12 files changed, 62 insertions, 40 deletions

diff --git a/lib/pleroma/application.ex b/lib/pleroma/application.ex
index e1e3bcd63..a89728471 100644
--- a/lib/pleroma/application.ex
+++ b/lib/pleroma/application.ex
@@ -5,6 +5,7 @@ defmodule Pleroma.Application do
   # for more information on OTP Applications
   def start(_type, _args) do
     import Supervisor.Spec
+    import Cachex.Spec
 
     # Define workers and child supervisors to be supervised
     children =
@@ -28,8 +29,11 @@ defmodule Pleroma.Application do
           [
             :idempotency_cache,
             [
-              default_ttl: :timer.seconds(6 * 60 * 60),
-              ttl_interval: :timer.seconds(60),
+              expiration:
+                expiration(
+                  default: :timer.seconds(6 * 60 * 60),
+                  interval: :timer.seconds(60)
+                ),
               limit: 2500
             ]
           ],
diff --git a/lib/pleroma/object.ex b/lib/pleroma/object.ex
index 558e151b0..ff2af4a6f 100644
--- a/lib/pleroma/object.ex
+++ b/lib/pleroma/object.ex
@@ -33,19 +33,15 @@ defmodule Pleroma.Object do
     else
       key = "object:#{ap_id}"
 
-      Cachex.get!(
-        :user_cache,
-        key,
-        fallback: fn _ ->
-          object = get_by_ap_id(ap_id)
-
-          if object do
-            {:commit, object}
-          else
-            {:ignore, object}
-          end
+      Cachex.fetch!(:user_cache, key, fn _ ->
+        object = get_by_ap_id(ap_id)
+
+        if object do
+          {:commit, object}
+        else
+          {:ignore, object}
         end
-      )
+      end)
     end
   end
 
diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex
index 6a8129ac8..690cc7cf3 100644
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@@ -223,9 +223,9 @@ defmodule Pleroma.User do
 
   def update_and_set_cache(changeset) do
     with {:ok, user} <- Repo.update(changeset) do
-      Cachex.set(:user_cache, "ap_id:#{user.ap_id}", user)
-      Cachex.set(:user_cache, "nickname:#{user.nickname}", user)
-      Cachex.set(:user_cache, "user_info:#{user.id}", user_info(user))
+      Cachex.put(:user_cache, "ap_id:#{user.ap_id}", user)
+      Cachex.put(:user_cache, "nickname:#{user.nickname}", user)
+      Cachex.put(:user_cache, "user_info:#{user.id}", user_info(user))
       {:ok, user}
     else
       e -> e
@@ -239,12 +239,12 @@ defmodule Pleroma.User do
 
   def get_cached_by_ap_id(ap_id) do
     key = "ap_id:#{ap_id}"
-    Cachex.get!(:user_cache, key, fallback: fn _ -> get_by_ap_id(ap_id) end)
+    Cachex.fetch!(:user_cache, key, fn _ -> get_by_ap_id(ap_id) end)
   end
 
   def get_cached_by_nickname(nickname) do
     key = "nickname:#{nickname}"
-    Cachex.get!(:user_cache, key, fallback: fn _ -> get_or_fetch_by_nickname(nickname) end)
+    Cachex.fetch!(:user_cache, key, fn _ -> get_or_fetch_by_nickname(nickname) end)
   end
 
   def get_by_nickname(nickname) do
@@ -260,7 +260,7 @@ defmodule Pleroma.User do
 
   def get_cached_user_info(user) do
     key = "user_info:#{user.id}"
-    Cachex.get!(:user_cache, key, fallback: fn _ -> user_info(user) end)
+    Cachex.fetch!(:user_cache, key, fn _ -> user_info(user) end)
   end
 
   def fetch_by_nickname(nickname) do
diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
index 80aae4f0f..c7d50893f 100644
--- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
@@ -93,7 +93,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
       Logger.info("Signature not from author, relayed message, fetching from source")
       ActivityPub.fetch_object_from_id(params["object"]["id"])
     else
-      Logger.info("Signature error")
+      Logger.info("Signature error - make sure you are forwarding the HTTP Host header!")
       Logger.info("Could not validate #{params["actor"]}")
       Logger.info(inspect(conn.req_headers))
     end
diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex
index b941fdf16..803445011 100644
--- a/lib/pleroma/web/activity_pub/transmogrifier.ex
+++ b/lib/pleroma/web/activity_pub/transmogrifier.ex
@@ -229,7 +229,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
           "object" => %{"type" => "Announce", "object" => object_id},
           "actor" => actor,
           "id" => id
-        } = data
+        } = _data
       ) do
     with %User{} = actor <- User.get_or_fetch_by_ap_id(actor),
          {:ok, object} <-
@@ -237,7 +237,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
          {:ok, activity, _, _} <- ActivityPub.unannounce(actor, object, id, false) do
       {:ok, activity}
     else
-      e -> :error
+      _e -> :error
     end
   end
 
@@ -297,7 +297,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
           "object" => %{"type" => "Like", "object" => object_id},
           "actor" => actor,
           "id" => id
-        } = data
+        } = _data
       ) do
     with %User{} = actor <- User.get_or_fetch_by_ap_id(actor),
          {:ok, object} <-
@@ -305,7 +305,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
          {:ok, activity, _, _} <- ActivityPub.unlike(actor, object, id, false) do
       {:ok, activity}
     else
-      e -> :error
+      _e -> :error
     end
   end
 
