Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into remake-remodel-dms

13 files changed, 211 insertions, 133 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9270e801f..2d8e7efc3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - New HTTP adapter [gun](https://github.com/ninenines/gun). Gun adapter requires minimum OTP version of 22.2 otherwise Pleroma won’t start. For hackney OTP update is not required.
 - Mix task to create trusted OAuth App.
 - Notifications: Added `follow_request` notification type (configurable, see `[:notifications, :enable_follow_request_notifications]` setting).
+- Added `:reject_deletes` group to SimplePolicy
 <details>
   <summary>API Changes</summary>
 - Mastodon API: Support for `include_types` in `/api/v1/notifications`.
@@ -23,13 +24,16 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ### Fixed
 - Support pagination in conversations API
+- **Breaking**: SimplePolicy `:reject` and `:accept` allow deletions again
 
 ## [unreleased-patch]
 ### Fixed
 - Logger configuration through AdminFE
 - HTTP Basic Authentication permissions issue
+- ObjectAgePolicy didn't filter out old messages
 
 ### Added
+- NodeInfo: ObjectAgePolicy settings to the `federation` list.
 <details>
   <summary>API Changes</summary>
 - Admin API: `GET /api/pleroma/admin/need_reboot`.
diff --git a/config/config.exs b/config/config.exs
index f44837e24..2e538c4be 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -336,7 +336,8 @@ config :pleroma, :mrf_simple,
   reject: [],
   accept: [],
   avatar_removal: [],
-  banner_removal: []
+  banner_removal: [],
+  reject_deletes: []
 
 config :pleroma, :mrf_keyword,
   reject: [],
diff --git a/config/description.exs b/config/description.exs
index b1938912c..7fac1e561 100644
--- a/config/description.exs
+++ b/config/description.exs
@@ -1317,13 +1317,13 @@ config :pleroma, :config_description, [
       %{
         key: :reject,
         type: {:list, :string},
-        description: "List of instances to reject any activities from",
+        description: "List of instances to reject activities from (except deletes)",
         suggestions: ["example.com", "*.example.com"]
       },
       %{
         key: :accept,
         type: {:list, :string},
-        description: "List of instances to accept any activities from",
+        description: "List of instances to only accept activities from (except deletes)",
         suggestions: ["example.com", "*.example.com"]
       },
       %{
@@ -1343,6 +1343,12 @@ config :pleroma, :config_description, [
         type: {:list, :string},
         description: "List of instances to strip banners from",
         suggestions: ["example.com", "*.example.com"]
+      },
+      %{
+        key: :reject_deletes,
+        type: {:list, :string},
+        description: "List of instances to reject deletions from",
+        suggestions: ["example.com", "*.example.com"]
       }
     ]
   },
diff --git a/docs/configuration/mrf.md b/docs/configuration/mrf.md
index 287416b2a..d48d0cc99 100644
--- a/docs/configuration/mrf.md
+++ b/docs/configuration/mrf.md
@@ -41,11 +41,15 @@ config :pleroma, :instance,
 
 Once `SimplePolicy` is enabled, you can configure various groups in the `:mrf_simple` config object. These groups are:
 
-* `media_removal`: Servers in this group will have media stripped from incoming messages.
-* `media_nsfw`: Servers in this group will have the #nsfw tag and sensitive setting injected into incoming messages which contain media.
 * `reject`: Servers in this group will have their messages rejected.
-* `federated_timeline_removal`: Servers in this group will have their messages unlisted from the public timelines by flipping the `to` and `cc` fields.
+* `accept`: If not empty, only messages from these instances will be accepted (whitelist federation).
+* `media_nsfw`: Servers in this group will have the #nsfw tag and sensitive setting injected into incoming messages which contain media.
+* `media_removal`: Servers in this group will have media stripped from incoming messages.
+* `avatar_removal`: Avatars from these servers will be stripped from incoming messages.
+* `banner_removal`: Banner images from these servers will be stripped from incoming messages.
 * `report_removal`: Servers in this group will have their reports (flags) rejected.
+* `federated_timeline_removal`: Servers in this group will have their messages unlisted from the public timelines by flipping the `to` and `cc` fields.
+* `reject_deletes`: Deletion requests will be rejected from these servers.
 
