Merge branch 'master' into glitch-soc/merge-upstream

Conflicts:
- app/controllers/auth/sessions_controller.rb

Upstream reverted something we partially reverted already.
Reverted the rest to match upstream.

15 files changed, 67 insertions, 42 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e5443a358..3c6847e0b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,7 +10,7 @@ All notable changes to this project will be documented in this file.
 - Add conversations API (#8832)
 - Add limit for the number of people that can be followed from one account (#8807)
 - Add admin setting to customize mascot (#8766)
-- Add support for more granular ActivityPub audiences from other software, i.e. circles (#8950, #9093)
+- Add support for more granular ActivityPub audiences from other software, i.e. circles (#8950, #9093, #9150)
 - Add option to block all reports from a domain (#8830)
 - Add user preference to always expand toots marked with content warnings (#8762)
 - Add user preference to always hide all media (#8569)
@@ -30,7 +30,6 @@ All notable changes to this project will be documented in this file.
 - Add PostgreSQL disk space growth tracking in PGHero (#8906)
 - Add button for disabling local account to report quick actions bar (#9024)
 - Add Czech language (#8594)
-- Add `Clear-Site-Data` header when logging out (#8627)
 - Add `same-site` (`lax`) attribute to cookies (#8626)
 - Add support for styled scrollbars in Firefox Nightly (#8653)
 - Add highlight to the active tab in web UI profiles (#8673)
@@ -64,6 +63,9 @@ All notable changes to this project will be documented in this file.
 - Change recommended Ruby version to 2.5.3 (#9003)
 - Change docker-compose default to persist volumes in current directory (#9055)
 - Change character counters on edit profile page to input length limit (#9100)
+- Change notification filtering to always let through messages from staff (#9152) 
+- Change "hide boosts from user" function also hiding notifications about boosts (#9147)
+- Change CSS `detailed-status__wrapper` class actually wrap the detailed status (#8547)
 
 ### Deprecated
 
@@ -89,18 +91,21 @@ All notable changes to this project will be documented in this file.
 - Fix some dark emojis not having a white outline (#8597)
 - Fix media description not being displayed in various media modals (#8678)
 - Fix generated URLs of desktop notifications missing base URL (#8758)
-- Fix RTL styles (#8764, #8767, #8823, #8897, #9005, #9007, #9018, #9021)
+- Fix RTL styles (#8764, #8767, #8823, #8897, #9005, #9007, #9018, #9021, #9145, #9146)
 - Fix crash in streaming API when tag param missing (#8955)
 - Fix hotkeys not working when no element is focused (#8998)
 - Fix some hotkeys not working on detailed status view (#9006)
 - Fix og:url on status pages (#9047)
 - Fix upload option buttons only being visible on hover (#9074)
 - Fix tootctl not returning exit code 1 on wrong arguments (#9094) 
-- Fix preview cards for appearing for profiles mentioned in toot (#6934) 
+- Fix preview cards for appearing for profiles mentioned in toot (#6934, #9158) 
 - Fix local accounts sometimes being duplicated as faux-remote (#9109)
 - Fix emoji search when the shortcode has multiple separators (#9124)
 - Fix dropdowns sometimes being partially obscured by other elements (#9126) 
 - Fix cache not updating when reply/boost/favourite counters or media sensitivity update (#9119) 
+- Fix empty display name precedence over username in web UI (#9163) 
+- Fix td instead of th in sessions table header (#9162)
+- Fix handling of content types with profile (#9132) 
 
 ## [2.5.2] - 2018-10-12
 ### Security
diff --git a/Gemfile.lock b/Gemfile.lock
index b9f7393ef..59b018e0f 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -321,7 +321,7 @@ GEM
       activesupport (>= 4)
       railties (>= 4)
       request_store (~> 1.0)
-    loofah (2.2.2)
+    loofah (2.2.3)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.0)
diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb
index d4a659409..332f4d7a7 100644
--- a/app/controllers/auth/sessions_controller.rb
+++ b/app/controllers/auth/sessions_controller.rb
@@ -11,7 +11,6 @@ class Auth::SessionsController < Devise::SessionsController
   prepend_before_action :set_pack
   before_action :set_instance_presenter, only: [:new]
   before_action :set_body_classes
-  after_action :clear_site_data, only: [:destroy]
 
   def new
     Devise.omniauth_configs.each do |provider, config|
@@ -130,14 +129,6 @@ class Auth::SessionsController < Devise::SessionsController
     paths
   end
 
