Merge branch 'release/0.7.13.0'

2020-02-12 00:33:12 +01:00 · 2020-02-12 00:33:12 +01:00 · c2a991fec1
commit c2a991fec1
parent 09a425cbbc 6f65d9f96c
59 changed files with 574 additions and 385 deletions
--- a/.rubocop.yml
+++ b/.rubocop.yml
@ -1,3 +1,5 @@
+require: rubocop-rails
+
 AllCops:
  TargetRubyVersion: 2.3
  Exclude:
@ -5,9 +7,6 @@ AllCops:
    - "db/schema.rb"
    - "config/locales/cldr/plurals.rb"

-Rails:
-  Enabled: true
-
 # Disable for rails 4
 Rails/HttpPositionalArguments:
  Enabled: false
--- a/.travis.yml
+++ b/.travis.yml
@ -17,6 +17,16 @@ cache:
    - app/assets/images
    - tmp/cache/assets

+addons:
+  apt:
+    packages: 
+      - libidn11-dev
+      - ghostscript
+
+services:
+  - postgresql
+  - mysql
+
 branches:
  only:
    - 'master'
--- a/Changelog.md
+++ b/Changelog.md
@ -1,3 +1,19 @@
+# 0.7.13.0
+
+## Security
+* Fixes [USN-4274-1](https://usn.ubuntu.com/4274-1/), a potential Denial-of-Service vulnerability in Nokogiri. [#8108](https://github.com/diaspora/diaspora/pull/8108)
+
+## Refactor
+* Set better example values for unicorn stdout/stderr log settings [#8058](https://github.com/diaspora/diaspora/pull/8058)
+* Replace dependency on rails-assets.org with custom gems cache at gems.diasporafoundation.org [#8087](https://github.com/diaspora/diaspora/pull/8087)
+
+## Bug fixes
+* Fix error while trying to fetch some sites with invalid OpenGraph data [#8049](https://github.com/diaspora/diaspora/pull/8049)
+* Don't show sign up link on mobile when registrations are disabled [#8060](https://github.com/diaspora/diaspora/pull/8060)
+
+## Features
+* Add cronjob to cleanup pending photos which were never posted [#8041](https://github.com/diaspora/diaspora/pull/8041)
+
 # 0.7.12.0

 ## Refactor
--- a/73
+++ b/73
@ -2,7 +2,7 @@

 source "https://rubygems.org"

-gem "rails", "5.1.6.2"
+gem "rails", "5.2.4.1"

 # Legacy Rails features, remove me!
 # responders (class level)
@ -10,7 +10,7 @@ gem "responders", "2.4.1"

 # Appserver

-gem "unicorn", "5.5.0", require: false
+gem "unicorn", "5.5.1", require: false
 gem "unicorn-worker-killer", "0.4.4"

 # Federation
@ -26,7 +26,7 @@ gem "json-schema", "2.8.1"

 # Authentication

-gem "devise", "4.6.1"
+gem "devise", "4.7.1"
 gem "devise-two-factor", "3.0.3"
 gem "devise_lastseenable", "0.0.6"
 gem "rqrcode", "0.10.1"
@ -38,7 +38,7 @@ gem "simple_captcha2", "0.4.3", require: "simple_captcha"
 # Background processing

 gem "redis", "3.3.5" # Pinned to 3.3.x because of https://github.com/antirez/redis/issues/4272
-gem "sidekiq", "5.2.5"
+gem "sidekiq", "5.2.7"

 # Scheduled processing

@ -54,7 +54,7 @@ gem "configurate", "0.3.1"

 # Cross-origin resource sharing

-gem "rack-cors", "1.0.2", require: "rack/cors"
+gem "rack-cors", "1.1.1", require: "rack/cors"

 # CSS

@ -75,13 +75,13 @@ group :postgresql, optional: true do
 end


-gem "activerecord-import", "1.0.1"
+gem "activerecord-import", "1.0.2"

 # File uploading

 gem "carrierwave", "1.3.1"
-gem "fog-aws",     "3.4.0"
-gem "mini_magick", "4.9.3"
+gem "fog-aws",     "3.5.1"
+gem "mini_magick", "4.10.1"

 # GUID generation
 gem "uuid", "2.3.9"
@ -92,13 +92,13 @@ gem "entypo-rails", "3.0.0"

 # JavaScript

-gem "handlebars_assets", "0.23.3"
-gem "jquery-rails",      "4.3.3"
-gem "js-routes",         "1.4.4"
+gem "handlebars_assets", "0.23.4"
+gem "jquery-rails",      "4.3.5"
+gem "js-routes",         "1.4.7"
 gem "js_image_paths",    "0.1.1"

-source "https://rails-assets.org" do
-  gem "rails-assets-jquery",                              "3.3.1" # Should be kept in sync with jquery-rails
+source "https://gems.diasporafoundation.org" do
+  gem "rails-assets-jquery",                              "3.4.1" # Should be kept in sync with jquery-rails
  gem "rails-assets-jquery.ui",                           "1.11.4"

  gem "rails-assets-highlightjs",                         "9.12.0"
@ -138,12 +138,12 @@ gem "rails-i18n",           "5.1.3"
 gem "markerb",             "1.1.0"

 # Map
-gem "leaflet-rails",       "1.3.1"
+gem "leaflet-rails",       "1.5.1"

 # Parsing

-gem "nokogiri",          "1.10.1"
-gem "open_graph_reader", "0.6.2" # also update User-Agent in features/support/webmock.rb
+gem "nokogiri",          "1.10.8"
+gem "open_graph_reader", "0.7.0" # also update User-Agent in features/support/webmock.rb
 gem "redcarpet",         "3.4.0"
 gem "ruby-oembed",       "0.12.0"
 gem "twitter-text",      "1.14.7"
@ -154,7 +154,7 @@ gem "string-direction", "1.2.1"

 # Security Headers

-gem "secure_headers", "6.1.0"
+gem "secure_headers", "6.3.0"

 # Services

@ -165,7 +165,7 @@ gem "omniauth-wordpress", "0.2.2"
 gem "twitter",            "6.2.0"

 # OpenID Connect
-gem "openid_connect", "1.1.6"
+gem "openid_connect", "1.1.8"

 # Serializers

@ -173,7 +173,7 @@ gem "active_model_serializers", "0.9.7"

 # XMPP chat dependencies
 gem "diaspora-prosody-config",    "0.0.7"
-gem "rails-assets-diaspora_jsxc", "0.1.5.develop.7", source: "https://rails-assets.org"
+gem "rails-assets-diaspora_jsxc", "0.1.5.develop.7", source: "https://gems.diasporafoundation.org"

 # Tags

@ -181,16 +181,16 @@ gem "acts-as-taggable-on", "6.0.0"

 # URIs and HTTP

-gem "addressable",        "2.5.2", require: "addressable/uri"
+gem "addressable",        "2.6.0", require: "addressable/uri"
 gem "faraday",            "0.15.4"
-gem "faraday_middleware", "0.12.2"
+gem "faraday_middleware", "0.13.1"
 gem "faraday-cookie_jar", "0.0.6"
 gem "typhoeus",           "1.3.1"

 # Views

 gem "gon",                     "6.2.1"
-gem "hamlit",                  "2.9.2"
+gem "hamlit",                  "2.9.3"
 gem "mobile-fu",               "1.4.0"
 gem "rails-timeago",           "2.17.1"
 gem "will_paginate",           "3.1.7"
@ -201,7 +201,7 @@ gem "logging-rails", "0.6.0", require: "logging/rails"

 # Reading and writing zip files

-gem "rubyzip", "1.2.2", require: "zip"
+gem "rubyzip", "1.3.0", require: "zip"

 # Prevent occasions where minitest is not bundled in
 # packaged versions of ruby. See following issues/prs:
@ -210,7 +210,7 @@ gem "rubyzip", "1.2.2", require: "zip"
 # https://github.com/discourse/discourse/pull/238
 gem "minitest"

-gem "versionist", "1.7.0"
+gem "versionist", "2.0.0"

 # Windows and OSX have an execjs compatible runtime built-in, Linux users should
 # install Node.js or use "therubyracer".
@ -249,12 +249,13 @@ group :development do

  # Linters
  gem "haml_lint",      "0.28.0", require: false
-  gem "pronto",         "0.9.5", require: false
-  gem "pronto-eslint",  "0.9.1", require: false
-  gem "pronto-haml",    "0.9.0", require: false
-  gem "pronto-rubocop", "0.9.1", require: false
-  gem "pronto-scss",    "0.9.1", require: false
-  gem "rubocop",        "0.66.0", require: false
+  gem "pronto",         "0.10.0", require: false
+  gem "pronto-eslint",  "0.10.0", require: false
+  gem "pronto-haml",    "0.10.0", require: false
+  gem "pronto-rubocop", "0.10.0", require: false
+  gem "pronto-scss",    "0.10.0", require: false
+  gem "rubocop",        "0.72.0", require: false
+  gem "rubocop-rails",  "2.1.0", require: false

  # Preloading environment

@ -276,7 +277,7 @@ group :test do
  # RSpec (unit tests, some integration tests)

  gem "fixture_builder",   "0.5.2.rc3"
-  gem "fuubar",            "2.3.2"
+  gem "fuubar",            "2.4.1"
  gem "json-schema-rspec", "0.0.4"
  gem "rspec-json_expectations", "~> 2.1"

@ -293,12 +294,12 @@ group :test do
  gem "factory_girl_rails", "4.8.0"
  gem "shoulda-matchers",   "4.0.1"
  gem "timecop",            "0.9.1"
-  gem "webmock",            "3.5.1", require: false
+  gem "webmock",            "3.6.0", require: false

  gem "diaspora_federation-test", "0.2.6"

  # Coverage
-  gem "coveralls", "0.8.22", require: false
+  gem "coveralls", "0.8.23", require: false
 end

 group :development, :test do
@ -306,12 +307,12 @@ group :development, :test do
  gem "rspec-rails", "3.8.2"

  # Cucumber (integration tests)
-  gem "cucumber-rails", "1.6.0", require: false
+  gem "cucumber-rails", "1.7.0", require: false

  # Jasmine (client side application tests (JS))
-  gem "jasmine",                   "3.3.0"
+  gem "jasmine",                   "3.4.0"
  gem "jasmine-jquery-rails",      "2.0.3"
-  gem "rails-assets-jasmine-ajax", "3.4.0", source: "https://rails-assets.org"
+  gem "rails-assets-jasmine-ajax", "4.0.0", source: "https://gems.diasporafoundation.org"
  gem "sinon-rails",               "1.15.0"