 Servers should be configured as lists.
 
diff --git a/lib/pleroma/web/activity_pub/mrf/object_age_policy.ex b/lib/pleroma/web/activity_pub/mrf/object_age_policy.ex
index 4a8bc91ae..b0ccb63c8 100644
--- a/lib/pleroma/web/activity_pub/mrf/object_age_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/object_age_policy.ex
@@ -11,7 +11,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.ObjectAgePolicy do
   @moduledoc "Filter activities depending on their age"
   @behaviour Pleroma.Web.ActivityPub.MRF
 
-  defp check_date(%{"published" => published} = message) do
+  defp check_date(%{"object" => %{"published" => published}} = message) do
     with %DateTime{} = now <- DateTime.utc_now(),
          {:ok, %DateTime{} = then, _} <- DateTime.from_iso8601(published),
          max_ttl <- Config.get([:mrf_object_age, :threshold]),
@@ -96,5 +96,11 @@ defmodule Pleroma.Web.ActivityPub.MRF.ObjectAgePolicy do
   def filter(message), do: {:ok, message}
 
   @impl true
-  def describe, do: {:ok, %{}}
+  def describe do
+    mrf_object_age =
+      Pleroma.Config.get(:mrf_object_age)
+      |> Enum.into(%{})
+
+    {:ok, %{mrf_object_age: mrf_object_age}}
+  end
 end
diff --git a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex
index 4edc007fd..b7dcb1b86 100644
--- a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex
@@ -149,6 +149,21 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
   defp check_banner_removal(_actor_info, object), do: {:ok, object}
 
   @impl true
+  def filter(%{"type" => "Delete", "actor" => actor} = object) do
+    %{host: actor_host} = URI.parse(actor)
+
+    reject_deletes =
+      Pleroma.Config.get([:mrf_simple, :reject_deletes])
+      |> MRF.subdomains_regex()
+
+    if MRF.subdomain_match?(reject_deletes, actor_host) do
+      {:reject, nil}
+    else
+      {:ok, object}
+    end
+  end
+
+  @impl true
   def filter(%{"actor" => actor} = object) do
     actor_info = URI.parse(actor)
 
diff --git a/lib/pleroma/web/mastodon_api/controllers/subscription_controller.ex b/lib/pleroma/web/mastodon_api/controllers/subscription_controller.ex
index 11df6fc4a..4647c1f96 100644
--- a/lib/pleroma/web/mastodon_api/controllers/subscription_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/subscription_controller.ex
@@ -6,25 +6,22 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionController do
   @moduledoc "The module represents functions to manage user subscriptions."
   use Pleroma.Web, :controller
 
-  alias Pleroma.Web.MastodonAPI.PushSubscriptionView, as: View
   alias Pleroma.Web.Push
   alias Pleroma.Web.Push.Subscription
 
   action_fallback(:errors)
 
   plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["push"]})
-
   plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
+  plug(:restrict_push_enabled)
 
   # Creates PushSubscription
   # POST /api/v1/push/subscription
   #
   def create(%{assigns: %{user: user, token: token}} = conn, params) do
-    with true <- Push.enabled(),
-         {:ok, _} <- Subscription.delete_if_exists(user, token),
+    with {:ok, _} <- Subscription.delete_if_exists(user, token),
          {:ok, subscription} <- Subscription.create(user, token, params) do
-      view = View.render("push_subscription.json", subscription: subscription)
-      json(conn, view)
+      render(conn, "show.json", subscription: subscription)
     end
   end
 
@@ -32,10 +29,8 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionController do
   # GET /api/v1/push/subscription
   #
   def get(%{assigns: %{user: user, token: token}} = conn, _params) do
-    with true <- Push.enabled(),
-         {:ok, subscription} <- Subscription.get(user, token) do
-      view = View.render("push_subscription.json", subscription: subscription)
-      json(conn, view)
+    with {:ok, subscription} <- Subscription.get(user, token) do
+      render(conn, "show.json", subscription: subscription)
     end
   end
 