-  def clear_site_data
-    return if continue_after?
-
-    # Should be '"*"' but that doesn't work in Chrome (neither does '"executionContexts"')
-    # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data
-    response.headers['Clear-Site-Data'] = '"cache", "cookies"'
-  end
-
   def continue_after?
     truthy_param?(:continue)
   end
diff --git a/app/javascript/mastodon/actions/importer/normalizer.js b/app/javascript/mastodon/actions/importer/normalizer.js
index a2af3222e..34a4150fa 100644
--- a/app/javascript/mastodon/actions/importer/normalizer.js
+++ b/app/javascript/mastodon/actions/importer/normalizer.js
@@ -14,7 +14,7 @@ export function normalizeAccount(account) {
   account = { ...account };
 
   const emojiMap = makeEmojiMap(account);
-  const displayName = account.display_name.length === 0 ? account.username : account.display_name;
+  const displayName = account.display_name.trim().length === 0 ? account.username : account.display_name;
 
   account.display_name_html = emojify(escapeTextContentForBrowser(displayName), emojiMap);
   account.note_emojified = emojify(account.note, emojiMap);
diff --git a/app/javascript/mastodon/locales/oc.json b/app/javascript/mastodon/locales/oc.json
index 64ada60da..93ab4be7d 100644
--- a/app/javascript/mastodon/locales/oc.json
+++ b/app/javascript/mastodon/locales/oc.json
@@ -157,7 +157,7 @@
   "keyboard_shortcuts.legend": "mostrar aquesta legenda",
   "keyboard_shortcuts.local": "per dobrir lo flux public local",
   "keyboard_shortcuts.mention": "mencionar l’autor",
-  "keyboard_shortcuts.muted": "per dorbir la lista dels utilizaires silenciats",
+  "keyboard_shortcuts.muted": "per dobrir la lista dels utilizaires silenciats",
   "keyboard_shortcuts.my_profile": "per dobrir vòstre perfil",
   "keyboard_shortcuts.notifications": "per dobrir la columna de notificacions",
   "keyboard_shortcuts.pinned": "per dobrir la lista dels tuts penjats",
@@ -314,8 +314,8 @@
   "status.show_more_all": "Los desplegar totes",
   "status.unmute_conversation": "Tornar mostrar la conversacion",
   "status.unpin": "Tirar del perfil",
-  "suggestions.dismiss": "Dismiss suggestion",
-  "suggestions.header": "You might be interested in…",
+  "suggestions.dismiss": "Regetar la suggestion",
+  "suggestions.header": "Aquò vos poiriá interessar…",
   "tabs_bar.federated_timeline": "Flux public global",
   "tabs_bar.home": "Acuèlh",
   "tabs_bar.local_timeline": "Flux public local",
diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb
index baa05e14c..45079e2b3 100644
--- a/app/lib/activitypub/activity/create.rb
+++ b/app/lib/activitypub/activity/create.rb
@@ -10,7 +10,12 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
     RedisLock.acquire(lock_options) do |lock|
       if lock.acquired?
         @status = find_existing_status
-        process_status if @status.nil?
+
+        if @status.nil?
+          process_status
+        elsif @options[:delivered_to_account_id].present?
+          postprocess_audience_and_deliver
+        end
       else
         raise Mastodon::RaceConditionError
       end
@@ -99,6 +104,19 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
     @params[:visibility] = :limited
   end
 
+  def postprocess_audience_and_deliver
+    return if @status.mentions.find_by(account_id: @options[:delivered_to_account_id])
+
+    delivered_to_account = Account.find(@options[:delivered_to_account_id])
+
+    @status.mentions.create(account: delivered_to_account, silent: true)
+    @status.update(visibility: :limited) if @status.direct_visibility?
+
+    return unless delivered_to_account.following?(@account)
+
+    FeedInsertWorker.perform_async(@status.id, delivered_to_account.id, :home)
+  end
+
   def attach_tags(status)
     @tags.each do |tag|
       status.tags << tag
diff --git a/app/services/fan_out_on_write_service.rb b/app/services/fan_out_on_write_service.rb
index 63cab8403..de7c031d8 100644
--- a/app/services/fan_out_on_write_service.rb
+++ b/app/services/fan_out_on_write_service.rb
@@ -61,10 +61,8 @@ class FanOutOnWriteService < BaseService
   def deliver_to_mentioned_followers(status)
     Rails.logger.debug "Delivering status #{status.id} to limited followers"
 