  # For `assigns` in controller specs
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -1,26 +1,26 @@
 GEM
  remote: https://rubygems.org/
-  remote: https://rails-assets.org/
+  remote: https://gems.diasporafoundation.org/
  specs:
-    actioncable (5.1.6.2)
-      actionpack (= 5.1.6.2)
+    actioncable (5.2.4.1)
+      actionpack (= 5.2.4.1)
      nio4r (~> 2.0)
-      websocket-driver (~> 0.6.1)
-    actionmailer (5.1.6.2)
-      actionpack (= 5.1.6.2)
-      actionview (= 5.1.6.2)
-      activejob (= 5.1.6.2)
+      websocket-driver (>= 0.6.1)
+    actionmailer (5.2.4.1)
+      actionpack (= 5.2.4.1)
+      actionview (= 5.2.4.1)
+      activejob (= 5.2.4.1)
      mail (~> 2.5, >= 2.5.4)
      rails-dom-testing (~> 2.0)
-    actionpack (5.1.6.2)
-      actionview (= 5.1.6.2)
-      activesupport (= 5.1.6.2)
-      rack (~> 2.0)
+    actionpack (5.2.4.1)
+      actionview (= 5.2.4.1)
+      activesupport (= 5.2.4.1)
+      rack (~> 2.0, >= 2.0.8)
      rack-test (>= 0.6.3)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.1.6.2)
-      activesupport (= 5.1.6.2)
+    actionview (5.2.4.1)
+      activesupport (= 5.2.4.1)
      builder (~> 3.1)
      erubi (~> 1.4)
      rails-dom-testing (~> 2.0)
@ -28,18 +28,22 @@ GEM
    active_model_serializers (0.9.7)
      activemodel (>= 3.2)
      concurrent-ruby (~> 1.0)
-    activejob (5.1.6.2)
-      activesupport (= 5.1.6.2)
+    activejob (5.2.4.1)
+      activesupport (= 5.2.4.1)
      globalid (>= 0.3.6)
-    activemodel (5.1.6.2)
-      activesupport (= 5.1.6.2)
-    activerecord (5.1.6.2)
-      activemodel (= 5.1.6.2)
-      activesupport (= 5.1.6.2)
-      arel (~> 8.0)
-    activerecord-import (1.0.1)
+    activemodel (5.2.4.1)
+      activesupport (= 5.2.4.1)
+    activerecord (5.2.4.1)
+      activemodel (= 5.2.4.1)
+      activesupport (= 5.2.4.1)
+      arel (>= 9.0)
+    activerecord-import (1.0.2)
      activerecord (>= 3.2)
-    activesupport (5.1.6.2)
+    activestorage (5.2.4.1)
+      actionpack (= 5.2.4.1)
+      activerecord (= 5.2.4.1)
+      marcel (~> 0.3.1)
+    activesupport (5.2.4.1)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      i18n (>= 0.7, < 2)
      minitest (~> 5.1)
@ -50,10 +54,10 @@ GEM
      activemodel (>= 3.0.0)
      activesupport (>= 3.0.0)
      rack (>= 1.1.0)
-    addressable (2.5.2)
+    addressable (2.6.0)
      public_suffix (>= 2.0.2, < 4.0)
    aes_key_wrap (1.0.1)
-    arel (8.0.0)
+    arel (9.0.0)
    asset_sync (2.7.0)
      activemodel (>= 4.1.0)
      fog-core
@ -65,15 +69,15 @@ GEM
    attr_required (1.0.1)
    autoprefixer-rails (8.6.5)
      execjs
-    backports (3.12.0)
-    bcrypt (3.1.12)
+    backports (3.15.0)
+    bcrypt (3.1.13)
    bindata (2.4.4)
    bootstrap-sass (3.4.1)
      autoprefixer-rails (>= 5.2.1)
      sassc (>= 2.0.0)
    bootstrap-switch-rails (3.3.3)
    buftok (0.2.0)
-    builder (3.2.3)
+    builder (3.2.4)
    byebug (11.0.1)
    capybara (3.15.0)
      addressable
@ -127,18 +131,18 @@ GEM
      compass (~> 1.0.0)
      sass-rails (< 5.1)
      sprockets (< 4.0)
-    concurrent-ruby (1.1.5)
+    concurrent-ruby (1.1.6)
    configurate (0.3.1)
    connection_pool (2.2.2)
-    coveralls (0.8.22)
+    coveralls (0.8.23)
      json (>= 1.8, < 3)
      simplecov (~> 0.16.1)
      term-ansicolor (~> 1.3)
-      thor (~> 0.19.4)
+      thor (>= 0.19.4, < 2.0)
      tins (~> 1.6)
    crack (0.4.3)
      safe_yaml (~> 1.0.0)
-    crass (1.0.4)
+    crass (1.0.6)
    cucumber (3.1.2)
      builder (>= 2.1.2)
      cucumber-core (~> 3.2.0)
@ -156,19 +160,19 @@ GEM
      cucumber-tag_expressions (~> 1.1.0)
      gherkin (~> 5.0)
    cucumber-expressions (6.0.1)
-    cucumber-rails (1.6.0)
-      capybara (>= 1.1.2, < 4)
+    cucumber-rails (1.7.0)
+      capybara (>= 2.3.0, < 4)
      cucumber (>= 3.0.2, < 4)
      mime-types (>= 1.17, < 4)
      nokogiri (~> 1.8)
-      railties (>= 4, < 6)
+      railties (>= 4.2, < 7)
    cucumber-tag_expressions (1.1.1)
    cucumber-wire (0.0.1)
    database_cleaner (1.7.0)
-    devise (4.6.1)
+    devise (4.7.1)
      bcrypt (~> 3.0)
      orm_adapter (~> 0.1)
-      railties (>= 4.1.0, < 6.0)
+      railties (>= 4.1.0)
      responders
      warden (~> 1.2.3)
    devise-two-factor (3.0.3)
@ -196,23 +200,23 @@ GEM
      fabrication (~> 2.16)
      uuid (~> 2.3, >= 2.3.8)
    diff-lcs (1.3)
-    docile (1.3.1)
+    docile (1.3.2)
    domain_name (0.5.20180417)
      unf (>= 0.0.5, < 1.0.0)
    encryptor (3.0.0)
    entypo-rails (3.0.0)
      railties (>= 4.1, < 6)
    equalizer (0.0.11)
-    erubi (1.8.0)
+    erubi (1.9.0)
    eslintrb (2.1.0)
      execjs
      multi_json (>= 1.3)
      rake
-    et-orbi (1.1.7)
+    et-orbi (1.2.1)
      tzinfo
    ethon (0.12.0)
      ffi (>= 1.3.0)
-    excon (0.62.0)
+    excon (0.72.0)
    execjs (2.7.0)
    eye (0.10.0)
      celluloid (~> 0.17.3)
@ -220,7 +224,7 @@ GEM
      kostya-sigar (~> 2.0.0)
      state_machines
      thor
-    fabrication (2.20.1)
+    fabrication (2.20.2)
    factory_girl (4.8.0)
      activesupport (>= 3.0.0)
    factory_girl_rails (4.8.0)
@ -231,14 +235,14 @@ GEM
    faraday-cookie_jar (0.0.6)
      faraday (>= 0.7.4)
      http-cookie (~> 1.0.0)
-    faraday_middleware (0.12.2)
+    faraday_middleware (0.13.1)
      faraday (>= 0.7.4, < 1.0)
-    ffi (1.10.0)
+    ffi (1.11.1)
    fixture_builder (0.5.2.rc3)
      activerecord (>= 2)
      activesupport (>= 2)
      hashdiff
-    fog-aws (3.4.0)
+    fog-aws (3.5.1)
      fog-core (~> 2.1)
      fog-json (~> 1.1)
      fog-xml (~> 0.1)
@ -255,15 +259,15 @@ GEM
      fog-core
      nokogiri (>= 1.5.11, < 2.0.0)
    formatador (0.2.5)
-    fugit (1.1.8)
-      et-orbi (~> 1.1, >= 1.1.7)
+    fugit (1.2.2)
+      et-orbi (~> 1.1, >= 1.1.8)
      raabro (~> 1.1)
-    fuubar (2.3.2)
+    fuubar (2.4.1)
      rspec-core (~> 3.0)
      ruby-progressbar (~> 1.4)
    get_process_mem (0.2.3)
    gherkin (5.1.0)
-    gitlab (4.10.0)
+    gitlab (4.11.0)
      httparty (~> 0.14, >= 0.14.0)
      terminal-table (~> 1.5, >= 1.5.1)
    globalid (0.4.2)
@ -298,15 +302,15 @@ GEM
      rake (>= 10, < 13)
      rubocop (>= 0.50.0)
      sysexits (~> 1.1)
-    hamlit (2.9.2)
+    hamlit (2.9.3)
      temple (>= 0.8.0)
      thor
      tilt
-    handlebars_assets (0.23.3)
+    handlebars_assets (0.23.4)
      execjs (~> 2.0)
      sprockets (>= 2.0.0)
      tilt (>= 1.2)
-    hashdiff (0.3.8)
+    hashdiff (0.4.0)
    hashie (3.6.0)
    http (3.3.0)
      addressable (~> 2.3)
@ -318,11 +322,11 @@ GEM
    http-form_data (2.1.1)
    http_accept_language (2.1.1)
    http_parser.rb (0.6.0)
-    httparty (0.16.4)
+    httparty (0.17.0)
      mime-types (~> 3.0)
      multi_xml (>= 0.5.2)
    httpclient (2.8.3)
-    i18n (1.6.0)
+    i18n (1.8.2)
      concurrent-ruby (~> 1.0)
    i18n-inflector (2.6.7)
      i18n (>= 0.4.1)
@ -331,26 +335,26 @@ GEM
      i18n-inflector (~> 2.6)
      railties (>= 3.0.0)
    ipaddress (0.8.3)
-    jaro_winkler (1.5.2)
-    jasmine (3.3.0)
-      jasmine-core (~> 3.3.0)
+    jaro_winkler (1.5.3)
+    jasmine (3.4.0)
+      jasmine-core (~> 3.4.0)
      phantomjs
      rack (>= 1.2.1)
      rake
-    jasmine-core (3.3.0)
+    jasmine-core (3.4.0)
    jasmine-jquery-rails (2.0.3)
-    jquery-rails (4.3.3)
+    jquery-rails (4.3.5)
      rails-dom-testing (>= 1, < 3)
      railties (>= 4.2.0)
      thor (>= 0.14, < 2.0)
-    js-routes (1.4.4)
-      railties (>= 3.2)
+    js-routes (1.4.7)
+      railties (>= 4)
      sprockets-rails
    js_image_paths (0.1.1)
      rails (>= 4.0, < 6.0)
      sprockets (>= 3.0.0)
    json (2.2.0)
-    json-jwt (1.10.0)
+    json-jwt (1.11.0)
      activesupport (>= 4.2)
      aes_key_wrap
      bindata
@ -359,13 +363,13 @@ GEM
    json-schema-rspec (0.0.4)
      json-schema (~> 2.5)
      rspec
-    jsonpath (1.0.1)
+    jsonpath (1.0.4)
      multi_json
      to_regexp (~> 0.2.1)
-    jwt (2.1.0)
+    jwt (2.2.1)
    kgio (2.11.2)
    kostya-sigar (2.0.6)
-    leaflet-rails (1.3.1)
+    leaflet-rails (1.5.1)
      rails (>= 4.2.0)
    listen (3.1.5)
      rb-fsevent (~> 0.9, >= 0.9.4)
@ -377,14 +381,16 @@ GEM
      multi_json (~> 1.10)
    logging-rails (0.6.0)
      logging (>= 1.8)
-    loofah (2.2.3)
+    loofah (2.4.0)
      crass (~> 1.0.2)
      nokogiri (>= 1.5.9)
    lumberjack (1.0.13)
-    macaddr (1.7.1)
-      systemu (~> 2.6.2)
+    macaddr (1.7.2)
+      systemu (~> 2.6.5)
    mail (2.7.1)
      mini_mime (>= 0.1.1)
+    marcel (0.3.3)
+      mimemagic (~> 0.3.2)
    markdown-it-html5-embed (1.0.0)
    markerb (1.1.0)
    memoizable (0.4.2)
@ -392,23 +398,24 @@ GEM
    method_source (0.9.2)
    mime-types (3.2.2)
      mime-types-data (~> 3.2015)
-    mime-types-data (3.2018.0812)
-    mini_magick (4.9.3)
-    mini_mime (1.0.1)
+    mime-types-data (3.2019.0331)
+    mimemagic (0.3.4)
+    mini_magick (4.10.1)
+    mini_mime (1.0.2)
    mini_portile2 (2.4.0)
-    minitest (5.11.3)
+    minitest (5.14.0)
    mobile-fu (1.4.0)
      rack-mobile-detect
      rails
    multi_json (1.13.1)
    multi_test (0.1.2)
    multi_xml (0.6.0)
-    multipart-post (2.0.0)
+    multipart-post (2.1.1)
    mysql2 (0.5.2)
    naught (1.1.0)
    nenv (0.3.0)
-    nio4r (2.3.1)
-    nokogiri (1.10.1)
+    nio4r (2.5.2)
+    nokogiri (1.10.8)
      mini_portile2 (~> 2.4.0)
    notiffany (0.1.1)
      nenv (~> 0.1)
@ -420,7 +427,7 @@ GEM
      multi_json (~> 1.3)
      multi_xml (~> 0.5)
      rack (>= 1.2, < 3)
-    octokit (4.13.0)
+    octokit (4.14.0)
      sawyer (~> 0.8.0, >= 0.5.3)
    omniauth (1.9.0)
      hashie (>= 3.4.6, < 3.7.0)
@ -439,10 +446,10 @@ GEM
      rack
    omniauth-wordpress (0.2.2)
      omniauth-oauth2 (>= 1.1.0)
-    open_graph_reader (0.6.2)
+    open_graph_reader (0.7.0)
      faraday (>= 0.9.0)
      nokogiri (~> 1.6)
-    openid_connect (1.1.6)
+    openid_connect (1.1.8)
      activemodel
      attr_required (>= 1.0.0)
      json-jwt (>= 1.5.0)
@ -453,8 +460,8 @@ GEM
      validate_url
      webfinger (>= 1.0.1)
    orm_adapter (0.5.0)
-    parallel (1.14.0)
-    parser (2.6.2.0)
+    parallel (1.17.0)
+    parser (2.6.3.0)
      ast (~> 2.4.0)
    pg (1.1.4)
    phantomjs (2.1.1.0)
@ -462,24 +469,24 @@ GEM
      capybara (>= 2.1, < 4)
      cliver (~> 0.3.1)
      websocket-driver (>= 0.2.0)
-    pronto (0.9.5)
+    pronto (0.10.0)
      gitlab (~> 4.0, >= 4.0.0)
      httparty (>= 0.13.7)
      octokit (~> 4.7, >= 4.7.0)
-      rainbow (~> 2.1)
+      rainbow (>= 2.2, < 4.0)
      rugged (~> 0.24, >= 0.23.0)
-      thor (~> 0.19.0)
-    pronto-eslint (0.9.1)
+      thor (~> 0.20.0)
+    pronto-eslint (0.10.0)
      eslintrb (~> 2.0, >= 2.0.0)
-      pronto (~> 0.9.0)
-    pronto-haml (0.9.0)
+      pronto (~> 0.10.0)
+    pronto-haml (0.10.0)
      haml_lint (~> 0.23)
-      pronto (~> 0.9.0)
-    pronto-rubocop (0.9.1)
-      pronto (~> 0.9.0)
+      pronto (~> 0.10.0)
+    pronto-rubocop (0.10.0)
+      pronto (~> 0.10.0)
      rubocop (~> 0.50, >= 0.49.1)
-    pronto-scss (0.9.1)
-      pronto (~> 0.9.0)
+    pronto-scss (0.10.0)
+      pronto (~> 0.10.0)
      scss_lint (~> 0.43, >= 0.43.0)
    pry (0.12.2)
      coderay (~> 1.1.0)
@ -487,17 +494,17 @@ GEM
    pry-byebug (3.7.0)
      byebug (~> 11.0)
      pry (~> 0.10)
-    psych (3.1.0)
-    public_suffix (3.0.3)
+    public_suffix (3.1.1)
    raabro (1.1.6)
-    rack (2.0.6)
-    rack-cors (1.0.2)
+    rack (2.2.2)
+    rack-cors (1.1.1)
+      rack (>= 2.0.0)
    rack-google-analytics (1.2.0)
      actionpack
      activesupport
    rack-mobile-detect (0.4.0)
      rack
-    rack-oauth2 (1.9.3)
+    rack-oauth2 (1.10.0)
      activesupport
      attr_required
      httpclient
@ -511,23 +518,24 @@ GEM
      rack
    rack-test (1.1.0)
      rack (>= 1.0, < 3)
-    rails (5.1.6.2)
-      actioncable (= 5.1.6.2)
-      actionmailer (= 5.1.6.2)
-      actionpack (= 5.1.6.2)
-      actionview (= 5.1.6.2)
-      activejob (= 5.1.6.2)
-      activemodel (= 5.1.6.2)
-      activerecord (= 5.1.6.2)
-      activesupport (= 5.1.6.2)
+    rails (5.2.4.1)
+      actioncable (= 5.2.4.1)
+      actionmailer (= 5.2.4.1)
+      actionpack (= 5.2.4.1)
+      actionview (= 5.2.4.1)
+      activejob (= 5.2.4.1)
+      activemodel (= 5.2.4.1)
+      activerecord (= 5.2.4.1)
+      activestorage (= 5.2.4.1)
+      activesupport (= 5.2.4.1)
      bundler (>= 1.3.0)
-      railties (= 5.1.6.2)
+      railties (= 5.2.4.1)
      sprockets-rails (>= 2.0.0)
    rails-assets-autosize (4.0.2)
    rails-assets-backbone (1.3.3)
      rails-assets-underscore (>= 1.8.3)
    rails-assets-blueimp-gallery (2.33.0)
-    rails-assets-bootstrap (3.3.7)
+    rails-assets-bootstrap (3.4.1)
      rails-assets-jquery (>= 1.9.1, < 4)
    rails-assets-bootstrap-markdown (2.10.0)
      rails-assets-bootstrap (~> 3)
@ -544,10 +552,10 @@ GEM
    rails-assets-favico.js (0.3.10)
    rails-assets-fine-uploader (5.13.0)
    rails-assets-highlightjs (9.12.0)
-    rails-assets-jasmine (3.3.0)
-    rails-assets-jasmine-ajax (3.4.0)
+    rails-assets-jasmine (3.4.0)
+    rails-assets-jasmine-ajax (4.0.0)
      rails-assets-jasmine (~> 3)
-    rails-assets-jquery (3.3.1)
+    rails-assets-jquery (3.4.1)
    rails-assets-jquery-colorbox (1.6.4)
      rails-assets-jquery (>= 1.3.2)
    rails-assets-jquery-fullscreen-plugin (0.5.0)
@ -576,30 +584,29 @@ GEM
    rails-dom-testing (2.0.3)
      activesupport (>= 4.2.0)
      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.0.4)
-      loofah (~> 2.2, >= 2.2.2)
+    rails-html-sanitizer (1.3.0)
+      loofah (~> 2.3)
    rails-i18n (5.1.3)
      i18n (>= 0.7, < 2)
      railties (>= 5.0, < 6)
    rails-timeago (2.17.1)
      actionpack (>= 3.1)
      activesupport (>= 3.1)
-    railties (5.1.6.2)
-      actionpack (= 5.1.6.2)
-      activesupport (= 5.1.6.2)
+    railties (5.2.4.1)
+      actionpack (= 5.2.4.1)
+      activesupport (= 5.2.4.1)
      method_source
      rake (>= 0.8.7)
-      thor (>= 0.18.1, < 2.0)
-    rainbow (2.2.2)
-      rake
+      thor (>= 0.19.0, < 2.0)
+    rainbow (3.0.0)
    raindrops (0.19.0)
-    rake (12.3.2)
+    rake (12.3.3)
    rb-fsevent (0.10.3)
    rb-inotify (0.10.0)
      ffi (~> 1.0)
    redcarpet (3.4.0)
    redis (3.3.5)
-    regexp_parser (1.3.0)
+    regexp_parser (1.5.1)
    request_store (1.4.1)
      rack (>= 1.4)
    responders (2.4.1)
@ -612,13 +619,13 @@ GEM
      rspec-core (~> 3.8.0)
      rspec-expectations (~> 3.8.0)
      rspec-mocks (~> 3.8.0)
-    rspec-core (3.8.0)
+    rspec-core (3.8.2)
      rspec-support (~> 3.8.0)
-    rspec-expectations (3.8.2)
+    rspec-expectations (3.8.4)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.8.0)
-    rspec-json_expectations (2.1.0)
-    rspec-mocks (3.8.0)
+    rspec-json_expectations (2.2.0)
+    rspec-mocks (3.8.1)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.8.0)
    rspec-rails (3.8.2)
@ -629,20 +636,22 @@ GEM
      rspec-expectations (~> 3.8.0)
      rspec-mocks (~> 3.8.0)
      rspec-support (~> 3.8.0)
-    rspec-support (3.8.0)
-    rubocop (0.66.0)
+    rspec-support (3.8.2)
+    rubocop (0.72.0)
      jaro_winkler (~> 1.5.1)
      parallel (~> 1.10)
-      parser (>= 2.5, != 2.5.1.1)
-      psych (>= 3.1.0)
+      parser (>= 2.6)
      rainbow (>= 2.2.2, < 4.0)
      ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 1.6)
+      unicode-display_width (>= 1.4.0, < 1.7)
+    rubocop-rails (2.1.0)
+      rack (>= 1.1)
+      rubocop (>= 0.72.0)
    ruby-oembed (0.12.0)
-    ruby-progressbar (1.10.0)
+    ruby-progressbar (1.10.1)
    ruby_dep (1.5.0)
-    rubyzip (1.2.2)
-    rugged (0.28.1)
+    rubyzip (1.3.0)
+    rugged (0.28.2)
    safe_yaml (1.0.5)
    sass (3.4.25)
    sass-rails (5.0.7)
@ -654,17 +663,17 @@ GEM
    sassc (2.0.1)
      ffi (~> 1.9)
      rake
-    sawyer (0.8.1)
-      addressable (>= 2.3.5, < 2.6)
-      faraday (~> 0.8, < 1.0)
+    sawyer (0.8.2)
+      addressable (>= 2.3.5)
+      faraday (> 0.8, < 2.0)
    scss_lint (0.55.0)
      rake (>= 0.9, < 13)
      sass (~> 3.4.20)
-    secure_headers (6.1.0)
+    secure_headers (6.3.0)
    shellany (0.0.1)
    shoulda-matchers (4.0.1)
      activesupport (>= 4.2.0)
-    sidekiq (5.2.5)
+    sidekiq (5.2.7)
      connection_pool (~> 2.2, >= 2.2.2)
      rack (>= 1.5.0)
      rack-protection (>= 1.5.0)
@ -708,12 +717,12 @@ GEM
      tins (~> 1.0)
    terminal-table (1.8.0)
      unicode-display_width (~> 1.1, >= 1.1.1)
-    thor (0.19.4)
+    thor (0.20.3)
    thread_safe (0.3.6)
    tilt (2.0.9)
    timecop (0.9.1)
    timers (4.3.0)
-    tins (1.20.2)
+    tins (1.20.3)
    to_regexp (0.2.1)
    turbo_dev_assets (0.0.2)
    twitter (6.2.0)
@ -731,15 +740,15 @@ GEM
      unf (~> 0.1.0)
    typhoeus (1.3.1)
      ethon (>= 0.9.0)
-    tzinfo (1.2.5)
+    tzinfo (1.2.6)
      thread_safe (~> 0.1)
    uglifier (4.1.20)
      execjs (>= 0.3.0, < 3)
    unf (0.1.4)
      unf_ext
-    unf_ext (0.0.7.5)
-    unicode-display_width (1.5.0)
-    unicorn (5.5.0)
+    unf_ext (0.0.7.6)
+    unicode-display_width (1.6.0)
+    unicorn (5.5.1)
      kgio (~> 2.6)
      raindrops (~> 0.7)
    unicorn-worker-killer (0.4.4)
@ -751,10 +760,10 @@ GEM
    validate_email (0.1.6)
      activemodel (>= 3.0)
      mail (>= 2.2.5)
-    validate_url (1.0.6)
+    validate_url (1.0.8)
      activemodel (>= 3.0.0)
      public_suffix
-    versionist (1.7.0)
+    versionist (2.0.0)
      activesupport (>= 3)
      railties (>= 3)
      yard (~> 0.9.11)
@ -763,27 +772,27 @@ GEM
    webfinger (1.1.0)
      activesupport
      httpclient (>= 2.4)
-    webmock (3.5.1)
+    webmock (3.6.0)
      addressable (>= 2.3.6)
      crack (>= 0.3.2)
-      hashdiff
-    websocket-driver (0.6.5)
+      hashdiff (>= 0.4.0, < 2.0.0)
+    websocket-driver (0.7.1)
      websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.3)
+    websocket-extensions (0.1.4)
    will_paginate (3.1.7)
    xpath (3.2.0)
      nokogiri (~> 1.8)
-    yard (0.9.18)
+    yard (0.9.20)

