Merge branch 'release/0.5.6.0'

CODE_OF_CONDUCT.md

 # Contributor Code of Conduct
 
-As contributors and maintainers of this project, and in the interest of fostering an open and welcoming community, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.
+As contributors and maintainers of this project, and in the interest of
+fostering an open and welcoming community, we pledge to respect all people who
+contribute through reporting issues, posting feature requests, updating
+documentation, submitting pull requests or patches, and other activities.
 
-We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, religion, or nationality.
+We are committed to making participation in this project a harassment-free
+experience for everyone, regardless of level of experience, gender, gender
+identity and expression, sexual orientation, disability, personal appearance,
+body size, race, ethnicity, age, religion, or nationality.
 
 Examples of unacceptable behavior by participants include:
 
@@ -10,13 +16,35 @@ Examples of unacceptable behavior by participants include:
 * Personal attacks
 * Trolling or insulting/derogatory comments
 * Public or private harassment
-* Publishing other's private information, such as physical or electronic addresses, without explicit permission
-* Other unethical or unprofessional conduct.
-
-Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct. By adopting this Code of Conduct, project maintainers commit themselves to fairly and consistently applying these principles to every aspect of managing this project. Project maintainers who do not follow or enforce the Code of Conduct may be permanently removed from the project team.
-
-This code of conduct applies both within project spaces and in public spaces when an individual is representing the project or its community.
-
-Instances of abusive, harassing, or otherwise unacceptable behavior should be reported by sending an email to [team@diasporafoundation.org](mailto:team@diasporafoundation.org).
-
-This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.2.0, available at [http://contributor-covenant.org/version/1/2/0/](http://contributor-covenant.org/version/1/2/0/)
+* Publishing other's private information, such as physical or electronic
+  addresses, without explicit permission
+* Other unethical or unprofessional conduct
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+By adopting this Code of Conduct, project maintainers commit themselves to
+fairly and consistently applying these principles to every aspect of managing
+this project. Project maintainers who do not follow or enforce the Code of
+Conduct may be permanently removed from the project team.
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting a project maintainer at [team@diasporafoundation.org](mailto:team@diasporafoundation.org). All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. Maintainers are
+obligated to maintain confidentiality with regard to the reporter of an
+incident.
+
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 1.3.0, available at
+[http://contributor-covenant.org/version/1/3/0/][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/3/0/

Changelog.md

+# 0.5.6.0
+
+## Refactor
+* Add more integration tests with the help of the new diaspora-federation gem [#6539](https://github.com/diaspora/diaspora/pull/6539)
+
+## Bug fixes
+* Fix mention autocomplete when pasting the username [#6510](https://github.com/diaspora/diaspora/pull/6510)
+* Use and update updated\_at for notifications [#6573](https://github.com/diaspora/diaspora/pull/6573)
+* Ensure the author signature is checked when receiving a relayable [#6539](https://github.com/diaspora/diaspora/pull/6539)
+* Do not try to display hovercards when logged out [#6587](https://github.com/diaspora/diaspora/pull/6587)
+
+## Features
+
+* Display hovercards without aspect dropdown when logged out [#6603](https://github.com/diaspora/diaspora/pull/6603)
+* Add media.ccc.de as a trusted oEmbed endpoint
+
 # 0.5.5.1
 
 * Fix XSS on profile pages

Gemfile

@@ -4,25 +4,25 @@ gem "rails", "4.2.5"
 
 # Legacy Rails features, remove me!
 # responders (class level)
-gem "responders", "2.1.0"
+gem "responders", "2.1.1"
 
 # Appserver
 
-gem "unicorn", "4.9.0", require: false
+gem "unicorn", "5.0.1", require: false
 
 # Federation
 
-gem "diaspora_federation-rails", "0.0.8"
+gem "diaspora_federation-rails", "0.0.11"
 
 # API and JSON
 
 gem "acts_as_api", "0.4.2"
 gem "json",        "1.8.3"
-gem "json-schema", "2.5.1"
+gem "json-schema", "2.5.2"
 