@@ -565,10 +565,10 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
 
   def maybe_fix_user_url(data) do
     if is_map(data["url"]) do
-      data = Map.put(data, "url", data["url"]["href"])
+      Map.put(data, "url", data["url"]["href"])
+    else
+      data
     end
-
-    data
   end
 
   def maybe_fix_user_object(data) do
diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex
index 89d11781d..831e13b7e 100644
--- a/lib/pleroma/web/activity_pub/utils.ex
+++ b/lib/pleroma/web/activity_pub/utils.ex
@@ -242,8 +242,9 @@ defmodule Pleroma.Web.ActivityPub.Utils do
           fragment(
             "? @> ?",
             activity.data,
-            ^%{type: "Follow", actor: follower_id, object: followed_id}
+            ^%{type: "Follow", object: followed_id}
           ),
+        where: activity.actor == ^follower_id,
         order_by: [desc: :id],
         limit: 1
       )
@@ -260,7 +261,7 @@ defmodule Pleroma.Web.ActivityPub.Utils do
     query =
       from(
         activity in Activity,
-        where: fragment("(?)->>'actor' = ?", activity.data, ^actor),
+        where: activity.actor == ^actor,
         # this is to use the index
         where:
           fragment(
diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex
index e774743a2..9c9951371 100644
--- a/lib/pleroma/web/common_api/utils.ex
+++ b/lib/pleroma/web/common_api/utils.ex
@@ -133,7 +133,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do
       "context" => context,
       "attachment" => attachments,
       "actor" => actor,
-      "tag" => tags |> Enum.map(fn {_, tag} -> tag end)
+      "tag" => tags |> Enum.map(fn {_, tag} -> tag end) |> Enum.uniq()
     }
 
     if inReplyTo do
@@ -187,9 +187,9 @@ defmodule Pleroma.Web.CommonAPI.Utils do
     end
   end
 
-  def confirm_current_password(user, params) do
+  def confirm_current_password(user, password) do
     with %User{local: true} = db_user <- Repo.get(User, user.id),
-         true <- Pbkdf2.checkpw(params["password"], db_user.password_hash) do
+         true <- Pbkdf2.checkpw(password, db_user.password_hash) do
       {:ok, db_user}
     else
       _ -> {:error, "Invalid password."}
diff --git a/lib/pleroma/web/http_signatures/http_signatures.ex b/lib/pleroma/web/http_signatures/http_signatures.ex
index dd3f825db..4e0adbc1d 100644
--- a/lib/pleroma/web/http_signatures/http_signatures.ex
+++ b/lib/pleroma/web/http_signatures/http_signatures.ex
@@ -2,6 +2,7 @@
 defmodule Pleroma.Web.HTTPSignatures do
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.Utils
+  alias Pleroma.Web.ActivityPub.ActivityPub
   require Logger
 
   def split_signature(sig) do
diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
index b21f5de20..2c0277124 100644
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@@ -275,11 +275,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
       end
 
     {:ok, activity} =
-      Cachex.get!(
-        :idempotency_cache,
-        idempotency_key,
-        fallback: fn _ -> CommonAPI.post(user, params) end
-      )
+      Cachex.fetch!(:idempotency_cache, idempotency_key, fn _ -> CommonAPI.post(user, params) end)
 
     render(conn, StatusView, "status.json", %{activity: activity, for: user, as: :activity})
   end
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index 2b5209b75..9389244b1 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -73,6 +73,7 @@ defmodule Pleroma.Web.Router do
   scope "/api/pleroma", Pleroma.Web.TwitterAPI do
     pipe_through(:authenticated_api)
     post("/follow_import", UtilController, :follow_import)
+    post("/change_password", UtilController, :change_password)
     post("/delete_account", UtilController, :delete_account)
   end
 
diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
index 23e7408a0..cc5146566 100644
--- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
@@ -197,8 +197,31 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
     json(conn, "job started")
   end
 
+  def change_password(%{assigns: %{user: user}} = conn, params) do
+    case CommonAPI.Utils.confirm_current_password(user, params["password"]) do
+      {:ok, user} ->
+        with {:ok, _user} <-
+               User.reset_password(user, %{
+                 password: params["new_password"],
+                 password_confirmation: params["new_password_confirmation"]
+               }) do
+          json(conn, %{status: "success"})
+        else
+          {:error, changeset} ->
+            {_, {error, _}} = Enum.at(changeset.errors, 0)
+            json(conn, %{error: "New password #{error}."})
+
+          _ ->
+            json(conn, %{error: "Unable to change password."})
+        end
+
+      {:error, msg} ->
+        json(conn, %{error: msg})
+    end
+  end
+
   def delete_account(%{assigns: %{user: user}} = conn, params) do
-    case CommonAPI.Utils.confirm_current_password(user, params) do
+    case CommonAPI.Utils.confirm_current_password(user, params["password"]) do
       {:ok, user} ->
         Task.start(fn -> User.delete(user) end)
         json(conn, %{status: "success"})
diff --git a/lib/pleroma/web/web_finger/web_finger.ex b/lib/pleroma/web/web_finger/web_finger.ex
index 6e5fc1401..9c6f1cb68 100644
--- a/lib/pleroma/web/web_finger/web_finger.ex
+++ b/lib/pleroma/web/web_finger/web_finger.ex
@@ -214,7 +214,7 @@ defmodule Pleroma.Web.WebFinger do
   end
 
   def get_template_from_xml(body) do
-    xpath = "//Link[@rel='lrdd' and @type='application/xrd+xml']/@template"
+    xpath = "//Link[@rel='lrdd']/@template"
 
     with doc when doc != :error <- XML.parse_document(body),
          template when template != nil <- XML.string_from_xpath(xpath, doc) do