Merge branch 'master' into glitch-soc/merge-upstream

Conflicts:
- `app/controllers/accounts_controller.rb`:
  Upstream change too close to a glitch-soc change related to
  instance-local toots. Merged upstream changes.
- `app/services/fan_out_on_write_service.rb`:
  Minor conflict due to glitch-soc's handling of Direct Messages,
  merged upstream changes.
- `yarn.lock`:
  Not really a conflict, caused by glitch-soc-only dependencies
  being textually too close to updated upstream dependencies.
  Merged upstream changes.

3 files changed, 115 insertions, 0 deletions

diff --git a/spec/lib/activitypub/activity/announce_spec.rb b/spec/lib/activitypub/activity/announce_spec.rb
index 60fd96a18..b93fcbe66 100644
--- a/spec/lib/activitypub/activity/announce_spec.rb
+++ b/spec/lib/activitypub/activity/announce_spec.rb
@@ -73,6 +73,26 @@ RSpec.describe ActivityPub::Activity::Announce do
           expect(sender.reblogged?(sender.statuses.first)).to be true
         end
       end
+
+      context 'self-boost of a previously unknown status with correct attributedTo, inlined Collection in audience' do
+        let(:object_json) do
+          {
+            id: 'https://example.com/actor#bar',
+            type: 'Note',
+            content: 'Lorem ipsum',
+            attributedTo: 'https://example.com/actor',
+            to: {
+              'type': 'OrderedCollection',
+              'id': 'http://example.com/followers',
+              'first': 'http://example.com/followers?page=true',
+            }
+          }
+        end
+
+        it 'creates a reblog by sender of status' do
+          expect(sender.reblogged?(sender.statuses.first)).to be true
+        end
+      end
     end
 
     context 'when the status belongs to a local user' do
diff --git a/spec/lib/activitypub/activity/create_spec.rb b/spec/lib/activitypub/activity/create_spec.rb
index 6e9f6cfa5..3bcae4628 100644
--- a/spec/lib/activitypub/activity/create_spec.rb
+++ b/spec/lib/activitypub/activity/create_spec.rb
@@ -121,6 +121,28 @@ RSpec.describe ActivityPub::Activity::Create do
         end
       end
 
+      context 'private with inlined Collection in audience' do
+        let(:object_json) do
+          {
+            id: [ActivityPub::TagManager.instance.uri_for(sender), '#bar'].join,
+            type: 'Note',
+            content: 'Lorem ipsum',
+            to: {
+              'type': 'OrderedCollection',
+              'id': 'http://example.com/followers',
+              'first': 'http://example.com/followers?page=true',
+            }
+          }
+        end
+
+        it 'creates status' do
+          status = sender.statuses.first
+
+          expect(status).to_not be_nil
+          expect(status.visibility).to eq 'private'
+        end
+      end
+
       context 'limited' do
         let(:recipient) { Fabricate(:account) }
 
diff --git a/spec/lib/activitypub/dereferencer_spec.rb b/spec/lib/activitypub/dereferencer_spec.rb
new file mode 100644
index 000000000..ce30513d7
--- /dev/null
+++ b/spec/lib/activitypub/dereferencer_spec.rb
@@ -0,0 +1,73 @@
+require 'rails_helper'
+
+RSpec.describe ActivityPub::Dereferencer do
+  describe '#object' do
+    let(:object) { { '@context': 'https://www.w3.org/ns/activitystreams', id: 'https://example.com/foo', type: 'Note', content: 'Hoge' } }
+    let(:permitted_origin) { 'https://example.com' }
+    let(:signature_account) { nil }
+    let(:uri) { nil }
+
+    subject { described_class.new(uri, permitted_origin: permitted_origin, signature_account: signature_account).object }
+
+    before do
+      stub_request(:get, 'https://example.com/foo').to_return(body: Oj.dump(object), headers: { 'Content-Type' => 'application/activity+json' })
+    end
+
+    context 'with a URI' do
+      let(:uri) { 'https://example.com/foo' }
+
+      it 'returns object' do
+        expect(subject.with_indifferent_access).to eq object.with_indifferent_access
+      end
+
+      context 'with signature account' do
+        let(:signature_account) { Fabricate(:account) }
+
+        it 'makes signed request' do
+          subject
+          expect(a_request(:get, 'https://example.com/foo').with { |req| req.headers['Signature'].present? }).to have_been_made
+        end
+      end
+
+      context 'with different origin' do
+        let(:uri) { 'https://other-example.com/foo' }
+
+        it 'does not make request' do
+          subject
+          expect(a_request(:get, 'https://other-example.com/foo')).to_not have_been_made
+        end
+      end
+    end
+
+    context 'with a bearcap' do
+      let(:uri) { 'bear:?t=hoge&u=https://example.com/foo' }
+
+      it 'makes request with Authorization header' do
+        subject
+        expect(a_request(:get, 'https://example.com/foo').with(headers: { 'Authorization' => 'Bearer hoge' })).to have_been_made
+      end
+
+      it 'returns object' do
+        expect(subject.with_indifferent_access).to eq object.with_indifferent_access
+      end
+
+      context 'with signature account' do
+        let(:signature_account) { Fabricate(:account) }
+
+        it 'makes signed request' do
+          subject
+          expect(a_request(:get, 'https://example.com/foo').with { |req| req.headers['Signature'].present? && req.headers['Authorization'] == 'Bearer hoge' }).to have_been_made
+        end
+      end
+
+      context 'with different origin' do
+        let(:uri) { 'bear:?t=hoge&u=https://other-example.com/foo' }
+
+        it 'does not make request' do
+          subject
+          expect(a_request(:get, 'https://other-example.com/foo')).to_not have_been_made
+        end
+      end
+    end
+  end
+end