 # Authentication
 
-gem "devise", "3.5.2"
+gem "devise", "3.5.3"
 gem "devise_lastseenable", "0.0.6"
 gem "devise-token_authenticatable", "~> 0.4.0"
 
@@ -56,21 +56,21 @@ gem "rack-cors", "0.4.0", require: "rack/cors"
 gem "bootstrap-sass", "2.3.2.2"
 gem "compass-rails",  "2.0.5"
 gem "sass-rails",     "5.0.4"
-gem "autoprefixer-rails", "6.0.3"
+gem "autoprefixer-rails", "6.2.2"
 
 # Database
 
 ENV["DB"] ||= "mysql"
 
 gem "mysql2", "0.3.20" if ENV["DB"] == "all" || ENV["DB"] == "mysql"
-gem "pg",     "0.18.3" if ENV["DB"] == "all" || ENV["DB"] == "postgres"
+gem "pg",     "0.18.4" if ENV["DB"] == "all" || ENV["DB"] == "postgres"
 
 gem "activerecord-import", "0.10.0"
 
 # File uploading
 
 gem "carrierwave", "0.10.0"
-gem "fog",         "1.34.0"
+gem "fog",         "1.37.0"
 gem "mini_magick", "4.3.6"
 gem "remotipart",  "1.2.1"
 
@@ -84,11 +84,11 @@ gem "entypo-rails", "2.2.3"
 # JavaScript
 
 gem "backbone-on-rails", "1.2.0.0"
-gem "handlebars_assets", "0.21.0"
+gem "handlebars_assets", "0.22.0"
 gem "jquery-rails",      "4.0.5"
 gem "jquery-ui-rails",   "5.0.5"
 gem "js_image_paths",    "0.0.2"
-gem "js-routes",         "1.1.2"
+gem "js-routes",         "1.2.0"
 
 source "https://rails-assets.org" do
   gem "rails-assets-jquery",                              "1.11.2" # Should be kept in sync with jquery-rails
@@ -100,14 +100,14 @@ source "https://rails-assets.org" do
   gem "rails-assets-markdown-it--markdown-it-for-inline", "0.1.1"
   gem "rails-assets-markdown-it-sub",                     "1.0.0"
   gem "rails-assets-markdown-it-sup",                     "1.0.0"
-  gem "rails-assets-highlightjs",                         "8.9.1"
+  gem "rails-assets-highlightjs",                         "9.0.0"
 
   # jQuery plugins
 
   gem "rails-assets-jeresig--jquery.hotkeys",       "0.2.0"
-  gem "rails-assets-jquery-placeholder",            "2.1.3"
+  gem "rails-assets-jquery-placeholder",            "2.3.1"
   gem "rails-assets-jquery-textchange",             "0.2.3"
-  gem "rails-assets-perfect-scrollbar",             "0.6.7"
+  gem "rails-assets-perfect-scrollbar",             "0.6.8"
   gem "rails-assets-jakobmattsson--jquery-elastic", "1.6.11"
 end
 
@@ -117,7 +117,7 @@ gem "facebox-rails", "0.2.0"
 
 gem "http_accept_language", "2.0.5"
 gem "i18n-inflector-rails", "1.0.7"
-gem "rails-i18n",           "4.0.5"
+gem "rails-i18n",           "4.0.8"
 
 # Mail
 
@@ -127,17 +127,17 @@ gem "messagebus_ruby_api", "1.0.3"
 # Parsing
 
 gem "nokogiri",          "1.6.7.1"
-gem "redcarpet",         "3.3.3"
+gem "redcarpet",         "3.3.4"
 gem "twitter-text",      "1.13.0"
 gem "roxml",             "3.1.6"
-gem "ruby-oembed",       "0.8.14"
+gem "ruby-oembed",       "0.9.0"
 gem "open_graph_reader", "0.6.1"
 
