Merge branch 'master' into glitch-soc/merge-upstream

Conflicts:
- `Gemfile.lock`:
  Not a real conflict, upstream updated dependencies that were too close to
  glitch-soc-only ones in the file.
- `app/controllers/oauth/authorized_applications_controller.rb`:
  Upstream changed the logic surrounding suspended accounts.
  Minor conflict due to glitch-soc's theming system.
  Ported upstream changes.
- `app/controllers/settings/base_controller.rb`:
  Upstream refactored and changed the logic surrounding suspended accounts.
  Minor conflict due to glitch-soc's theming system.
  Ported upstream changes.
- `app/controllers/settings/sessions_controller.rb`:
  Upstream refactored and changed the logic surrounding suspended accounts.
  Minor conflict due to glitch-soc's theming system.
  Ported upstream changes.
- `app/models/user.rb`:
  Upstream refactored and changed the logic surrounding suspended accounts.
  Minor conflict due to glitch-soc not preventing moved accounts from logging
  in.
  Ported upstream changes while keeping the ability for moved accounts to log
  in.
- `app/policies/status_policy.rb`:
  Upstream refactored and changed the logic surrounding suspended accounts.
  Minor conflict due to glitch-soc's local-only toots.
  Ported upstream changes.
- `app/serializers/rest/account_serializer.rb`:
  Upstream refactored and changed the logic surrounding suspended accounts.
  Minor conflict due to glitch-soc's ability  to hide followers count.
  Ported upstream changes.
- `app/services/process_mentions_service.rb`:
  Upstream refactored and changed the logic surrounding suspended accounts.
  Minor conflict due to glitch-soc's local-only toots.
  Ported upstream changes.
- `package.json`:
  Not a real conflict, upstream updated dependencies that were too close to
  glitch-soc-only ones in the file.

spec/controllers/accounts_controller_spec.rb

@@ -348,24 +348,8 @@ RSpec.describe AccountsController, type: :controller do
         context 'in authorized fetch mode' do
           let(:authorized_fetch_mode) { true }
 
-          it 'returns http success' do
-            expect(response).to have_http_status(200)
-          end
-
-          it 'returns application/activity+json' do
-            expect(response.content_type).to eq 'application/activity+json'
-          end
-
-          it_behaves_like 'cachable response'
-
-          it 'returns Vary header with Signature' do
-            expect(response.headers['Vary']).to include 'Signature'
-          end
-
-          it 'renders bare minimum account' do
-            json = body_as_json
-            expect(json).to include(:id, :type, :preferredUsername, :inbox, :publicKey)
-            expect(json).to_not include(:name, :summary)
+          it 'returns http unauthorized' do
+            expect(response).to have_http_status(401)
           end
         end
       end

spec/controllers/api/v1/accounts_controller_spec.rb

@@ -71,50 +71,80 @@ RSpec.describe Api::V1::AccountsController, type: :controller do
     let(:scopes) { 'write:follows' }
     let(:other_account) { Fabricate(:user, email: 'bob@example.com', account: Fabricate(:account, username: 'bob', locked: locked)).account }
 
-    before do
-      post :follow, params: { id: other_account.id }
-    end
-
-    context 'with unlocked account' do
-      let(:locked) { false }
-
-      it 'returns http success' do
-        expect(response).to have_http_status(200)
+    context do
+      before do
+        post :follow, params: { id: other_account.id }
       end
 
-      it 'returns JSON with following=true and requested=false' do
+      context 'with unlocked account' do
+        let(:locked) { false }
+
+        it 'returns http success' do
+          expect(response).to have_http_status(200)
+        end
+
+        it 'returns JSON with following=true and requested=false' do
+          json = body_as_json
+
+          expect(json[:following]).to be true
+          expect(json[:requested]).to be false
+        end
+
+        it 'creates a following relation between user and target user' do
+          expect(user.account.following?(other_account)).to be true
+        end
+
+        it_behaves_like 'forbidden for wrong scope', 'read:accounts'
+      end
+
+      context 'with locked account' do
+        let(:locked) { true }
+
+        it 'returns http success' do
+          expect(response).to have_http_status(200)
+        end
+
+        it 'returns JSON with following=false and requested=true' do
+          json = body_as_json
+
+          expect(json[:following]).to be false
+          expect(json[:requested]).to be true
+        end
+
+        it 'creates a follow request relation between user and target user' do
+          expect(user.account.requested?(other_account)).to be true
+        end
+
+        it_behaves_like 'forbidden for wrong scope', 'read:accounts'
+      end
+    end
+
+    context 'modifying follow options' do
+      let(:locked) { false }
+
+      before do
+        user.account.follow!(other_account, reblogs: false, notify: false)
+      end
+
+      it 'changes reblogs option' do
+        post :follow, params: { id: other_account.id, reblogs: true }
+
         json = body_as_json
 
         expect(json[:following]).to be true
-        expect(json[:requested]).to be false
+        expect(json[:showing_reblogs]).to be true
+        expect(json[:notifying]).to be false
       end
 