 PLATFORMS
  ruby

 DEPENDENCIES
  active_model_serializers (= 0.9.7)
-  activerecord-import (= 1.0.1)
+  activerecord-import (= 1.0.2)
  acts-as-taggable-on (= 6.0.0)
  acts_as_api (= 1.0.1)
-  addressable (= 2.5.2)
+  addressable (= 2.6.0)
  asset_sync (= 2.7.0)
  autoprefixer-rails (= 8.6.5)
  bootstrap-sass (= 3.4.1)
@ -792,11 +801,11 @@ DEPENDENCIES
  carrierwave (= 1.3.1)
  compass-rails (= 3.1.0)
  configurate (= 0.3.1)
-  coveralls (= 0.8.22)
+  coveralls (= 0.8.23)
  cucumber-api-steps (= 0.14)
-  cucumber-rails (= 1.6.0)
+  cucumber-rails (= 1.7.0)
  database_cleaner (= 1.7.0)
-  devise (= 4.6.1)
+  devise (= 4.7.1)
  devise-two-factor (= 3.0.3)
  devise_lastseenable (= 0.0.6)
  diaspora-prosody-config (= 0.0.7)
@ -808,57 +817,57 @@ DEPENDENCIES
  factory_girl_rails (= 4.8.0)
  faraday (= 0.15.4)
  faraday-cookie_jar (= 0.0.6)
-  faraday_middleware (= 0.12.2)
+  faraday_middleware (= 0.13.1)
  fixture_builder (= 0.5.2.rc3)
-  fog-aws (= 3.4.0)
-  fuubar (= 2.3.2)
+  fog-aws (= 3.5.1)
+  fuubar (= 2.4.1)
  gon (= 6.2.1)
  guard (= 2.15.0)
  guard-rspec (= 4.7.3)
  guard-rubocop (= 1.3.0)
  haml_lint (= 0.28.0)
-  hamlit (= 2.9.2)
-  handlebars_assets (= 0.23.3)
+  hamlit (= 2.9.3)
+  handlebars_assets (= 0.23.4)
  http_accept_language (= 2.1.1)
  i18n-inflector-rails (= 1.0.7)
-  jasmine (= 3.3.0)
+  jasmine (= 3.4.0)
  jasmine-jquery-rails (= 2.0.3)
-  jquery-rails (= 4.3.3)
-  js-routes (= 1.4.4)
+  jquery-rails (= 4.3.5)
+  js-routes (= 1.4.7)
  js_image_paths (= 0.1.1)
  json (= 2.2.0)
  json-schema (= 2.8.1)
  json-schema-rspec (= 0.0.4)
-  leaflet-rails (= 1.3.1)
+  leaflet-rails (= 1.5.1)
  logging-rails (= 0.6.0)
  markdown-it-html5-embed (= 1.0.0)
  markerb (= 1.1.0)
-  mini_magick (= 4.9.3)
+  mini_magick (= 4.10.1)
  minitest
  mobile-fu (= 1.4.0)
  mysql2 (= 0.5.2)
-  nokogiri (= 1.10.1)
+  nokogiri (= 1.10.8)
  omniauth (= 1.9.0)
  omniauth-tumblr (= 1.2)
  omniauth-twitter (= 1.4.0)
  omniauth-wordpress (= 0.2.2)
-  open_graph_reader (= 0.6.2)
-  openid_connect (= 1.1.6)
+  open_graph_reader (= 0.7.0)
+  openid_connect (= 1.1.8)
  pg (= 1.1.4)
  poltergeist (= 1.18.1)
-  pronto (= 0.9.5)
-  pronto-eslint (= 0.9.1)
-  pronto-haml (= 0.9.0)
-  pronto-rubocop (= 0.9.1)
-  pronto-scss (= 0.9.1)
+  pronto (= 0.10.0)
+  pronto-eslint (= 0.10.0)
+  pronto-haml (= 0.10.0)
+  pronto-rubocop (= 0.10.0)
+  pronto-scss (= 0.10.0)
  pry
  pry-byebug
-  rack-cors (= 1.0.2)
+  rack-cors (= 1.1.1)
  rack-google-analytics (= 1.2.0)
  rack-piwik (= 0.3.0)
  rack-rewrite (= 1.5.1)
  rack-ssl (= 1.4.1)
-  rails (= 5.1.6.2)
+  rails (= 5.2.4.1)
  rails-assets-autosize (= 4.0.2)!
  rails-assets-backbone (= 1.3.3)!
  rails-assets-blueimp-gallery (= 2.33.0)!
@ -867,8 +876,8 @@ DEPENDENCIES
  rails-assets-diaspora_jsxc (= 0.1.5.develop.7)!
  rails-assets-fine-uploader (= 5.13.0)!
  rails-assets-highlightjs (= 9.12.0)!
-  rails-assets-jasmine-ajax (= 3.4.0)!
-  rails-assets-jquery (= 3.3.1)!
+  rails-assets-jasmine-ajax (= 4.0.0)!
+  rails-assets-jquery (= 3.4.1)!
  rails-assets-jquery-placeholder (= 2.3.1)!
  rails-assets-jquery-textchange (= 0.2.3)!
  rails-assets-jquery.are-you-sure (= 1.9.0)!
@ -892,13 +901,14 @@ DEPENDENCIES
  rqrcode (= 0.10.1)
  rspec-json_expectations (~> 2.1)
  rspec-rails (= 3.8.2)
-  rubocop (= 0.66.0)
+  rubocop (= 0.72.0)
+  rubocop-rails (= 2.1.0)
  ruby-oembed (= 0.12.0)
-  rubyzip (= 1.2.2)
+  rubyzip (= 1.3.0)
  sass-rails (= 5.0.7)
-  secure_headers (= 6.1.0)
+  secure_headers (= 6.3.0)
  shoulda-matchers (= 4.0.1)
-  sidekiq (= 5.2.5)
+  sidekiq (= 5.2.7)
  sidekiq-cron (= 1.1.0)
  simple_captcha2 (= 0.4.3)
  simplecov (= 0.16.1)
@ -914,11 +924,11 @@ DEPENDENCIES
  twitter-text (= 1.14.7)
  typhoeus (= 1.3.1)
  uglifier (= 4.1.20)
-  unicorn (= 5.5.0)
+  unicorn (= 5.5.1)
  unicorn-worker-killer (= 0.4.4)
  uuid (= 2.3.9)
-  versionist (= 1.7.0)
-  webmock (= 3.5.1)
+  versionist (= 2.0.0)
+  webmock (= 3.6.0)
  will_paginate (= 3.1.7)

 BUNDLED WITH
--- a/app/controllers/admins_controller.rb
+++ b/app/controllers/admins_controller.rb
@ -51,7 +51,11 @@ class AdminsController < Admin::AdminController
  end

  def stats
-    @popular_tags = ActsAsTaggableOn::Tagging.joins(:tag).limit(50).order('count(taggings.id) DESC').group(:tag).count
+    @popular_tags = ActsAsTaggableOn::Tagging.joins(:tag)
+                                             .limit(50)
+                                             .order(Arel.sql("count(taggings.id) DESC"))
+                                             .group(:tag)
+                                             .count

    case params[:range]
    when "week"
@ -72,7 +76,10 @@ class AdminsController < Admin::AdminController
      create_hash(model, :range => range)
    end

-    @posts_per_day = Post.where("created_at >= ?", Date.today - 21.days).group("DATE(created_at)").order("DATE(created_at) ASC").count
+    @posts_per_day = Post.where("created_at >= ?", Time.zone.today - 21.days)
+                         .group(Arel.sql("DATE(created_at)"))
+                         .order(Arel.sql("DATE(created_at) ASC"))
+                         .count
    @most_posts_within = @posts_per_day.values.max.to_f