 # Services
 
-gem "omniauth",           "1.2.2"
-gem "omniauth-facebook",  "2.0.1"
-gem "omniauth-tumblr",    "1.1"
+gem "omniauth",           "1.3.1"
+gem "omniauth-facebook",  "3.0.0"
+gem "omniauth-tumblr",    "1.2"
 gem "omniauth-twitter",   "1.2.1"
 gem "twitter",            "5.15.0"
 gem "omniauth-wordpress", "0.2.2"
@@ -148,7 +148,7 @@ gem "active_model_serializers", "0.9.3"
 
 # XMPP chat dependencies
 gem "diaspora-vines",             "~> 0.2.0.develop"
-gem "rails-assets-diaspora_jsxc", "~> 0.1.4.alpha", "< 0.1.4.develop", source: "https://rails-assets.org"
+gem "rails-assets-diaspora_jsxc", "~> 0.1.4", source: "https://rails-assets.org"
 
 # Tags
 
@@ -195,7 +195,7 @@ gem "minitest"
 group :production do # we don"t install these on travis to speed up test runs
   # Administration
 
-  gem "rails_admin", "0.7.0"
+  gem "rails_admin", "0.8.1"
 
   # Analytics
 
@@ -232,11 +232,11 @@ group :development do
 
   # Linters
   gem "jshintrb", "0.3.0"
-  gem "rubocop",  "0.34.2"
+  gem "rubocop",  "0.35.1"
 
   # Preloading environment
 
-  gem "spring", "1.4.0"
+  gem "spring", "1.6.1"
   gem "spring-commands-rspec", "1.0.4"
   gem "spring-commands-cucumber", "1.0.1"
 
@@ -246,7 +246,7 @@ group :development do
   gem "pry-byebug"
 
   # test coverage
-  gem "simplecov", "0.10.0", require: false
+  gem "simplecov", "0.11.1", require: false
 end
 
 group :test do
@@ -255,7 +255,7 @@ group :test do
   gem "fixture_builder",   "0.4.1"
   gem "fuubar",            "2.0.0"
   gem "rspec-instafail",   "0.4.0", require: false
-  gem "test_after_commit", "0.4.1"
+  gem "test_after_commit", "0.4.2"
 
   # Cucumber (integration tests)
 
@@ -267,8 +267,10 @@ group :test do
 
   gem "factory_girl_rails", "4.5.0"
   gem "timecop",            "0.8.0"
-  gem "webmock",            "1.22.1", require: false
-  gem "shoulda-matchers",   "3.0.0"
+  gem "webmock",            "1.22.3", require: false
+  gem "shoulda-matchers",   "3.0.1"
+
+  gem "diaspora_federation-test", "0.0.11"
 end
 
 group :development, :test do
@@ -279,7 +281,7 @@ group :development, :test do
   gem "cucumber-rails",     "1.4.2", require: false
 
   # Jasmine (client side application tests (JS))
-  gem "jasmine",                   "2.3.1"
+  gem "jasmine",                   "2.4.0"
   gem "jasmine-jquery-rails",      "2.0.3"
   gem "rails-assets-jasmine-ajax", "3.2.0", source: "https://rails-assets.org"
   gem "sinon-rails",               "1.15.0"

app/assets/javascripts/app/views/hovercard_view.js

@@ -97,7 +97,7 @@ app.views.Hovercard = app.views.Base.extend({
     href += "/hovercard.json";
 
     var self = this;
-    $.get(href, function(person){
+    $.ajax(href, {preventGlobalErrorHandling: true}).done(function(person){
       if( !person || person.length === 0 ) {
         throw new Error("received data is not a person object");
       }
@@ -126,11 +126,12 @@ app.views.Hovercard = app.views.Base.extend({
       return $('<a/>',{href: "/tags/"+tag.substring(1)}).text(tag)[0] ;
     })) );
 