@@ -43,10 +38,8 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionController do
   # PUT /api/v1/push/subscription
   #
   def update(%{assigns: %{user: user, token: token}} = conn, params) do
-    with true <- Push.enabled(),
-         {:ok, subscription} <- Subscription.update(user, token, params) do
-      view = View.render("push_subscription.json", subscription: subscription)
-      json(conn, view)
+    with {:ok, subscription} <- Subscription.update(user, token, params) do
+      render(conn, "show.json", subscription: subscription)
     end
   end
 
@@ -54,11 +47,20 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionController do
   # DELETE /api/v1/push/subscription
   #
   def delete(%{assigns: %{user: user, token: token}} = conn, _params) do
-    with true <- Push.enabled(),
-         {:ok, _response} <- Subscription.delete(user, token),
+    with {:ok, _response} <- Subscription.delete(user, token),
          do: json(conn, %{})
   end
 
+  defp restrict_push_enabled(conn, _) do
+    if Push.enabled() do
+      conn
+    else
+      conn
+      |> render_error(:forbidden, "Web push subscription is disabled on this Pleroma instance")
+      |> halt()
+    end
+  end
+
   # fallback action
   #
   def errors(conn, {:error, :not_found}) do
diff --git a/lib/pleroma/web/mastodon_api/views/push_subscription_view.ex b/lib/pleroma/web/mastodon_api/views/subscription_view.ex
index d32cef6e2..7c67cc924 100644
--- a/lib/pleroma/web/mastodon_api/views/push_subscription_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/subscription_view.ex
@@ -2,11 +2,11 @@
 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
-defmodule Pleroma.Web.MastodonAPI.PushSubscriptionView do
+defmodule Pleroma.Web.MastodonAPI.SubscriptionView do
   use Pleroma.Web, :view
   alias Pleroma.Web.Push
 
-  def render("push_subscription.json", %{subscription: subscription}) do
+  def render("show.json", %{subscription: subscription}) do
     %{
       id: to_string(subscription.id),
       endpoint: subscription.endpoint,
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index 145212755..0c56318ee 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -16,79 +16,60 @@ defmodule Pleroma.Web.Router do
     plug(Pleroma.Plugs.UserEnabledPlug)
   end
 
-  pipeline :api do
-    plug(:accepts, ["json"])
-    plug(:fetch_session)
+  pipeline :authenticate do
     plug(Pleroma.Plugs.OAuthPlug)
     plug(Pleroma.Plugs.BasicAuthDecoderPlug)
     plug(Pleroma.Plugs.UserFetcherPlug)
     plug(Pleroma.Plugs.SessionAuthenticationPlug)
     plug(Pleroma.Plugs.LegacyAuthenticationPlug)
     plug(Pleroma.Plugs.AuthenticationPlug)
+  end
+
+  pipeline :after_auth do
     plug(Pleroma.Plugs.UserEnabledPlug)
     plug(Pleroma.Plugs.SetUserSessionIdPlug)
     plug(Pleroma.Plugs.EnsureUserKeyPlug)
-    plug(Pleroma.Plugs.IdempotencyPlug)
-    plug(OpenApiSpex.Plug.PutApiSpec, module: Pleroma.Web.ApiSpec)
   end
 
-  pipeline :authenticated_api do
+  pipeline :base_api do
     plug(:accepts, ["json"])
     plug(:fetch_session)
+    plug(:authenticate)
+    plug(OpenApiSpex.Plug.PutApiSpec, module: Pleroma.Web.ApiSpec)
+  end
+
+  pipeline :api do
+    plug(:base_api)
+    plug(:after_auth)
+    plug(Pleroma.Plugs.IdempotencyPlug)
+  end
+
+  pipeline :authenticated_api do
+    plug(:base_api)
     plug(Pleroma.Plugs.AuthExpectedPlug)
-    plug(Pleroma.Plugs.OAuthPlug)
-    plug(Pleroma.Plugs.BasicAuthDecoderPlug)
-    plug(Pleroma.Plugs.UserFetcherPlug)
-    plug(Pleroma.Plugs.SessionAuthenticationPlug)
-    plug(Pleroma.Plugs.LegacyAuthenticationPlug)
-    plug(Pleroma.Plugs.AuthenticationPlug)
-    plug(Pleroma.Plugs.UserEnabledPlug)
-    plug(Pleroma.Plugs.SetUserSessionIdPlug)
+    plug(:after_auth)
     plug(Pleroma.Plugs.EnsureAuthenticatedPlug)
     plug(Pleroma.Plugs.IdempotencyPlug)
-    plug(OpenApiSpex.Plug.PutApiSpec, module: Pleroma.Web.ApiSpec)
   end
 