    @user_count = User.count
--- a/app/controllers/api/openid_connect/authorizations_controller.rb
+++ b/app/controllers/api/openid_connect/authorizations_controller.rb
@ -104,8 +104,9 @@ module Api
      end

      def handle_start_point_response(endpoint)
-        _status, header, response = endpoint.call(request.env)
-        if response.redirect?
+        status, header, _response = endpoint.call(request.env)
+
+        if status.in?([301, 302, 303, 307, 308])
          redirect_to header["Location"]
        else
          save_params_and_render_consent_form(endpoint)
--- a/app/controllers/aspects_controller.rb
+++ b/app/controllers/aspects_controller.rb
@ -29,21 +29,19 @@ class AspectsController < ApplicationController
  end

  def destroy
-    @aspect = current_user.aspects.where(id: params[:id]).first
-
    begin
-      if current_user.auto_follow_back && @aspect.id == current_user.auto_follow_back_aspect.id
+      if current_user.auto_follow_back && aspect.id == current_user.auto_follow_back_aspect.id
        current_user.update(auto_follow_back: false, auto_follow_back_aspect: nil)
-        flash[:notice] = I18n.t "aspects.destroy.success_auto_follow_back", name: @aspect.name
+        flash[:notice] = I18n.t "aspects.destroy.success_auto_follow_back", name: aspect.name
      else
-        flash[:notice] = I18n.t "aspects.destroy.success", name: @aspect.name
+        flash[:notice] = I18n.t "aspects.destroy.success", name: aspect.name
      end
-      @aspect.destroy
+      aspect.destroy
    rescue ActiveRecord::StatementInvalid => e
-      flash[:error] = I18n.t "aspects.destroy.failure", name: @aspect.name
+      flash[:error] = I18n.t "aspects.destroy.failure", name: aspect.name
    end

-    if request.referer.include?('contacts')
+    if request.referer.include?("contacts")
      redirect_to contacts_path
    else
      redirect_to aspects_path
@ -51,41 +49,41 @@ class AspectsController < ApplicationController
  end

  def show
-    if @aspect = current_user.aspects.where(:id => params[:id]).first
-      redirect_to aspects_path('a_ids[]' => @aspect.id)
+    if aspect
+      redirect_to aspects_path("a_ids[]" => aspect.id)
    else
      redirect_to aspects_path
    end
  end

  def update
-    @aspect = current_user.aspects.where(:id => params[:id]).first
-
-    if @aspect.update_attributes!(aspect_params)
-      flash[:notice] = I18n.t 'aspects.update.success', :name => @aspect.name
+    if aspect.update!(aspect_params)
+      flash[:notice] = I18n.t "aspects.update.success", name: aspect.name
    else
-      flash[:error] = I18n.t 'aspects.update.failure', :name => @aspect.name
+      flash[:error] = I18n.t "aspects.update.failure", name: aspect.name
    end
-    render :json => { :id => @aspect.id, :name => @aspect.name }
+    render json: {id: aspect.id, name: aspect.name}
  end

  def update_order
    params[:ordered_aspect_ids].each_with_index do |id, i|
-      current_user.aspects.find(id).update_attributes(order_id: i)
+      current_user.aspects.find(id).update(order_id: i)
    end
    head :no_content
  end

  def toggle_chat_privilege
-    @aspect = current_user.aspects.where(:id => params[:aspect_id]).first
-
-    @aspect.chat_enabled = !@aspect.chat_enabled
-    @aspect.save
+    aspect.chat_enabled = !aspect.chat_enabled
+    aspect.save
    head :no_content
  end

  private

+  def aspect
+    @aspect ||= current_user.aspects.where(id: (params[:id] || params[:aspect_id])).first
+  end
+
  def connect_person_to_aspect(aspecting_person_id)
    @person = Person.find(aspecting_person_id)
    if @contact = current_user.contact_for(@person)
--- a/app/controllers/contacts_controller.rb
+++ b/app/controllers/contacts_controller.rb
@ -66,7 +66,7 @@ class ContactsController < ApplicationController
      when "receiving"
        current_user.contacts.receiving
      when "by_aspect"
-        order.unshift "contact_id IS NOT NULL DESC"
+        order.unshift Arel.sql("contact_id IS NOT NULL DESC")
        contacts_by_aspect(@aspect.id)
      else
        raise ArgumentError, "unknown type #{type}"
--- a/app/controllers/photos_controller.rb
+++ b/app/controllers/photos_controller.rb
@ -147,12 +147,7 @@ class PhotosController < ApplicationController
        current_user.dispatch_post(@photo, to: photo_params[:aspect_ids])
      end

-      if photo_params[:set_profile_photo]
-        profile_params = {:image_url => @photo.url(:thumb_large),
-                          :image_url_medium => @photo.url(:thumb_medium),
-                          :image_url_small => @photo.url(:thumb_small)}
-        current_user.update_profile(profile_params)
-      end
+      current_user.update_profile(photo: @photo) if photo_params[:set_profile_photo]

      respond_to do |format|
        format.json{ render(:layout => false , :json => {"success" => true, "data" => @photo}.to_json )}
--- a/app/helpers/sessions_helper.rb
+++ b/app/helpers/sessions_helper.rb
@ -11,7 +11,7 @@ module SessionsHelper
  end

  def display_registration_link?
-    AppConfig.settings.enable_registrations? && devise_mapping.registerable? && controller_name != "registrations"
+    AppConfig.settings.enable_registrations? && controller_name != "registrations"
  end

  def display_password_reset_link?
--- a/app/models/person.rb
+++ b/app/models/person.rb
@ -162,7 +162,7 @@ class Person < ApplicationRecord
        contacts.id IS NOT NULL AS is_contact
        SQL
             )
-      .order(<<-SQL
+      .order(Arel.sql(<<-SQL
        is_author DESC,
        is_commenter DESC,
        is_liker DESC,
@ -170,7 +170,7 @@ class Person < ApplicationRecord
        profiles.full_name,
        people.diaspora_handle
        SQL
-            )
+                     ))
  }

  def self.community_spotlight
@ -185,6 +185,8 @@ class Person < ApplicationRecord
  #   end
  # will not work!  The nil profile will be overriden with an empty one.
  def initialize(params={})
+    params = {} if params.nil?
+
    profile_set = params.has_key?(:profile) || params.has_key?("profile")
    params[:profile_attributes] = params.delete(:profile) if params.has_key?(:profile) && params[:profile].is_a?(Hash)
    super
@ -207,7 +209,7 @@ class Person < ApplicationRecord
    self.guid
  end

-  private_class_method def self.search_query_string(query)
+  def self.search_query_string(query)
    query = query.downcase
    like_operator = AppConfig.postgres? ? "ILIKE" : "LIKE"

@ -239,7 +241,7 @@ class Person < ApplicationRecord
    query = query.where(contacts: {sharing: true, receiving: true}) if mutual

    query.where(closed_account: false)
-         .order(["contacts.user_id IS NULL", "profiles.last_name ASC", "profiles.first_name ASC"])
+         .order([Arel.sql("contacts.user_id IS NULL"), "profiles.last_name ASC", "profiles.first_name ASC"])
  end

  def name(opts = {})
--- a/app/services/like_service.rb
+++ b/app/services/like_service.rb
@ -22,7 +22,7 @@ class LikeService

  def find_for_post(post_id)
    likes = post_service.find!(post_id).likes
-    user ? likes.order("author_id = #{user.person.id} DESC") : likes
+    user ? likes.order(Arel.sql("author_id = #{user.person.id} DESC")) : likes
  end

  private
--- a/app/services/reshare_service.rb
+++ b/app/services/reshare_service.rb
@ -13,7 +13,7 @@ class ReshareService

  def find_for_post(post_id)
    reshares = post_service.find!(post_id).reshares
-    user ? reshares.order("author_id = #{user.person.id} DESC") : reshares
+    user ? reshares.order(Arel.sql("author_id = #{user.person.id} DESC")) : reshares
  end

  private
--- a/app/views/conversations/new.mobile.haml
+++ b/app/views/conversations/new.mobile.haml
@ -2,7 +2,7 @@
 -#   licensed under the Affero General Public License version 3 or later.  See
 -#   the COPYRIGHT file.

-%script{nonce: content_security_policy_nonce(:script)}
+%script{nonce: content_security_policy_script_nonce}
  :plain
    $(document).ready(function () {
      var data = $.parseJSON( "#{escape_javascript(@contacts_json).html_safe}" ),
--- a/app/views/layouts/_head.haml
+++ b/app/views/layouts/_head.haml
@ -21,7 +21,7 @@
  = stylesheet_link_tag :poltergeist_disable_transition, media: "all"

 = jquery_include_tag
-= include_gon(camel_case: true, nonce: content_security_policy_nonce(:script))
+= include_gon(camel_case: true, nonce: content_security_policy_script_nonce)
 = yield(:javascript)

 = csrf_meta_tag
--- a/app/views/layouts/_header_not_connected.haml
+++ b/app/views/layouts/_header_not_connected.haml
@ -1,5 +1,5 @@
 %ul.nav.navbar-nav.navbar-right
-  - unless current_page?(controller: "/registrations", action: :new)
+  - if display_registration_link? && !current_page?(controller: "/registrations", action: :new)
    %li= link_to t("devise.shared.links.sign_up"), new_user_registration_path, class: "login"
  - unless current_page?(controller: "/sessions", action: :new)
    %li= link_to t("devise.shared.links.sign_in"), new_user_session_path, class: "login"
--- a/app/workers/cleanup_pending_photos.rb
+++ b/app/workers/cleanup_pending_photos.rb
@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Workers
+  class CleanupPendingPhotos < Base
+    sidekiq_options queue: :low
+
+    def perform
+      Photo.where(pending: true).where("created_at < ?", 1.day.ago).destroy_all
+    end
+  end
+end
--- a/config/defaults.yml
+++ b/config/defaults.yml
@ -4,7 +4,7 @@

 defaults:
  version:
-    number: "0.7.12.0" # Do not touch unless doing a release, do not backport the version number that's in master
+    number: "0.7.13.0" # Do not touch unless doing a release, do not backport the version number that's in master
  heroku: false
  environment:
    url: "http://localhost:3000/"
--- a/config/diaspora.yml.example
+++ b/config/diaspora.yml.example
@ -186,8 +186,8 @@ configuration: ## Section
    #rails_environment: 'development'

    ## Write unicorn stderr and stdout log.
-    #stderr_log: '/usr/local/app/diaspora/log/unicorn-stderr.log'
-    #stdout_log: '/usr/local/app/diaspora/log/unicorn-stdout.log'
+    #stderr_log: 'log/unicorn-stderr.log'
+    #stdout_log: 'log/unicorn-stdout.log'

    ## Number of Unicorn worker processes (default=2).
    ## Increase this if you have many users.
--- a/config/initializers/set_session_secret.rb
+++ b/config/initializers/set_session_secret.rb
@ -1,3 +1,3 @@
 # frozen_string_literal: true

-Rails.application.config.secret_token = AppConfig.secret_token
+Rails.application.config.secret_key_base = AppConfig.secret_token
--- a/config/initializers/sidekiq_scheduled.rb
+++ b/config/initializers/sidekiq_scheduled.rb
@ -29,6 +29,11 @@ def default_job_config
      "class": "Workers::CleanupOldExports"
    },