+    if(!app.currentUser.authenticated()){ return; }
     // set aspect dropdown
     // TODO render me client side!!!
     var href = this.href();
     href += "/aspect_membership_button";
-    $.get(href, function(response) {
+    $.ajax(href, {preventGlobalErrorHandling: true}).done(function(response){
       self.dropdown_container.html(response);
     });
     new app.views.AspectMembership({el: self.dropdown_container});

app/assets/javascripts/jsxc.js

-//= require jquery.slimscroll
-//= require colorbox
+//= require jquery.slimscroll/jquery.slimscroll
+//= require jquery-colorbox
 //= require favico.js
 //= require jquery-fullscreen-plugin
 //= require diaspora_jsxc
@@ -25,7 +25,7 @@ $(document).ready(function() {
             chat: 1
           },
           displayRosterMinimized: function() {
-            return true;
+            return false;
           },
           xmpp: {
             url: $('script#jsxc').data('endpoint'),

app/assets/stylesheets/application.scss

@@ -77,7 +77,6 @@
 @import 'stream';
 @import 'stream_element';
 @import 'comments';
-@import 'colorbox';
 @import 'diaspora_jsxc';
 @import 'chat';
 @import 'markdown-content';

app/controllers/people_controller.rb

@@ -3,8 +3,8 @@
 #   the COPYRIGHT file.
 
 class PeopleController < ApplicationController
-  before_action :authenticate_user!, except: [:show, :stream]
-  before_action :find_person, only: [:show, :stream, :hovercard]
+  before_action :authenticate_user!, except: %i(show stream hovercard)
+  before_action :find_person, only: %i(show stream hovercard)
 
   respond_to :html, :except => [:tag_index]
   respond_to :json, :only => [:index, :show]

app/controllers/publics_controller.rb

-#   Copyright (c) 2010-2011, Diaspora Inc.  This file is
-#   licensed under the Affero General Public License version 3 or later.  See
-#   the COPYRIGHT file.
-
-class PublicsController < ApplicationController
-  include Diaspora::Parser
-
-  skip_before_action :set_header_data
-  skip_before_action :set_grammatical_gender
-  before_action :check_for_xml, :only => [:receive, :receive_public]
-  before_action :authenticate_user!, :only => [:index]
-
-  respond_to :html
-  respond_to :xml, :only => :post
-
-  layout false
-
-  def hub
-    render :text => params['hub.challenge'], :status => 202, :layout => false
-  end
-
-  def receive_public
-    logger.info "received a public message"
-    Workers::ReceiveUnencryptedSalmon.perform_async(CGI::unescape(params[:xml]))
-    render :nothing => true, :status => :ok
-  end
-
-  def receive
-    person = Person.find_by_guid(params[:guid])
-
-    if person.nil? || person.owner_id.nil?
-      logger.error "Received post for nonexistent person #{params[:guid]}"
-      render :nothing => true, :status => 404
-      return
-    end
-
-    @user = person.owner
-
-    logger.info "received a private message for user: #{@user.id}"
-    Workers::ReceiveEncryptedSalmon.perform_async(@user.id, CGI::unescape(params[:xml]))
-
-    render :nothing => true, :status => 202
-  end
-
-  private
-
-  def check_for_xml
-    if params[:xml].nil?
-      render :nothing => true, :status => 422
-      return
-    end
-  end
-end

app/models/notification.rb

@@ -64,6 +64,8 @@ private
       begin
         n.actors = n.actors | [actor]
         n.unread = true
+        # Explicitly touch the notification to update updated_at whenever new actor is inserted in notification.
+        n.touch
         n.save!
       rescue ActiveRecord::RecordNotUnique
         nil

app/views/notifications/_notification.haml

@@ -10,4 +10,4 @@
   .media-body
     = notification_message_for(note)
     %div
-      = timeago(note.created_at)
+      = timeago(note.updated_at)

bin/cucumber

 #!/usr/bin/env ruby
 begin
-  load File.expand_path("../spring", __FILE__)
-rescue LoadError
+  load File.expand_path('../spring', __FILE__)
+rescue LoadError => e
+  raise unless e.message.include?('spring')
 end
 require 'bundler/setup'
 load Gem.bin_path('cucumber', 'cucumber')

bin/rails

 #!/usr/bin/env ruby
 begin
-  load File.expand_path("../spring", __FILE__)
-rescue LoadError
+  load File.expand_path('../spring', __FILE__)
+rescue LoadError => e
+  raise unless e.message.include?('spring')
 end
+# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
+
 APP_PATH = File.expand_path('../../config/application',  __FILE__)
-require_relative '../config/boot'
+require File.expand_path('../../config/boot',  __FILE__)
 require 'rails/commands'

