7 files changed, 137 insertions, 8 deletions

diff --git a/lib/pleroma/plugs/admin_secret_authentication_plug.ex b/lib/pleroma/plugs/admin_secret_authentication_plug.ex
index fdadd476e..49dea452d 100644
--- a/lib/pleroma/plugs/admin_secret_authentication_plug.ex
+++ b/lib/pleroma/plugs/admin_secret_authentication_plug.ex
@@ -16,14 +16,28 @@ defmodule Pleroma.Plugs.AdminSecretAuthenticationPlug do
 
   def call(%{assigns: %{user: %User{}}} = conn, _), do: conn
 
-  def call(%{params: %{"admin_token" => admin_token}} = conn, _) do
-    if secret_token() && admin_token == secret_token() do
+  def call(conn, _) do
+    if secret_token() do
+      authenticate(conn)
+    else
       conn
-      |> assign(:user, %User{is_admin: true})
+    end
+  end
+
+  def authenticate(%{params: %{"admin_token" => admin_token}} = conn) do
+    if admin_token == secret_token() do
+      assign(conn, :user, %User{is_admin: true})
     else
       conn
     end
   end
 
-  def call(conn, _), do: conn
+  def authenticate(conn) do
+    token = secret_token()
+
+    case get_req_header(conn, "x-admin-token") do
+      [^token] -> assign(conn, :user, %User{is_admin: true})
+      _ -> conn
+    end
+  end
 end
diff --git a/lib/pleroma/plugs/oauth_plug.ex b/lib/pleroma/plugs/oauth_plug.ex
index fd004fcd2..11a5b7642 100644
--- a/lib/pleroma/plugs/oauth_plug.ex
+++ b/lib/pleroma/plugs/oauth_plug.ex
@@ -71,7 +71,7 @@ defmodule Pleroma.Plugs.OAuthPlug do
       )
 
     # credo:disable-for-next-line Credo.Check.Readability.MaxLineLength
-    with %Token{user: %{deactivated: false} = user} = token_record <- Repo.one(query) do
+    with %Token{user: user} = token_record <- Repo.one(query) do
       {:ok, user, token_record}
     end
   end
diff --git a/lib/pleroma/plugs/user_enabled_plug.ex b/lib/pleroma/plugs/user_enabled_plug.ex
index fbb4bf115..8d102ee5b 100644
--- a/lib/pleroma/plugs/user_enabled_plug.ex
+++ b/lib/pleroma/plugs/user_enabled_plug.ex
@@ -10,9 +10,13 @@ defmodule Pleroma.Plugs.UserEnabledPlug do
     options
   end
 
-  def call(%{assigns: %{user: %User{deactivated: true}}} = conn, _) do
-    conn
-    |> assign(:user, nil)
+  def call(%{assigns: %{user: %User{} = user}} = conn, _) do
+    if User.auth_active?(user) do
+      conn
+    else
+      conn
+      |> assign(:user, nil)
+    end
   end
 
   def call(conn, _) do
diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex
index f8c2db1e1..fcb1d5143 100644
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@@ -124,6 +124,9 @@ defmodule Pleroma.User do
     timestamps()
   end
 
+  @doc "Returns if the user should be allowed to authenticate"
+  def auth_active?(%User{deactivated: true}), do: false
+
   def auth_active?(%User{confirmation_pending: true}),
     do: !Pleroma.Config.get([:instance, :account_activation_required])
 