   pipeline :admin_api do
-    plug(:accepts, ["json"])
-    plug(:fetch_session)
-    plug(Pleroma.Plugs.OAuthPlug)
-    plug(Pleroma.Plugs.BasicAuthDecoderPlug)
-    plug(Pleroma.Plugs.UserFetcherPlug)
-    plug(Pleroma.Plugs.SessionAuthenticationPlug)
-    plug(Pleroma.Plugs.LegacyAuthenticationPlug)
-    plug(Pleroma.Plugs.AuthenticationPlug)
+    plug(:base_api)
     plug(Pleroma.Plugs.AdminSecretAuthenticationPlug)
-    plug(Pleroma.Plugs.UserEnabledPlug)
-    plug(Pleroma.Plugs.SetUserSessionIdPlug)
+    plug(:after_auth)
     plug(Pleroma.Plugs.EnsureAuthenticatedPlug)
     plug(Pleroma.Plugs.UserIsAdminPlug)
     plug(Pleroma.Plugs.IdempotencyPlug)
-    plug(OpenApiSpex.Plug.PutApiSpec, module: Pleroma.Web.ApiSpec)
   end
 
   pipeline :mastodon_html do
-    plug(:accepts, ["html"])
-    plug(:fetch_session)
-    plug(Pleroma.Plugs.OAuthPlug)
-    plug(Pleroma.Plugs.BasicAuthDecoderPlug)
-    plug(Pleroma.Plugs.UserFetcherPlug)
-    plug(Pleroma.Plugs.SessionAuthenticationPlug)
-    plug(Pleroma.Plugs.LegacyAuthenticationPlug)
-    plug(Pleroma.Plugs.AuthenticationPlug)
-    plug(Pleroma.Plugs.UserEnabledPlug)
-    plug(Pleroma.Plugs.SetUserSessionIdPlug)
-    plug(Pleroma.Plugs.EnsureUserKeyPlug)
+    plug(:browser)
+    plug(:authenticate)
+    plug(:after_auth)
   end
 
   pipeline :pleroma_html do
-    plug(:accepts, ["html"])
-    plug(:fetch_session)
-    plug(Pleroma.Plugs.OAuthPlug)
-    plug(Pleroma.Plugs.BasicAuthDecoderPlug)
-    plug(Pleroma.Plugs.UserFetcherPlug)
-    plug(Pleroma.Plugs.SessionAuthenticationPlug)
-    plug(Pleroma.Plugs.AuthenticationPlug)
+    plug(:browser)
+    plug(:authenticate)
     plug(Pleroma.Plugs.EnsureUserKeyPlug)
   end
 
@@ -524,7 +505,7 @@ defmodule Pleroma.Web.Router do
   end
 
   scope "/api" do
-    pipe_through(:api)
+    pipe_through(:base_api)
 
     get("/openapi", OpenApiSpex.Plug.RenderSpec, [])
   end
@@ -538,10 +519,6 @@ defmodule Pleroma.Web.Router do
     post("/qvitter/statuses/notifications/read", TwitterAPI.Controller, :notifications_read)
   end
 
-  pipeline :ap_service_actor do
-    plug(:accepts, ["activity+json", "json"])
-  end
-
   pipeline :ostatus do
     plug(:accepts, ["html", "xml", "rss", "atom", "activity+json", "json"])
     plug(Pleroma.Plugs.StaticFEPlug)
@@ -552,8 +529,7 @@ defmodule Pleroma.Web.Router do
   end
 
   scope "/", Pleroma.Web do
-    pipe_through(:ostatus)
-    pipe_through(:http_signature)
+    pipe_through([:ostatus, :http_signature])
 
     get("/objects/:uuid", OStatus.OStatusController, :object)
     get("/activities/:uuid", OStatus.OStatusController, :activity)
@@ -571,13 +547,6 @@ defmodule Pleroma.Web.Router do
     get("/mailer/unsubscribe/:token", Mailer.SubscriptionController, :unsubscribe)
   end
 