+    cleanup_pending_photos:  {
+      "cron":  "#{random_minute.call} #{random_hour.call} * * *",
+      "class": "Workers::CleanupPendingPhotos"
+    },
+
    queue_users_for_removal: {
      "cron":  "#{random_minute.call} #{random_hour.call} * * *",
      "class": "Workers::QueueUsersForRemoval"
--- a/config/locales/diaspora/de.yml
+++ b/config/locales/diaspora/de.yml
@ -596,7 +596,7 @@ de:
      diaspora_site_link: "föderierten diaspora*-Netzwerks"
      headline: "Willkommen auf %{pod_name}"
      own_your_data: "Deine Daten, dein Eigentum"
-      own_your_data_info: "Viele Netzwerke nutzen deine Daten, um Geld zu verdienen, indem Sie deine Interaktionen auswerten und diese Informationen verwenden, um dir Werbung zu zeigen. diaspora* nutzt deine Daten zu keinem anderen Zweck, als es dir zu ermöglichen, dich mit anderen zu verbinden und mit ihnen zu teilen."
+      own_your_data_info: "Viele Netzwerke nutzen deine Daten, um Geld zu verdienen, indem sie deine Interaktionen auswerten und diese Informationen verwenden, um dir Werbung zu zeigen. diaspora* nutzt deine Daten zu keinem anderen Zweck, als es dir zu ermöglichen, dich mit anderen zu verbinden und mit ihnen zu teilen."
      part_of_diaspora: "Teil des %{diaspora_site_link}"
    podmin:
      byline: "Du bist drauf und dran, das Internet zu ändern. Lass uns gleich alles einrichten, okay?"
--- a/config/locales/diaspora/eo.yml
+++ b/config/locales/diaspora/eo.yml
@ -669,6 +669,7 @@ eo:
      auto_follow_aspect: "Aspekto por aŭtomate sekvataj uzantoj"
      auto_follow_back: "Aŭtomate konigu reen, se iu konigas al vi."
      change: "Ŝanĝi"
+      change_color_theme: "Ŝanĝi koloran etoson"
      change_email: "Redakti retpoŝtadreson"
      change_language: "Ŝanĝi lingvon"
      change_password: "Ŝanĝi pasvorton"
@ -717,6 +718,7 @@ eo:
    public:
      does_not_exist: "Uzanto %{username} ne ekzistas!"
    update:
+      color_theme_changed: "La kolora etoso estas sukcese ŝanĝita"
      email_notifications_changed: "Retpoŝtaj sciigoj ŝanĝitaj"
      follow_settings_changed: "Agordoj pri sekvado ŝanĝitaj"
      follow_settings_not_changed: "Ŝanĝo de sekvo-agordoj malsukcesis."
--- a/config/locales/diaspora/es-AR.yml
+++ b/config/locales/diaspora/es-AR.yml
@ -424,6 +424,7 @@ es-AR:
    mentions:
      how_to_mention_a: "Escribe el signo \"@\" y comience a escribir el nombre. Un menú desplegable con opciones aparecerá para seleccionarlo más fácilmente. Sólo es posible mencionar a las personas que tienes agregadas a uno o varios aspectos."
      how_to_mention_q: "¿Cómo puedo mencionar a alguien cuando hago una publicación?"
+      mention_in_comment_a: "¡Si! Desde la versión 0.7.0.0 puedes mencionar a alguien en un comentario de la misma forma que lo harías en una publicación, escribiendo \"@\" seguido de su nombre. Por favor tenga en cuenta que cuando usted comenta en una publicación que no es pública solo puede mencionar usuarios los cuales ya hayan interactuado con la publicación."
      mention_in_comment_q: "¿Puedo mencionar a alguien en un comentario?"
      see_mentions_a: "Sí, haz clic en \"@Menciones\" en la columna izquierda de tu página de inicio."
      see_mentions_q: "¿Existe alguna manera de ver las publicaciones en las cuales he sido mencionado?"
@ -462,6 +463,7 @@ es-AR:
      ignore_user_a3: "La lista de personas que has ignorado puedes verla en los ajustes de tu cuenta, en la sección Privacidad. Para dejar de ignorar a alguien, debes quitar a esa persona de la lista en esa página."
      ignore_user_q: "¿Cómo puedo impedir que las publicaciones de una persona aparezcan en mi Entrada?"
      insert_images_a: "Haz clic en el icono pequeño con forma de cámara para insertar imágenes en una publicación. Presiona el icono de imágenes nuevamente para añadir otra foto, o selecciona varias al mismo tiempo. También puedes arrastrar y soltar una o varias imágenes desde tu computadora a ese icono. Si quieres insertar una imagen desde la web en tu publicación, haz clic en el botón de imagen en la parte superior del cuadro de publicación, lo que creará el código Markdown para vos."
+      insert_images_comments_a: "Podés utilizar Markdown para ingresar una imagen desde la web a un comentario, igual que en las publicaciones. Sin embargo, no podés subir imagenes desde tu computadora directamente a los comentarios. Cargalos a un servicio de hosting para imagenes y entonces ingresarlos usando el botón de imagen encima del editor."
      insert_images_comments_q: "¿Puedo insertar imágenes en los comentarios?"
      insert_images_q: "¿Cómo puedo insertar imágenes en las publicaciones?"
      post_location_a: "Pulsa el icono de localización al lado de la cámara en el publicador (el cuadro de publicación). Ello insertará tu localización desde OpenStreetMap. Puedes editar tu localización y escoger publicar sólo el nombre de la ciudad en la que estás en lugar de tu dirección exacta."
@ -965,6 +967,9 @@ es-AR:
      updated: "Perfil actualizado"
  public: "Público"
  registrations:
+    closed:
+      another_pod: "otro pod"
+      closed_pod: "En este momento este pod se encuentra cerrado a nuevas registros. De igual forma, todavía puedes unirte a la red de diaspora* registrandote en %{wiki}. Ya que todos los pods están interconectados, tendrás acceso al mismo contenido."
    create:
      success: "¡Te has unido a diaspora*!"
    invalid_invite: "¡El enlace de la invitación ya no es válido!"
@ -1199,7 +1204,7 @@ es-AR:
      new_password: "Contraseña nueva"
      private_message: "...recibís un mensaje privado?"
      protocol_handler:
-        register: "Regístrate"
+        register: "Regístrate web+diaspora:// controlador en este navegador"
      receive_email_notifications: "¿Recibir notificaciones por correo electrónico cuando..."
      request_export: "Solicitar los datos de mi perfil"
      request_export_photos: "Solicitar la descarga de mis fotos"
--- a/config/locales/diaspora/ia.yml
+++ b/config/locales/diaspora/ia.yml
@ -992,6 +992,11 @@ ia:
      updated: "Profilo actualisate"
  public: "Public"
  registrations:
+    closed:
+      another_pod: "un altere pod"
+      closed_pod: "Iste pod es actualmente claudite pro le creation de contos, ma tu pote totevia adherer al rete de diaspora* per inscriber te a %{wiki}. Post que tote le pods es interconnectite, tu potera acceder al mesme contento."
+      find_pods: "Un lista de pods ubi tu pote inscriber te se trova a %{poduptime}."
+      other_questions: "Si tu ha altere questiones sur le election de un pod, consulta nostre %{wiki}."
    create:
      success: "Tu ha adherite a diaspora*!"
    invalid_invite: "Le ligamine de invitation que tu ha fornite non plus es valide."
@ -1049,9 +1054,9 @@ ia:
      connect: "Connecter"
      disconnect: "Disconnecter"
      edit_services: "Modificar servicios"
-      logged_in_as: "In session como %{nickname}."
+      logged_in_as: "Connectite como %{nickname}."
      no_services_available: "Il non ha servicios disponibile in iste pod."
-      not_logged_in: "Nulle session aperte in iste momento."
+      not_logged_in: "Non connectite."
      really_disconnect: "Disconnecter %{service}?"
      services_explanation: "Le connexion a altere servicios da le possibilitate de publicar tu messages anque in illos quando tu los scribe in diaspora*."
      share_to: "Divider sur %{provider}"
@ -1178,6 +1183,41 @@ ia:
        one: "1 persona con etiquetta %{tag}"
        other: "%{count} personas con etiquetta %{tag}"
        zero: "Nemo con etiquetta %{tag}"
+  two_factor_auth:
+    activated:
+      change_button: "Disactivar"
+      change_label: "Disactiva le authentication bifactorial per entrar tu contrasigno"
+      status: "Authentication bifactorial activate"
+    confirm:
+      activate_button: "Confirmar e activar"
+      input_explanation: "Post scannar o entrar le secreto, entra le codice a sex digitos que tu vide e confirma le activation."
+      input_title: "Confirmar con codice TOTP"
+      manual_explanation: "Si tu non succede a scannar automaticamente le codice QR, tu pote manualmente entrar le secreto in tu application."
+      manual_explanation_cont: "Nos usa \"time-based one-time passwords\" (TOTP, contrasignos temporal a uso unic) con codices a sex digitos. Si tu application te demanda un intervallo de tempore e un algorithmo, responde 30 secundas e sha1, respectivemente.<br />Le spatios es solmente pro lectura facile; per favor, entra le codice sin spatios."
+      scan_explanation: "Per favor, scanna le codice QR con un application con capabilitate TOTP, como andOTP (Android), FreeOTP (iOS), SailOTP (SailfishOS)."
+      scan_title: "Scannar le codice QR"
+      status: "Le authentication bifactorial non es ancora activate completemente. Tu debe confirmar le activation con un codice TOTP."
+      title: "Confirmar activation"
+    deactivated:
+      change_button: "Activar"
+      change_label: "Activar authentication bifactorial"
+      status: "Authentication bifactorial non activate"
+    explanation: "Le authentication bifactorial es un maniera efficace de assecurar que tu es le unic persona que pote aperir session in tu conto. Quando tu aperi session, tu entrara un codice a 6 digitos accompaniante tu contrasigno pro provar tu identitate. Ma sia caute: si tu perde tu telephono e le codices de recuperation create quando tu activa iste function, le accesso a tu conto de diaspora* essera perdite pro sempre."
+    flash:
+      error_token: "Le codice es incorrecte o invalide"
+      success_activation: "Le activation del authentication bifactorial ha succedite"
+      success_deactivation: "Le disactivation del authentication bifactorial ha succedite"
+    input_token:
+      label: "Codice bifactorial"
+      placeholder: "codice bifactorial a sex digitos"
+    recovery:
+      button: "Generar nove codices de recuperation"
+      explanation: "Si tu jammais perde le accesso a tu telephono, tu pote usar un del codices de recuperation sequente pro reganiar le accesso a tu conto. Mantene le codices de recuperation ben secur. Per exemplo, tu pote imprimer los e guardar los con altere documentos importante."
+      explanation_short: "Le codices de recuperation te permitte reganiar le accesso a tu conto si tu perde tu telephono. Nota ben que tu pote usar cata codice de recuperation solmente un vice."
+      invalidation_notice: "Si tu perde tu codices de recuperation, tu pote generar alteres hic. Le ancian codices de recuperation devenira invalide."
+      reminder: "Alternativemente, tu pote usar un del codices de recuperation."
+      title: "Codices de recuperation"
+    title: "Authentication bifactorial"
  username: "Nomine de usator"
  users:
    confirm_email:
--- a/config/locales/diaspora/nb.yml
+++ b/config/locales/diaspora/nb.yml
@ -230,7 +230,7 @@ nb:
      aspect_list_is_visible: "Kontakter i dette aspektet er i stand til å se hverandre."
      confirm_remove_aspect: "Er du sikker på at du vil slette dette aspektet?"
      rename: "Endre navn"
-      update: "Oppdatér"
+      update: "Oppdater"
      updating: "Oppdaterer"
    index:
      donate: "Doner"
@ -285,7 +285,7 @@ nb:
      success: "La oss se hva de har å si! #sihallo"
  bookmarklet:
    explanation: "Publiser til diaspora* fra hvor som helst ved å bokmerke denne lenken => %{link}"
-    heading: "Diaspora Bookmarklet"
+    heading: "Bookmarklet for diaspora*"
    post_something: "Publiser noe på diaspora*"
  cancel: "Avbryt"
  color_themes:
@ -588,9 +588,11 @@ nb:
      byline: "Det sosiale nettverket der det er du som har kontrollen"
      choose_your_audience: "Velg publikum"
      choose_your_audience_info: "Med aspektene til diaspora* kan du velge akkurat hvem du vil dele noe med. Du kan være så offentlig eller privat som du ønsker. Del et morsomt bilde med hele verden eller en dyp hemmelighet med et par av dine nærmeste venner. Du har kontrollen."
+      diaspora_site_link: "føderale diaspora*-nettverket"
      headline: "Velkommen til %{pod_name}"
      own_your_data: "Bestem over dataene dine"
      own_your_data_info: "Mange nettverk bruker dataene dine til å tjene penger. De analyserer hva du gjør og så bruker de denne informasjonen til å vise deg reklame. diaspora* bruker ikke dataene dine til noen annet formål enn å la deg kontakte og dele med andre."
+      part_of_diaspora: "En del av det %{diaspora_site_link}"
    podmin:
      byline: "Du er i ferd med å endre Internett. La oss få deg på plass, skal vi?"
      configuration_info: "Åpne %{database_path} og %{diaspora_path} i et tekstredigeringsprogram og gå nøye gjennom dem. De er betydelig kommentert."
@ -641,12 +643,14 @@ nb:
      public_feed: "Offentlig diaspora*-feed for %{name}"
      source_package: "Last ned kildekoden"
      statistics_link: "Statistikk for belgen"
+      switch_to_standard_mode: "Bytt til standardvisning"
+      switch_to_touch_optimized_mode: "Bytt til touch-optimalisert visning"
      whats_new: "Hva er nytt?"
    header:
      code: "Kode"
      logout: "logg ut"
-      profile: "profil"
-      settings: "innstillinger"
+      profile: "Profil"
+      settings: "Innstillinger"
      toggle_navigation: "Veksle navigasjon"
  likes:
    create:
@ -920,7 +924,7 @@ nb:
    person:
      thats_you: "Det er deg!"
    profile_sidebar:
-      bio: "mitt livsløp (bio)"
+      bio: "Biografi"
      born: "Bursdag"
      gender: "Kjønn"
      location: "Sted"
@ -972,7 +976,7 @@ nb:
      public: "Offentlig"
      settings: "Profilinnstillinger"
      update_profile: "Oppdater profil"
-      your_bio: "Om meg"
+      your_bio: "Din biografi"
      your_birthday: "Din fødselsdato"
      your_gender: "Ditt kjønn"
      your_location: "Hvor bor du?"
--- a/config/locales/diaspora/oc.yml
+++ b/config/locales/diaspora/oc.yml
@ -996,6 +996,9 @@ oc:
  registrations:
    closed:
      another_pod: "un autre pod"
+      closed_pod: "Aqueste pod es actualament pas dubèrt per las inscripcions. Pasmens, podètz jonher lo malhum diaspora* en vos marcar sus %{wiki} . Perque totes los pods son connectats entre eles, enlà auretz accès al meteis contengut."
+      find_pods: "Vaquí una lista de pods ont podètz vos marcar %{poduptime}."
+      other_questions: "S’avètz mai de questions tocant la causida d’un pod, gaitatz nòstre %{wiki}."
    create:
      success: "Avètz rejunt diaspora*!"
    invalid_invite: "Lo ligam de convit donat es pas mai valid !"
@ -1190,21 +1193,32 @@ oc:
      status: "Autentificacion en dos temps activiada"
    confirm:
      activate_button: "Confirmar e activar"
+      input_explanation: "Aprèp aver numerizat o picat lo secret, picatz lo còdi de sièis chifras que vesètz e confirmatz lo parametratge."
      input_title: "Confirmar amb un geton TOTP"
+      manual_explanation: "Se per cas poscatz pas numerizar lo còdi QR automaticament podètz picar a la man lo secret dins vòstra aplicacion."
+      manual_explanation_cont: "Utilizam TOTP (time-based one-time passwords, senhal unic basat sus l’ora) amb de getons de sièis chifras. Se per cas vòstra aplicacion vos demande un interval de temps e un algoritme picatz 30 segondas e sha1.<br /> Los espacis son per una lectura de bon legir, volgatz picar lo còdi sens eles."
+      scan_explanation: "Volgatz numerizar lo còdi QR amb una aplicacion compatibla TOTP, coma andOTP (Android), FreeOTP (iOS), SailOTP (SailfishOS)."
      scan_title: "Numerizar lo còdi QR"
+      status: "L’autentificacion es pas complètament activada, vos cal confirmar l’activacion amb un geton TOTP"
      title: "Confirmatz l’activacion"
    deactivated:
      change_button: "Activar"
      change_label: "Activar l’autentificacion en dos temps"
      status: "L’autentificacion en dos temps es pas activada"
+    explanation: "L’autentificacion dos factors es un biais poderós de s’assegurar que sètz ben vos l’unica persona a vos connectar a vòstre compte. Al moment de vos connectar, picaretz un còdi de 6 chifras aprèp vòstre senhal per provar vòstra identitat. Siatz prudent : se perdatz vòstre mobil e los còdis de recuperacion creats a l’activacion d’aquesta foncionalitat, l’accès a vòstre compte diaspora* serà blocat per totjorn."
    flash:
      error_token: "Lo geton èra incorrècte o invalid"
      success_activation: "Autentificacion en dos temps corrèctament activada"
      success_deactivation: "Autentificacion en dos temps corrèctament desactivada"
    input_token:
      label: "Geton dos factors"
+      placeholder: "geton dos factor en sièis chifras"
    recovery:
      button: "Generar de nòus còdis de recuperacion"
+      explanation: "Se per cas perdatz lo mobil, podètz utilizar un dels còdis de recuperacion çai-jos per tornar obténer l’accès al compte. Gardatz los còdis de recuperacion en un lòc segur. Per exemple, podètz los imprimir e gardar amb d’autres documents importants."
+      explanation_short: "Los còdis de recuperacion vos permeton de tornar obténer l’accès al compte se per cas perdatz lo mobil. Notatz que podètz pas qu’utilizar cada còdi pas qu’un còp."
+      invalidation_notice: "Se perdètz los còdis de recuperacion, podètz los regenerar aquí. Los ancians còdis de recuperacion seràn pas mai valids."
+      reminder: "Autrament podètz utilizar un dels còdis de recuperacion."
      title: "Còdis de recuperacion"
    title: "Autentificacion en dos temps"
  username: "Nom d'utilizaire"
--- a/config/locales/diaspora/pl.yml
+++ b/config/locales/diaspora/pl.yml
@ -989,7 +989,7 @@ pl:
      your_birthday: "Twoje urodziny"
      your_gender: "Twoja płeć"
      your_location: "Lokalizacja"
-      your_name: "Imię"
+      your_name: "Nazwa"
      your_photo: "Twoje zdjęcie"
      your_tags: "Opisz siebie w pięciu słowach"
      your_tags_placeholder: "np. #filmy #kotki #podróże #nauczyciel #warszawa"
@ -1191,6 +1191,21 @@ pl:
        one: "1 osoba otagowana %{tag}"
        other: "%{count} osób otagowanych %{tag}"
        zero: "Nikogo otagowanego %{tag}"
+  two_factor_auth:
+    activated:
+      change_button: "Dezaktywuj"
+      status: "Uwierzytelnianie dwuskładnikowe jest aktywne"
+    confirm:
+      activate_button: "Potwierdź i aktywuj"
+      status: "Uwierzytelnianie dwuskładnikowe nie jest jeszcze w pełni aktywne, musisz je zatwierdzić tokenem TOTP"
+    deactivated:
+      change_button: "Aktywuj"
+      change_label: "Aktywuj uwierzytelnianie dwuskładnikowe"
+      status: "Uwierzytelnianie dwuskładnikowe nieaktywne"
+    flash:
+      success_activation: "Pomyślnie aktywowano uwierzytelnianie dwuskładnikowe"
+      success_deactivation: "Pomyślnie dezaktywowano uwierzytelnianie dwuskładnikowe"
+    title: "Uwierzytelnianie dwuskładnikowe"
  username: "Nazwa użytkownika"
  users:
    confirm_email:
--- a/config/locales/diaspora/pt-PT.yml
+++ b/config/locales/diaspora/pt-PT.yml
@ -282,7 +282,7 @@ pt-PT:
      birthday_with_year: "%d de %B de %Y"
      fullmonth_day: "%d de %B"
  delete: "Eliminar"
-  email: "Correio Eletrónico"
+  email: "E-mail"
  error_messages:
    helper:
      correct_the_following_errors_and_try_again: "Corrija os seguintes erros e volte a tentar."
--- a/config/locales/diaspora/sv.yml
+++ b/config/locales/diaspora/sv.yml
@ -482,9 +482,9 @@ sv:
      char_limit_services_q: "Vad händer med inlägg som delats genom liknande tjänster med lägre teckenbegräsning?"
      character_limit_a: "65 535 tecken. Det är 65 395 tecken fler än vad Twitter tillåter! ;-)"
      character_limit_q: "Vad är teckenbegränsning för inlägg?"
-      embed_multimedia_a: "Det ska räcka med att bara klistra in länken till vad du vill bifoga i inlägget. Några av de sidor som stöds är: YouTube, Vimeo, SoundCloud och Flickr. Diaspora* använder oEmbed för den här egenskapen. Vi lägger till stöd för andra sidor hela tiden. Kom ihåg att göra enkla inlägg och bara använda fullständiga länkar, inga URL-förkortare. Inga operatorer efter länken och vänta ett slag efter att du klistrat in inlägget innan du laddar om sidan, efter att du skrivit inlägget."
+      embed_multimedia_a: "Det ska räcka med att bara klistra in länken till vad du vill bifoga i inlägget. Sidor som stöds är: YouTube, Vimeo, SoundCloud och Flickr. Diaspora* använder oEmbed för den här egenskapen. Vi lägger till stöd för andra sidor hela tiden. Kom ihåg att göra enkla inlägg och bara använda fullständiga länkar, inga URL-förkortare. Inga operatorer efter länken och vänta ett slag efter att du klistrat in inlägget innan du laddar om sidan, efter att du skrivit inlägget."
      embed_multimedia_q: "Hur bäddar jag in en video, ljudspår eller annat multimediainnehåll i ett inlägg?"
-      format_text_a: "Diaspora använder ett förenklat system som kallas %{markdown}. Du som skriver har knappar för att hjälpa dig formatera texten. Om du vill formatera manuallt, hittar du hela syntaxen %{here}. Fliken för att förhandsvisa, ger dig möjlighet att se meddelandet innan du delar. Glöm inte att inte kan ändra efter publikation; var därför nogrann med att förhandsgranska innan!"
+      format_text_a: "Diaspora använder ett förenklat system som kallas %{markdown}. När du skriver finns knappar för att hjälpa dig formatera texten. Om du vill formatera manuallt, hittar du hela syntaxen %{here}. Fliken för att förhandsvisa, ger dig möjlighet att se meddelandet innan du delar. Glöm inte att inte kan ändra efter publikation; var därför nogrann med att förhandsgranska innan!"
      format_text_q: "Hur kan jag formatera texten i mina inlägg? (Fet stil, kursivera, etcetera.)"
      hide_posts_a: "Om du pekar muspekaren överst på ett inlägg kommer ett kryss att dyka upp till höger. Tryck på det för att dölja inlägget och avsluta notifieringarna berörande det. Du kommer fortfarande kunna se inlägget om du besöker författarens profilsida."
      hide_posts_q: "Hur döljer jag ett inlägg?"
@ -492,7 +492,7 @@ sv:
      ignore_user_a2: "För att ignorera någon, tryck ikonen \"ignorera\" (cirkel med ett diagonalt streck) i övre högra hörnet av inlägg. Deras inlägg kommer omedelbart försvinna ur ditt flöde. Alternativt, kan du gå till deras profilsida och trycka på ignoreraknappen där. Du kan fortfarande se personens inlägg på dennes profilsida."
      ignore_user_a3: "Du hittar listan över ignorerade personer under Sekretess bland dina kontoinställningar. För att sluta ignorera någon, ta bort personen ur listan."
      ignore_user_q: "Hur tar jag bort någon från min ström?"
-      insert_images_a: "Om du vill ha en bild som finns på din dator i inlägg, välj den lilla kameraikonen. Du kan också dra bilden från katalogen, eller fler bilde, från datorn till ikonen. Om du vill ha bild från en annan webbsida i inlägget, väljer du istället formateringsknappen som då skriver in Markdown-koden åt dig."
+      insert_images_a: "Om du vill ha en bild som finns på din dator i ett inlägg, välj den lilla kameraikonen. Du kan också dra bilden från katalogen, eller fler bilder, från datorn till ikonen. Om du vill ha bild från en annan webbsida i inlägget, väljer du istället formateringsknappen som då skriver in Markdown-koden åt dig."
      insert_images_comments_a: "Använd Markdown för att lägga in bilder från webben i en kommentar, precis som i ett inlägg. Du kan dock inte ladda upp bilder från din dator till kommentarer. Ladda upp dem på någon bilddelningssida och lägg därefter in bilderna i kommentarer."
      insert_images_comments_q: "Kan jag lägga till bilder i kommentarer?"
      insert_images_q: "Hur lägger jag in bilder till mitt inlägg?"
@ -502,7 +502,7 @@ sv:
      post_notification_q: "Hur gör jag för att ändra mina notifikationsinställningar för ett inlägg?"
      post_poll_a: "Tryck på grafikonen för att skapa en omröstning. Skriv in din fråga och åtminstone två alternativ. Glöm inte att göra inlägget publikt om du vill att alla ska kunna delta."
      post_poll_q: "Hur lägger jag till en omröstning till mitt inlägg?"
-      post_report_a: "Tryck på varningstriangeln i inläggets övre, högra hörn för att anmäla det till din podadminstratör. Ange sedan, noggrant, varför du valt att anmäla inlägget. Var så bussig och anmäl bara inlägg som bryter mot våra %{community_guidelines} eller användarvilkoren för din pod. Det kan exempelvis vara olagligt material, eller kränkande innehåll och spam."
+      post_report_a: "Tryck på varningstriangeln i inläggets övre, högra hörn för att anmäla det till din podadminstratör. Ange sedan noggrant varför du valt att anmäla inlägget. Var så bussig och anmäl bara inlägg som bryter mot våra %{community_guidelines} eller användarvilkoren för din pod. Det kan exempelvis vara olagligt material, eller kränkande innehåll och spam."
      post_report_q: "Hur meddelar jag om kränkande inlägg?"
      size_of_images_a: "Nej. Bildernas storlek justeras automatiskt för att passa strömmen."
      size_of_images_q: "Kan jag själv anpassa bildstorleken i inlägg och kommentarer?"
@ -572,7 +572,7 @@ sv:
    tags:
      filter_tags_a: "Det är inte ännu inte möjligt att utföra i Diaspora*. Men något %{third_party_tools} kan finnas som stödjer denna funktion."
      filter_tags_q: "Hur filtrerar jag bort några av taggarna från mitt flöde?"
-      followed_tags_a: "När du sökt en tagg kan du trycka på knappen överst på taggens sida för att följa taggen. Då kommer då synas till vänster med andra taggar du följer. Trycker du på någon tagg i listan hamnar du på taggens sida och kommer att se de senaste inläggen med taggen. Tryck \"#Följda taggar\" för att se ett flöde med alla taggar du följer. Inlägg med den taggen kommer dyka upp i ditt huvudflöde."
+      followed_tags_a: "När du sökt en tagg kan du trycka på knappen överst på taggens sida för att följa taggen. Då kommer den synas till vänster med andra taggar du följer. Trycker du på någon tagg i listan hamnar du på taggens sida och kommer att se de senaste inläggen med taggen. Tryck \"#Följda taggar\" för att se ett flöde med alla taggar du följer. Inlägg med den taggen kommer dyka upp i ditt huvudflöde."
      followed_tags_q: "Vad är \"#Följda taggar\" och hur följer man en tagg?"
      people_tag_page_a: "Det är personer som lagt till taggen i sin beskrivning på sin publika profilsida."
      people_tag_page_q: "Vilka är personerna till vänster på taggens sida?"
@ -1201,7 +1201,7 @@ sv:
      input_explanation: "Efter skanning eller att ha skrivit den hemliga koden, skriver du in den sexsiffriga kod du ser och bekräftar uppsättningen."
      input_title: "Bekräfta med TOTP-pollett."
      manual_explanation: "Om du inte kan skanna QR-koden automatiskt, kan du göra det manuellt i din app med den hemliga koden."
-      manual_explanation_cont: "Vi använder oss av tidsbegränsade ongångslösenord (TOTP) med sex siffror långa polletter. Om din applikation frågar om ett tidintervall och algoritm, anger du 30 sekunder och sh1.<br /> Mellanrummen är bara för läsbarhetens skull; du ska inte skriva dem."
+      manual_explanation_cont: "Vi använder oss av tidsbegränsade engångslösenord (TOTP) med sex siffror långa polletter. Om din applikation frågar om ett tidintervall och algoritm, anger du 30 sekunder och sh1.<br /> Mellanrummen är bara för läsbarhetens skull; du ska inte skriva dem."
      scan_explanation: "Skanna QR-koden med en TOTP-kompatibel applikation, såsom andOTP (för Android), FreeOTP (för iOS), SailOTP (för SailfishOS)."
      scan_title: "Läs in QR-kod"
      status: "Tvåfaktorautentisering har inte the fullo aktiverats än. Du behöver verifiera med en TOTP-pollett."
@ -1220,7 +1220,7 @@ sv:
      placeholder: "Sexssiffrig tvåstegspollett"
    recovery:
      button: "Generera nya återställningskoder"
-      explanation: "Om du någonsin blir av med din telefon, kan du använda en av återställningskoderna nedanför för att återfå tillgång till ditt konto. Spara koderna på en säker plats. Du kan till exompel skriva ut dem och ha dem bland dina andra viktiga lappar."
+      explanation: "Om du någonsin blir av med din telefon, kan du använda en av återställningskoderna nedanför för att återfå tillgång till ditt konto. Spara koderna på en säker plats. Du kan till exompel skriva ut dem och ha dem bland dina andra viktiga dokument."
      explanation_short: "Återställningsskoder används för att återfå tillgång till ditt konto utifall att du blir av med din telefon. Du kan bara använda varje kod en enda gång."
      invalidation_notice: "Om du blir av med dina återställningskoder, kan du generera nya här. Dina tidigare koder blir då ogiltiga."
      reminder: "Alternativt kan du använda en återställningskod."
--- a/config/locales/diaspora/th.yml
+++ b/config/locales/diaspora/th.yml
@ -5,11 +5,21 @@