-    status.mentions.includes(:account).each do |mention|
-      mentioned_account = mention.account
-      next if !mentioned_account.local? || !mentioned_account.following?(status.account) || FeedManager.instance.filter?(:home, status, mention.account_id)
-      FeedManager.instance.push_to_home(mentioned_account, status)
+    FeedInsertWorker.push_bulk(status.mentions.includes(:account).map(&:account).select { |mentioned_account| mentioned_account.local? && mentioned_account.following?(status.account) }) do |follower|
+      [status.id, follower.id, :home]
     end
   end
 
diff --git a/app/services/fetch_atom_service.rb b/app/services/fetch_atom_service.rb
index 550e75f33..b6c6cdd1c 100644
--- a/app/services/fetch_atom_service.rb
+++ b/app/services/fetch_atom_service.rb
@@ -29,7 +29,7 @@ class FetchAtomService < BaseService
 
   def perform_request(&block)
     accept = 'text/html'
-    accept = 'application/activity+json, application/ld+json, application/atom+xml, ' + accept unless @unsupported_activity
+    accept = 'application/activity+json, application/ld+json; profile="https://www.w3.org/ns/activitystreams", application/atom+xml, ' + accept unless @unsupported_activity
 
     Request.new(:get, @url).add_headers('Accept' => accept).perform(&block)
   end
@@ -37,9 +37,11 @@ class FetchAtomService < BaseService
   def process_response(response, terminal = false)
     return nil if response.code != 200
 
-    if response.mime_type == 'application/atom+xml'
+    response_type = response.headers['Content-type']
+
+    if response_type == 'application/atom+xml'
       [@url, { prefetched_body: response.body_with_limit }, :ostatus]
-    elsif ['application/activity+json', 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'].include?(response.mime_type)
+    elsif ['application/activity+json', 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'].include?(response_type)
       body = response.body_with_limit
       json = body_to_json(body)
       if supported_context?(json) && equals_or_includes_any?(json['type'], ActivityPub::FetchRemoteAccountService::SUPPORTED_TYPES) && json['inbox'].present?
@@ -55,7 +57,7 @@ class FetchAtomService < BaseService
 
       if link_header&.find_link(%w(rel alternate))
         process_link_headers(link_header)
-      elsif response.mime_type == 'text/html'
+      elsif response_type == 'text/html'
         process_html(response)
       end
     end
diff --git a/app/services/fetch_link_card_service.rb b/app/services/fetch_link_card_service.rb
index 462e5ee13..3e77579bb 100644
--- a/app/services/fetch_link_card_service.rb
+++ b/app/services/fetch_link_card_service.rb
@@ -17,8 +17,7 @@ class FetchLinkCardService < BaseService
 
     return if @url.nil? || @status.preview_cards.any?
 
-    @mentions = status.mentions
-    @url      = @url.to_s
+    @url = @url.to_s
 
     RedisLock.acquire(lock_options) do |lock|
       if lock.acquired?
@@ -84,9 +83,8 @@ class FetchLinkCardService < BaseService
   end
 
   def mention_link?(a)
-    return false if @mentions.nil?
-    @mentions.any? do |mention|
-      a['href'] == TagManager.instance.url_for(mention.target)
+    @status.mentions.any? do |mention|
+      a['href'] == TagManager.instance.url_for(mention.account)
     end
   end
 
diff --git a/app/services/notify_service.rb b/app/services/notify_service.rb
index a8b7bb30b..b80ceef03 100644
--- a/app/services/notify_service.rb
+++ b/app/services/notify_service.rb
@@ -51,8 +51,12 @@ class NotifyService < BaseService
     @recipient.user.settings.interactions['must_be_following'] && !following_sender?
   end
 
+  def message?
+    @notification.type == :mention
+  end
+
   def direct_message?
-    @notification.type == :mention && @notification.target_status.direct_visibility?
+    message? && @notification.target_status.direct_visibility?
   end
 
