Merge branch 'develop' into global-status-expiration

diff --cc CHANGELOG.md
index 2d969e50419bc8efe83ba1ce90c326255e13cd8a,522285efe8e0b1f7d4e61264e17dab04b847258a..9a38e4c115fc24de786b18a7c0709ced05e43e86
--- 1/CHANGELOG.md
--- 2/CHANGELOG.md
+++ b/CHANGELOG.md
@@@ -27,11 -36,13 +36,16 @@@ The format is based on [Keep a Changelo
  - Support pagination in conversations API
  - **Breaking**: SimplePolicy `:reject` and `:accept` allow deletions again
  - Fix follower/blocks import when nicknames starts with @
+ - Filtering of push notifications on activities from blocked domains
  
 +### Changed
 +- MFR policy to set global expiration for all local Create activities
 +
  ## [unreleased-patch]
+ ### Security
+ - Disallow re-registration of previously deleted users, which allowed viewing direct messages addressed to them
+ - Mastodon API: Fix `POST /api/v1/follow_requests/:id/authorize` allowing to force a follow from a local user even if they didn't request to follow
+ 
  ### Fixed
  - Logger configuration through AdminFE
  - HTTP Basic Authentication permissions issue

diff --cc config/config.exs
Simple merge

diff --cc config/description.exs
Simple merge

diff --cc lib/pleroma/web/activity_pub/activity_pub.ex
Simple merge

diff --cc lib/pleroma/web/common_api/common_api.ex
Simple merge

diff --cc test/web/activity_pub/activity_pub_test.exs
index 7f864eb53e4df0d4a9e322708612c2a9018b0b7f,84ead93bbbad07d10f754fdf1bab36a1a93218f8..8d2e9844bed17111e62dd59a65e1dac9ac6280a3
--- 1/test/web/activity_pub/activity_pub_test.exs
--- 2/test/web/activity_pub/activity_pub_test.exs
+++ b/test/web/activity_pub/activity_pub_test.exs
@@@ -2404,19 -2405,50 +2405,66 @@@ defmodule Pleroma.Web.ActivityPub.Activ
       u4: %{r1: r4_1.id}}
    end
  
+   describe "maybe_update_follow_information/1" do
+     setup do
+       clear_config([:instance, :external_user_synchronization], true)
+ 
+       user = %{
+         local: false,
+         ap_id: "https://gensokyo.2hu/users/raymoo",
+         following_address: "https://gensokyo.2hu/users/following",
+         follower_address: "https://gensokyo.2hu/users/followers",
+         type: "Person"
+       }
+ 
+       %{user: user}
+     end
+ 
+     test "logs an error when it can't fetch the info", %{user: user} do
+       assert capture_log(fn ->
+                ActivityPub.maybe_update_follow_information(user)
+              end) =~ "Follower/Following counter update for #{user.ap_id} failed"
+     end
+ 
+     test "just returns the input if the user type is Application", %{
+       user: user
+     } do
+       user =
+         user
+         |> Map.put(:type, "Application")
+ 
+       refute capture_log(fn ->
+                assert ^user = ActivityPub.maybe_update_follow_information(user)
+              end) =~ "Follower/Following counter update for #{user.ap_id} failed"
+     end
+ 
+     test "it just returns the input if the user has no following/follower addresses", %{
+       user: user
+     } do
+       user =
+         user
+         |> Map.put(:following_address, nil)
+         |> Map.put(:follower_address, nil)
+ 
+       refute capture_log(fn ->
+                assert ^user = ActivityPub.maybe_update_follow_information(user)
+              end) =~ "Follower/Following counter update for #{user.ap_id} failed"
+     end
+   end
++
 +  describe "global activity expiration" do
 +    setup do: clear_config([:instance, :rewrite_policy])
 +
 +    test "creates an activity expiration for local Create activities" do
 +      Pleroma.Config.put(
 +        [:instance, :rewrite_policy],
 +        Pleroma.Web.ActivityPub.MRF.ActivityExpirationPolicy
 +      )
 +
 +      {:ok, %{id: id_create}} = ActivityBuilder.insert(%{"type" => "Create", "context" => "3hu"})
 +      {:ok, _follow} = ActivityBuilder.insert(%{"type" => "Follow", "context" => "3hu"})
 +
 +      assert [%{activity_id: ^id_create}] = Pleroma.ActivityExpiration |> Repo.all()
 +    end
 +  end
  end