-  # Server to Server (S2S) AP interactions
-  pipeline :activitypub do
-    plug(:accepts, ["activity+json", "json"])
-    plug(Pleroma.Web.Plugs.HTTPSignaturePlug)
-    plug(Pleroma.Web.Plugs.MappedSignatureToIdentityPlug)
-  end
-
   scope "/", Pleroma.Web.ActivityPub do
     # XXX: not really ostatus
     pipe_through(:ostatus)
@@ -585,19 +554,22 @@ defmodule Pleroma.Web.Router do
     get("/users/:nickname/outbox", ActivityPubController, :outbox)
   end
 
+  pipeline :ap_service_actor do
+    plug(:accepts, ["activity+json", "json"])
+  end
+
+  # Server to Server (S2S) AP interactions
+  pipeline :activitypub do
+    plug(:ap_service_actor)
+    plug(:http_signature)
+  end
+
   # Client to Server (C2S) AP interactions
   pipeline :activitypub_client do
-    plug(:accepts, ["activity+json", "json"])
+    plug(:ap_service_actor)
     plug(:fetch_session)
-    plug(Pleroma.Plugs.OAuthPlug)
-    plug(Pleroma.Plugs.BasicAuthDecoderPlug)
-    plug(Pleroma.Plugs.UserFetcherPlug)
-    plug(Pleroma.Plugs.SessionAuthenticationPlug)
-    plug(Pleroma.Plugs.LegacyAuthenticationPlug)
-    plug(Pleroma.Plugs.AuthenticationPlug)
-    plug(Pleroma.Plugs.UserEnabledPlug)
-    plug(Pleroma.Plugs.SetUserSessionIdPlug)
-    plug(Pleroma.Plugs.EnsureUserKeyPlug)
+    plug(:authenticate)
+    plug(:after_auth)
   end
 
   scope "/", Pleroma.Web.ActivityPub do
@@ -669,12 +641,7 @@ defmodule Pleroma.Web.Router do
     get("/web/*path", MastoFEController, :index)
   end
 
-  pipeline :remote_media do
-  end
-
   scope "/proxy/", Pleroma.Web.MediaProxy do
-    pipe_through(:remote_media)
-
     get("/:sig/:url", MediaProxyController, :remote)
     get("/:sig/:url/:filename", MediaProxyController, :remote)
   end
diff --git a/test/web/activity_pub/mrf/object_age_policy_test.exs b/test/web/activity_pub/mrf/object_age_policy_test.exs
index 7ee195eeb..b0fb753bd 100644
--- a/test/web/activity_pub/mrf/object_age_policy_test.exs
+++ b/test/web/activity_pub/mrf/object_age_policy_test.exs
@@ -20,26 +20,38 @@ defmodule Pleroma.Web.ActivityPub.MRF.ObjectAgePolicyTest do
     :ok
   end
 
+  defp get_old_message do
+    File.read!("test/fixtures/mastodon-post-activity.json")
+    |> Poison.decode!()
+  end
+
+  defp get_new_message do
+    old_message = get_old_message()
+
+    new_object =
+      old_message
+      |> Map.get("object")
+      |> Map.put("published", DateTime.utc_now() |> DateTime.to_iso8601())
+
+    old_message
+    |> Map.put("object", new_object)
+  end
+
   describe "with reject action" do
     test "it rejects an old post" do
       Config.put([:mrf_object_age, :actions], [:reject])
 
-      data =
-        File.read!("test/fixtures/mastodon-post-activity.json")
-        |> Poison.decode!()
+      data = get_old_message()
 
-      {:reject, _} = ObjectAgePolicy.filter(data)
+      assert match?({:reject, _}, ObjectAgePolicy.filter(data))
     end
 
     test "it allows a new post" do
       Config.put([:mrf_object_age, :actions], [:reject])
 
-      data =
-        File.read!("test/fixtures/mastodon-post-activity.json")
-        |> Poison.decode!()
-        |> Map.put("published", DateTime.utc_now() |> DateTime.to_iso8601())
+      data = get_new_message()
 