   def response_to_recipient?
@@ -66,7 +70,6 @@ class NotifyService < BaseService
   def optional_non_following_and_direct?
     direct_message? &&
       @recipient.user.settings.interactions['must_be_following_dm'] &&
-      !from_staff? &&
       !following_sender? &&
       !response_to_recipient?
   end
@@ -86,6 +89,9 @@ class NotifyService < BaseService
   def blocked?
     blocked   = @recipient.suspended?                            # Skip if the recipient account is suspended anyway
     blocked ||= from_self?                                       # Skip for interactions with self
+
+    return blocked if message? && from_staff?
+
     blocked ||= domain_blocking?                                 # Skip for domain blocked accounts
     blocked ||= @recipient.blocking?(@notification.from_account) # Skip for blocked accounts
     blocked ||= @recipient.muting_notifications?(@notification.from_account)
diff --git a/app/views/auth/registrations/_sessions.html.haml b/app/views/auth/registrations/_sessions.html.haml
index 8586c0549..d7d96a1bb 100644
--- a/app/views/auth/registrations/_sessions.html.haml
+++ b/app/views/auth/registrations/_sessions.html.haml
@@ -8,7 +8,7 @@
         %th= t 'sessions.browser'
         %th= t 'sessions.ip'
         %th= t 'sessions.activity'
-        %td
+        %th
     %tbody
       - @sessions.each do |session|
         %tr
diff --git a/config/locales/devise.oc.yml b/config/locales/devise.oc.yml
index beecbb426..16633e233 100644
--- a/config/locales/devise.oc.yml
+++ b/config/locales/devise.oc.yml
@@ -8,10 +8,10 @@ oc:
     failure:
       already_authenticated: Sètz ja connectat.
       inactive: Vòstre compte es pas encara activat.
-      invalid: "%{authentication_keys} invalid."
+      invalid: "%{authentication_keys} invalida."
       last_attempt: Vos demòra un ensag abans que vòstre compte siasque blocat.
       locked: Vòstre compte es blocat.
-      not_found_in_database: "%{authentication_keys} invalid."
+      not_found_in_database: "%{authentication_keys} invalida."
       timeout: Vòstra session a expirat. Mercés de vos tornar connectar per contunhar.
       unauthenticated: Vos cal vos connectar o marcar abans de contunhar.
       unconfirmed: Vos cal confirmar vòstra adreça de corrièl abans de contunhar.
diff --git a/config/locales/oc.yml b/config/locales/oc.yml
index a127236a9..61717ca3b 100644
--- a/config/locales/oc.yml
+++ b/config/locales/oc.yml
@@ -311,7 +311,7 @@ oc:
       description_html: Un <strong> relai de federacion</strong> es un servidor intermediari qu’escàmbia de bèls volumes de tuts publics entre servidors que son abonats e i publican.<strong>Pòt ajudar de pichons e mejans servidors a trobar de contenguts del fediverse estant</strong>, qu’autrament demandariá als utilizaires locals de s’abonar manualament a d’autres monde marcats sus de servidors alonhats.
       disable: Desactivar
       disabled: Desactivat
-      enable: Activat
+      enable: Activar
       enable_hint: Un còp activat, vòstre servidor s’abonarà a totes los tuts publics del relai estant, e començarà de mandar sos tuts publics a aqueste d’enlà.
       enabled: Activat
       inbox_url: URL del relai
@@ -533,7 +533,7 @@ oc:
     formats:
       default: "%e/%m/%Y"
       long: Lo %e %B de %Y
-      short: "%e %b. de %Y"
+      short: "%e %B de %Y"
     month_names:
     - None
     - de genièr
@@ -557,7 +557,7 @@ oc:
       about_x_hours: "%{count} h"
       about_x_months: "%{count} meses"
       about_x_years: "%{count} ans"
-      almost_x_years: "%{count}ans"
+      almost_x_years: "%{count} ans"
       half_a_minute: Ara
       less_than_x_minutes: "%{count} min"
       less_than_x_seconds: Ara meteis
diff --git a/lib/mastodon/version.rb b/lib/mastodon/version.rb
index e8ed1fade..2b38ae05b 100644
--- a/lib/mastodon/version.rb
+++ b/lib/mastodon/version.rb
@@ -21,7 +21,7 @@ module Mastodon
     end
 
     def flags
-      'rc3'
+      'rc4'
     end
 
     def to_a
diff --git a/spec/services/fetch_atom_service_spec.rb b/spec/services/fetch_atom_service_spec.rb
index 30e5b0935..0cdcda892 100644
--- a/spec/services/fetch_atom_service_spec.rb
+++ b/spec/services/fetch_atom_service_spec.rb
@@ -60,13 +60,20 @@ RSpec.describe FetchAtomService, type: :service do
         it { is_expected.to eq [url, { :prefetched_body => "" }, :ostatus] }
       end
 
-      context 'content_type is json' do
+      context 'content_type is activity+json' do
         let(:content_type) { 'application/activity+json' }
         let(:body) { json }
 
         it { is_expected.to eq [1, { prefetched_body: body, id: true }, :activitypub] }
       end
 
+      context 'content_type is ld+json with profile' do
+        let(:content_type) { 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"' }
+        let(:body) { json }
+
+        it { is_expected.to eq [1, { prefetched_body: body, id: true }, :activitypub] }
+      end
+
       before do
         WebMock.stub_request(:get, url).to_return(status: 200, body: body, headers: headers)
         WebMock.stub_request(:get, 'http://example.com/foo').to_return(status: 200, body: json, headers: { 'Content-Type' => 'application/activity+json' })