bin/rake

 #!/usr/bin/env ruby
 begin
-  load File.expand_path("../spring", __FILE__)
-rescue LoadError
+  load File.expand_path('../spring', __FILE__)
+rescue LoadError => e
+  raise unless e.message.include?('spring')
 end
 require_relative '../config/boot'
 require 'rake'

bin/rspec

 #!/usr/bin/env ruby
 begin
-  load File.expand_path("../spring", __FILE__)
-rescue LoadError
+  load File.expand_path('../spring', __FILE__)
+rescue LoadError => e
+  raise unless e.message.include?('spring')
 end
 require 'bundler/setup'
 load Gem.bin_path('rspec-core', 'rspec')

bin/spring

 #!/usr/bin/env ruby
 
-# This file loads spring without using Bundler, in order to be fast
-# It gets overwritten when you run the `spring binstub` command
+# This file loads spring without using Bundler, in order to be fast.
+# It gets overwritten when you run the `spring binstub` command.
 
 unless defined?(Spring)
-  require "rubygems"
-  require "bundler"
+  require 'rubygems'
+  require 'bundler'
 
-  if match = Bundler.default_lockfile.read.match(/^GEM$.*?^    (?:  )*spring \((.*?)\)$.*?^$/m)
-    ENV["GEM_PATH"] = ([Bundler.bundle_path.to_s] + Gem.path).join(File::PATH_SEPARATOR)
-    ENV["GEM_HOME"] = nil
-    Gem.paths = ENV
-
-    gem "spring", match[1]
-    require "spring/binstub"
+  if (match = Bundler.default_lockfile.read.match(/^GEM$.*?^    (?:  )*spring \((.*?)\)$.*?^$/m))
+    Gem.paths = { 'GEM_PATH' => [Bundler.bundle_path.to_s, *Gem.path].uniq }
+    gem 'spring', match[1]
+    require 'spring/binstub'
   end
 end

config/defaults.yml

@@ -4,7 +4,7 @@
 
 defaults:
   version:
-    number: "0.5.5.1" # Do not touch unless doing a release, do not backport the version number that's in master
+    number: "0.5.6.0" # Do not touch unless doing a release, do not backport the version number that's in master
   heroku: false
   environment:
     url: "http://localhost:3000/"

config/initializers/diaspora_federation.rb

@@ -10,15 +10,16 @@ DiasporaFederation.configure do |config|
       person = Person.find_local_by_diaspora_handle(handle)
       if person
         DiasporaFederation::Discovery::WebFinger.new(
-          acct_uri:    "acct:#{person.diaspora_handle}",
-          alias_url:   AppConfig.url_to("/people/#{person.guid}"),
-          hcard_url:   AppConfig.url_to(DiasporaFederation::Engine.routes.url_helpers.hcard_path(person.guid)),
-          seed_url:    AppConfig.pod_uri,
-          profile_url: person.profile_url,
-          atom_url:    person.atom_url,
-          salmon_url:  person.receive_url,
-          guid:        person.guid,
-          public_key:  person.serialized_public_key
+          acct_uri:      "acct:#{person.diaspora_handle}",
+          alias_url:     AppConfig.url_to("/people/#{person.guid}"),
+          hcard_url:     AppConfig.url_to(DiasporaFederation::Engine.routes.url_helpers.hcard_path(person.guid)),
+          seed_url:      AppConfig.pod_uri,
+          profile_url:   person.profile_url,
+          atom_url:      person.atom_url,
+          salmon_url:    person.receive_url,
+          subscribe_url: AppConfig.url_to("/people?q={uri}"),
+          guid:          person.guid,
+          public_key:    person.serialized_public_key
         )
       end
     end
@@ -61,5 +62,52 @@ DiasporaFederation.configure do |config|
 