-      {:ok, _} = ObjectAgePolicy.filter(data)
+      assert match?({:ok, _}, ObjectAgePolicy.filter(data))
     end
   end
 
@@ -47,9 +59,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.ObjectAgePolicyTest do
     test "it delists an old post" do
       Config.put([:mrf_object_age, :actions], [:delist])
 
-      data =
-        File.read!("test/fixtures/mastodon-post-activity.json")
-        |> Poison.decode!()
+      data = get_old_message()
 
       {:ok, _u} = User.get_or_fetch_by_ap_id(data["actor"])
 
@@ -61,14 +71,11 @@ defmodule Pleroma.Web.ActivityPub.MRF.ObjectAgePolicyTest do
     test "it allows a new post" do
       Config.put([:mrf_object_age, :actions], [:delist])
 
-      data =
-        File.read!("test/fixtures/mastodon-post-activity.json")
-        |> Poison.decode!()
-        |> Map.put("published", DateTime.utc_now() |> DateTime.to_iso8601())
+      data = get_new_message()
 
       {:ok, _user} = User.get_or_fetch_by_ap_id(data["actor"])
 
-      {:ok, ^data} = ObjectAgePolicy.filter(data)
+      assert match?({:ok, ^data}, ObjectAgePolicy.filter(data))
     end
   end
 
@@ -76,9 +83,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.ObjectAgePolicyTest do
     test "it strips followers collections from an old post" do
       Config.put([:mrf_object_age, :actions], [:strip_followers])
 
-      data =
-        File.read!("test/fixtures/mastodon-post-activity.json")
-        |> Poison.decode!()
+      data = get_old_message()
 
       {:ok, user} = User.get_or_fetch_by_ap_id(data["actor"])
 
@@ -91,14 +96,11 @@ defmodule Pleroma.Web.ActivityPub.MRF.ObjectAgePolicyTest do
     test "it allows a new post" do
       Config.put([:mrf_object_age, :actions], [:strip_followers])
 
-      data =
-        File.read!("test/fixtures/mastodon-post-activity.json")
-        |> Poison.decode!()
-        |> Map.put("published", DateTime.utc_now() |> DateTime.to_iso8601())
+      data = get_new_message()
 
       {:ok, _u} = User.get_or_fetch_by_ap_id(data["actor"])
 
-      {:ok, ^data} = ObjectAgePolicy.filter(data)
+      assert match?({:ok, ^data}, ObjectAgePolicy.filter(data))
     end
   end
 end
diff --git a/test/web/activity_pub/mrf/simple_policy_test.exs b/test/web/activity_pub/mrf/simple_policy_test.exs
index 91c24c2d9..b7b9bc6a2 100644
--- a/test/web/activity_pub/mrf/simple_policy_test.exs
+++ b/test/web/activity_pub/mrf/simple_policy_test.exs
@@ -17,7 +17,8 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
             reject: [],
             accept: [],
             avatar_removal: [],
-            banner_removal: []
+            banner_removal: [],
+            reject_deletes: []
           )
 
   describe "when :media_removal" do
@@ -382,6 +383,66 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
     end
   end
 