 th:
+  _applications: "แอปพลิเคชั่น"
  _services: "บริการ"
  account: "บัญชี"
+  are_you_sure: "คุณแน่ใจแล้วใช่ไหม"
+  are_you_sure_delete_account: "คุณแน่ใจแล้วใช่ไหมที่จะลบบัญชีของคุณ มันไม่สามารถกู้คืนได้นะ"
  aspects:
    index:
      donate_liberapay: "บริจาคให้ลิเบร่าเพย์"
+  cancel: "ยกเลิก"
+  delete: "ลบ"
+  email: "อีเมล"
+  limited: "จำกัดการเข้าถึง"
+  ok: "ตกลง"
  privacy: "ส่วนตัว"
  profile: "โปรไฟล์"
-  settings: "ตั้งค่า"
+  public: "สาธารณะ"
+  settings: "ตั้งค่า"
+  username: "ชื่อผู้ใช้"
--- a/config/locales/javascript/javascript.nb.yml
+++ b/config/locales/javascript/javascript.nb.yml
@ -83,9 +83,9 @@ nb:
        success: "Ditt nye aspekt <%= name %> ble opprettet"
      name: "Navn"
    bookmarklet:
-      post_something: "Post noe på Diaspora"
-      post_submit: "Sender innlegg..."
-      post_success: "Lukker popup vinduet..."
+      post_something: "Publiser noe på diaspora*"
+      post_submit: "Sender innlegg ..."
+      post_success: "Publisert! Lukker popup-vinduet ..."
    cancel: "Avbryt"
    comma: ","
    comments:
@ -134,6 +134,7 @@ nb:
      recent_notifications: "Nylige varsel"
      search: "Søk"
      settings: "Innstillinger"
+      switch_to_touch_optimized_mode: "Bytt til touch-optimalisert visning"
      toggle_navigation: "Veksle navigasjon"
      view_all: "Vis alle"
    hide_post: "Gjem dette innlegget?"
--- a/db/migrate/20190703231700_fix_pending_profile_photos.rb
+++ b/db/migrate/20190703231700_fix_pending_profile_photos.rb
@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class FixPendingProfilePhotos < ActiveRecord::Migration[5.1]
+  def up
+    Photo.where(pending: true).each do |photo|
+      photo.update(pending: false) if Profile.where(image_url: photo.url(:thumb_large)).exists?
+    end
+  end
+end
--- a/features/support/webmock.rb
+++ b/features/support/webmock.rb
@ -7,7 +7,7 @@ Before do
  stub_request(:head, /.+/).with(
    headers: {
      "Accept"     => "text/html",
-      "User-Agent" => "OpenGraphReader/0.6.2 (+https://github.com/jhass/open_graph_reader)"
+      "User-Agent" => "OpenGraphReader/0.7.0 (+https://github.com/jhass/open_graph_reader)"
    }
  ).to_return(status: 200, body: "", headers: {"Content-Type" => "text/plain"})
 end
--- a/lib/diaspora/message_renderer.rb
+++ b/lib/diaspora/message_renderer.rb
@ -35,11 +35,12 @@ module Diaspora

      def append_and_truncate
        if options[:truncate]
-          @message = message.truncate options[:truncate]-options[:append].to_s.size
+          # TODO: Remove .dup when upgrading to Rails 6.x.
+          @message = @message.truncate(options[:truncate] - options[:append].to_s.size).dup
        end