       person_entity.save!
     end
+
+    on :fetch_private_key_by_diaspora_id do |diaspora_id|
+      key = Person.where(diaspora_handle: diaspora_id).joins(:owner).pluck(:serialized_private_key).first
+      OpenSSL::PKey::RSA.new key unless key.nil?
+    end
+
+    on :fetch_author_private_key_by_entity_guid do |entity_type, guid|
+      key = entity_type.constantize.where(guid: guid).joins(author: :owner).pluck(:serialized_private_key).first
+      OpenSSL::PKey::RSA.new key unless key.nil?
+    end
+
+    on :fetch_public_key_by_diaspora_id do |diaspora_id|
+      key = Person.where(diaspora_handle: diaspora_id).pluck(:serialized_public_key).first
+      OpenSSL::PKey::RSA.new key unless key.nil?
+    end
+
+    on :fetch_author_public_key_by_entity_guid do |entity_type, guid|
+      key = entity_type.constantize.where(guid: guid).joins(:author).pluck(:serialized_public_key).first
+      OpenSSL::PKey::RSA.new key unless key.nil?
+    end
+
+    on :entity_author_is_local? do |entity_type, guid|
+      entity_type.constantize.where(guid: guid).joins(author: :owner).exists?
+    end
+
+    on :fetch_entity_author_id_by_guid do |entity_type, guid|
+      entity_type.constantize.where(guid: guid).joins(:author).pluck(:diaspora_handle).first
+    end
+
+    on :queue_public_receive do |xml|
+      Workers::ReceiveUnencryptedSalmon.perform_async(xml)
+    end
+
+    on :queue_private_receive do |guid, xml|
+      person = Person.find_by_guid(guid)
+
+      if person.nil? || person.owner_id.nil?
+        false
+      else
+        Workers::ReceiveEncryptedSalmon.perform_async(person.owner.id, xml)
+        true
+      end
+    end
+
+    on :save_entity_after_receive do
+      # TODO
+    end
   end
 end

config/locale_settings.yml

@@ -58,7 +58,7 @@ available:
   si: "සිංහල"
   sk: "Slovenčina"
   sl: "Slovenščina"
-  sq: "gjuha shqipe"
+  sq: "Shqip"
   sr: "српски језик"
   sv: "Svenska"
   te: "తెలుగు"

config/locales/diaspora/en.yml

@@ -173,9 +173,6 @@ en:
       video_title:
         unknown: "Unknown video title"
   aspects:
-    zero: "No aspects"
-    one: "1 aspect"
-    other: "%{count} aspects"
     contacts_visible: "Contacts in this aspect will be able to see each other."
     contacts_not_visible: "Contacts in this aspect will not be able to see each other."
     edit:
@@ -299,9 +296,6 @@ en:
     other: "%{count} reactions"
 
   contacts:
-    zero: "No contacts"
-    one: "1 contact"
-    other: "%{count} contacts"
     create:
       failure: "Failed to create contact"
     sharing:
@@ -1355,7 +1349,7 @@ en:
         mr_wiggles: "Mr Wiggles will be sad to see you go"
         what_we_delete: "We will delete all of your posts and profile data as soon as possible. Your comments on other people’s posts will still appear, but they will be associated with your diaspora* ID rather than your name."
         locked_out: "You will get signed out and locked out of your account until it has been deleted."
-        lock_username: "Your username will be locked. You will not be able create a new account on this pod with the same ID."
+        lock_username: "Your username will be locked. You will not be able to create a new account on this pod with the same ID."
         no_turning_back: "There is no turning back! If you’re really sure, enter your password below."
         if_you_want_this: "If you really want this to happen, type in your password below and click “Close account”"
 

config/oembed_providers.yml

@@ -19,3 +19,9 @@ mixcloud:
   urls:
     - http://www.mixcloud.com/*/*
     - https://www.mixcloud.com/*/*
+
+mediacccde:
+  endpoint: "https://media.ccc.de/public/oembed/"
+  urls:
+    - http://media.ccc.de/v/*
+    - https://media.ccc.de/v/*

config/routes.rb

@@ -18,6 +18,7 @@ Diaspora::Application.routes.draw do
     mount Sidekiq::Web => '/sidekiq', :as => 'sidekiq'
   end
 