+  describe "when :reject_deletes is empty" do
+    setup do: Config.put([:mrf_simple, :reject_deletes], [])
+
+    test "it accepts deletions even from rejected servers" do
+      Config.put([:mrf_simple, :reject], ["remote.instance"])
+
+      deletion_message = build_remote_deletion_message()
+
+      assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}
+    end
+
+    test "it accepts deletions even from non-whitelisted servers" do
+      Config.put([:mrf_simple, :accept], ["non.matching.remote"])
+
+      deletion_message = build_remote_deletion_message()
+
+      assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}
+    end
+  end
+
+  describe "when :reject_deletes is not empty but it doesn't have a matching host" do
+    setup do: Config.put([:mrf_simple, :reject_deletes], ["non.matching.remote"])
+
+    test "it accepts deletions even from rejected servers" do
+      Config.put([:mrf_simple, :reject], ["remote.instance"])
+
+      deletion_message = build_remote_deletion_message()
+
+      assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}
+    end
+
+    test "it accepts deletions even from non-whitelisted servers" do
+      Config.put([:mrf_simple, :accept], ["non.matching.remote"])
+
+      deletion_message = build_remote_deletion_message()
+
+      assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}
+    end
+  end
+
+  describe "when :reject_deletes has a matching host" do
+    setup do: Config.put([:mrf_simple, :reject_deletes], ["remote.instance"])
+
+    test "it rejects the deletion" do
+      deletion_message = build_remote_deletion_message()
+
+      assert SimplePolicy.filter(deletion_message) == {:reject, nil}
+    end
+  end
+
+  describe "when :reject_deletes match with wildcard domain" do
+    setup do: Config.put([:mrf_simple, :reject_deletes], ["*.remote.instance"])
+
+    test "it rejects the deletion" do
+      deletion_message = build_remote_deletion_message()
+
+      assert SimplePolicy.filter(deletion_message) == {:reject, nil}
+    end
+  end
+
   defp build_local_message do
     %{
       "actor" => "#{Pleroma.Web.base_url()}/users/alice",
@@ -408,4 +469,11 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
       "type" => "Person"
     }
   end
+
+  defp build_remote_deletion_message do
+    %{
+      "type" => "Delete",
+      "actor" => "https://remote.instance/users/bob"
+    }
+  end
 end
diff --git a/test/web/mastodon_api/controllers/subscription_controller_test.exs b/test/web/mastodon_api/controllers/subscription_controller_test.exs
index 987158a74..5682498c0 100644
--- a/test/web/mastodon_api/controllers/subscription_controller_test.exs
+++ b/test/web/mastodon_api/controllers/subscription_controller_test.exs
@@ -35,7 +35,10 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
     quote do
       vapid_details = Application.get_env(:web_push_encryption, :vapid_details, [])
       Application.put_env(:web_push_encryption, :vapid_details, [])
-      assert "Something went wrong" == unquote(yield)
+
+      assert %{"error" => "Web push subscription is disabled on this Pleroma instance"} ==
+               unquote(yield)
+
       Application.put_env(:web_push_encryption, :vapid_details, vapid_details)
     end
   end
@@ -45,7 +48,7 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
       assert_error_when_disable_push do
         conn
         |> post("/api/v1/push/subscription", %{})
-        |> json_response(500)
+        |> json_response(403)
       end
     end
 
@@ -74,7 +77,7 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
       assert_error_when_disable_push do
         conn
         |> get("/api/v1/push/subscription", %{})
-        |> json_response(500)
+        |> json_response(403)
       end
     end
 
@@ -127,7 +130,7 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
       assert_error_when_disable_push do
         conn
         |> put("/api/v1/push/subscription", %{data: %{"alerts" => %{"mention" => false}}})
-        |> json_response(500)
+        |> json_response(403)
       end
     end
 
@@ -155,7 +158,7 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionControllerTest do
       assert_error_when_disable_push do
         conn
         |> delete("/api/v1/push/subscription", %{})
-        |> json_response(500)
+        |> json_response(403)
       end
     end
 
diff --git a/test/web/mastodon_api/views/push_subscription_view_test.exs b/test/web/mastodon_api/views/subscription_view_test.exs
index 10c6082a5..981524c0e 100644
--- a/test/web/mastodon_api/views/push_subscription_view_test.exs
+++ b/test/web/mastodon_api/views/subscription_view_test.exs
@@ -2,10 +2,10 @@
 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
-defmodule Pleroma.Web.MastodonAPI.PushSubscriptionViewTest do
+defmodule Pleroma.Web.MastodonAPI.SubscriptionViewTest do
   use Pleroma.DataCase
   import Pleroma.Factory
-  alias Pleroma.Web.MastodonAPI.PushSubscriptionView, as: View
+  alias Pleroma.Web.MastodonAPI.SubscriptionView, as: View
   alias Pleroma.Web.Push
 
   test "Represent a subscription" do
@@ -18,6 +18,6 @@ defmodule Pleroma.Web.MastodonAPI.PushSubscriptionViewTest do
       server_key: Keyword.get(Push.vapid_config(), :public_key)
     }
 
-    assert expected == View.render("push_subscription.json", %{subscription: subscription})
+    assert expected == View.render("show.json", %{subscription: subscription})
   end
 end