diff --git a/lib/pleroma/web/activity_pub/mrf/object_age_policy.ex b/lib/pleroma/web/activity_pub/mrf/object_age_policy.ex
new file mode 100644
index 000000000..8b36c1021
--- /dev/null
+++ b/lib/pleroma/web/activity_pub/mrf/object_age_policy.ex
@@ -0,0 +1,101 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.MRF.ObjectAgePolicy do
+  alias Pleroma.Config
+  alias Pleroma.User
+  alias Pleroma.Web.ActivityPub.MRF
+
+  require Pleroma.Constants
+
+  @moduledoc "Filter activities depending on their age"
+  @behaviour MRF
+
+  defp check_date(%{"published" => published} = message) do
+    with %DateTime{} = now <- DateTime.utc_now(),
+         {:ok, %DateTime{} = then, _} <- DateTime.from_iso8601(published),
+         max_ttl <- Config.get([:mrf_object_age, :threshold]),
+         {:ttl, false} <- {:ttl, DateTime.diff(now, then) > max_ttl} do
+      {:ok, message}
+    else
+      {:ttl, true} ->
+        {:reject, nil}
+
+      e ->
+        {:error, e}
+    end
+  end
+
+  defp check_reject(message, actions) do
+    if :reject in actions do
+      {:reject, nil}
+    else
+      {:ok, message}
+    end
+  end
+
+  defp check_delist(message, actions) do
+    if :delist in actions do
+      with %User{} = user <- User.get_cached_by_ap_id(message["actor"]) do
+        to = List.delete(message["to"], Pleroma.Constants.as_public()) ++ [user.follower_address]
+        cc = List.delete(message["cc"], user.follower_address) ++ [Pleroma.Constants.as_public()]
+
+        message =
+          message
+          |> Map.put("to", to)
+          |> Map.put("cc", cc)
+
+        {:ok, message}
+      else
+        # Unhandleable error: somebody is messing around, just drop the message.
+        _e ->
+          {:reject, nil}
+      end
+    else
+      {:ok, message}
+    end
+  end
+
+  defp check_strip_followers(message, actions) do
+    if :strip_followers in actions do
+      with %User{} = user <- User.get_cached_by_ap_id(message["actor"]) do
+        to = List.delete(message["to"], user.follower_address)
+        cc = List.delete(message["cc"], user.follower_address)
+
+        message =
+          message
+          |> Map.put("to", to)
+          |> Map.put("cc", cc)
+
+        {:ok, message}
+      else
+        # Unhandleable error: somebody is messing around, just drop the message.
+        _e ->
+          {:reject, nil}
+      end
+    else
+      {:ok, message}
+    end
+  end
+
+  @impl true
+  def filter(%{"type" => "Create", "published" => _} = message) do
+    with actions <- Config.get([:mrf_object_age, :actions]),
+         {:reject, _} <- check_date(message),
+         {:ok, message} <- check_reject(message, actions),
+         {:ok, message} <- check_delist(message, actions),
+         {:ok, message} <- check_strip_followers(message, actions) do
+      {:ok, message}
+    else
+      # check_date() is allowed to short-circuit the pipeline
+      e -> e
+    end
+  end
+
+  @impl true
+  def filter(message), do: {:ok, message}
+
+  @impl true
+  def describe, do: {:ok, %{}}
+end
diff --git a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
index 486b9f6a4..abcf46034 100644
--- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
+++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
@@ -120,6 +120,12 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do
           banner: Config.get([:instance, :banner_upload_limit]),
           background: Config.get([:instance, :background_upload_limit])
         },
+        fieldsLimits: %{
+          maxFields: Config.get([:instance, :max_account_fields]),
+          maxRemoteFields: Config.get([:instance, :max_remote_account_fields]),
+          nameLength: Config.get([:instance, :account_field_name_length]),
+          valueLength: Config.get([:instance, :account_field_value_length])
+        },
         accountActivationRequired: Config.get([:instance, :account_activation_required], false),
         invitesEnabled: Config.get([:instance, :invites_enabled], false),
         mailerEnabled: Config.get([Pleroma.Emails.Mailer, :enabled], false),
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index 9eadb4591..12b676065 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -13,6 +13,7 @@ defmodule Pleroma.Web.Router do
   pipeline :oauth do
     plug(:fetch_session)
     plug(Pleroma.Plugs.OAuthPlug)
+    plug(Pleroma.Plugs.UserEnabledPlug)
   end
 
   pipeline :api do