From ddd30f331c7a2af38176d72d9ce2265068984bed Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Wed, 17 Oct 2018 17:13:04 +0200
Subject: Improve support for aspects/circles (#8950)

* Add silent column to mentions

* Save silent mentions in ActivityPub Create handler and optimize it

Move networking calls out of the database transaction

* Add "limited" visibility level masked as "private" in the API

Unlike DMs, limited statuses are pushed into home feeds. The access
control rules between direct and limited statuses is almost the same,
except for counter and conversation logic

* Ensure silent column is non-null, add spec

* Ensure filters don't check silent mentions for blocks/mutes

As those are "this person is also allowed to see" rather than "this
person is involved", therefore does not warrant filtering

* Clean up code

* Use Status#active_mentions to limit returned mentions

* Fix code style issues

* Use Status#active_mentions in Notification

And remove stream_entry eager-loading from Notification
---
 spec/lib/activitypub/activity/create_spec.rb | 29 ++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

(limited to 'spec/lib')

diff --git a/spec/lib/activitypub/activity/create_spec.rb b/spec/lib/activitypub/activity/create_spec.rb
index 62b9db8c2..cd20b7c7c 100644
--- a/spec/lib/activitypub/activity/create_spec.rb
+++ b/spec/lib/activitypub/activity/create_spec.rb
@@ -105,6 +105,31 @@ RSpec.describe ActivityPub::Activity::Create do
       end
     end
 
+    context 'limited' do
+      let(:recipient) { Fabricate(:account) }
+
+      let(:object_json) do
+        {
+          id: [ActivityPub::TagManager.instance.uri_for(sender), '#bar'].join,
+          type: 'Note',
+          content: 'Lorem ipsum',
+          to: ActivityPub::TagManager.instance.uri_for(recipient),
+        }
+      end
+
+      it 'creates status' do
+        status = sender.statuses.first
+
+        expect(status).to_not be_nil
+        expect(status.visibility).to eq 'limited'
+      end
+
+      it 'creates silent mention' do
+        status = sender.statuses.first
+        expect(status.mentions.first).to be_silent
+      end
+    end
+
     context 'direct' do
       let(:recipient) { Fabricate(:account) }
 
@@ -114,6 +139,10 @@ RSpec.describe ActivityPub::Activity::Create do
           type: 'Note',
           content: 'Lorem ipsum',
           to: ActivityPub::TagManager.instance.uri_for(recipient),
+          tag: {
+            type: 'Mention',
+            href: ActivityPub::TagManager.instance.uri_for(recipient),
+          },
         }
       end
 
-- 
cgit 


From b40ea6d1d44a5f43ecf81e0690a79a7eff34204b Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Mon, 29 Oct 2018 14:05:25 +0100
Subject: Bump sanitize from 4.6.6 to 5.0.0 (#9140)

---
 Gemfile                    |  2 +-
 Gemfile.lock               | 12 ++++++------
 spec/lib/formatter_spec.rb |  2 +-
 3 files changed, 8 insertions(+), 8 deletions(-)

(limited to 'spec/lib')

diff --git a/Gemfile b/Gemfile
index 452daab9e..3ffb0140f 100644
--- a/Gemfile
+++ b/Gemfile
@@ -72,7 +72,7 @@ gem 'rails-settings-cached', '~> 0.6'
 gem 'redis', '~> 4.0', require: ['redis', 'redis/connection/hiredis']
 gem 'mario-redis-lock', '~> 1.2', require: 'redis_lock'
 gem 'rqrcode', '~> 0.10'
-gem 'sanitize', '~> 4.6'
+gem 'sanitize', '~> 5.0'
 gem 'sidekiq', '~> 5.2'
 gem 'sidekiq-scheduler', '~> 3.0'
 gem 'sidekiq-unique-jobs', '~> 5.0'
diff --git a/Gemfile.lock b/Gemfile.lock
index b5432bb01..b0efd1bfb 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -360,8 +360,8 @@ GEM
     nio4r (2.3.1)
     nokogiri (1.8.5)
       mini_portile2 (~> 2.3.0)
-    nokogumbo (1.5.0)
-      nokogiri
+    nokogumbo (2.0.0)
+      nokogiri (~> 1.8, >= 1.8.4)
     nsa (0.2.4)
       activesupport (>= 4.2, < 6)
       concurrent-ruby (~> 1.0.0)
@@ -543,10 +543,10 @@ GEM
     rufus-scheduler (3.5.2)
       fugit (~> 1.1, >= 1.1.5)
     safe_yaml (1.0.4)
-    sanitize (4.6.6)
+    sanitize (5.0.0)
       crass (~> 1.0.2)
-      nokogiri (>= 1.4.4)
-      nokogumbo (~> 1.4)
+      nokogiri (>= 1.8.0)
+      nokogumbo (~> 2.0)
     sass (3.6.0)
       sass-listen (~> 4.0.0)
     sass-listen (4.0.0)
@@ -749,7 +749,7 @@ DEPENDENCIES
   rspec-rails (~> 3.8)
   rspec-sidekiq (~> 3.0)
   rubocop (~> 0.60)
-  sanitize (~> 4.6)
+  sanitize (~> 5.0)
   scss_lint (~> 0.57)
   sidekiq (~> 5.2)
   sidekiq-bulk (~> 0.1.1)
diff --git a/spec/lib/formatter_spec.rb b/spec/lib/formatter_spec.rb
index ec4a6493d..0c1efe7c3 100644
--- a/spec/lib/formatter_spec.rb
+++ b/spec/lib/formatter_spec.rb
@@ -514,7 +514,7 @@ RSpec.describe Formatter do
     subject { Formatter.instance.sanitize(html, Sanitize::Config::MASTODON_STRICT) }
 
     it 'sanitizes' do
-      is_expected.to eq 'alert("Hello")'
+      is_expected.to eq ''
     end
   end
 end
-- 
cgit