-      it 'creates a following relation between user and target user' do
-        expect(user.account.following?(other_account)).to be true
-      end
+      it 'changes notify option' do
+        post :follow, params: { id: other_account.id, notify: true }
 
-      it_behaves_like 'forbidden for wrong scope', 'read:accounts'
-    end
-
-    context 'with locked account' do
-      let(:locked) { true }
-
-      it 'returns http success' do
-        expect(response).to have_http_status(200)
-      end
-
-      it 'returns JSON with following=false and requested=true' do
         json = body_as_json
 
-        expect(json[:following]).to be false
-        expect(json[:requested]).to be true
+        expect(json[:following]).to be true
+        expect(json[:showing_reblogs]).to be false
+        expect(json[:notifying]).to be true
       end
-
-      it 'creates a follow request relation between user and target user' do
-        expect(user.account.requested?(other_account)).to be true
-      end
-
-      it_behaves_like 'forbidden for wrong scope', 'read:accounts'
     end
   end
 

spec/controllers/auth/registrations_controller_spec.rb

@@ -199,9 +199,10 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
       end
 
       subject do
+        inviter = Fabricate(:user, confirmed_at: 2.days.ago)
         Setting.registrations_mode = 'approved'
         request.headers["Accept-Language"] = accept_language
-        invite = Fabricate(:invite, max_uses: nil, expires_at: 1.hour.from_now)
+        invite = Fabricate(:invite, user: inviter, max_uses: nil, expires_at: 1.hour.from_now)
         post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', 'invite_code': invite.code, agreement: 'true' } }
       end
 

spec/controllers/concerns/export_controller_concern_spec.rb

@@ -5,6 +5,7 @@ require 'rails_helper'
 describe ApplicationController, type: :controller do
   controller do
     include ExportControllerConcern
+
     def index
       send_export_file
     end

spec/controllers/settings/deletes_controller_spec.rb

@@ -77,6 +77,20 @@ describe Settings::DeletesController do
           expect(response).to redirect_to settings_delete_path
         end
       end
+
+      context 'when account deletions are disabled' do
+        around do |example|
+          open_deletion = Setting.open_deletion
+          example.run
+          Setting.open_deletion = open_deletion
+        end
+
+        it 'redirects' do
+          Setting.open_deletion = false
+          delete :destroy
+          expect(response).to redirect_to root_path
+        end
+      end
     end
 
     context 'when not signed in' do
@@ -85,19 +99,5 @@ describe Settings::DeletesController do
         expect(response).to redirect_to '/auth/sign_in'
       end
     end
-
-    context do
-      around do |example|
-        open_deletion = Setting.open_deletion
-        example.run
-        Setting.open_deletion = open_deletion
-      end
-
-      it 'redirects' do
-        Setting.open_deletion = false
-        delete :destroy
-        expect(response).to redirect_to root_path
-      end
-    end
   end
 end

spec/fabricators/account_deletion_request_fabricator.rb

@@ -0,0 +1,3 @@
+Fabricator(:account_deletion_request) do
+  account
+end

spec/models/account_deletion_request_spec.rb

@@ -0,0 +1,4 @@
+require 'rails_helper'
+
+RSpec.describe AccountDeletionRequest, type: :model do
+end

spec/models/concerns/account_interactions_spec.rb

@@ -14,7 +14,7 @@ describe AccountInteractions do
     context 'account with Follow' do
       it 'returns { target_account_id => { reblogs: true } }' do
         Fabricate(:follow, account: account, target_account: target_account)
-        is_expected.to eq(target_account_id => { reblogs: true })
+        is_expected.to eq(target_account_id => { reblogs: true, notify: false })
       end
     end
 

spec/models/follow_request_spec.rb

@@ -7,7 +7,7 @@ RSpec.describe FollowRequest, type: :model do
     let(:target_account) { Fabricate(:account) }
 
     it 'calls Account#follow!, MergeWorker.perform_async, and #destroy!' do
-      expect(account).to        receive(:follow!).with(target_account, reblogs: true, uri: follow_request.uri)
+      expect(account).to        receive(:follow!).with(target_account, reblogs: true, notify: false, uri: follow_request.uri)
       expect(MergeWorker).to    receive(:perform_async).with(target_account.id, account.id)
       expect(follow_request).to receive(:destroy!)
       follow_request.authorize!