+  # Federation
   mount DiasporaFederation::Engine => "/"
 
   get "/atom.xml" => redirect('http://blog.diasporafoundation.org/feed/atom') #too many stupid redirects :()
@@ -182,17 +183,6 @@ Diaspora::Application.routes.draw do
   get '/u/:username' => 'people#show', :as => 'user_profile', :constraints => { :username => /[^\/]+/ }
   get '/u/:username/profile_photo' => 'users#user_photo', :constraints => { :username => /[^\/]+/ }
 
-
-  # Federation
-
-  controller :publics do
-    post 'receive/users/:guid'  => :receive
-    post 'receive/public'       => :receive_public
-    get 'hub'                   => :hub
-  end
-
-
-
   # External
 
   resources :services, :only => [:index, :destroy]

features/desktop/hovercards.feature

@@ -6,15 +6,15 @@ Feature: Hovercards
 
   Background:
     Given a user named "Bob Jones" with email "bob@bob.bob"
-    And "bob@bob.bob" has a public post with text "public stuff"
+    And "bob@bob.bob" has a public post with text "public stuff #hashtag"
     And a user named "Alice" with email "alice@alice.alice"
     And "alice@alice.alice" has a public post with text "alice public stuff"
-    And the post with text "public stuff" is reshared by "alice@alice.alice"
+    And the post with text "public stuff #hashtag" is reshared by "alice@alice.alice"
     And the post with text "alice public stuff" is reshared by "bob@bob.bob"
-    And I sign in as "alice@alice.alice"
 
   Scenario: Hovercards on the main stream
-    Given I am on "bob@bob.bob"'s page
+    Given I sign in as "alice@alice.alice"
+    And I am on "bob@bob.bob"'s page
     Then I should see "public stuff" within ".stream_element"
     When I activate the first hovercard
     Then I should see a hovercard
@@ -22,7 +22,8 @@ Feature: Hovercards
     Then I should not see a hovercard
 
   Scenario: Hovercards on the main stream in reshares
-    Given I am on "bob@bob.bob"'s page
+    Given I sign in as "alice@alice.alice"
+    And I am on "bob@bob.bob"'s page
     Then I should see "Alice" within "#main_stream"
     When I hover "Alice" within "#main_stream"
     Then I should not see a hovercard
@@ -30,3 +31,11 @@ Feature: Hovercards
     Then I should see "Bob Jones" within "#main_stream"
     When I hover "Bob Jones" within "#main_stream"
     Then I should see a hovercard
+
+  Scenario: Hovercards on the tag stream as a logged out user
+    Given I am on the tag page for "hashtag"
+    Then I should see "public stuff" within ".stream_element"
+    When I activate the first hovercard
+    Then I should see a hovercard
+    When I deactivate the first hovercard
+    Then I should not see a hovercard

features/step_definitions/posts_steps.rb

@@ -15,6 +15,7 @@ Then /^I should not see an uploaded image within the photo drop zone$/ do
 end
 
 Then /^I should not see any posts in my stream$/ do
+  page.assert_selector("#paginate .loader", visible: :hidden)
   page.assert_selector(".stream_element", count: 0)
 end
 

lib/assets/javascripts/jquery.mentionsInput.js

@@ -7,18 +7,20 @@
  * Using underscore.js
  *
  * License: MIT License - http://www.opensource.org/licenses/mit-license.php
- * 
- * Modifcations for Diaspora:
+ *
+ * Modifications for Diaspora:
  *
  * Prevent replacing the wrong text by marking the replacement position with a special character
  * Don't add a space after inserting a mention
  * Only use the first div as a wrapperBox
+ * Binded paste event on input box to trigger contacts search for autocompletion while adding mention via clipboard
  */
 
 (function ($, _, undefined) {
 
   // Settings
-  var KEY = { BACKSPACE : 8, TAB : 9, RETURN : 13, ESC : 27, LEFT : 37, UP : 38, RIGHT : 39, DOWN : 40, COMMA : 188, SPACE : 32, HOME : 36, END : 35 }; // Keys "enum"
+  var KEY = { PASTE