" do
%{conn: conn} = oauth_access(["write:accounts", "read:follows"])
other_user = insert(:user)
diff --git a/test/pleroma/web/rich_media/parser_test.exs b/test/pleroma/web/rich_media/parser_test.exs
index 2f363b012..2fe7f1b0b 100644
--- a/test/pleroma/web/rich_media/parser_test.exs
+++ b/test/pleroma/web/rich_media/parser_test.exs
@@ -133,13 +133,13 @@ defmodule Pleroma.Web.RichMedia.ParserTest do
assert Parser.parse("") ==
- "author_name" => "‮‭‬bees‬",
+ "author_name" => "\u202E\u202D\u202Cbees\u202C",
"author_url" => "",
"cache_age" => 3600,
"flickr_type" => "photo",
"height" => "768",
"html" =>
- "<a data-flickr-embed=\"true\" href=\"\" title=\"Bacon Lollys by ‮‭‬bees‬, on Flickr\"><img src=\"\" width=\"1024\" height=\"768\" alt=\"Bacon Lollys\"></a><script async src=\"\" charset=\"utf-8\"></script>",
+ "<a data-flickr-embed=\"true\" href=\"\" title=\"Bacon Lollys by \u202E\u202D\u202Cbees\u202C, on Flickr\"><img src=\"\" width=\"1024\" height=\"768\" alt=\"Bacon Lollys\"></a><script async src=\"\" charset=\"utf-8\"></script>",
"license" => "All Rights Reserved",
"license_id" => 0,
"provider_name" => "Flickr",
diff --git a/test/pleroma/web/streamer_test.exs b/test/pleroma/web/streamer_test.exs
index b788a9138..b2941a62c 100644
--- a/test/pleroma/web/streamer_test.exs
+++ b/test/pleroma/web/streamer_test.exs
@@ -772,6 +772,7 @@ defmodule Pleroma.Web.StreamerTest do
refute_receive _
+ @tag :erratic
test "it sends conversation update to the 'direct' stream when a message is deleted", %{
user: user,
token: oauth_token