spec/models/invite_spec.rb

@@ -29,7 +29,7 @@ RSpec.describe Invite, type: :model do
 
     it 'returns false when invite creator has been disabled' do
       invite = Fabricate(:invite, max_uses: nil, expires_at: nil)
-      SuspendAccountService.new.call(invite.user.account)
+      invite.user.account.suspend!
       expect(invite.valid_for_use?).to be false
     end
   end

spec/models/webauthn_credentials_spec.rb

@@ -69,8 +69,8 @@ RSpec.describe WebauthnCredential, type: :model do
       expect(webauthn_credential).to model_have_error_on_field(:sign_count)
     end
 
-    it 'is invalid if sign_count is greater 2**32 - 1' do
-      webauthn_credential = Fabricate.build(:webauthn_credential, sign_count: 2**32)
+    it 'is invalid if sign_count is greater 2**63 - 1' do
+      webauthn_credential = Fabricate.build(:webauthn_credential, sign_count: 2**63)
 
       webauthn_credential.valid?
 

spec/services/delete_account_service_spec.rb

@@ -1,6 +1,6 @@
 require 'rails_helper'
 
-RSpec.describe SuspendAccountService, type: :service do
+RSpec.describe DeleteAccountService, type: :service do
   describe '#call on local account' do
     before do
       stub_request(:post, "https://alice.com/inbox").to_return(status: 201)

spec/services/import_service_spec.rb

@@ -95,6 +95,7 @@ RSpec.describe ImportService, type: :service do
       let(:import) { Import.create(account: account, type: 'following', data: csv) }
       it 'follows the listed accounts, including boosts' do
         subject.call(import)
+
         expect(account.following.count).to eq 1
         expect(account.follow_requests.count).to eq 1
         expect(Follow.find_by(account: account, target_account: bob).show_reblogs).to be true

spec/services/notify_service_spec.rb

@@ -2,13 +2,14 @@ require 'rails_helper'
 
 RSpec.describe NotifyService, type: :service do
   subject do
-    -> { described_class.new.call(recipient, activity) }
+    -> { described_class.new.call(recipient, type, activity) }
   end
 
   let(:user) { Fabricate(:user) }
   let(:recipient) { user.account }
   let(:sender) { Fabricate(:account, domain: 'example.com') }
   let(:activity) { Fabricate(:follow, account: sender, target_account: recipient) }
+  let(:type) { :follow }
 
   it { is_expected.to change(Notification, :count).by(1) }
 
@@ -50,6 +51,7 @@ RSpec.describe NotifyService, type: :service do
   
   context 'for direct messages' do
     let(:activity) { Fabricate(:mention, account: recipient, status: Fabricate(:status, account: sender, visibility: :direct)) }
+    let(:type)     { :mention }
 
     before do
       user.settings.interactions = user.settings.interactions.merge('must_be_following_dm' => enabled)
@@ -93,6 +95,7 @@ RSpec.describe NotifyService, type: :service do
   describe 'reblogs' do
     let(:status)   { Fabricate(:status, account: Fabricate(:account)) }
     let(:activity) { Fabricate(:status, account: sender, reblog: status) }
+    let(:type)     { :reblog }
 
     it 'shows reblogs by default' do
       recipient.follow!(sender)
@@ -114,6 +117,7 @@ RSpec.describe NotifyService, type: :service do
     let(:asshole)  { Fabricate(:account, username: 'asshole') }
     let(:reply_to) { Fabricate(:status, account: asshole) }
     let(:activity) { Fabricate(:mention, account: recipient, status: Fabricate(:status, account: sender, thread: reply_to)) }
+    let(:type)     { :mention }
 
     it 'does not notify when conversation is muted' do
       recipient.mute_conversation!(activity.status.conversation)

spec/workers/refollow_worker_spec.rb

@@ -23,8 +23,8 @@ describe RefollowWorker do
       result = subject.perform(account.id)
 
       expect(result).to be_nil
-      expect(service).to have_received(:call).with(alice, account, reblogs: true)
-      expect(service).to have_received(:call).with(bob, account, reblogs: false)
+      expect(service).to have_received(:call).with(alice, account, reblogs: true, notify: false)
+      expect(service).to have_received(:call).with(bob, account, reblogs: false, notify: false)
     end
   end
 end