-        message << options[:append].to_s
-        message << options[:append_after_truncate].to_s
+        @message << options[:append].to_s
+        @message << options[:append_after_truncate].to_s
      end

      def escape
--- a/spec/controllers/admins_controller_spec.rb
+++ b/spec/controllers/admins_controller_spec.rb
@ -30,7 +30,7 @@ describe AdminsController, :type => :controller do

      it "succeeds" do
        get :dashboard
-        expect(response).to be_success
+        expect(response).to be_successful
      end

      it "warns the user about unreviewed reports" do
@ -62,7 +62,7 @@ describe AdminsController, :type => :controller do

      it 'succeeds and renders user_search' do
        get :user_search
-        expect(response).to be_success
+        expect(response).to be_successful
        expect(response).to render_template(:user_search)
      end

@ -139,7 +139,7 @@ describe AdminsController, :type => :controller do

    it "succeeds and renders stats" do
      get :stats
-      expect(response).to be_success
+      expect(response).to be_successful
      expect(response).to render_template(:stats)
      expect(response.body).to include(
        I18n.translate(
@ -151,7 +151,7 @@ describe AdminsController, :type => :controller do
    it "succeeds and renders stats for different ranges" do
      %w(week 2weeks month).each do |range|
        get :stats, params: {range: range}
-        expect(response).to be_success
+        expect(response).to be_successful
        expect(response).to render_template(:stats)
        expect(response.body).not_to include(
          I18n.translate(
--- a/spec/controllers/aspect_memberships_controller_spec.rb
+++ b/spec/controllers/aspect_memberships_controller_spec.rb
@ -25,7 +25,7 @@ describe AspectMembershipsController, type: :controller do

    it "succeeds" do
      post :create, params: {person_id: bob.person.id, aspect_id: @aspect1.id}, format: :json
-      expect(response).to be_success
+      expect(response).to be_successful
    end

    it "creates an aspect membership" do
@ -75,14 +75,14 @@ describe AspectMembershipsController, type: :controller do
    it "removes contacts from an aspect" do
      membership = alice.add_contact_to_aspect(@contact, @aspect1)
      delete :destroy, params: {id: membership.id}, format: :json
-      expect(response).to be_success
+      expect(response).to be_successful
      @aspect1.reload
      expect(@aspect1.contacts.to_a).not_to include @contact
    end

    it "aspect membership does not exist" do
      delete :destroy, params: {id: 123}, format: :json
-      expect(response).not_to be_success
+      expect(response).not_to be_successful
      expect(response.body).to eq(I18n.t("aspect_memberships.destroy.no_membership"))
    end
  end
--- a/spec/controllers/comments_controller_spec.rb
+++ b/spec/controllers/comments_controller_spec.rb
@ -29,7 +29,7 @@ describe CommentsController, :type => :controller do

      it 'responds to format mobile' do
        post :create, params: comment_hash, format: :mobile
-        expect(response).to be_success
+        expect(response).to be_successful
      end
    end

@ -136,7 +136,7 @@ describe CommentsController, :type => :controller do

    it 'works for mobile' do
      get :index, params: {post_id: @message.id}, format: :mobile
-      expect(response).to be_success
+      expect(response).to be_successful
    end

    it 'returns all the comments for a post' do
--- a/spec/controllers/contacts_controller_spec.rb
+++ b/spec/controllers/contacts_controller_spec.rb
@ -14,14 +14,14 @@ describe ContactsController, :type => :controller do
    context 'format mobile' do
      it "succeeds" do
        get :index, format: :mobile
-        expect(response).to be_success
+        expect(response).to be_successful
      end
    end

    context 'format html' do
      it "succeeds" do
        get :index
-        expect(response).to be_success
+        expect(response).to be_successful
      end

      it "doesn't assign contacts" do
@ -43,7 +43,7 @@ describe ContactsController, :type => :controller do

        it "succeeds" do
          get :index, params: {q: @person1.first_name}, format: :json
-          expect(response).to be_success
+          expect(response).to be_successful
        end

        it "responds with json" do
@ -133,7 +133,7 @@ describe ContactsController, :type => :controller do
  describe '#spotlight' do
    it 'succeeds' do
      get :spotlight
-      expect(response).to be_success
+      expect(response).to be_successful
    end

    it 'gets queries for users in the app config' do
--- a/spec/controllers/conversations_controller_spec.rb
+++ b/spec/controllers/conversations_controller_spec.rb
@ -20,7 +20,7 @@ describe ConversationsController, :type => :controller do
    context "desktop" do
      it "succeeds" do
        get :new, params: {modal: true}
-        expect(response).to be_success
+        expect(response).to be_successful
      end
    end

@ -76,13 +76,13 @@ describe ConversationsController, :type => :controller do

    it "succeeds" do
      get :index
-      expect(response).to be_success
+      expect(response).to be_successful
      expect(assigns[:visibilities]).to match_array(@visibilities)
    end

    it "succeeds with json" do
      get :index, format: :json
-      expect(response).to be_success
+      expect(response).to be_successful
      json = JSON.parse(response.body)
      expect(json.first["conversation"]).to be_present
    end
@ -94,7 +94,7 @@ describe ConversationsController, :type => :controller do

    it "retrieves a conversation" do
      get :index, params: {conversation_id: @conversations.first.id}
-      expect(response).to be_success
+      expect(response).to be_successful
      expect(assigns[:visibilities]).to match_array(@visibilities)
      expect(assigns[:conversation]).to eq(@conversations.first)
    end
@ -108,7 +108,7 @@ describe ConversationsController, :type => :controller do
    it "retrieves a conversation message with out markdown content " do
      get :index
      @conversation = @conversations.first
-      expect(response).to be_success
+      expect(response).to be_successful
      expect(response.body).to match(/cool stuff/)
      expect(response.body).not_to match(%r{<strong>cool stuff</strong>})
    end
@ -134,7 +134,7 @@ describe ConversationsController, :type => :controller do

        it "responds with the conversation id as JSON" do
          post :create, params: params, format: :js
-          expect(response).to be_success
+          expect(response).to be_successful
          expect(JSON.parse(response.body)["id"]).to eq(Conversation.first.id)
        end

@ -172,7 +172,7 @@ describe ConversationsController, :type => :controller do

        it "responds with the conversation id as JSON" do
          post :create, params: params, format: :js
-          expect(response).to be_success
+          expect(response).to be_successful
          expect(JSON.parse(response.body)["id"]).to eq(Conversation.first.id)
        end
      end
@ -195,7 +195,7 @@ describe ConversationsController, :type => :controller do

        it "responds with an error message" do
          post :create, params: params, format: :js
-          expect(response).not_to be_success
+          expect(response).not_to be_successful
          expect(response.body).to eq(I18n.t("conversations.create.fail"))
        end
      end
@ -218,7 +218,7 @@ describe ConversationsController, :type => :controller do

        it "responds with an error message" do
          post :create, params: params, format: :js
-          expect(response).not_to be_success
+          expect(response).not_to be_successful
          expect(response.body).to eq(I18n.t("javascripts.conversation.create.no_recipient"))
        end
      end
@ -241,7 +241,7 @@ describe ConversationsController, :type => :controller do

        it "responds with an error message" do
          post :create, params: params, format: :js
-          expect(response).not_to be_success
+          expect(response).not_to be_successful
          expect(response.body).to eq(I18n.t("javascripts.conversation.create.no_recipient"))
        end
      end
@ -272,7 +272,7 @@ describe ConversationsController, :type => :controller do

        it "responds with an error message" do
          post :create, params: params, format: :js
-          expect(response).not_to be_success
+          expect(response).not_to be_successful
          expect(response.body).to eq(I18n.t("javascripts.conversation.create.no_recipient"))
        end
      end
@ -301,7 +301,7 @@ describe ConversationsController, :type => :controller do

        it "responds with the conversation id as JSON" do
          post :create, params: params, format: :js
-          expect(response).to be_success
+          expect(response).to be_successful
          expect(JSON.parse(response.body)["id"]).to eq(Conversation.first.id)
        end

@ -339,7 +339,7 @@ describe ConversationsController, :type => :controller do

        it "responds with the conversation id as JSON" do
          post :create, params: params, format: :js
-          expect(response).to be_success
+          expect(response).to be_successful
          expect(JSON.parse(response.body)["id"]).to eq(Conversation.first.id)
        end
      end
@ -362,7 +362,7 @@ describe ConversationsController, :type => :controller do

        it "responds with an error message" do
          post :create, params: params, format: :js
-          expect(response).not_to be_success
+          expect(response).not_to be_successful
          expect(response.body).to eq(I18n.t("conversations.create.fail"))
        end
      end
@ -385,7 +385,7 @@ describe ConversationsController, :type => :controller do

        it "responds with an error message" do
          post :create, params: params, format: :js
-          expect(response).not_to be_success
+          expect(response).not_to be_successful
          expect(response.body).to eq(I18n.t("javascripts.conversation.create.no_recipient"))
        end
      end
@ -408,7 +408,7 @@ describe ConversationsController, :type => :controller do

        it "responds with an error message" do
          post :create, params: params, format: :js
-          expect(response).not_to be_success
+          expect(response).not_to be_successful
          expect(response.body).to eq(I18n.t("javascripts.conversation.create.no_recipient"))
        end
      end
@ -433,7 +433,7 @@ describe ConversationsController, :type => :controller do

        it "responds with an error message" do
          post :create, params: params, format: :js
-          expect(response).not_to be_success
+          expect(response).not_to be_successful
          expect(response.body).to eq(I18n.t("javascripts.conversation.create.no_recipient"))
        end
      end
@ -452,7 +452,7 @@ describe ConversationsController, :type => :controller do

    it "succeeds with json" do
      get :show, params: {id: conversation.id}, format: :json
-      expect(response).to be_success
+      expect(response).to be_successful
      expect(assigns[:conversation]).to eq(conversation)
      expect(response.body).to include conversation.guid
    end
--- a/spec/controllers/help_controller_spec.rb
+++ b/spec/controllers/help_controller_spec.rb
@ -4,7 +4,7 @@ describe HelpController, type: :controller do
  describe "#faq" do
    it "succeeds" do
      get :faq
-      expect(response).to be_success
+      expect(response).to be_successful
    end

    it "fails on mobile" do
--- a/spec/controllers/home_controller_spec.rb
+++ b/spec/controllers/home_controller_spec.rb
@ -33,12 +33,12 @@ describe HomeController, type: :controller do
  describe "#podmin" do
    it "succeeds" do
      get :podmin
-      expect(response).to be_success
+      expect(response).to be_successful
    end

    it "succeeds on mobile" do
      get :podmin, format: :mobile
-      expect(response).to be_success
+      expect(response).to be_successful
    end
  end

--- a/spec/controllers/jasmine_fixtures/streams_spec.rb
+++ b/spec/controllers/jasmine_fixtures/streams_spec.rb
@ -54,7 +54,7 @@ TXT

      Timecop.travel(time) do
        get :multi, :format => :json
-        expect(response).to be_success
+        expect(response).to be_successful
        save_fixture(response.body, "stream_json")
      end
    end
--- a/spec/controllers/node_info_controller_spec.rb
+++ b/spec/controllers/node_info_controller_spec.rb
@ -5,7 +5,7 @@ describe NodeInfoController do
    it "responds to JSON" do
      get :jrd, format: :json

-      expect(response).to be_success
+      expect(response).to be_successful
    end

    it "returns a JRD" do
@ -38,7 +38,7 @@ describe NodeInfoController do
        it "responds to JSON" do
          get :document, params: {version: version}, format: :json

-          expect(response).to be_success
+          expect(response).to be_successful
        end

        it "calls NodeInfoPresenter" do
--- a/spec/controllers/notifications_controller_spec.rb
+++ b/spec/controllers/notifications_controller_spec.rb
@ -37,7 +37,7 @@ describe NotificationsController, :type => :controller do
      end

      get :update, params: {id: note.id, set_unread: "true"}, format: :json
-      expect(response).to be_success
+      expect(response).to be_successful

      updated_note = Notification.find(note.id)
      expect(updated_note.unread).to eq(true)
@ -64,7 +64,7 @@ describe NotificationsController, :type => :controller do

    it 'succeeds' do
      get :index
-      expect(response).to be_success
+      expect(response).to be_successful
      expect(assigns[:notifications].count).to eq(1)
    end

@ -73,7 +73,7 @@ describe NotificationsController, :type => :controller do
        @notification.touch
      end
      get :index, format: :json
-      expect(response).to be_success
+      expect(response).to be_successful
      response_json = JSON.parse(response.body)
      note_html = Nokogiri::HTML(response_json["notification_list"][0]["also_commented"]["note_html"])
      timeago_content = note_html.css("time")[0]["data-time-ago"]
@ -94,7 +94,7 @@ describe NotificationsController, :type => :controller do

    it 'succeeds on mobile' do
      get :index, format: :mobile
-      expect(response).to be_success
+      expect(response).to be_successful
    end

    it 'paginates the notifications' do
@ -128,7 +128,7 @@ describe NotificationsController, :type => :controller do
      it 'succeeds on mobile' do
        eve.share_with(alice.person, eve.aspects.first)
        get :index, format: :mobile
-        expect(response).to be_success
+        expect(response).to be_successful
      end
    end

@ -157,12 +157,12 @@ describe NotificationsController, :type => :controller do

      it "succeeds" do
        get :index
-        expect(response).to be_success
+        expect(response).to be_successful
      end

      it "succeeds on mobile" do
        get :index, format: :mobile
-        expect(response).to be_success
+        expect(response).to be_successful
      end
    end
  end
--- a/spec/controllers/people_controller_spec.rb
+++ b/spec/controllers/people_controller_spec.rb
@ -33,7 +33,7 @@ describe PeopleController, :type => :controller do
    describe 'via json' do
      it 'succeeds' do
        get :index, params: {q: "Korth"}, format: :json
-        expect(response).to be_success
+        expect(response).to be_successful
      end

      it 'responds with json' do
@ -109,23 +109,23 @@ describe PeopleController, :type => :controller do
        it "succeeds if there is exactly one match" do
          get :index, params: {q: "Korth"}
          expect(assigns[:people].length).to eq(1)
-          expect(response).to be_success
+          expect(response).to be_successful
        end

        it "succeeds if there are no matches" do
          get :index, params: {q: "Korthsauce"}
          expect(assigns[:people].length).to eq(0)
-          expect(response).to be_success
+          expect(response).to be_successful
        end

        it 'succeeds if you search for the empty term' do
          get :index, params: {q: ""}
-          expect(response).to be_success
+          expect(response).to be_successful
        end

        it 'succeeds if you search for punctuation' do
          get :index, params: {q: "+"}
-          expect(response).to be_success
+          expect(response).to be_successful
        end

        it "excludes people who have searchable off" do
@ -225,7 +225,7 @@ describe PeopleController, :type => :controller do
      profile = user2.profile
      profile.update_attribute(:first_name, "</script><script> alert('xss attack');</script>")
      get :show, params: {id: user2.person.to_param}
-      expect(response).to be_success
+      expect(response).to be_successful
      expect(response.body).not_to include(profile.first_name)
    end

@ -244,12 +244,12 @@ describe PeopleController, :type => :controller do
    context "when the person is the current user" do
      it "succeeds" do
        get :show, params: {id: @user.person.to_param}
-        expect(response).to be_success
+        expect(response).to be_successful
      end

      it 'succeeds on the mobile site' do
        get :show, params: {id: @user.person.to_param}, format: :mobile
-        expect(response).to be_success
+        expect(response).to be_successful
      end

      it "assigns the right person" do
@ -271,7 +271,7 @@ describe PeopleController, :type => :controller do

      it 'succeeds on the mobile site' do
        get :show, params: {id: @person.to_param}, format: :mobile
-        expect(response).to be_success
+        expect(response).to be_successful
      end

      it 'forces to sign in if the person is remote' do
@ -316,12 +316,12 @@ describe PeopleController, :type => :controller do

      it "succeeds" do
        get :show, params: {id: @person.to_param}
-        expect(response).to be_success
+        expect(response).to be_successful
      end

      it 'succeeds on the mobile site' do
        get :show, params: {id: @person.to_param}, format: :mobile
-        expect(response).to be_success
+        expect(response).to be_successful
      end

      it 'marks a corresponding notifications as read' do
@ -351,12 +351,12 @@ describe PeopleController, :type => :controller do

      it "succeeds" do
        get :show, params: {id: @person.to_param}
-        expect(response).to be_success
+        expect(response).to be_successful
      end

      it 'succeeds on the mobile site' do
        get :show, params: {id: @person.to_param}, format: :mobile
-        expect(response).to be_success
+        expect(response).to be_successful
      end

      it "leaks no private profile info" do
@ -406,7 +406,7 @@ describe PeopleController, :type => :controller do
        message = @user.post :status_message, :text => 'test more', :to => @aspect.id
        @user.comment!(message, cmmt)
        get :stream, params: {person_id: @user.person.to_param}, format: :json
-        expect(response).to be_success
+        expect(response).to be_successful
        expect(response.body).to include(cmmt)
      end
    end
--- a/spec/controllers/photos_controller_spec.rb
+++ b/spec/controllers/photos_controller_spec.rb
@ -44,7 +44,7 @@ describe PhotosController, :type => :controller do
  describe '#create' do
    before do
      allow(@controller).to receive(:file_handler).and_return(uploaded_photo)
-      @params = {:photo => {:user_file => uploaded_photo, :aspect_ids => "all"} }
+      @params = {photo: {user_file: uploaded_photo, aspect_ids: "all", pending: true}}
    end

    it "creates a photo" do
@ -67,11 +67,13 @@ describe PhotosController, :type => :controller do
      expect(Photo.last.author).to eq(alice.person)
    end

-    it 'can set the photo as the profile photo' do
+    it "can set the photo as the profile photo and unpends the photo" do
      old_url = alice.person.profile.image_url
      @params[:photo][:set_profile_photo] = true
      post :create, params: @params
-      expect(alice.reload.person.profile.image_url).not_to eq(old_url)
+      new_url = alice.reload.person.profile.image_url
+      expect(new_url).not_to eq(old_url)
+      expect(Photo.find_by(remote_photo_name: new_url.rpartition("_").last).pending).to be_falsey
    end
  end

@ -79,17 +81,17 @@ describe PhotosController, :type => :controller do
    it "succeeds without any available pictures" do
      get :index, params: {person_id: FactoryGirl.create(:person).guid}

-      expect(response).to be_success
+      expect(response).to be_successful
    end

    it "succeeds on mobile devices without any available pictures" do
      get :index, params: {person_id: FactoryGirl.create(:person).guid}, format: :mobile
-      expect(response).to be_success
+      expect(response).to be_successful
    end

    it "succeeds on mobile devices with available pictures" do
      get :index, params: {person_id: bob.person.guid}, format: :mobile
-      expect(response).to be_success
+      expect(response).to be_successful
    end

    it "displays the logged in user's pictures" do
@ -143,7 +145,7 @@ describe PhotosController, :type => :controller do

      it "succeeds on the mobile site" do
        get :index, params: {person_id: @person.to_param}, format: :mobile
-        expect(response).to be_success
+        expect(response).to be_successful
      end

      it "forces to sign in if the person is remote" do
@ -225,7 +227,7 @@ describe PhotosController, :type => :controller do

    it 'should return 200 for existing stuff on mobile devices' do
      get :show, params: {person_id: alice.person.guid, id: @alices_photo.id}, format: :mobile
-      expect(response).to be_success
+      expect(response).to be_successful
    end

    it "doesn't leak private photos to the public" do
--- a/spec/controllers/posts_controller_spec.rb
+++ b/spec/controllers/posts_controller_spec.rb
@ -19,7 +19,7 @@ describe PostsController, type: :controller do
          expect_any_instance_of(PostService).to receive(:mark_user_notifications).with(post.id)

          get :show, params: {id: post.id}
-          expect(response).to be_success
+          expect(response).to be_successful
        end

        it "succeeds after removing a mention when closing the mentioned user's account" do
@ -32,7 +32,7 @@ describe PostsController, type: :controller do
          user.close_account!

          get :show, params: {id: msg.id}
-          expect(response).to be_success
+          expect(response).to be_successful
        end

        it "renders the application layout on mobile" do
@ -45,7 +45,7 @@ describe PostsController, type: :controller do
          expect_any_instance_of(PostService).to receive(:mark_user_notifications).with(reshare_id)

          get :show, params: {id: reshare_id}, format: :mobile
-          expect(response).to be_success
+          expect(response).to be_successful
        end
      end

--- a/spec/controllers/profiles_controller_spec.rb
+++ b/spec/controllers/profiles_controller_spec.rb
@ -25,7 +25,7 @@ describe ProfilesController, :type => :controller do
  describe '#edit' do
    it 'succeeds' do
      get :edit
-      expect(response).to be_success
+      expect(response).to be_successful
    end

    it 'sets the profile to the current users profile' do
--- a/spec/controllers/reshares_controller_spec.rb
+++ b/spec/controllers/reshares_controller_spec.rb
@ -13,7 +13,7 @@ describe ResharesController, :type => :controller do

    it 'requires authentication' do
      post_request!
-      expect(response).not_to be_success
+      expect(response).not_to be_successful
    end

    context 'with an authenticated user' do
@ -23,7 +23,7 @@ describe ResharesController, :type => :controller do
      end

      it 'succeeds' do
-        expect(response).to be_success
+        expect(response).to be_successful
        post_request!
      end

--- a/spec/controllers/share_visibilities_controller_spec.rb
+++ b/spec/controllers/share_visibilities_controller_spec.rb
@ -17,7 +17,7 @@ describe ShareVisibilitiesController, :type => :controller do

      it 'succeeds' do
        put :update, params: {id: 42, post_id: @status.id}, format: :js
-        expect(response).to be_success
+        expect(response).to be_successful
      end

      it 'it calls toggle_hidden_shareable' do
--- a/spec/controllers/status_messages_controller_spec.rb
+++ b/spec/controllers/status_messages_controller_spec.rb
@ -17,7 +17,7 @@ describe StatusMessagesController, :type => :controller do
  describe '#bookmarklet' do
    it 'succeeds' do
      get :bookmarklet
-      expect(response).to be_success
+      expect(response).to be_successful
    end

    it 'contains a complete html document' do
@ -34,14 +34,14 @@ describe StatusMessagesController, :type => :controller do
        title: "Surprised Kitty",
        notes: "cute kitty"
      }
-      expect(response).to be_success
+      expect(response).to be_successful
    end
  end

  describe '#new' do
    it 'succeeds' do
      get :new, params: {person_id: bob.person.id}
-      expect(response).to be_success
+      expect(response).to be_successful
    end

    it 'should redirect on desktop version' do
--- a/spec/controllers/streams_controller_spec.rb
+++ b/spec/controllers/streams_controller_spec.rb
@ -15,19 +15,19 @@ describe StreamsController, :type => :controller do
    describe "#public" do
      it "succeeds" do
        get :public
-        expect(response).to be_success
+        expect(response).to be_successful
      end
    end

    describe "#multi" do
      it "succeeds" do
        get :multi
-        expect(response).to be_success
+        expect(response).to be_successful
      end

      it "succeeds on mobile" do
        get :multi, format: :mobile
-        expect(response).to be_success
+        expect(response).to be_successful
      end

      context "getting started" do
@ -54,7 +54,7 @@ describe StreamsController, :type => :controller do
      describe "a GET to #{stream_path}" do
        it "assigns a stream of the proper class" do
          get stream_path
-          expect(response).to be_success
+          expect(response).to be_successful
          expect(assigns[:stream]).to be_a stream_class
        end
      end
@ -65,12 +65,12 @@ describe StreamsController, :type => :controller do
    describe "#public" do
      it "succeeds" do
        get :public
-        expect(response).to be_success
+        expect(response).to be_successful
      end

      it "succeeds on mobile" do
        get :public, format: :mobile
-        expect(response).to be_success
+        expect(response).to be_successful
      end
    end

--- a/spec/controllers/tags_controller_spec.rb
+++ b/spec/controllers/tags_controller_spec.rb
@ -105,7 +105,7 @@ describe TagsController, :type => :controller do

        it 'succeeds with mobile' do
          get :show, params: {name: "foo"}, format: :mobile
-          expect(response).to be_success
+          expect(response).to be_successful
        end

        it "returns the post with the correct age" do
--- a/spec/controllers/terms_controller_spec.rb
+++ b/spec/controllers/terms_controller_spec.rb
@ -4,12 +4,12 @@ describe TermsController, type: :controller do
  describe "#index" do
    it "succeeds" do
      get :index
-      expect(response).to be_success
+      expect(response).to be_successful
    end

    it "succeeds on mobile" do
      get :index, format: :mobile
-      expect(response).to be_success
+      expect(response).to be_successful
    end
  end
 end
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@ -327,12 +327,12 @@ describe UsersController, :type => :controller do
  describe 'getting_started' do
    it 'does not fail miserably' do
      get :getting_started
-      expect(response).to be_success
+      expect(response).to be_successful
    end

    it 'does not fail miserably on mobile' do
      get :getting_started, format: :mobile
-      expect(response).to be_success
+      expect(response).to be_successful
    end

    context "with inviter" do
--- a/spec/models/open_graph_cache_spec.rb
+++ b/spec/models/open_graph_cache_spec.rb
@ -63,7 +63,7 @@ describe OpenGraphCache, type: :model do
        stub_request(:head, "http:///wetter.com")
          .with(headers: {
                  "Accept"     => "text/html",
-                  "User-Agent" => "OpenGraphReader/0.6.2 (+https://github.com/jhass/open_graph_reader)"
+                  "User-Agent" => "OpenGraphReader/0.7.0 (+https://github.com/jhass/open_graph_reader)"
                })
          .to_return(status: 200, body: "", headers:
            {"Set-Cookie" => "Dabgroup=A;path=/;Expires=Thu, 23 May 2019 16:12:01 GMT;httpOnly"})
--- a/spec/workers/cleanup_pending_photos_spec.rb
+++ b/spec/workers/cleanup_pending_photos_spec.rb
@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+describe Workers::CleanupPendingPhotos do
+  let!(:photo) { FactoryGirl.create(:photo, author: alice.person, pending: true) }
+
+  it "removes pending photos" do
+    Timecop.travel(25.hours) do
+      Workers::CleanupPendingPhotos.new.perform
+      expect(Photo).not_to exist(photo.id)
+    end
+  end
+
+  it "does not remove pending photos newer than one day" do
+    Timecop.travel(1.hour) do
+      Workers::CleanupPendingPhotos.new.perform
+      expect(Photo).to exist(photo.id)
+    end
+  end
+
+  it "does not remove posted photos" do
+    StatusMessageCreationService.new(alice).create(
+      status_message: {text: "Post with photo"},
+      public:         true,
+      photos:         [photo.id]
+    )
+    Timecop.travel(25.hours) do
+      Workers::CleanupPendingPhotos.new.perform
+      expect(Photo).to exist(photo.id)
+    end
+  end
+end